RubyGems - omniauth-nitro-id - Versions diffs - 1.1.0 → 1.2.0 - Mend

omniauth-nitro-id 1.1.0 → 1.2.0

Files changed (12) hide show

checksums.yaml +4 -4
data/.github/workflows/omniauth-nitro-id.yml +12 -0
data/.gitignore +0 -2
data/Gemfile.lock +261 -0
data/doc/dependency_decisions.yml +3 -0
data/docs/CHANGELOG.md +15 -1
data/docs/README.md +9 -0
data/lib/omniauth/nitro_id/version.rb +1 -1
data/lib/omniauth/strategies/base_strategy.rb +16 -0
data/omniauth-nitro-id.gemspec +4 -0
metadata +61 -3
data/.github/workflows/ci.yml +0 -34

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c3fcfd3453a65729b3e8f7a24c6741c14cacc74d88547e24cb120fdeda0f55c3
-  data.tar.gz: 2a6b81428854f8eb43b5be273aff890d9caf2cdf48cbb9154fd7d4eecab7d09b
+  metadata.gz: 598ab656c80d449f084bd6b56d7daaf87ec9c16d6370c23722e2406c83822a96
+  data.tar.gz: 992cea65d60e09ae5d7870299cf10a0efff90570b81b72683efb410523ff8f0e
 SHA512:
-  metadata.gz: 386e8ba55776a76e8905e58420dc897261011083adc935005c806944a48ec20ed772adef07d82571fbaa34903934ee4ed9d3d1063324b1047c072a56863f526f
-  data.tar.gz: 3e9aa553a7de06ccbb143da81061c87489b3412ccc8ac15e6aaa10edbdf046e2ab0c261aebb203e2e5fb4358de546b7e391925f1e3ea91975a7627b7f78c16a3
+  metadata.gz: f57196206bc8307d16a067d71af20cf1c9bc378727d0a238b76e6470bde1b3e6494cb7977e7ae1a314575e359175a4ef76452cf649c264a7d22b96d717c95617
+  data.tar.gz: 0e7e79bdf2e1242a01e0e58660ef27e18e0085b1a56919a4fec7d7f25a62e4ead9461d7f90d244e113144fe23092984c72e4e9173311cfba81b0859d9744ac08

data/.github/workflows/omniauth-nitro-id.yml ADDED Viewed

@@ -0,0 +1,12 @@
+name: omniauth-nitro-id
+on:
+  push:
+jobs:
+  ruby:
+    uses: powerhome/power-tools/.github/workflows/_ruby-workflow.yml@main
+    with:
+      package: '${{ github.workflow }}'
+      ruby: '["2.7", "3.0", "3.1"]'
+    secrets: inherit

data/.gitignore CHANGED Viewed

@@ -1,10 +1,8 @@
 /.bundle/
 /.DS_store
 /.yardoc
-/Gemfile.lock
 /_yardoc/
 /coverage/
-/doc/
 /pkg/
 /spec/examples.txt
 /spec/reports/

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,261 @@
+PATH
+  remote: .
+  specs:
+    omniauth-nitro-id (1.2.0)
+      faraday (= 2.7.10)
+      jwt (= 2.7.0)
+      omniauth-rails_csrf_protection (= 1.0.1)
+      omniauth_openid_connect (~> 0.4.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activemodel (7.0.6)
+      activesupport (= 7.0.6)
+    activesupport (7.0.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
+    aes_key_wrap (1.1.0)
+    ast (2.4.2)
+    attr_required (1.0.1)
+    bindata (2.4.15)
+    builder (3.2.4)
+    coderay (1.1.3)
+    concurrent-ruby (1.2.2)
+    crass (1.0.6)
+    date (3.3.3)
+    diff-lcs (1.5.0)
+    erubi (1.12.0)
+    faraday (2.7.10)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
+    faraday-net_http (3.0.2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    guard (2.18.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashie (5.0.0)
+    httpclient (2.8.3)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    json-jwt (1.16.3)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
+      faraday (~> 2.0)
+      faraday-follow_redirects
+    jwt (2.7.0)
+    license_finder (7.1.0)
+      bundler
+      rubyzip (>= 1, < 3)
+      thor (~> 1.2)
+      tomlrb (>= 1.3, < 2.1)
+      with_env (= 1.1.0)
+      xml-simple (~> 1.1.9)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    loofah (2.21.3)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    lumberjack (1.2.8)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    minitest (5.18.1)
+    nenv (0.3.0)
+    net-imap (0.3.6)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nokogiri (1.15.3-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.3-x86_64-linux)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    omniauth (2.1.1)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-rails_csrf_protection (1.0.1)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
+    omniauth_openid_connect (0.4.0)
+      addressable (~> 2.5)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 1.1)
+    openid_connect (1.4.2)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.15.0)
+      net-smtp
+      rack-oauth2 (~> 1.21)
+      swd (~> 1.3)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (~> 1.2)
+    parallel (1.23.0)
+    parser (3.2.2.3)
+      ast (~> 2.4.1)
+      racc
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.3)
+    racc (1.7.1)
+    rack (2.2.7)
+    rack-oauth2 (1.21.3)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
+    rack-protection (3.0.6)
+      rack
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    regexp_parser (2.8.1)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.1)
+    rubocop (1.31.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.18.0)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-powerhome (0.5.0)
+      rubocop
+      rubocop-performance
+      rubocop-rails
+      rubocop-rake
+      rubocop-rspec
+    rubocop-rails (2.15.2)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.7.0, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.12.1)
+      rubocop (~> 1.31)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    shellany (0.0.1)
+    swd (1.3.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
+    thor (1.2.2)
+    timeout (0.4.0)
+    tomlrb (2.0.3)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.15)
+      activemodel (>= 3.0.0)
+      public_suffix
+    webfinger (1.2.0)
+      activesupport
+      httpclient (>= 2.4)
+    with_env (1.1.0)
+    xml-simple (1.1.9)
+      rexml
+PLATFORMS
+  arm64-darwin-22
+  x86_64-linux
+DEPENDENCIES
+  bundler
+  guard-rspec
+  license_finder (>= 7.0)
+  net-smtp
+  omniauth-nitro-id!
+  pry
+  rake (= 13.0.6)
+  rspec (= 3.11.0)
+  rubocop (= 1.31.1)
+  rubocop-powerhome (>= 0.4.1)
+BUNDLED WITH
+   2.4.17

data/doc/dependency_decisions.yml ADDED Viewed

@@ -0,0 +1,3 @@
+---
+- - :inherit_from
+  - https://raw.githubusercontent.com/powerhome/oss-guide/master/license_rules.yml

data/docs/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [1.2.0] - 2023-07-24
+### Added
+* Add `decode_logout_token` method. PR [#13](https://github.com/powerhome/omniauth-nitro-id/pull/13)
+## [1.1.1] - 2023-03-06
+### Added
+* Add `omniauth-rails_csrf_protection` dependency. PR [#12](https://github.com/powerhome/omniauth-nitro-id/pull/12)
 ## [1.1.0] - 2022-12-14
 ### Added
@@ -19,6 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Initial release
-[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.0.0...HEAD
+[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.2.0...HEAD
+[1.2.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.2.0
+[1.1.1]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.1
 [1.1.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.0
 [1.0.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.0.0

data/docs/README.md CHANGED Viewed

@@ -31,4 +31,13 @@ config.omniauth :nitro_id, {
 }
 ```
+Decoding NitroID's RSA256-encoded logout token
+```ruby
+token = params[:logout_token]
+# eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpoeWRyYS5vcGVuaWQuaWQtdG9rZW4iLCJ0eXAiOiJK...
+OmniAuth::Strategies::NitroId.decode_logout_token(token)
+# [{"aud"=>["196da0d5-adc6-4454-98f2-3cabae04855c"], "events"=>{"http://schemas.openid.net/event/backchannel-logout"=>{}}, "iat"=>1688672696, "iss"=>"https://id.powerhrg.com/" ...
+```
 Check out Power's [example Rails app](https://github.com/powerhome/example-rails-app) for details on how to use this gem with Devise.

data/lib/omniauth/nitro_id/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module OmniAuth
   module NitroId
-    VERSION = "1.1.0"
+    VERSION = "1.2.0"
   end
 end

data/lib/omniauth/strategies/base_strategy.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require "jwt"
 require "omniauth_openid_connect"
 require_relative "../../extensions/discovery"
@@ -16,6 +18,20 @@ module OmniAuth
                         end
       end
+      def self.decode_logout_token(token)
+        jwks = fetch_jwks
+        jwks.filter! { |key| key[:use] == "sig" }
+        algorithms = jwks.filter_map { |key| key[:alg] }.uniq
+        JWT.decode(token, nil, true, algorithms: algorithms, jwks: jwks)
+      end
+      def self.fetch_jwks
+        conn = Faraday.new(url: default_options[:issuer]) { |faraday| faraday.response :raise_error }
+        response = conn.get(".well-known/jwks.json")
+        jwks = JSON.parse(response.body)
+        JWT::JWK::Set.new(jwks)
+      end
     private
       def fetch_key

data/omniauth-nitro-id.gemspec CHANGED Viewed

@@ -17,10 +17,14 @@ Gem::Specification.new do |spec|
   spec.executables   = []
   spec.require_paths = ["lib"]
+  spec.add_dependency "faraday", "2.7.10"
+  spec.add_dependency "jwt", "2.7.0"
   spec.add_dependency "omniauth_openid_connect", "~> 0.4.0"
+  spec.add_dependency "omniauth-rails_csrf_protection", "1.0.1"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "guard-rspec"
+  spec.add_development_dependency "license_finder", ">= 7.0"
   spec.add_development_dependency "net-smtp"
   spec.add_development_dependency "pry"
   spec.add_development_dependency "rake", "13.0.6"

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-nitro-id
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Stephen Greer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-14 00:00:00.000000000 Z
+date: 2023-07-24 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.10
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: omniauth_openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -24,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.4.0
+- !ruby/object:Gem::Dependency
+  name: omniauth-rails_csrf_protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.0.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: license_finder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: net-smtp
   requirement: !ruby/object:Gem::Requirement
@@ -144,16 +200,18 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/CODEOWNERS"
-- ".github/workflows/ci.yml"
+- ".github/workflows/omniauth-nitro-id.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - Gemfile
+- Gemfile.lock
 - Guardfile
 - LICENSE.txt
 - Rakefile
 - bin/console
 - bin/setup
+- doc/dependency_decisions.yml
 - docs/CHANGELOG.md
 - docs/README.md
 - lib/extensions/discovery.rb

data/.github/workflows/ci.yml DELETED Viewed

@@ -1,34 +0,0 @@
-name: CI
-on: push
-jobs:
-  test:
-    name: Tests
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby:
-          - "2.7.4"
-          - "3.1.2"
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Run tests
-      run: bundle exec rake spec
-  lint:
-    name: Lint Ruby
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 3.1.2
-    - name: Bundle
-      run: bundle
-    - name: Run Rubocop
-      run: bundle exec rubocop