omniauth-okta 0.1.1 → 2.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/README.md +19 -13
  3. data/lib/omniauth/strategies/okta.rb +53 -34
  4. data/lib/omniauth-okta/version.rb +1 -1
  5. metadata +18 -31
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: f6beba3ded666b26386e13ad2a44f90311fabe71
4
- data.tar.gz: 7b5477d3778a419c681a99115b8ee10d189927d0
2
+ SHA256:
3
+ metadata.gz: 4c650d6bf54a0b04d219137098f91a7da75839050254663c761bc117d9e8db51
4
+ data.tar.gz: c87ae72be14fba06dfcff3eeb728bac5f30045e9dd578e2c3c5317dc784e7ff1
5
5
  SHA512:
6
- metadata.gz: d672bc7b7ddd5f842ddbdc6984bb27c975fcc026927169f0be70d84e9ce8c200871e56edf400ba2425bb886e834c65005e65c06d1dc1553f2f24488c62d17037
7
- data.tar.gz: 66f716dea467f6a1f299ea1cfc201fa2ea1b927dbb4585dbe061afb26b7f605ba8ea82c0462346399cd3533f11a3eef7d342ba980751a949fffc741edb658e86
6
+ metadata.gz: 1a52f980b4dc26cec6b1a816c86db727254a87a3c436f662af5a15b9de7f2ba06823441bcc5ff052f156deed45fa1d8e8af0bc9ce708e1b3a6e9f813c2503862
7
+ data.tar.gz: 453c7387c83013eba0f9081374c957aafc493d972064601684f7f6b746fc3a454ff49b529f4f9f5330302693af3a1aa3f3c1b78a898824c02a84a4905433a561
data/README.md CHANGED
@@ -22,22 +22,22 @@ Or install it yourself as:
22
22
  $ gem install omniauth-okta
23
23
  ```
24
24
 
25
- ### Environment Variables
26
-
27
- ```bash
28
- OKTA_CLIENT_ID # required
29
- OKTA_CLIENT_SECRET # required
30
- OKTA_ORG # required - defaults to 'your-org' if unset
31
- OKTA_DOMAIN # optional - defaults to 'okta.com' if unset
32
- ```
33
-
34
25
  ### OmniAuth
35
26
 
36
27
  Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
37
28
 
38
29
  ```ruby
39
30
  Rails.application.config.middleware.use OmniAuth::Builder do
40
- provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET']
31
+ provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
32
+ client_options: {
33
+ site: 'https://your-org.okta.com',
34
+ authorization_server: '<authorization_server>',
35
+ authorize_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
36
+ token_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
37
+ user_info_url: 'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
38
+ audience: 'api://your-audience'
39
+ }
40
+ }
41
41
  end
42
42
  ```
43
43
 
@@ -57,9 +57,15 @@ or add options like the following:
57
57
  config.omniauth(:okta,
58
58
  ENV['OKTA_CLIENT_ID'],
59
59
  ENV['OKTA_CLIENT_SECRET'],
60
- :scope => 'openid profile email',
61
- :fields => ['profile', 'email'],
62
- :strategy_class => OmniAuth::Strategies::Okta)
60
+ scope: 'openid profile email',
61
+ fields: ['profile', 'email'],
62
+ client_options: {
63
+ site: 'https://your-org.okta.com',
64
+ authorize_url: 'https://your-org.okta.com/oauth2/default/v1/authorize',
65
+ token_url: 'https://your-org.okta.com/oauth2/default/v1/token',
66
+ user_info_url: 'https://your-org.okta.com/oauth2/default/v1/userinfo',
67
+ },
68
+ strategy_class: OmniAuth::Strategies::Okta)
63
69
  ```
64
70
 
65
71
  Then add the following to 'config/routes.rb' so the callback routes are defined.
data/lib/omniauth/strategies/okta.rb CHANGED
@@ -5,24 +5,22 @@ require 'omniauth-oauth2'
5
5
  module OmniAuth
6
6
  module Strategies
7
7
  class Okta < OmniAuth::Strategies::OAuth2
8
-
9
- ORG = ENV['OKTA_ORG'] || 'your-org'
10
- DOMAIN = ENV['OKTA_DOMAIN'] || 'okta'
11
- BASE_URL = "https://#{ORG}.#{DOMAIN}.com"
12
- DEFAULT_SCOPE = %[openid profile email].freeze
8
+ DEFAULT_SCOPE = %{openid profile email}.freeze
13
9
 
14
10
  option :name, 'okta'
15
-
16
11
  option :skip_jwt, false
17
12
  option :jwt_leeway, 60
18
13
 
14
+ # These are defaults that need to be overriden on an implementation
19
15
  option :client_options, {
20
- site: BASE_URL,
21
- authorize_url: "#{BASE_URL}/oauth2/v1/authorize",
22
- token_url: "#{BASE_URL}/oauth2/v1/token",
23
- response_type: 'id_token'
16
+ site: 'https://your-org.okta.com',
17
+ authorize_url: 'https://your-org.okta.com/oauth2/default/v1/authorize',
18
+ token_url: 'https://your-org.okta.com/oauth2/default/v1/token',
19
+ user_info_url: 'https://your-org.okta.com/oauth2/default/v1/userinfo',
20
+ response_type: 'id_token',
21
+ authorization_server: 'default',
22
+ audience: 'api://default'
24
23
  }
25
-
26
24
  option :scope, DEFAULT_SCOPE
27
25
 
28
26
  uid { raw_info['sub'] }
@@ -38,40 +36,61 @@ module OmniAuth
38
36
  end
39
37
 
40
38
  extra do
41
- hash = {}
42
- hash[:raw_info] = raw_info unless skip_info?
43
- hash[:id_token] = access_token.token
44
- if !options[:skip_jwt] && !access_token.token.nil?
45
- hash[:id_info] = validated_token(access_token.token)
39
+ {}.tap do |h|
40
+ h[:raw_info] = raw_info unless skip_info?
41
+
42
+ if access_token
43
+ h[:id_token] = id_token
44
+
45
+ if !options[:skip_jwt] && !id_token.nil?
46
+ h[:id_info] = validated_token(id_token)
47
+ end
48
+ end
46
49
  end
47
- hash
48
50
  end
49
51
 
50
- alias :oauth2_access_token :access_token
51
-
52
- def access_token
53
- ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
54
- :expires_in => oauth2_access_token.expires_in,
55
- :expires_at => oauth2_access_token.expires_at
56
- })
52
+ def client_options
53
+ options.fetch(:client_options)
57
54
  end
58
55
 
59
56
  def raw_info
60
- @_raw_info ||= access_token.get('/oauth2/v1/userinfo').parsed || {}
57
+ @_raw_info ||= access_token.get(client_options.fetch(:user_info_url)).parsed || {}
61
58
  rescue ::Errno::ETIMEDOUT
62
59
  raise ::Timeout::Error
63
60
  end
64
61
 
65
- def request_phase
66
- super
62
+ def callback_url
63
+ options[:redirect_uri] || (full_host + callback_path)
67
64
  end
68
65
 
69
- def callback_phase
70
- super
66
+ def id_token
67
+ return if access_token.nil?
68
+
69
+ access_token['id_token']
71
70
  end
72
71
 
73
- def callback_url
74
- options[:redirect_uri] || (full_host + script_name + callback_path)
72
+ # Returns the qualified URL for the authorization server
73
+ #
74
+ # This is necessary in the case where there is a custom authorization server.
75
+ #
76
+ # Okta provides a default, by default.
77
+ #
78
+ # @return [String]
79
+ def authorization_server_path
80
+ site = client_options.fetch(:site)
81
+ authorization_server = client_options.fetch(:authorization_server, 'default')
82
+
83
+ "#{site}/oauth2/#{authorization_server}"
84
+ end
85
+
86
+ # Specifies the audience for the authorization server
87
+ #
88
+ # By default, this is +'default'+. If using a custom authorization
89
+ # server, this will need to be set
90
+ #
91
+ # @return [String]
92
+ def authorization_server_audience
93
+ client_options.fetch(:audience, 'default')
75
94
  end
76
95
 
77
96
  def validated_token(token)
@@ -79,16 +98,16 @@ module OmniAuth
79
98
  nil,
80
99
  false,
81
100
  verify_iss: true,
82
- iss: BASE_URL,
83
101
  verify_aud: true,
84
- aud: BASE_URL,
102
+ iss: authorization_server_path,
103
+ aud: authorization_server_audience,
85
104
  verify_sub: true,
86
105
  verify_expiration: true,
87
106
  verify_not_before: true,
88
107
  verify_iat: true,
89
108
  verify_jti: false,
90
109
  leeway: options[:jwt_leeway]
91
- ).first
110
+ ).first
92
111
  end
93
112
  end
94
113
  end
data/lib/omniauth-okta/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Okta
5
- VERSION = '0.1.1'
5
+ VERSION = '2.0.0.rc1'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-okta
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 2.0.0.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dan Andrews
8
+ - Hector Rios
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2017-11-08 00:00:00.000000000 Z
12
+ date: 2022-04-14 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: omniauth
@@ -16,48 +17,34 @@ dependencies:
16
17
  requirements:
17
18
  - - "~>"
18
19
  - !ruby/object:Gem::Version
19
- version: '1.5'
20
+ version: '2.0'
20
21
  type: :runtime
21
22
  prerelease: false
22
23
  version_requirements: !ruby/object:Gem::Requirement
23
24
  requirements:
24
25
  - - "~>"
25
26
  - !ruby/object:Gem::Version
26
- version: '1.5'
27
+ version: '2.0'
27
28
  - !ruby/object:Gem::Dependency
28
29
  name: omniauth-oauth2
29
30
  requirement: !ruby/object:Gem::Requirement
30
31
  requirements:
31
- - - ">="
32
+ - - "~>"
32
33
  - !ruby/object:Gem::Version
33
- version: 1.4.0
34
- - - "<"
34
+ version: '1.7'
35
+ - - ">="
35
36
  - !ruby/object:Gem::Version
36
- version: '2.0'
37
+ version: 1.7.1
37
38
  type: :runtime
38
39
  prerelease: false
39
40
  version_requirements: !ruby/object:Gem::Requirement
40
- requirements:
41
- - - ">="
42
- - !ruby/object:Gem::Version
43
- version: 1.4.0
44
- - - "<"
45
- - !ruby/object:Gem::Version
46
- version: '2.0'
47
- - !ruby/object:Gem::Dependency
48
- name: bundler
49
- requirement: !ruby/object:Gem::Requirement
50
41
  requirements:
51
42
  - - "~>"
52
43
  - !ruby/object:Gem::Version
53
- version: '1.5'
54
- type: :development
55
- prerelease: false
56
- version_requirements: !ruby/object:Gem::Requirement
57
- requirements:
58
- - - "~>"
44
+ version: '1.7'
45
+ - - ">="
59
46
  - !ruby/object:Gem::Version
60
- version: '1.5'
47
+ version: 1.7.1
61
48
  - !ruby/object:Gem::Dependency
62
49
  name: rake
63
50
  requirement: !ruby/object:Gem::Requirement
@@ -78,14 +65,14 @@ dependencies:
78
65
  requirements:
79
66
  - - "~>"
80
67
  - !ruby/object:Gem::Version
81
- version: '2.7'
68
+ version: '3'
82
69
  type: :development
83
70
  prerelease: false
84
71
  version_requirements: !ruby/object:Gem::Requirement
85
72
  requirements:
86
73
  - - "~>"
87
74
  - !ruby/object:Gem::Version
88
- version: '2.7'
75
+ version: '3'
89
76
  - !ruby/object:Gem::Dependency
90
77
  name: rack-test
91
78
  requirement: !ruby/object:Gem::Requirement
@@ -103,6 +90,7 @@ dependencies:
103
90
  description: Unofficial OmniAuth OAuth2 strategy for Okta
104
91
  email:
105
92
  - daniel.raymond.andrews@gmail.com
93
+ - that.hector@gmail.com
106
94
  executables: []
107
95
  extensions: []
108
96
  extra_rdoc_files: []
@@ -128,12 +116,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
128
116
  version: '0'
129
117
  required_rubygems_version: !ruby/object:Gem::Requirement
130
118
  requirements:
131
- - - ">="
119
+ - - ">"
132
120
  - !ruby/object:Gem::Version
133
- version: '0'
121
+ version: 1.3.1
134
122
  requirements: []
135
- rubyforge_project:
136
- rubygems_version: 2.6.8
123
+ rubygems_version: 3.0.3.1
137
124
  signing_key:
138
125
  specification_version: 4
139
126
  summary: Unofficial OmniAuth OAuth2 strategy for Okta