omniauth-keycloak 1.3.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +48 -56
  3. data/README.md +45 -2
  4. data/lib/keycloak/version.rb +1 -1
  5. data/lib/omniauth/strategies/keycloak-openid.rb +23 -12
  6. data/omniauth-keycloak.gemspec +8 -8
  7. data/spec/omniauth/strategies/keycloak_spec.rb +118 -27
  8. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c9982a0ec26f3a29c6e8a2ff4563c45ec0c3944c69b8e3d853a5a9641fab529
4
- data.tar.gz: 7bf4b42a30813bb0dd7a67866b051e9a5802970d1e1754aeaf393140b10d2e4e
3
+ metadata.gz: b21289e999dc87f96353efd93c5ed69dcab63cb1394359822f398dda6ad367ce
4
+ data.tar.gz: 55c1bcb5edc886efaf9569c65235bde99221848f0a1eaac83471224c93221dae
5
5
  SHA512:
6
- metadata.gz: 7d04d5c18554fdb152fb00bc961615a2d08c320237fa85e1e1118a82616ff7ba5cf65c0b0da8d857ae0243119100c12a192547c7a9fadc3b658146470dc07db7
7
- data.tar.gz: 1ca221dedc1468014e5761596612aac041d8da7acb3edda25b35ea211c2a4b30c533894a506b3dd480cecde2c43eff4fd63884bd969dfde55779728bb87dea99
6
+ metadata.gz: 6ba8b0ae0b5cae9a08cc56450ee8bc556974e207cb916b034f901594ebfb4d9bef36a44be1c3ece299879114e3ab4a0375a6cc0c02737adae67533b999762579
7
+ data.tar.gz: 416595948ad760b82aa396b447eb51b061b14c0e325610ea36361d53321ea214f3e2f3fc81170c0d9e0b68cfa8af2a99a9aaec7ae0b999cb58337ae9c57cf603
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-keycloak (1.3.0)
4
+ omniauth-keycloak (1.4.1)
5
5
  json-jwt (~> 1.13.0)
6
6
  omniauth (~> 2.0.4)
7
7
  omniauth-oauth2 (~> 1.7.1)
@@ -9,46 +9,38 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activesupport (6.1.3.2)
12
+ activesupport (7.0.3)
13
13
  concurrent-ruby (~> 1.0, >= 1.0.2)
14
14
  i18n (>= 1.6, < 2)
15
15
  minitest (>= 5.1)
16
16
  tzinfo (~> 2.0)
17
- zeitwerk (~> 2.3)
18
- addressable (2.5.2)
19
- public_suffix (>= 2.0.2, < 4.0)
17
+ addressable (2.8.0)
18
+ public_suffix (>= 2.0.2, < 5.0)
20
19
  aes_key_wrap (1.1.0)
21
- bindata (2.4.9)
22
- concurrent-ruby (1.1.8)
23
- crack (0.4.3)
24
- safe_yaml (~> 1.0.0)
25
- diff-lcs (1.3)
26
- docile (1.3.1)
27
- faraday (1.4.1)
28
- faraday-excon (~> 1.1)
29
- faraday-net_http (~> 1.0)
30
- faraday-net_http_persistent (~> 1.1)
31
- multipart-post (>= 1.2, < 3)
20
+ bindata (2.4.10)
21
+ concurrent-ruby (1.1.10)
22
+ crack (0.4.5)
23
+ rexml
24
+ diff-lcs (1.4.4)
25
+ docile (1.4.0)
26
+ faraday (2.3.0)
27
+ faraday-net_http (~> 2.0)
32
28
  ruby2_keywords (>= 0.0.4)
33
- faraday-excon (1.1.0)
34
- faraday-net_http (1.0.1)
35
- faraday-net_http_persistent (1.1.0)
36
- hashdiff (0.3.7)
37
- hashie (4.1.0)
38
- i18n (1.8.10)
29
+ faraday-net_http (2.0.3)
30
+ hashdiff (1.0.1)
31
+ hashie (5.0.0)
32
+ i18n (1.10.0)
39
33
  concurrent-ruby (~> 1.0)
40
- json (2.3.1)
41
34
  json-jwt (1.13.0)
42
35
  activesupport (>= 4.2)
43
36
  aes_key_wrap
44
37
  bindata
45
- jwt (2.2.3)
46
- minitest (5.14.4)
38
+ jwt (2.3.0)
39
+ minitest (5.15.0)
47
40
  multi_json (1.15.0)
48
41
  multi_xml (0.6.0)
49
- multipart-post (2.1.1)
50
- oauth2 (1.4.7)
51
- faraday (>= 0.8, < 2.0)
42
+ oauth2 (1.4.9)
43
+ faraday (>= 0.17.3, < 3.0)
52
44
  jwt (>= 1.0, < 3.0)
53
45
  multi_json (~> 1.3)
54
46
  multi_xml (~> 0.5)
@@ -57,41 +49,41 @@ GEM
57
49
  hashie (>= 3.4.6)
58
50
  rack (>= 1.6.2, < 3)
59
51
  rack-protection
60
- omniauth-oauth2 (1.7.1)
52
+ omniauth-oauth2 (1.7.2)
61
53
  oauth2 (~> 1.4)
62
54
  omniauth (>= 1.9, < 3)
63
- public_suffix (3.0.3)
55
+ public_suffix (4.0.6)
64
56
  rack (2.2.3)
65
- rack-protection (2.1.0)
57
+ rack-protection (2.2.0)
66
58
  rack
67
59
  rake (13.0.1)
68
- rspec (3.8.0)
69
- rspec-core (~> 3.8.0)
70
- rspec-expectations (~> 3.8.0)
71
- rspec-mocks (~> 3.8.0)
72
- rspec-core (3.8.0)
73
- rspec-support (~> 3.8.0)
74
- rspec-expectations (3.8.1)
60
+ rexml (3.2.5)
61
+ rspec (3.10.0)
62
+ rspec-core (~> 3.10.0)
63
+ rspec-expectations (~> 3.10.0)
64
+ rspec-mocks (~> 3.10.0)
65
+ rspec-core (3.10.1)
66
+ rspec-support (~> 3.10.0)
67
+ rspec-expectations (3.10.1)
75
68
  diff-lcs (>= 1.2.0, < 2.0)
76
- rspec-support (~> 3.8.0)
77
- rspec-mocks (3.8.0)
69
+ rspec-support (~> 3.10.0)
70
+ rspec-mocks (3.10.2)
78
71
  diff-lcs (>= 1.2.0, < 2.0)
79
- rspec-support (~> 3.8.0)
80
- rspec-support (3.8.0)
81
- ruby2_keywords (0.0.4)
82
- safe_yaml (1.0.4)
83
- simplecov (0.16.1)
72
+ rspec-support (~> 3.10.0)
73
+ rspec-support (3.10.3)
74
+ ruby2_keywords (0.0.5)
75
+ simplecov (0.21.2)
84
76
  docile (~> 1.1)
85
- json (>= 1.8, < 3)
86
- simplecov-html (~> 0.10.0)
87
- simplecov-html (0.10.2)
77
+ simplecov-html (~> 0.11)
78
+ simplecov_json_formatter (~> 0.1)
79
+ simplecov-html (0.12.3)
80
+ simplecov_json_formatter (0.1.3)
88
81
  tzinfo (2.0.4)
89
82
  concurrent-ruby (~> 1.0)
90
- webmock (3.4.2)
91
- addressable (>= 2.3.6)
83
+ webmock (3.14.0)
84
+ addressable (>= 2.8.0)
92
85
  crack (>= 0.3.2)
93
- hashdiff
94
- zeitwerk (2.4.2)
86
+ hashdiff (>= 0.4.0, < 2.0.0)
95
87
 
96
88
  PLATFORMS
97
89
  ruby
@@ -100,9 +92,9 @@ DEPENDENCIES
100
92
  bundler (~> 2.2)
101
93
  omniauth-keycloak!
102
94
  rake (~> 13.0)
103
- rspec (~> 3.0)
104
- simplecov (~> 0.16.1)
105
- webmock (~> 3.4.2)
95
+ rspec (~> 3.10)
96
+ simplecov (~> 0.21)
97
+ webmock (~> 3.14)
106
98
 
107
99
  BUNDLED WITH
108
- 2.2.17
100
+ 2.2.31
data/README.md CHANGED
@@ -16,6 +16,15 @@ Or install it yourself as:
16
16
 
17
17
  $ gem install omniauth-keycloak
18
18
 
19
+ ## Use with Keycloak >= 17 (Quarkus distribution)
20
+ In version 17 of Keycloak, `/auth` was removed from the default context path. (See Issue [#29](https://github.com/ccrockett/omniauth-keycloak/issues/29))
21
+ In order to reduce breaking existing user's setup, this gem assumes `/auth` as the default context.
22
+ __So if you want to use Keycloak 17 or greater then you must do one of the following:__
23
+
24
+ 1. Pass in `--http-relative-path '/auth'` option with the keycloak start command
25
+ 2. Pass in a empty string for you base_url client_option:
26
+ `client_options: {base_url: '', site: 'https://example.keycloak-url.com', realm: 'example-realm'}`
27
+
19
28
  ## Usage
20
29
 
21
30
  `OmniAuth::Strategies::Keycloak` is simply a Rack middleware. Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth.
@@ -25,10 +34,33 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
34
  ```ruby
26
35
  Rails.application.config.middleware.use OmniAuth::Builder do
27
36
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
37
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
38
+ name: 'keycloak'
39
+ end
40
+ ```
41
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
42
+
43
+ Or using a proc setup with a custom options:
44
+
45
+ ```ruby
46
+ Rails.application.config.middleware.use OmniAuth::Builder do
47
+ SETUP_PROC = lambda do |env|
48
+ request = Rack::Request.new(env)
49
+ organization = Organization.find_by(host: request.host)
50
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
51
+
52
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
53
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
54
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
55
+ end
56
+
57
+ Rails.application.config.middleware.use OmniAuth::Builder do
58
+ provider :keycloak_openid, setup: SETUP_PROC
59
+ end
29
60
  end
30
61
  ```
31
62
 
63
+
32
64
  ## Devise Usage
33
65
  Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
34
66
 
@@ -43,7 +75,7 @@ end
43
75
  # config/initializers/devise.rb
44
76
  config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
45
77
 
46
- # Below controller assumes callback route configuration following
78
+ # Below controller assumes callback route configuration following
47
79
  # in config/routes.rb
48
80
  Devise.setup do |config|
49
81
  # ...
@@ -70,6 +102,17 @@ end
70
102
 
71
103
  ```
72
104
 
105
+ ## Configuration
106
+ * __Base Url other than /auth__
107
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
108
+ ```ruby
109
+ Rails.application.config.middleware.use OmniAuth::Builder do
110
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
111
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
112
+ name: 'keycloak'
113
+ end
114
+ ```
115
+
73
116
  ## Contributing
74
117
 
75
118
  Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.3.0"
3
+ VERSION = "1.4.2"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -13,9 +13,11 @@ module OmniAuth
13
13
 
14
14
  attr_reader :authorize_url
15
15
  attr_reader :token_url
16
- attr_reader :cert
16
+ attr_reader :certs
17
17
 
18
18
  def setup_phase
19
+ super
20
+
19
21
  if @authorize_url.nil? || @token_url.nil?
20
22
  prevent_site_option_mistake
21
23
 
@@ -24,7 +26,7 @@ module OmniAuth
24
26
 
25
27
  raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
26
28
 
27
- config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
28
30
 
29
31
  log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
30
32
  response = Faraday.get config_url
@@ -46,8 +48,8 @@ module OmniAuth
46
48
  certs = Faraday.get @certs_endpoint
47
49
  if (certs.status == 200)
48
50
  json = MultiJson.load(certs.body)
49
- @cert = json["keys"][0]
50
- log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
51
53
  else
52
54
  message = "Coundn't get certificate. URL: #{@certs_endpoint}"
53
55
  log :error, message
@@ -62,6 +64,14 @@ module OmniAuth
62
64
  end
63
65
  end
64
66
 
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
65
75
  def prevent_site_option_mistake
66
76
  site = options.client_options[:site]
67
77
  return unless site =~ /\/auth$/
@@ -81,14 +91,14 @@ module OmniAuth
81
91
 
82
92
  def build_access_token
83
93
  verifier = request.params["code"]
84
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
85
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
86
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
87
97
  deep_symbolize(options.auth_token_params))
88
98
  end
89
99
 
90
100
  uid{ raw_info['sub'] }
91
-
101
+
92
102
  info do
93
103
  {
94
104
  :name => raw_info['name'],
@@ -97,17 +107,18 @@ module OmniAuth
97
107
  :last_name => raw_info['family_name']
98
108
  }
99
109
  end
100
-
110
+
101
111
  extra do
102
112
  {
103
- 'raw_info' => raw_info
113
+ 'raw_info' => raw_info,
114
+ 'id_token' => access_token['id_token']
104
115
  }
105
116
  end
106
-
117
+
107
118
  def raw_info
108
119
  id_token_string = access_token.token
109
- jwk = JSON::JWK.new(@cert)
110
- id_token = JSON::JWT.decode id_token_string, jwk
120
+ jwks = JSON::JWK::Set.new(@certs)
121
+ id_token = JSON::JWT.decode id_token_string, jwks
111
122
  id_token
112
123
  end
113
124
 
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
7
+
8
8
  spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
26
- spec.add_dependency "omniauth", "~> 2.0.4"
25
+
26
+ spec.add_dependency "omniauth", ">= 2.0"
27
27
  spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
28
  spec.add_dependency "json-jwt", "~> 1.13.0"
29
29
 
30
30
  spec.add_development_dependency "bundler", "~> 2.2"
31
31
  spec.add_development_dependency "rake", "~> 13.0"
32
- spec.add_development_dependency "rspec", "~> 3.0"
33
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
34
- spec.add_development_dependency 'webmock', '~> 3.4.2'
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
35
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
40
  client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -47,6 +51,93 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
47
51
  end
48
52
  end
49
53
 
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
50
141
  describe 'errors processing' do
51
142
  context 'when site contains /auth part' do
52
143
  subject do
@@ -78,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
78
169
  context 'when certificates endpoint returns error response' do
79
170
  subject do
80
171
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
81
- .to_return(status: 200, body: body, headers: {})
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
82
173
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
83
174
  .to_return(status: 404, body: "", headers: {})
84
175
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-05-17 00:00:00.000000000 Z
11
+ date: 2022-06-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 2.0.4
19
+ version: '2.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 2.0.4
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: omniauth-oauth2
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,42 +86,42 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
124
+ version: '3.14'
125
125
  description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
@@ -160,12 +160,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
160
160
  requirements:
161
161
  - - ">="
162
162
  - !ruby/object:Gem::Version
163
- version: '2.2'
163
+ version: '2.6'
164
164
  required_rubygems_version: !ruby/object:Gem::Requirement
165
165
  requirements:
166
166
  - - ">="
167
167
  - !ruby/object:Gem::Version
168
- version: 1.3.5
168
+ version: 3.1.2
169
169
  requirements: []
170
170
  rubygems_version: 3.1.6
171
171
  signing_key: