RubyGems - omniauth-okta - Versions diffs - 0.1.0 → 1.0.0 - Mend

omniauth-okta 0.1.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +5 -5
data/README.md +19 -13
data/lib/omniauth/strategies/okta.rb +56 -31
data/lib/omniauth-okta/version.rb +1 -1
metadata +16 -23

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 38df3b55712de59cb23523883470194544d4bce3
-  data.tar.gz: 216d413ed26f5d19e9cd30891a2d3594e17d8990
+SHA256:
+  metadata.gz: 650d54dafaf437d369cb409d744f748555cdd1b7e3c55fc4f32bfba93ad7f5b6
+  data.tar.gz: 28dc60af8636a5b7c52fc06b4c5d4fad5d2ce552a087d916c266fb08d9d34324
 SHA512:
-  metadata.gz: 0e7b53deafd73f07efee1f988cdee305542dbbefdbae4a1d7d0e63309a2bc0bac91502b816e9ac77ac5561302bc5c03f935a72307fc7ceb0849508624ce5fd6f
-  data.tar.gz: 88199e697905e10481d5c5b7e3cb1af8f766b17a1f03f6059cbf4b86341840a163777c3b8837d94abd87796da70074dc0ac925d33c2a8a0681dded3baac31e45
+  metadata.gz: f3ea460bba7ec3750dc952689368e529fcc8b35886559952c9e0dff09b6979852cd0fc89b1cdf86e65f01a0d08ce9de02e89e93d7c2e95e4411a8a951ead4d27
+  data.tar.gz: fed4566b63e0c4835e08f79393923db0be979344d289a5330261746db6f589dd49f607e1fcf5169da4bdcb73824a5d06315bcee79b63a9c9ca299b08cc48ebcd

data/README.md CHANGED Viewed

@@ -22,22 +22,22 @@ Or install it yourself as:
 $ gem install omniauth-okta
 ```
-### Environment Variables
-```bash
-OKTA_CLIENT_ID     # required
-OKTA_CLIENT_SECRET # required
-OKTA_ORG           # required - defaults to 'your-org' if unset
-OKTA_DOMAIN        # optional - defaults to 'okta.com' if unset
-```
 ### OmniAuth
 Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET']
+  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
+    client_options: {
+      site:                 'https://your-org.okta.com',
+      authorization_server: '<authorization_server>',
+      authorize_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
+      token_url:            'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
+      user_info_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
+      audience:             'api://your-audience'
+    }
+  }
 end
 ```
@@ -57,9 +57,15 @@ or add options like the following:
   config.omniauth(:okta,
                   ENV['OKTA_CLIENT_ID'],
                   ENV['OKTA_CLIENT_SECRET'],
-                  :scope => 'openid profile email',
-                  :fields => ['profile', 'email'],
-                  :strategy_class => OmniAuth::Strategies::Okta)
+                  scope: 'openid profile email',
+                  fields: ['profile', 'email'],
+                  client_options: {
+                    site:          'https://your-org.okta.com',
+                    authorize_url: 'https://your-org.okta.com/oauth2/default/v1/authorize',
+                    token_url:     'https://your-org.okta.com/oauth2/default/v1/token',
+                    user_info_url: 'https://your-org.okta.com/oauth2/default/v1/userinfo',
+                  },
+                  strategy_class: OmniAuth::Strategies::Okta)
 ```
 Then add the following to 'config/routes.rb' so the callback routes are defined.

data/lib/omniauth/strategies/okta.rb CHANGED Viewed

@@ -5,24 +5,22 @@ require 'omniauth-oauth2'
 module OmniAuth
   module Strategies
     class Okta < OmniAuth::Strategies::OAuth2
-      ORG           = ENV['OKTA_ORG']    || 'your-org'
-      DOMAIN        = ENV['OKTA_DOMAIN'] || 'okta'
-      BASE_URL      = "https://#{ORG}.#{DOMAIN}.com"
-      DEFAULT_SCOPE = %[openid profile email].freeze
+      DEFAULT_SCOPE = %{openid profile email}.freeze
       option :name, 'okta'
       option :skip_jwt, false
       option :jwt_leeway, 60
+      # These are defaults that need to be overriden on an implementation
       option :client_options, {
-        site:          BASE_URL,
-        authorize_url: "#{BASE_URL}/oauth2/v1/authorize",
-        token_url:     "#{BASE_URL}/oauth2/v1/token",
-        response_type: 'id_token'
+        site:                 'https://your-org.okta.com',
+        authorize_url:        'https://your-org.okta.com/oauth2/default/v1/authorize',
+        token_url:            'https://your-org.okta.com/oauth2/default/v1/token',
+        user_info_url:        'https://your-org.okta.com/oauth2/default/v1/userinfo',
+        response_type:        'id_token',
+        authorization_server: 'default',
+        audience:             'api://default'
       }
       option :scope, DEFAULT_SCOPE
       uid { raw_info['sub'] }
@@ -38,40 +36,67 @@ module OmniAuth
       end
       extra do
-        hash = {}
-        hash[:raw_info] = raw_info unless skip_info?
-        hash[:id_token] = access_token.token
-        if !options[:skip_jwt] && !access_token.token.nil?
-          hash[:id_info] = validated_token(access_token.token)
+        {}.tap do |h|
+          h[:raw_info] = raw_info unless skip_info?
+          if access_token
+            h[:id_token] = access_token.token
+            if !options[:skip_jwt] && !access_token.token.nil?
+              h[:id_info] = validated_token(access_token.token)
+            end
+          end
         end
-        hash
+      end
+      def client_options
+        options.fetch(:client_options)
       end
       alias :oauth2_access_token :access_token
       def access_token
-        ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
-          :expires_in => oauth2_access_token.expires_in,
-          :expires_at => oauth2_access_token.expires_at
-        })
+        if oauth2_access_token
+          ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
+            refresh_token: oauth2_access_token.refresh_token,
+            expires_in:    oauth2_access_token.expires_in,
+            expires_at:    oauth2_access_token.expires_at
+          })
+        end
       end
       def raw_info
-        @_raw_info ||= access_token.get('/oauth2/v1/userinfo').parsed || {}
+        @_raw_info ||= access_token.get(client_options.fetch(:user_info_url)).parsed || {}
       rescue ::Errno::ETIMEDOUT
         raise ::Timeout::Error
       end
-      def request_phase
-        super
+      def callback_url
+        options[:redirect_uri] || (full_host + callback_path)
       end
-      def callback_phase
-        super
+      # Returns the qualified URL for the authorization server
+      #
+      # This is necessary in the case where there is a custom authorization server.
+      #
+      # Okta provides a default, by default.
+      #
+      # @return [String]
+      def authorization_server_path
+        site                 = client_options.fetch(:site)
+        authorization_server = client_options.fetch(:authorization_server, 'default')
+        "#{site}/oauth2/#{authorization_server}"
       end
-      def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
+      # Specifies the audience for the authorization server
+      #
+      # By default, this is +'default'+. If using a custom authorization
+      # server, this will need to be set
+      #
+      # @return [String]
+      def authorization_server_audience
+        client_options.fetch(:audience, 'default')
       end
       def validated_token(token)
@@ -79,16 +104,16 @@ module OmniAuth
                    nil,
                    false,
                    verify_iss:        true,
-                   iss:               BASE_URL,
                    verify_aud:        true,
-                   aud:               BASE_URL,
+                   iss:               authorization_server_path,
+                   aud:               authorization_server_audience,
                    verify_sub:        true,
                    verify_expiration: true,
                    verify_not_before: true,
                    verify_iat:        true,
                    verify_jti:        false,
                    leeway:            options[:jwt_leeway]
-                   ).first
+        ).first
       end
     end
   end

data/lib/omniauth-okta/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module OmniAuth
   module Okta
-    VERSION = '0.1.0'
+    VERSION = '1.0.0'.freeze
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-okta
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Dan Andrews
+- Hector Rios
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-05 00:00:00.000000000 Z
+date: 2021-04-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -16,42 +17,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: '1.7'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +65,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -97,6 +90,7 @@ dependencies:
 description: Unofficial OmniAuth OAuth2 strategy for Okta
 email:
 - daniel.raymond.andrews@gmail.com
+- that.hector@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -126,8 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 3.0.0
 signing_key:
 specification_version: 4
 summary: Unofficial OmniAuth OAuth2 strategy for Okta