RubyGems - omniauth-okta - Versions diffs - 0.1.1 → 2.0.0.rc1 - Mend

omniauth-okta 0.1.1 → 2.0.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +5 -5
data/README.md +19 -13
data/lib/omniauth/strategies/okta.rb +53 -34
data/lib/omniauth-okta/version.rb +1 -1
metadata +18 -31

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f6beba3ded666b26386e13ad2a44f90311fabe71
-  data.tar.gz: 7b5477d3778a419c681a99115b8ee10d189927d0
+SHA256:
+  metadata.gz: 4c650d6bf54a0b04d219137098f91a7da75839050254663c761bc117d9e8db51
+  data.tar.gz: c87ae72be14fba06dfcff3eeb728bac5f30045e9dd578e2c3c5317dc784e7ff1
 SHA512:
-  metadata.gz: d672bc7b7ddd5f842ddbdc6984bb27c975fcc026927169f0be70d84e9ce8c200871e56edf400ba2425bb886e834c65005e65c06d1dc1553f2f24488c62d17037
-  data.tar.gz: 66f716dea467f6a1f299ea1cfc201fa2ea1b927dbb4585dbe061afb26b7f605ba8ea82c0462346399cd3533f11a3eef7d342ba980751a949fffc741edb658e86
+  metadata.gz: 1a52f980b4dc26cec6b1a816c86db727254a87a3c436f662af5a15b9de7f2ba06823441bcc5ff052f156deed45fa1d8e8af0bc9ce708e1b3a6e9f813c2503862
+  data.tar.gz: 453c7387c83013eba0f9081374c957aafc493d972064601684f7f6b746fc3a454ff49b529f4f9f5330302693af3a1aa3f3c1b78a898824c02a84a4905433a561

data/README.md CHANGED Viewed

@@ -22,22 +22,22 @@ Or install it yourself as:
 $ gem install omniauth-okta
 ```
-### Environment Variables
-```bash
-OKTA_CLIENT_ID     # required
-OKTA_CLIENT_SECRET # required
-OKTA_ORG           # required - defaults to 'your-org' if unset
-OKTA_DOMAIN        # optional - defaults to 'okta.com' if unset
-```
 ### OmniAuth
 Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET']
+  provider :okta, ENV['OKTA_CLIENT_ID'], ENV['OKTA_CLIENT_SECRET'], {
+    client_options: {
+      site:                 'https://your-org.okta.com',
+      authorization_server: '<authorization_server>',
+      authorize_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/authorize',
+      token_url:            'https://your-org.okta.com/oauth2/<authorization_server>/v1/token',
+      user_info_url:        'https://your-org.okta.com/oauth2/<authorization_server>/v1/userinfo',
+      audience:             'api://your-audience'
+    }
+  }
 end
 ```
@@ -57,9 +57,15 @@ or add options like the following:
   config.omniauth(:okta,
                   ENV['OKTA_CLIENT_ID'],
                   ENV['OKTA_CLIENT_SECRET'],
-                  :scope => 'openid profile email',
-                  :fields => ['profile', 'email'],
-                  :strategy_class => OmniAuth::Strategies::Okta)
+                  scope: 'openid profile email',
+                  fields: ['profile', 'email'],
+                  client_options: {
+                    site:          'https://your-org.okta.com',
+                    authorize_url: 'https://your-org.okta.com/oauth2/default/v1/authorize',
+                    token_url:     'https://your-org.okta.com/oauth2/default/v1/token',
+                    user_info_url: 'https://your-org.okta.com/oauth2/default/v1/userinfo',
+                  },
+                  strategy_class: OmniAuth::Strategies::Okta)
 ```
 Then add the following to 'config/routes.rb' so the callback routes are defined.

data/lib/omniauth/strategies/okta.rb CHANGED Viewed

@@ -5,24 +5,22 @@ require 'omniauth-oauth2'
 module OmniAuth
   module Strategies
     class Okta < OmniAuth::Strategies::OAuth2
-      ORG           = ENV['OKTA_ORG']    || 'your-org'
-      DOMAIN        = ENV['OKTA_DOMAIN'] || 'okta'
-      BASE_URL      = "https://#{ORG}.#{DOMAIN}.com"
-      DEFAULT_SCOPE = %[openid profile email].freeze
+      DEFAULT_SCOPE = %{openid profile email}.freeze
       option :name, 'okta'
       option :skip_jwt, false
       option :jwt_leeway, 60
+      # These are defaults that need to be overriden on an implementation
       option :client_options, {
-        site:          BASE_URL,
-        authorize_url: "#{BASE_URL}/oauth2/v1/authorize",
-        token_url:     "#{BASE_URL}/oauth2/v1/token",
-        response_type: 'id_token'
+        site:                 'https://your-org.okta.com',
+        authorize_url:        'https://your-org.okta.com/oauth2/default/v1/authorize',
+        token_url:            'https://your-org.okta.com/oauth2/default/v1/token',
+        user_info_url:        'https://your-org.okta.com/oauth2/default/v1/userinfo',
+        response_type:        'id_token',
+        authorization_server: 'default',
+        audience:             'api://default'
       }
       option :scope, DEFAULT_SCOPE
       uid { raw_info['sub'] }
@@ -38,40 +36,61 @@ module OmniAuth
       end
       extra do
-        hash = {}
-        hash[:raw_info] = raw_info unless skip_info?
-        hash[:id_token] = access_token.token
-        if !options[:skip_jwt] && !access_token.token.nil?
-          hash[:id_info] = validated_token(access_token.token)
+        {}.tap do |h|
+          h[:raw_info] = raw_info unless skip_info?
+          if access_token
+            h[:id_token] = id_token
+            if !options[:skip_jwt] && !id_token.nil?
+              h[:id_info] = validated_token(id_token)
+            end
+          end
         end
-        hash
       end
-      alias :oauth2_access_token :access_token
-      def access_token
-        ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
-          :expires_in => oauth2_access_token.expires_in,
-          :expires_at => oauth2_access_token.expires_at
-        })
+      def client_options
+        options.fetch(:client_options)
       end
       def raw_info
-        @_raw_info ||= access_token.get('/oauth2/v1/userinfo').parsed || {}
+        @_raw_info ||= access_token.get(client_options.fetch(:user_info_url)).parsed || {}
       rescue ::Errno::ETIMEDOUT
         raise ::Timeout::Error
       end
-      def request_phase
-        super
+      def callback_url
+        options[:redirect_uri] || (full_host + callback_path)
       end
-      def callback_phase
-        super
+      def id_token
+        return if access_token.nil?
+        access_token['id_token']
       end
-      def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
+      # Returns the qualified URL for the authorization server
+      #
+      # This is necessary in the case where there is a custom authorization server.
+      #
+      # Okta provides a default, by default.
+      #
+      # @return [String]
+      def authorization_server_path
+        site                 = client_options.fetch(:site)
+        authorization_server = client_options.fetch(:authorization_server, 'default')
+        "#{site}/oauth2/#{authorization_server}"
+      end
+      # Specifies the audience for the authorization server
+      #
+      # By default, this is +'default'+. If using a custom authorization
+      # server, this will need to be set
+      #
+      # @return [String]
+      def authorization_server_audience
+        client_options.fetch(:audience, 'default')
       end
       def validated_token(token)
@@ -79,16 +98,16 @@ module OmniAuth
                    nil,
                    false,
                    verify_iss:        true,
-                   iss:               BASE_URL,
                    verify_aud:        true,
-                   aud:               BASE_URL,
+                   iss:               authorization_server_path,
+                   aud:               authorization_server_audience,
                    verify_sub:        true,
                    verify_expiration: true,
                    verify_not_before: true,
                    verify_iat:        true,
                    verify_jti:        false,
                    leeway:            options[:jwt_leeway]
-                   ).first
+        ).first
       end
     end
   end

data/lib/omniauth-okta/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module OmniAuth
   module Okta
-    VERSION = '0.1.1'
+    VERSION = '2.0.0.rc1'.freeze
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-okta
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 2.0.0.rc1
 platform: ruby
 authors:
 - Dan Andrews
+- Hector Rios
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-11-08 00:00:00.000000000 Z
+date: 2022-04-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -16,48 +17,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.4.0
-    - - "<"
+        version: '1.7'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 1.7.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 1.4.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
+        version: '1.7'
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -78,14 +65,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.7'
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -103,6 +90,7 @@ dependencies:
 description: Unofficial OmniAuth OAuth2 strategy for Okta
 email:
 - daniel.raymond.andrews@gmail.com
+- that.hector@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -128,12 +116,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 3.0.3.1
 signing_key:
 specification_version: 4
 summary: Unofficial OmniAuth OAuth2 strategy for Okta