omniauth-mit-oauth2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3db752ef555c3cd5fca32ffdc4d3d010e7c07f6e
+  data.tar.gz: 25dba93846917189125f28dca41537ea59bdb7fe
+SHA512:
+  metadata.gz: b33cfc0a214b90ae5c1e125e372ddfb8ffba3067380800a23a9080be9bc4f539ce8e2fa358816704d1df1ba4dcc846ac7d79971f9692ce5e0bd0625d108f7c6f
+  data.tar.gz: 87253db41e8c22ceacd6dfa731cb8a40dc0627a7bf5f9b3f24eebba24757502c704293fdd7ff3c4516b70de34c22ad82391667e02c5d0e47387c1de3b360c7de

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 2.2
+  - 2.1
+before_install: gem install bundler -v 1.10.6

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 MIT Libraries
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,178 @@
+# MIT OpenID Connect OmniAuth Strategy
+
+This gem provides an OmniAuth strategy for authenticating users through [MIT OpenID Connect](https://oidc.mit.edu/).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-mit-oauth2'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-mit-oauth2
+
+## Usage
+
+This can be used by configuring OmniAuth in `config/initializers/omniauth.rb` (if using Devise, see instructions below instead):
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :mit_oauth2, "MIT_OAUTH2_API_KEY", "MIT_OAUTH2_API_SECRET", {
+    scope: "openid,name,email"
+  }
+```
+
+Replace `MIT_OAUTH2_API_KEY` and `MIT_OAUTH2_API_SECRET` with the values obtained from registering your service through MIT OIDC.
+
+## Devise
+
+The following instructions provide an example of how this could be used with Devise to add MIT authentication to your site.
+
+### Registering Your Client
+
+The first thing you will need to do is register your client with MIT OIDC. Once you have created the client, under the `Main` tab, find the `Redirect URI(s)` field. You need to add the callback URL `https://example.com/users/auth/mit_oauth2/callback` here replacing `example.com` with wherever your application will be deployed.
+
+### Configuring Your App
+
+Make sure Devise and this gem are included in your Gemfile:
+
+```ruby
+gem 'devise'
+gem 'omniauth-mit-oauth2'
+```
+
+Install the gems:
+
+```
+bundle install
+```
+
+Create the user model:
+
+```
+rails generate devise:install
+rails generate devise User
+```
+
+We don't want to provide account registration since users will just be using their MIT account to log in. Modify `app/models/user.rb` to only use the `:omniauthable` module, and add a method to create the user from the OAuth token:
+
+```ruby
+class User < ActiveRecord::Base
+  devise :omniauthable, :omniauth_providers => [:mit_oauth2]
+
+  def self.from_omniauth(auth)
+    where(uid: auth.uid).first_or_create do |user|
+      user.email = auth.info.email
+    end
+  end
+end
+```
+
+Next edit the migration created by devise:
+
+```ruby
+class DeviseCreateUsers < ActiveRecord::Migration
+  def change
+    create_table(:users) do |t|
+      t.string :email
+      t.string :uid, null: false
+
+      t.timestamps null: false
+    end
+    add_index :users, :uid, unique: true
+  end
+end
+```
+
+Run the migration:
+
+```
+rake db:migrate
+```
+
+Configure OmniAuth to use our provider in `config/initializers/devise.rb`:
+
+```ruby
+Devise.setup do |config|
+  # ...
+  config.omniauth :mit_oauth2, "MIT_OAUTH2_API_KEY", "MIT_OAUTH2_API_SECRET", {
+    scope: "openid,email,profile"
+  }
+end
+```
+
+Replace `MIT_OAUTH2_API_KEY` and `MIT_OAUTH2_API_SECRET` with the values obtained by registering your site.
+
+Now we need to set up the routes:
+
+```ruby
+Rails.application.routes.draw do
+  devise_for :users, :controllers => {
+    :omniauth_callbacks => 'users/omniauth_callbacks'
+  }
+
+  devise_scope :user do
+    get 'sign_in', to: 'devise/sessions#new', as: :new_user_session
+    delete 'sign_out', to: 'devise/sessions#destroy', as: :destroy_user_session
+  end
+  # ...
+end
+```
+
+Next create a new controller for the OAuth callback in `app/controllers/users/omniauth_callbacks_controller.rb`:
+
+```ruby
+class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
+  def mit_oauth2
+    @user = User.from_omniauth(request.env['omniauth.auth'])
+    sign_in_and_redirect @user, event: :authentication
+  end
+end
+```
+
+Since we are not using `:database_authenticatable` we need to define a helper method to be used in case of authentication failures. Add this to `app/controllers/application_controller.rb`:
+
+```ruby
+class ApplicationController < ActionController::Base
+  # ...
+  def new_session_path(scope)
+    new_user_session_path
+  end
+end
+```
+
+Finally, we need to add the necessary views. A sign in link can be generated by using the following:
+
+```ruby
+<%= link_to("Sign in", user_omniauth_authorize_path(:mit_oauth2)) %>
+```
+
+Depending on your application, you might want to put this in a nav bar along with a sign out link. For example:
+
+```ruby
+<% if user_signed_in? %>
+  <%= link_to("Sign out", destroy_user_session_path, method: :delete) %>
+<% else %>
+  <%= link_to("Sign in", user_omniauth_authorize_path(:mit_oauth2)) %>
+<% end %>
+```
+
+You should also create a view to handle cases where authentication has failed, for example, if the user has not allowed the required scopes. This should go in `app/views/devise/sessions/new.html.erb`.
+
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/MITLibraries/omniauth-mit-oauth2.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/omniauth/mit_oauth2/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module MITOAuth2
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/mit_oauth2.rb

@@ -0,0 +1 @@
+require "omniauth/strategies/mit_oauth2"

data/lib/omniauth/strategies/mit_oauth2.rb

@@ -0,0 +1,34 @@
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class MITOAuth2 < OmniAuth::Strategies::OAuth2
+      option :name, 'mit_oauth2'
+
+      option :client_options, {
+        site: "https://oidc.mit.edu",
+        authorize_url: '/authorize',
+        token_url: '/token'
+      }
+
+      uid { raw_info['sub'] }
+
+      info do
+        {
+          name: raw_info['name'],
+          email: raw_info['email']
+        }
+      end
+
+      extra do
+        { raw_info: raw_info }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('/userinfo').parsed
+      end
+    end
+  end
+end
+
+OmniAuth.config.add_camelization('mit_oauth2', 'MITOAuth2')

data/lib/omniauth-mit-oauth2.rb

@@ -0,0 +1 @@
+require "omniauth/mit_oauth2"

data/omniauth-mit-oauth2.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/mit_oauth2/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "omniauth-mit-oauth2"
+  spec.version       = OmniAuth::MITOAuth2::VERSION
+  spec.authors       = ["Mike Graves"]
+  spec.email         = ["mgraves@mit.edu"]
+
+  spec.summary       = %q{OmniAuth strategy for MIT OIDC}
+  spec.description   = %q{OmniAuth strategy for MIT OIDC}
+  spec.homepage      = "https://github.com/MITLibraries/omniauth-mit-oauth2"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'omniauth-oauth2', '~> 1.1'
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-mit-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Mike Graves
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-08-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OmniAuth strategy for MIT OIDC
+email:
+- mgraves@mit.edu
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/omniauth-mit-oauth2.rb
+- lib/omniauth/mit_oauth2.rb
+- lib/omniauth/mit_oauth2/version.rb
+- lib/omniauth/strategies/mit_oauth2.rb
+- omniauth-mit-oauth2.gemspec
+homepage: https://github.com/MITLibraries/omniauth-mit-oauth2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: OmniAuth strategy for MIT OIDC
+test_files: []