omniauth-oktaoauth 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: b695f67514cd436ccab6c0b388006fe403cfa20370af91cdc56224c70c640358
4
+ data.tar.gz: f8b08d8665ef58cf0fdb1dafabc35c15d3a8f02362f17e87825e73741de7de08
5
+ SHA512:
6
+ metadata.gz: 1a23a2ad5f7af234cd336d19cfdc93854ea491ab9c9ea3dbee08a6f2d9d0b0a268bc9af3b7309885027e92f5f9cd081515a40ae82b2dd153c6429712ee649640
7
+ data.tar.gz: e4c1e01ea10b9b6bf4cc38f391e7686bbd5cd0096524b4bc0485f87d7ef843dac91c19fd4951f25de214f00e65ed7d70a99dda0d6f7f9188acf5152cfb8c5755
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2017 Dan Andrews
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,135 @@
1
+ # omniauth-oktaoauth OmniAuth Okta OAuth2 Strategy
2
+
3
+
4
+ Continues the great work done by Danandrews at the original repo: https://github.com/dandrews/omniauth-oktaoauth.
5
+
6
+ This newer version now supports options for Okta's Api Access Management and Custom Oauth Tokens and Urls. Important to note that is this not an officially released tool and maybe subject to change.
7
+
8
+
9
+
10
+ This strategy can both use Okta's OIDC and Api Access Management Flows. See [developer docs](https://developer.okta.com/docs/api/resources/oidc.html) for more details.
11
+
12
+ ## Installation
13
+
14
+ Add this line to your application's Gemfile:
15
+
16
+ ```ruby
17
+ gem 'omniauth-oktaoauth'
18
+ ```
19
+
20
+ And then execute:
21
+ ```bash
22
+ $ bundle install
23
+ ```
24
+
25
+ Or install it yourself as:
26
+ ```bash
27
+ $ gem install omniauth-oktaoauth
28
+ ```
29
+
30
+ ### Environment Variables
31
+
32
+ ```bash
33
+ OKTA_CLIENT_ID # required
34
+ OKTA_CLIENT_SECRET # required
35
+ # optional - defaults to 'okta.com' if unset
36
+ required client options are
37
+ site: "your okta org or full issuer with okta"
38
+ authorize_url: "your authorization url"
39
+ token_url: "your token url"
40
+
41
+ These end points for custom auth servers can be found at {your okta org or custom url}/oauth2/{your server id}/.well-known/oauth-authorization-server
42
+
43
+ For Oidc only it is {your okta org or custom url}/.well-known/openid-configuration
44
+
45
+
46
+
47
+ ### Devise
48
+
49
+ Here is an example with Devise in `config/initializers/devise.rb`.
50
+
51
+ Configuration options can be passed as the last parameter here as key/value pairs.
52
+
53
+ or add options like the following:
54
+
55
+ ```ruby
56
+ require 'omniauth-oktaoauth'
57
+ config.omniauth(:oktaoauth,
58
+ ENV['OKTA_CLIENT_ID'],
59
+ ENV['OKTA_CLIENT_SECRET'],
60
+ :scope => 'openid profile email',
61
+ :fields => ['profile', 'email'],
62
+ :client_options => {site: ENV['OKTA_ISSUER'], authorize_url: ENV['OKTA_ISSUER'] + "/v1/authorize", token_url: ENV['OKTA_ISSUER'] + "/v1/token"},
63
+ :redirect_uri => ENV["OKTA_REDIRECT_URI"],
64
+ :auth_server_id => ENV['OKTA_AUTH_SERVER_ID'],
65
+ :issuer => ENV['OKTA_ISSUER'],
66
+ :strategy_class => OmniAuth::Strategies::Oktaoauth)
67
+ ```
68
+
69
+ Then add the following to 'config/routes.rb' so the callback routes are defined.
70
+
71
+ ```ruby
72
+ devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
73
+ ```
74
+
75
+ Make sure your model is omniauthable. Generally this is "/app/models/user.rb"
76
+
77
+ ```ruby
78
+ devise :omniauthable, omniauth_providers: [:oktaoauth]
79
+ ```
80
+
81
+ ## Auth Hash
82
+
83
+ Here's an example of an authentication hash available in the callback by accessing `request.env['omniauth.auth']`:
84
+
85
+ ```ruby
86
+ {
87
+ "provider" => "okta",
88
+ "uid" => "0000000000000001",
89
+ "info" => {
90
+ "name" => "John Smith",
91
+ "email" => "john@example.com",
92
+ "first_name" => "John",
93
+ "last_name" => "Smith",
94
+ "image" => "https://photohosting.com/john.jpg"
95
+ },
96
+ "credentials" => {
97
+ "token" => "TOKEN",
98
+ "expires_at" => 1496617411,
99
+ "expires" => true
100
+ },
101
+ "extra" => {
102
+ "raw_info" => {
103
+ "sub" => "0000000000000001",
104
+ "name" => "John Smith",
105
+ "locale" => "en-US",
106
+ "email" => "john@example.com",
107
+ "picture" => "https://photohosting.com/john.jpg",
108
+ "website" => "https://example.com",
109
+ "preferred_username" => "john@example.com",
110
+ "given_name" => "John",
111
+ "family_name" => "Smith",
112
+ "zoneinfo" => "America/Los_Angeles",
113
+ "updated_at" => 1496611646,
114
+ "email_verified" => true
115
+ },
116
+ "id_token" => "TOKEN",
117
+ "id_info" => {
118
+ "ver" => 1,
119
+ "jti" => "AT.D2sslkfjdsldjf899n090sldkfj",
120
+ "iss" => "https://your-org.okta.com",
121
+ "aud" => "https://your-org.okta.com",
122
+ "sub" => "john@example.com",
123
+ "iat" => 1496613811,
124
+ "exp" => 1496617411,
125
+ "cid" => "CLIENT_ID",
126
+ "uid" => "0000000000000001",
127
+ "scp" => ["email", "profile", "openid"]
128
+ }
129
+ }
130
+ }
131
+ ```
132
+
133
+
134
+ ## License
135
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,34 @@
1
+ begin
2
+ require 'bundler/setup'
3
+ rescue LoadError
4
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
5
+ end
6
+
7
+ require 'rdoc/task'
8
+
9
+ RDoc::Task.new(:rdoc) do |rdoc|
10
+ rdoc.rdoc_dir = 'rdoc'
11
+ rdoc.title = 'Omniauth::Okta'
12
+ rdoc.options << '--line-numbers'
13
+ rdoc.rdoc_files.include('README.md')
14
+ rdoc.rdoc_files.include('lib/**/*.rb')
15
+ end
16
+
17
+
18
+
19
+
20
+
21
+
22
+ require 'bundler/gem_tasks'
23
+
24
+ require 'rake/testtask'
25
+
26
+ Rake::TestTask.new(:test) do |t|
27
+ t.libs << 'lib'
28
+ t.libs << 'test'
29
+ t.pattern = 'test/**/*_test.rb'
30
+ t.verbose = false
31
+ end
32
+
33
+
34
+ task default: :test
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "omniauth-oktaoauth/version"
4
+ require "omniauth/strategies/oktaoauth"
@@ -0,0 +1,7 @@
1
+ # frozen_string_literal: true
2
+
3
+ module OmniAuth
4
+ module Oktaoauth
5
+ VERSION = '0.1.1'
6
+ end
7
+ end
@@ -0,0 +1,100 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth-oauth2'
4
+
5
+ module OmniAuth
6
+ module Strategies
7
+ class Okta < OmniAuth::Strategies::OAuth2
8
+
9
+
10
+ DEFAULT_SCOPE = %[openid profile email].freeze
11
+
12
+ option :name, 'okta'
13
+
14
+ option :skip_jwt, false
15
+ option :jwt_leeway, 60
16
+
17
+ option :client_options, {
18
+ site: "configure this part ins client options with devise",
19
+ authorize_url: "configure this part in client options with devise",
20
+ token_url: "configure this part in client options with devise",
21
+ response_type: 'id_token'
22
+ }
23
+
24
+ option :scope, DEFAULT_SCOPE
25
+
26
+ uid { raw_info['sub'] }
27
+
28
+ info do
29
+ {
30
+ name: raw_info['name'],
31
+ email: raw_info['email'],
32
+ first_name: raw_info['given_name'],
33
+ last_name: raw_info['family_name'],
34
+ image: raw_info['picture']
35
+ }
36
+ end
37
+
38
+ extra do
39
+ hash = {}
40
+
41
+ hash[:raw_info] = raw_info unless skip_info?
42
+ hash[:id_token] = access_token.token
43
+ if !options[:skip_jwt] && !access_token.token.nil?
44
+ hash[:id_info] = validated_token(access_token.token)
45
+ end
46
+ hash
47
+ end
48
+
49
+ alias :oauth2_access_token :access_token
50
+
51
+ def access_token
52
+ ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
53
+ :expires_in => oauth2_access_token.expires_in,
54
+ :expires_at => oauth2_access_token.expires_at
55
+ })
56
+ end
57
+
58
+ def raw_info
59
+ if options[:auth_server_id]
60
+ options[:auth_server_id] = options[:auth_server_id] + "/"
61
+ else
62
+ options[:auth_server_id] = ""
63
+ end
64
+
65
+ @_raw_info ||= access_token.get('/oauth2/' + options[:auth_server_id] + 'v1/userinfo').parsed || {}
66
+ rescue ::Errno::ETIMEDOUT
67
+ raise ::Timeout::Error
68
+ end
69
+
70
+ def request_phase
71
+ super
72
+ end
73
+
74
+ def callback_phase
75
+ super
76
+ end
77
+
78
+ def callback_url
79
+ options[:redirect_uri] || (full_host + script_name + callback_path)
80
+ end
81
+
82
+ def validated_token(token)
83
+ JWT.decode(token,
84
+ nil,
85
+ false,
86
+ verify_iss: true,
87
+ iss: options[:issuer],
88
+ verify_aud: true,
89
+ aud: options[:audience],
90
+ verify_sub: true,
91
+ verify_expiration: true,
92
+ verify_not_before: true,
93
+ verify_iat: true,
94
+ verify_jti: false,
95
+ leeway: options[:jwt_leeway]
96
+ ).first
97
+ end
98
+ end
99
+ end
100
+ end
metadata ADDED
@@ -0,0 +1,141 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-oktaoauth
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.1
5
+ platform: ruby
6
+ authors:
7
+ - Dan Andrews
8
+ - Andrew Van Beek
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2018-06-03 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: omniauth
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - "~>"
19
+ - !ruby/object:Gem::Version
20
+ version: '1.5'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - "~>"
26
+ - !ruby/object:Gem::Version
27
+ version: '1.5'
28
+ - !ruby/object:Gem::Dependency
29
+ name: omniauth-oauth2
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: 1.4.0
35
+ - - "<"
36
+ - !ruby/object:Gem::Version
37
+ version: '2.0'
38
+ type: :runtime
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ requirements:
42
+ - - ">="
43
+ - !ruby/object:Gem::Version
44
+ version: 1.4.0
45
+ - - "<"
46
+ - !ruby/object:Gem::Version
47
+ version: '2.0'
48
+ - !ruby/object:Gem::Dependency
49
+ name: bundler
50
+ requirement: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.5'
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '1.5'
62
+ - !ruby/object:Gem::Dependency
63
+ name: rake
64
+ requirement: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ type: :development
70
+ prerelease: false
71
+ version_requirements: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - ">="
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ - !ruby/object:Gem::Dependency
77
+ name: rspec
78
+ requirement: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.7'
83
+ type: :development
84
+ prerelease: false
85
+ version_requirements: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '2.7'
90
+ - !ruby/object:Gem::Dependency
91
+ name: rack-test
92
+ requirement: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ type: :development
98
+ prerelease: false
99
+ version_requirements: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ description: OmniAuth OAuth2 strategy for Okta
105
+ email:
106
+ - andrew.vanbeek@okta.com
107
+ executables: []
108
+ extensions: []
109
+ extra_rdoc_files: []
110
+ files:
111
+ - MIT-LICENSE
112
+ - README.md
113
+ - Rakefile
114
+ - lib/omniauth-okta.rb
115
+ - lib/omniauth-okta/version.rb
116
+ - lib/omniauth/strategies/okta.rb
117
+ homepage: ''
118
+ licenses:
119
+ - MIT
120
+ metadata: {}
121
+ post_install_message:
122
+ rdoc_options: []
123
+ require_paths:
124
+ - lib
125
+ required_ruby_version: !ruby/object:Gem::Requirement
126
+ requirements:
127
+ - - ">="
128
+ - !ruby/object:Gem::Version
129
+ version: '0'
130
+ required_rubygems_version: !ruby/object:Gem::Requirement
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ requirements: []
136
+ rubyforge_project:
137
+ rubygems_version: 2.7.7
138
+ signing_key:
139
+ specification_version: 4
140
+ summary: OmniAuth OAuth2 strategy for Okta
141
+ test_files: []