omniauth-keycloak 1.3.0 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +48 -56
  3. data/README.md +45 -2
  4. data/lib/keycloak/version.rb +1 -1
  5. data/lib/omniauth/strategies/keycloak-openid.rb +23 -12
  6. data/omniauth-keycloak.gemspec +8 -8
  7. data/spec/omniauth/strategies/keycloak_spec.rb +118 -27
  8. metadata +14 -14
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8c9982a0ec26f3a29c6e8a2ff4563c45ec0c3944c69b8e3d853a5a9641fab529
4
- data.tar.gz: 7bf4b42a30813bb0dd7a67866b051e9a5802970d1e1754aeaf393140b10d2e4e
3
+ metadata.gz: b21289e999dc87f96353efd93c5ed69dcab63cb1394359822f398dda6ad367ce
4
+ data.tar.gz: 55c1bcb5edc886efaf9569c65235bde99221848f0a1eaac83471224c93221dae
5
5
  SHA512:
6
- metadata.gz: 7d04d5c18554fdb152fb00bc961615a2d08c320237fa85e1e1118a82616ff7ba5cf65c0b0da8d857ae0243119100c12a192547c7a9fadc3b658146470dc07db7
7
- data.tar.gz: 1ca221dedc1468014e5761596612aac041d8da7acb3edda25b35ea211c2a4b30c533894a506b3dd480cecde2c43eff4fd63884bd969dfde55779728bb87dea99
6
+ metadata.gz: 6ba8b0ae0b5cae9a08cc56450ee8bc556974e207cb916b034f901594ebfb4d9bef36a44be1c3ece299879114e3ab4a0375a6cc0c02737adae67533b999762579
7
+ data.tar.gz: 416595948ad760b82aa396b447eb51b061b14c0e325610ea36361d53321ea214f3e2f3fc81170c0d9e0b68cfa8af2a99a9aaec7ae0b999cb58337ae9c57cf603
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-keycloak (1.3.0)
4
+ omniauth-keycloak (1.4.1)
5
5
  json-jwt (~> 1.13.0)
6
6
  omniauth (~> 2.0.4)
7
7
  omniauth-oauth2 (~> 1.7.1)
@@ -9,46 +9,38 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- activesupport (6.1.3.2)
12
+ activesupport (7.0.3)
13
13
  concurrent-ruby (~> 1.0, >= 1.0.2)
14
14
  i18n (>= 1.6, < 2)
15
15
  minitest (>= 5.1)
16
16
  tzinfo (~> 2.0)
17
- zeitwerk (~> 2.3)
18
- addressable (2.5.2)
19
- public_suffix (>= 2.0.2, < 4.0)
17
+ addressable (2.8.0)
18
+ public_suffix (>= 2.0.2, < 5.0)
20
19
  aes_key_wrap (1.1.0)
21
- bindata (2.4.9)
22
- concurrent-ruby (1.1.8)
23
- crack (0.4.3)
24
- safe_yaml (~> 1.0.0)
25
- diff-lcs (1.3)
26
- docile (1.3.1)
27
- faraday (1.4.1)
28
- faraday-excon (~> 1.1)
29
- faraday-net_http (~> 1.0)
30
- faraday-net_http_persistent (~> 1.1)
31
- multipart-post (>= 1.2, < 3)
20
+ bindata (2.4.10)
21
+ concurrent-ruby (1.1.10)
22
+ crack (0.4.5)
23
+ rexml
24
+ diff-lcs (1.4.4)
25
+ docile (1.4.0)
26
+ faraday (2.3.0)
27
+ faraday-net_http (~> 2.0)
32
28
  ruby2_keywords (>= 0.0.4)
33
- faraday-excon (1.1.0)
34
- faraday-net_http (1.0.1)
35
- faraday-net_http_persistent (1.1.0)
36
- hashdiff (0.3.7)
37
- hashie (4.1.0)
38
- i18n (1.8.10)
29
+ faraday-net_http (2.0.3)
30
+ hashdiff (1.0.1)
31
+ hashie (5.0.0)
32
+ i18n (1.10.0)
39
33
  concurrent-ruby (~> 1.0)
40
- json (2.3.1)
41
34
  json-jwt (1.13.0)
42
35
  activesupport (>= 4.2)
43
36
  aes_key_wrap
44
37
  bindata
45
- jwt (2.2.3)
46
- minitest (5.14.4)
38
+ jwt (2.3.0)
39
+ minitest (5.15.0)
47
40
  multi_json (1.15.0)
48
41
  multi_xml (0.6.0)
49
- multipart-post (2.1.1)
50
- oauth2 (1.4.7)
51
- faraday (>= 0.8, < 2.0)
42
+ oauth2 (1.4.9)
43
+ faraday (>= 0.17.3, < 3.0)
52
44
  jwt (>= 1.0, < 3.0)
53
45
  multi_json (~> 1.3)
54
46
  multi_xml (~> 0.5)
@@ -57,41 +49,41 @@ GEM
57
49
  hashie (>= 3.4.6)
58
50
  rack (>= 1.6.2, < 3)
59
51
  rack-protection
60
- omniauth-oauth2 (1.7.1)
52
+ omniauth-oauth2 (1.7.2)
61
53
  oauth2 (~> 1.4)
62
54
  omniauth (>= 1.9, < 3)
63
- public_suffix (3.0.3)
55
+ public_suffix (4.0.6)
64
56
  rack (2.2.3)
65
- rack-protection (2.1.0)
57
+ rack-protection (2.2.0)
66
58
  rack
67
59
  rake (13.0.1)
68
- rspec (3.8.0)
69
- rspec-core (~> 3.8.0)
70
- rspec-expectations (~> 3.8.0)
71
- rspec-mocks (~> 3.8.0)
72
- rspec-core (3.8.0)
73
- rspec-support (~> 3.8.0)
74
- rspec-expectations (3.8.1)
60
+ rexml (3.2.5)
61
+ rspec (3.10.0)
62
+ rspec-core (~> 3.10.0)
63
+ rspec-expectations (~> 3.10.0)
64
+ rspec-mocks (~> 3.10.0)
65
+ rspec-core (3.10.1)
66
+ rspec-support (~> 3.10.0)
67
+ rspec-expectations (3.10.1)
75
68
  diff-lcs (>= 1.2.0, < 2.0)
76
- rspec-support (~> 3.8.0)
77
- rspec-mocks (3.8.0)
69
+ rspec-support (~> 3.10.0)
70
+ rspec-mocks (3.10.2)
78
71
  diff-lcs (>= 1.2.0, < 2.0)
79
- rspec-support (~> 3.8.0)
80
- rspec-support (3.8.0)
81
- ruby2_keywords (0.0.4)
82
- safe_yaml (1.0.4)
83
- simplecov (0.16.1)
72
+ rspec-support (~> 3.10.0)
73
+ rspec-support (3.10.3)
74
+ ruby2_keywords (0.0.5)
75
+ simplecov (0.21.2)
84
76
  docile (~> 1.1)
85
- json (>= 1.8, < 3)
86
- simplecov-html (~> 0.10.0)
87
- simplecov-html (0.10.2)
77
+ simplecov-html (~> 0.11)
78
+ simplecov_json_formatter (~> 0.1)
79
+ simplecov-html (0.12.3)
80
+ simplecov_json_formatter (0.1.3)
88
81
  tzinfo (2.0.4)
89
82
  concurrent-ruby (~> 1.0)
90
- webmock (3.4.2)
91
- addressable (>= 2.3.6)
83
+ webmock (3.14.0)
84
+ addressable (>= 2.8.0)
92
85
  crack (>= 0.3.2)
93
- hashdiff
94
- zeitwerk (2.4.2)
86
+ hashdiff (>= 0.4.0, < 2.0.0)
95
87
 
96
88
  PLATFORMS
97
89
  ruby
@@ -100,9 +92,9 @@ DEPENDENCIES
100
92
  bundler (~> 2.2)
101
93
  omniauth-keycloak!
102
94
  rake (~> 13.0)
103
- rspec (~> 3.0)
104
- simplecov (~> 0.16.1)
105
- webmock (~> 3.4.2)
95
+ rspec (~> 3.10)
96
+ simplecov (~> 0.21)
97
+ webmock (~> 3.14)
106
98
 
107
99
  BUNDLED WITH
108
- 2.2.17
100
+ 2.2.31
data/README.md CHANGED
@@ -16,6 +16,15 @@ Or install it yourself as:
16
16
 
17
17
  $ gem install omniauth-keycloak
18
18
 
19
+ ## Use with Keycloak >= 17 (Quarkus distribution)
20
+ In version 17 of Keycloak, `/auth` was removed from the default context path. (See Issue [#29](https://github.com/ccrockett/omniauth-keycloak/issues/29))
21
+ In order to reduce breaking existing user's setup, this gem assumes `/auth` as the default context.
22
+ __So if you want to use Keycloak 17 or greater then you must do one of the following:__
23
+
24
+ 1. Pass in `--http-relative-path '/auth'` option with the keycloak start command
25
+ 2. Pass in a empty string for you base_url client_option:
26
+ `client_options: {base_url: '', site: 'https://example.keycloak-url.com', realm: 'example-realm'}`
27
+
19
28
  ## Usage
20
29
 
21
30
  `OmniAuth::Strategies::Keycloak` is simply a Rack middleware. Read the OmniAuth docs for detailed instructions: https://github.com/intridea/omniauth.
@@ -25,10 +34,33 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
25
34
  ```ruby
26
35
  Rails.application.config.middleware.use OmniAuth::Builder do
27
36
  provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
28
- client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'}
37
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm'},
38
+ name: 'keycloak'
39
+ end
40
+ ```
41
+ This will allow a POST request to `auth/keycloak` since the name is set to keycloak
42
+
43
+ Or using a proc setup with a custom options:
44
+
45
+ ```ruby
46
+ Rails.application.config.middleware.use OmniAuth::Builder do
47
+ SETUP_PROC = lambda do |env|
48
+ request = Rack::Request.new(env)
49
+ organization = Organization.find_by(host: request.host)
50
+ provider_config = organization.enabled_omniauth_providers[:keycloakopenid]
51
+
52
+ env["omniauth.strategy"].options[:client_id] = provider_config[:client_id]
53
+ env["omniauth.strategy"].options[:client_secret] = provider_config[:client_secret]
54
+ env["omniauth.strategy"].options[:client_options] = { site: provider_config[:site], realm: provider_config[:realm] }
55
+ end
56
+
57
+ Rails.application.config.middleware.use OmniAuth::Builder do
58
+ provider :keycloak_openid, setup: SETUP_PROC
59
+ end
29
60
  end
30
61
  ```
31
62
 
63
+
32
64
  ## Devise Usage
33
65
  Adapted from [Devise OmniAuth Instructions](https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview)
34
66
 
@@ -43,7 +75,7 @@ end
43
75
  # config/initializers/devise.rb
44
76
  config.omniauth :keycloak_openid, "Example-Client-Name", "example-secret-if-configured", client_options: { site: "https://example.keycloak-url.com", realm: "example-realm" }, :strategy_class => OmniAuth::Strategies::KeycloakOpenId
45
77
 
46
- # Below controller assumes callback route configuration following
78
+ # Below controller assumes callback route configuration following
47
79
  # in config/routes.rb
48
80
  Devise.setup do |config|
49
81
  # ...
@@ -70,6 +102,17 @@ end
70
102
 
71
103
  ```
72
104
 
105
+ ## Configuration
106
+ * __Base Url other than /auth__
107
+ This gem tries to get the keycloak configuration from `"#{site}/auth/realms/#{realm}/.well-known/openid-configuration"`. If your keycloak server has been setup to use a different "root" url other than `/auth` then you need to pass in the `base_url` option when setting up the gem:
108
+ ```ruby
109
+ Rails.application.config.middleware.use OmniAuth::Builder do
110
+ provider :keycloak_openid, 'Example-Client', '19cca35f-dddd-473a-bdd5-03f00d61d884',
111
+ client_options: {site: 'https://example.keycloak-url.com', realm: 'example-realm', base_url: '/authorize'},
112
+ name: 'keycloak'
113
+ end
114
+ ```
115
+
73
116
  ## Contributing
74
117
 
75
118
  Bug reports and pull requests are welcome on GitHub at https://github.com/ccrockett/omniauth-keycloak. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
data/lib/keycloak/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Omniauth
2
2
  module Keycloak
3
- VERSION = "1.3.0"
3
+ VERSION = "1.4.2"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/keycloak-openid.rb CHANGED
@@ -13,9 +13,11 @@ module OmniAuth
13
13
 
14
14
  attr_reader :authorize_url
15
15
  attr_reader :token_url
16
- attr_reader :cert
16
+ attr_reader :certs
17
17
 
18
18
  def setup_phase
19
+ super
20
+
19
21
  if @authorize_url.nil? || @token_url.nil?
20
22
  prevent_site_option_mistake
21
23
 
@@ -24,7 +26,7 @@ module OmniAuth
24
26
 
25
27
  raise_on_failure = options.client_options.fetch(:raise_on_failure, false)
26
28
 
27
- config_url = URI.join(site, "/auth/realms/#{realm}/.well-known/openid-configuration")
29
+ config_url = URI.join(site, "#{auth_url_base}/realms/#{realm}/.well-known/openid-configuration")
28
30
 
29
31
  log :debug, "Going to get Keycloak configuration. URL: #{config_url}"
30
32
  response = Faraday.get config_url
@@ -46,8 +48,8 @@ module OmniAuth
46
48
  certs = Faraday.get @certs_endpoint
47
49
  if (certs.status == 200)
48
50
  json = MultiJson.load(certs.body)
49
- @cert = json["keys"][0]
50
- log :debug, "Successfully got certificate. Certificate length: #{@cert.length}"
51
+ @certs = json["keys"]
52
+ log :debug, "Successfully got certificate. Certificate length: #{@certs.length}"
51
53
  else
52
54
  message = "Coundn't get certificate. URL: #{@certs_endpoint}"
53
55
  log :error, message
@@ -62,6 +64,14 @@ module OmniAuth
62
64
  end
63
65
  end
64
66
 
67
+ def auth_url_base
68
+ return '/auth' unless options.client_options[:base_url]
69
+ base_url = options.client_options[:base_url]
70
+ return base_url if (base_url == '' || base_url[0] == '/')
71
+
72
+ raise ConfigurationError, "Keycloak base_url option should start with '/'. Current value: #{base_url}"
73
+ end
74
+
65
75
  def prevent_site_option_mistake
66
76
  site = options.client_options[:site]
67
77
  return unless site =~ /\/auth$/
@@ -81,14 +91,14 @@ module OmniAuth
81
91
 
82
92
  def build_access_token
83
93
  verifier = request.params["code"]
84
- client.auth_code.get_token(verifier,
94
+ client.auth_code.get_token(verifier,
85
95
  {:redirect_uri => callback_url.gsub(/\?.+\Z/, "")}
86
- .merge(token_params.to_hash(:symbolize_keys => true)),
96
+ .merge(token_params.to_hash(:symbolize_keys => true)),
87
97
  deep_symbolize(options.auth_token_params))
88
98
  end
89
99
 
90
100
  uid{ raw_info['sub'] }
91
-
101
+
92
102
  info do
93
103
  {
94
104
  :name => raw_info['name'],
@@ -97,17 +107,18 @@ module OmniAuth
97
107
  :last_name => raw_info['family_name']
98
108
  }
99
109
  end
100
-
110
+
101
111
  extra do
102
112
  {
103
- 'raw_info' => raw_info
113
+ 'raw_info' => raw_info,
114
+ 'id_token' => access_token['id_token']
104
115
  }
105
116
  end
106
-
117
+
107
118
  def raw_info
108
119
  id_token_string = access_token.token
109
- jwk = JSON::JWK.new(@cert)
110
- id_token = JSON::JWT.decode id_token_string, jwk
120
+ jwks = JSON::JWK::Set.new(@certs)
121
+ id_token = JSON::JWT.decode id_token_string, jwks
111
122
  id_token
112
123
  end
113
124
 
data/omniauth-keycloak.gemspec CHANGED
@@ -4,13 +4,13 @@ Gem::Specification.new do |spec|
4
4
  spec.version = Omniauth::Keycloak::VERSION
5
5
  spec.authors = ["Cameron Crockett"]
6
6
  spec.email = ["cameron.crockett@ccrockett.com"]
7
-
7
+
8
8
  spec.description = %q{Omniauth strategy for Keycloak}
9
9
  spec.summary = spec.description
10
10
  spec.homepage = "https://github.com/ccrockett/omniauth-keycloak"
11
11
  spec.license = "MIT"
12
- spec.required_rubygems_version = '>= 1.3.5'
13
- spec.required_ruby_version = '>= 2.2'
12
+ spec.required_rubygems_version = '>= 3.1.2'
13
+ spec.required_ruby_version = '>= 2.6'
14
14
 
15
15
  # Specify which files should be added to the gem when it is released.
16
16
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -22,14 +22,14 @@ Gem::Specification.new do |spec|
22
22
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
23
  spec.require_paths = ["lib"]
24
24
 
25
-
26
- spec.add_dependency "omniauth", "~> 2.0.4"
25
+
26
+ spec.add_dependency "omniauth", ">= 2.0"
27
27
  spec.add_dependency "omniauth-oauth2", "~> 1.7.1"
28
28
  spec.add_dependency "json-jwt", "~> 1.13.0"
29
29
 
30
30
  spec.add_development_dependency "bundler", "~> 2.2"
31
31
  spec.add_development_dependency "rake", "~> 13.0"
32
- spec.add_development_dependency "rspec", "~> 3.0"
33
- spec.add_development_dependency 'simplecov', '~> 0.16.1'
34
- spec.add_development_dependency 'webmock', '~> 3.4.2'
32
+ spec.add_development_dependency "rspec", "~> 3.10"
33
+ spec.add_development_dependency 'simplecov', '~> 0.21'
34
+ spec.add_development_dependency 'webmock', '~> 3.14'
35
35
  end
data/spec/omniauth/strategies/keycloak_spec.rb CHANGED
@@ -1,41 +1,45 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
4
- body = '{"issuer": "http://localhost:8080/auth/realms/example-realm",
5
- "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
6
- "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
7
- "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
8
- "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
9
- "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
10
- "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
11
- "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
12
- "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
13
- "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
14
- "subject_types_supported": ["public", "pairwise"],
15
- "id_token_signing_alg_values_supported": ["RS256"],
16
- "userinfo_signing_alg_values_supported": ["RS256"],
17
- "request_object_signing_alg_values_supported": ["none", "RS256"],
18
- "response_modes_supported": ["query", "fragment", "form_post"],
19
- "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
20
- "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
21
- "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
22
- "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
23
- "claim_types_supported": ["normal"],
24
- "claims_parameter_supported": false,
25
- "scopes_supported": ["openid", "offline_access"],
26
- "request_parameter_supported": true,
27
- "request_uri_parameter_supported": true}'
4
+ let(:body) {
5
+ {
6
+ "issuer": "http://localhost:8080/auth/realms/example-realm",
7
+ "authorization_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/auth",
8
+ "token_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token",
9
+ "token_introspection_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/token/introspect",
10
+ "userinfo_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/userinfo",
11
+ "end_session_endpoint": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/logout",
12
+ "jwks_uri": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs",
13
+ "check_session_iframe": "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/login-status-iframe.html",
14
+ "grant_types_supported": ["authorization_code", "implicit", "refresh_token", "password", "client_credentials"],
15
+ "response_types_supported": ["code", "none", "id_token", "token", "id_token token", "code id_token", "code token", "code id_token token"],
16
+ "subject_types_supported": ["public", "pairwise"],
17
+ "id_token_signing_alg_values_supported": ["RS256"],
18
+ "userinfo_signing_alg_values_supported": ["RS256"],
19
+ "request_object_signing_alg_values_supported": ["none", "RS256"],
20
+ "response_modes_supported": ["query", "fragment", "form_post"],
21
+ "registration_endpoint": "http://localhost:8080/auth/realms/example-realm/clients-registrations/openid-connect",
22
+ "token_endpoint_auth_methods_supported": ["private_key_jwt", "client_secret_basic", "client_secret_post"],
23
+ "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
24
+ "claims_supported": ["sub", "iss", "auth_time", "name", "given_name", "family_name", "preferred_username", "email"],
25
+ "claim_types_supported": ["normal"],
26
+ "claims_parameter_supported": false,
27
+ "scopes_supported": ["openid", "offline_access"],
28
+ "request_parameter_supported": true,
29
+ "request_uri_parameter_supported": true
30
+ }
31
+ }
28
32
 
29
33
  context 'client options' do
30
34
  subject do
31
35
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
32
- .to_return(status: 200, body: body, headers: {})
36
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
33
37
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
34
38
  .to_return(status: 404, body: "", headers: {})
35
39
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
36
40
  client_options: {site: 'http://localhost:8080/', realm: 'example-realm'})
37
41
  end
38
-
42
+
39
43
  it 'should have the correct keycloak token url' do
40
44
  subject.setup_phase
41
45
  expect(subject.token_url).to eq('/auth/realms/example-realm/protocol/openid-connect/token')
@@ -47,6 +51,93 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
47
51
  end
48
52
  end
49
53
 
54
+ describe 'client base_url option set' do
55
+ context 'to blank string' do
56
+ let(:new_body_endpoints) {
57
+ {
58
+ "authorization_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/auth",
59
+ "token_endpoint": "http://localhost:8080/realms/example-realm/protocol/openid-connect/token",
60
+ "jwks_uri": "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs"
61
+ }
62
+ }
63
+
64
+ subject do
65
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
66
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
67
+ stub_request(:get, "http://localhost:8080/realms/example-realm/protocol/openid-connect/certs")
68
+ .to_return(status: 404, body: "", headers: {})
69
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
70
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: ''})
71
+ end
72
+
73
+ it 'should have the correct keycloak token url' do
74
+ subject.setup_phase
75
+ expect(subject.token_url).to eq('/realms/example-realm/protocol/openid-connect/token')
76
+ end
77
+
78
+ it 'should have the correct keycloak authorization url' do
79
+ subject.setup_phase
80
+ expect(subject.authorize_url).to eq('/realms/example-realm/protocol/openid-connect/auth')
81
+ end
82
+ end
83
+
84
+ context 'to invalid string' do
85
+ subject do
86
+ stub_request(:get, "http://localhost:8080/realms/example-realm/.well-known/openid-configuration")
87
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
88
+ stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
89
+ .to_return(status: 404, body: "", headers: {})
90
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
91
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: 'test'})
92
+ end
93
+
94
+ it 'raises Configuration Error' do
95
+ expect{ subject.setup_phase }
96
+ .to raise_error(OmniAuth::Strategies::KeycloakOpenId::ConfigurationError)
97
+ end
98
+ end
99
+
100
+ context 'to /authorize' do
101
+
102
+ let(:new_body_endpoints) {
103
+ {
104
+ "authorization_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/auth",
105
+ "token_endpoint": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/token",
106
+ "jwks_uri": "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs"
107
+ }
108
+ }
109
+
110
+ subject do
111
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/.well-known/openid-configuration")
112
+ .to_return(status: 200, body: JSON.generate(body.merge(new_body_endpoints)), headers: {})
113
+ stub_request(:get, "http://localhost:8080/authorize/realms/example-realm/protocol/openid-connect/certs")
114
+ .to_return(status: 404, body: "", headers: {})
115
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
116
+ client_options: {site: 'http://localhost:8080/', realm: 'example-realm', base_url: '/authorize'})
117
+ end
118
+
119
+ it 'should have the correct keycloak token url' do
120
+ subject.setup_phase
121
+ expect(subject.token_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/token')
122
+ end
123
+
124
+ it 'should have the correct keycloak authorization url' do
125
+ subject.setup_phase
126
+ expect(subject.authorize_url).to eq('/authorize/realms/example-realm/protocol/openid-connect/auth')
127
+ end
128
+ end
129
+ end
130
+
131
+ context 'client setup with a proc' do
132
+ subject do
133
+ OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', setup: proc { throw :setup_proc_was_called })
134
+ end
135
+
136
+ it 'should call the proc' do
137
+ expect { subject.setup_phase }.to throw_symbol :setup_proc_was_called
138
+ end
139
+ end
140
+
50
141
  describe 'errors processing' do
51
142
  context 'when site contains /auth part' do
52
143
  subject do
@@ -78,7 +169,7 @@ RSpec.describe OmniAuth::Strategies::KeycloakOpenId do
78
169
  context 'when certificates endpoint returns error response' do
79
170
  subject do
80
171
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/.well-known/openid-configuration")
81
- .to_return(status: 200, body: body, headers: {})
172
+ .to_return(status: 200, body: JSON.generate(body), headers: {})
82
173
  stub_request(:get, "http://localhost:8080/auth/realms/example-realm/protocol/openid-connect/certs")
83
174
  .to_return(status: 404, body: "", headers: {})
84
175
  OmniAuth::Strategies::KeycloakOpenId.new('keycloak-openid', 'Example-Client', 'b53c572b-9f3b-4e79-bf8b-f03c799ba6ec',
metadata CHANGED
@@ -1,29 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-keycloak
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cameron Crockett
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-05-17 00:00:00.000000000 Z
11
+ date: 2022-06-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: omniauth
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
- - - "~>"
17
+ - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 2.0.4
19
+ version: '2.0'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
- - - "~>"
24
+ - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 2.0.4
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: omniauth-oauth2
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -86,42 +86,42 @@ dependencies:
86
86
  requirements:
87
87
  - - "~>"
88
88
  - !ruby/object:Gem::Version
89
- version: '3.0'
89
+ version: '3.10'
90
90
  type: :development
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - "~>"
95
95
  - !ruby/object:Gem::Version
96
- version: '3.0'
96
+ version: '3.10'
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: simplecov
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 0.16.1
103
+ version: '0.21'
104
104
  type: :development
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
108
  - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 0.16.1
110
+ version: '0.21'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webmock
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
115
  - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 3.4.2
117
+ version: '3.14'
118
118
  type: :development
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 3.4.2
124
+ version: '3.14'
125
125
  description: Omniauth strategy for Keycloak
126
126
  email:
127
127
  - cameron.crockett@ccrockett.com
@@ -160,12 +160,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
160
160
  requirements:
161
161
  - - ">="
162
162
  - !ruby/object:Gem::Version
163
- version: '2.2'
163
+ version: '2.6'
164
164
  required_rubygems_version: !ruby/object:Gem::Requirement
165
165
  requirements:
166
166
  - - ">="
167
167
  - !ruby/object:Gem::Version
168
- version: 1.3.5
168
+ version: 3.1.2
169
169
  requirements: []
170
170
  rubygems_version: 3.1.6
171
171
  signing_key: