omniauth-openid-connector 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +0 -6
- data/README.md +19 -23
- data/Rakefile +1 -1
- data/lib/{omniauth-openid-connect.rb → omniauth-openid-reconnect.rb} +0 -0
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +27 -161
- data/omniauth-openid-connector.gemspec +19 -18
- data/test/lib/omniauth/strategies/openid_connect_test.rb +14 -269
- data/test/test_helper.rb +3 -3
- metadata +110 -47
- data/test/fixtures/id_token.txt +0 -1
- data/test/fixtures/jwks.json +0 -8
- data/test/fixtures/test.crt +0 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a69bcc57174002bc9f39a4bd117a3d80468acc63
|
4
|
+
data.tar.gz: f5ab0cfe2a4946aeabfc9a97b1248ff5f274dd4a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50fa8b71d81a966b190e4be4e351e0a757fdfb220993f8c03cde5fbe8396a52acf0efa850c9168ae6f168f17d4a4bb0634da19835e626255b99c13fd242a6a1d
|
7
|
+
data.tar.gz: c5943ab8d31d47641dfc7a1e943f3b0abf9ece5410fb0765947bfe93ce25d454d9a96917a42821cc804f1502a84863560a93e9a3de996abebf835b9e513aecb4
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -1,16 +1,26 @@
|
|
1
1
|
# OmniAuth::OpenIDConnect
|
2
|
-
|
3
2
|
OpenID Connect strategy for OmniAuth
|
4
|
-
[](http://badge.fury.io/rb/omniauth-openid-reconnect)
|
4
|
+
[](https://travis-ci.org/thinkthroughmath/omniauth-openid-reconnect)
|
5
|
+
[](https://coveralls.io/r/thinkthroughmath/omniauth-openid-reconnect?branch=master)
|
6
|
+
[](https://codeclimate.com/github/thinkthroughmath/omniauth-openid-reconnect)
|
7
|
+
|
8
|
+
## Background
|
9
|
+
|
10
|
+
This is derrived work from `jjbohn/omniauth-openid-connect` which appears to be abandoned at this point. I have continued to merge PR's placed against that repo. But I have added enough of my own changes that it is diverged enough to re-release. @ThinkThroughMath actively utilizes this strategy and we will do our best to maintain it.
|
11
|
+
|
12
|
+
### Whats different.
|
13
|
+
|
14
|
+
- Using Addressable 2.2.8 - In 2.3+ `addressable` decided that the way that Rails 3 handles param[] items was too hard to handle and removed the feature. This breaking change within a semantic version makes using addressable > 2.3 difficult in existing applications. There is no impact on the auth strategy though.
|
15
|
+
- Better devise support be returning a default `name` options parameter
|
16
|
+
- Partial integration of google `nonce` requirement.
|
17
|
+
- Inclusing of aging PRs from the parent gem this replaces.
|
8
18
|
|
9
19
|
## Installation
|
10
20
|
|
11
21
|
Add this line to your application's Gemfile:
|
12
22
|
|
13
|
-
gem 'omniauth-openid-
|
23
|
+
gem 'omniauth-openid-reconnect'
|
14
24
|
|
15
25
|
And then execute:
|
16
26
|
|
@@ -18,14 +28,13 @@ And then execute:
|
|
18
28
|
|
19
29
|
Or install it yourself as:
|
20
30
|
|
21
|
-
$ gem install omniauth-openid-
|
31
|
+
$ gem install omniauth-openid-reconnect
|
22
32
|
|
23
33
|
## Usage
|
24
34
|
|
25
35
|
Example configuration
|
26
36
|
```ruby
|
27
37
|
config.omniauth :openid_connect, {
|
28
|
-
name: :my_provider,
|
29
38
|
scope: [:openid, :email, :profile, :address],
|
30
39
|
response_type: :code,
|
31
40
|
client_options: {
|
@@ -40,31 +49,18 @@ config.omniauth :openid_connect, {
|
|
40
49
|
```
|
41
50
|
|
42
51
|
Configuration details:
|
43
|
-
* `name` is
|
44
|
-
configuration exists because you could be using multiple OpenID Connect
|
45
|
-
providers in a single app.
|
52
|
+
* `name` is an optional requirement as of `omniauth-1.2` but it does have an effect with dealing with devise and is the base for which devise uses to create routes identified with `devise_for`. The default is set to the expected camelization of `openid_connect`. If you need to override it you can pass the `name` parameter to the config hash. **Be aware** that what you set this to will be the provider for your devise routes.
|
46
53
|
* Although `response_type` is an available option, currently, only `:code`
|
47
54
|
is valid. There are plans to bring in implicit flow and hybrid flow at some
|
48
55
|
point, but it hasn't come up yet for me. Those flows aren't best practive for
|
49
56
|
server side web apps anyway and are designed more for native/mobile apps.
|
50
|
-
* If you want to pass `state` paramete by yourself. You can set Proc Object.
|
51
|
-
e.g. `state: Proc.new{ SecureRandom.hex(32) }`
|
52
|
-
* `nonce` is optional. If don't want to pass "nonce" parameter to provider, You should specify
|
53
|
-
`false` to `send_nonce` option. (default true)
|
54
|
-
* Support for other client authentication methods. If don't specified
|
55
|
-
`:client_auth_method` option, automatically set `:basic`.
|
56
|
-
* Use "OpenID Connect Discovery", You should specify `true` to `discovery` option. (default false)
|
57
|
-
* In "OpenID Connect Discovery", generally provider should have Webfinger endpoint.
|
58
|
-
If provider does not have Webfinger endpoint, You can specify "Issuer" to option.
|
59
|
-
e.g. `issuer: "https://myprovider.com"`
|
60
|
-
It means to get configuration from "https://myprovider.com/.well-known/openid-configuration".
|
61
57
|
|
62
58
|
For the full low down on OpenID Connect, please check out
|
63
59
|
[the spec](http://openid.net/specs/openid-connect-core-1_0.html).
|
64
60
|
|
65
61
|
## Contributing
|
66
62
|
|
67
|
-
1. Fork it ( http://github.com/
|
63
|
+
1. Fork it ( http://github.com/thinkthroughmath/omniauth-openid-reconnect/fork )
|
68
64
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
69
65
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
70
66
|
4. Push to the branch (`git push origin my-new-feature`)
|
data/Rakefile
CHANGED
File without changes
|
@@ -1,9 +1,7 @@
|
|
1
1
|
require 'addressable/uri'
|
2
|
-
require
|
3
|
-
require 'net/http'
|
4
|
-
require 'open-uri'
|
2
|
+
require "net/http"
|
5
3
|
require 'omniauth'
|
6
|
-
require
|
4
|
+
require "openid_connect"
|
7
5
|
|
8
6
|
module OmniAuth
|
9
7
|
module Strategies
|
@@ -19,28 +17,20 @@ module OmniAuth
|
|
19
17
|
port: 443,
|
20
18
|
authorization_endpoint: "/authorize",
|
21
19
|
token_endpoint: "/token",
|
22
|
-
userinfo_endpoint: "/userinfo"
|
23
|
-
jwks_uri: '/jwk'
|
20
|
+
userinfo_endpoint: "/userinfo"
|
24
21
|
}
|
25
|
-
option :
|
26
|
-
option :discovery, false
|
27
|
-
option :client_signing_alg
|
28
|
-
option :client_jwk_signing_key
|
29
|
-
option :client_x509_signing_key
|
22
|
+
option :name, 'openid_connect'
|
30
23
|
option :scope, [:openid]
|
31
24
|
option :response_type, "code"
|
32
25
|
option :state
|
33
26
|
option :response_mode
|
34
|
-
option :display, nil
|
35
|
-
option :prompt, nil
|
36
|
-
option :hd, nil
|
27
|
+
option :display, nil#, [:page, :popup, :touch, :wap]
|
28
|
+
option :prompt, nil#, [:none, :login, :consent, :select_account]
|
37
29
|
option :max_age
|
38
30
|
option :ui_locales
|
39
31
|
option :id_token_hint
|
40
32
|
option :login_hint
|
41
33
|
option :acr_values
|
42
|
-
option :send_nonce, true
|
43
|
-
option :send_scope_to_token_endpoint, true
|
44
34
|
option :client_auth_method
|
45
35
|
|
46
36
|
uid { user_info.sub }
|
@@ -60,57 +50,31 @@ module OmniAuth
|
|
60
50
|
end
|
61
51
|
|
62
52
|
extra do
|
63
|
-
{raw_info: user_info.raw_attributes}
|
53
|
+
{ raw_info: user_info.raw_attributes }
|
64
54
|
end
|
65
55
|
|
66
56
|
credentials do
|
67
|
-
{
|
68
|
-
id_token: access_token.id_token,
|
69
|
-
token: access_token.access_token,
|
70
|
-
refresh_token: access_token.refresh_token,
|
71
|
-
expires_in: access_token.expires_in,
|
72
|
-
scope: access_token.scope
|
73
|
-
}
|
57
|
+
{ token: access_token.access_token }
|
74
58
|
end
|
75
59
|
|
76
60
|
def client
|
77
61
|
@client ||= ::OpenIDConnect::Client.new(client_options)
|
78
62
|
end
|
79
63
|
|
80
|
-
def config
|
81
|
-
@config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
|
82
|
-
end
|
83
|
-
|
84
64
|
def request_phase
|
85
|
-
options.issuer = issuer if options.issuer.blank?
|
86
|
-
discover! if options.discovery
|
87
65
|
redirect authorize_uri
|
88
66
|
end
|
89
67
|
|
90
68
|
def callback_phase
|
91
|
-
|
92
|
-
if error
|
93
|
-
raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
|
94
|
-
elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state
|
95
|
-
return Rack::Response.new(['401 Unauthorized'], 401).finish
|
96
|
-
elsif !request.params["code"]
|
69
|
+
if !request.params["code"]
|
97
70
|
return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
|
98
|
-
else
|
99
|
-
options.issuer = issuer if options.issuer.blank?
|
100
|
-
discover! if options.discovery
|
101
|
-
client.redirect_uri = client_options.redirect_uri
|
102
|
-
client.authorization_code = authorization_code
|
103
|
-
access_token
|
104
|
-
super
|
105
71
|
end
|
106
|
-
rescue CallbackError => e
|
107
|
-
fail!(:invalid_credentials, e)
|
108
|
-
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
|
109
|
-
fail!(:timeout, e)
|
110
|
-
rescue ::SocketError => e
|
111
|
-
fail!(:failed_to_connect, e)
|
112
|
-
end
|
113
72
|
|
73
|
+
client.redirect_uri = client_options.redirect_uri
|
74
|
+
client.authorization_code = authorization_code
|
75
|
+
access_token
|
76
|
+
super
|
77
|
+
end
|
114
78
|
|
115
79
|
def authorization_code
|
116
80
|
request.params["code"]
|
@@ -118,132 +82,34 @@ module OmniAuth
|
|
118
82
|
|
119
83
|
def authorize_uri
|
120
84
|
client.redirect_uri = client_options.redirect_uri
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
hd: options.hd,
|
127
|
-
}
|
128
|
-
client.authorization_uri(opts.reject{|k,v| v.nil?})
|
129
|
-
end
|
130
|
-
|
131
|
-
def public_key
|
132
|
-
if options.discovery
|
133
|
-
config.jwks
|
134
|
-
else
|
135
|
-
key_or_secret
|
136
|
-
end
|
85
|
+
client.authorization_uri(
|
86
|
+
response_type: options.response_type,
|
87
|
+
scope: options.scope#,
|
88
|
+
# nonce: nonce
|
89
|
+
)
|
137
90
|
end
|
138
91
|
|
139
92
|
private
|
140
93
|
|
141
|
-
def issuer
|
142
|
-
resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
|
143
|
-
::OpenIDConnect::Discovery::Provider.discover!(resource).issuer
|
144
|
-
end
|
145
|
-
|
146
|
-
def discover!
|
147
|
-
client_options.authorization_endpoint = config.authorization_endpoint
|
148
|
-
client_options.token_endpoint = config.token_endpoint
|
149
|
-
client_options.userinfo_endpoint = config.userinfo_endpoint
|
150
|
-
client_options.jwks_uri = config.jwks_uri
|
151
|
-
end
|
152
|
-
|
153
94
|
def user_info
|
154
95
|
@user_info ||= access_token.userinfo!
|
155
96
|
end
|
156
97
|
|
157
98
|
def access_token
|
158
|
-
@access_token ||=
|
159
|
-
_access_token = client.access_token!(
|
160
|
-
scope: (options.scope if options.send_scope_to_token_endpoint),
|
161
|
-
client_auth_method: options.client_auth_method
|
162
|
-
)
|
163
|
-
_id_token = decode_id_token _access_token.id_token
|
164
|
-
_id_token.verify!(
|
165
|
-
issuer: options.issuer,
|
166
|
-
client_id: client_options.identifier,
|
167
|
-
nonce: stored_nonce
|
168
|
-
)
|
169
|
-
_access_token
|
170
|
-
}.call()
|
171
|
-
end
|
172
|
-
|
173
|
-
def decode_id_token(id_token)
|
174
|
-
::OpenIDConnect::ResponseObject::IdToken.decode(id_token, public_key)
|
99
|
+
@access_token ||= client.access_token!(:client_auth_method => options.client_auth_method)
|
175
100
|
end
|
176
101
|
|
177
|
-
|
178
102
|
def client_options
|
179
103
|
options.client_options
|
180
104
|
end
|
181
105
|
|
182
|
-
def
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
end
|
190
|
-
|
191
|
-
def new_nonce
|
192
|
-
session['omniauth.nonce'] = SecureRandom.hex(16)
|
193
|
-
end
|
194
|
-
|
195
|
-
def stored_nonce
|
196
|
-
session.delete('omniauth.nonce')
|
197
|
-
end
|
198
|
-
|
199
|
-
def session
|
200
|
-
@env.nil? ? {} : super
|
201
|
-
end
|
202
|
-
|
203
|
-
def key_or_secret
|
204
|
-
case options.client_signing_alg
|
205
|
-
when :HS256, :HS384, :HS512
|
206
|
-
return client_options.secret
|
207
|
-
when :RS256, :RS384, :RS512
|
208
|
-
if options.client_jwk_signing_key
|
209
|
-
return parse_jwk_key(options.client_jwk_signing_key)
|
210
|
-
elsif options.client_x509_signing_key
|
211
|
-
return parse_x509_key(options.client_x509_signing_key)
|
212
|
-
end
|
213
|
-
else
|
214
|
-
end
|
215
|
-
end
|
216
|
-
|
217
|
-
def parse_x509_key(key)
|
218
|
-
OpenSSL::X509::Certificate.new(key).public_key
|
219
|
-
end
|
220
|
-
|
221
|
-
def parse_jwk_key(key)
|
222
|
-
json = JSON.parse(key)
|
223
|
-
if json.has_key?('keys')
|
224
|
-
JSON::JWK::Set.new json['keys']
|
225
|
-
else
|
226
|
-
JSON::JWK.new json
|
227
|
-
end
|
228
|
-
end
|
229
|
-
|
230
|
-
def decode(str)
|
231
|
-
UrlSafeBase64.decode64(str).unpack('B*').first.to_i(2).to_s
|
232
|
-
end
|
233
|
-
|
234
|
-
class CallbackError < StandardError
|
235
|
-
attr_accessor :error, :error_reason, :error_uri
|
236
|
-
|
237
|
-
def initialize(error, error_reason=nil, error_uri=nil)
|
238
|
-
self.error = error
|
239
|
-
self.error_reason = error_reason
|
240
|
-
self.error_uri = error_uri
|
241
|
-
end
|
242
|
-
|
243
|
-
def message
|
244
|
-
[error, error_reason, error_uri].compact.join(' | ')
|
245
|
-
end
|
246
|
-
end
|
106
|
+
# def nonce
|
107
|
+
# session[:nonce] = SecureRandom.hex(16)
|
108
|
+
# end
|
109
|
+
#
|
110
|
+
# def session
|
111
|
+
# @env.nil? ? {} : super
|
112
|
+
# end
|
247
113
|
end
|
248
114
|
end
|
249
115
|
end
|
@@ -7,10 +7,10 @@ Gem::Specification.new do |spec|
|
|
7
7
|
spec.name = "omniauth-openid-connector"
|
8
8
|
spec.version = OmniAuth::OpenIDConnect::VERSION
|
9
9
|
spec.authors = ["Danial Oberg"]
|
10
|
-
spec.email = ["
|
11
|
-
spec.summary = %q{OpenID Connect Strategy for OmniAuth}
|
12
|
-
spec.description = %q{OpenID Connect Strategy for OmniAuth}
|
13
|
-
spec.homepage = "https://github.com/doberg/omniauth-openid-
|
10
|
+
spec.email = ["dan@cs1.com"]
|
11
|
+
spec.summary = %q{OpenID Connect Strategy MK2 for OmniAuth}
|
12
|
+
spec.description = %q{OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with devise and rails and currently maintained. Derived from jjbohn's work which is not actively maintained}
|
13
|
+
spec.homepage = "https://github.com/doberg/omniauth-openid-reconnect"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0")
|
@@ -18,18 +18,19 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.add_dependency '
|
22
|
-
spec.add_dependency '
|
23
|
-
spec.add_dependency '
|
24
|
-
spec.
|
25
|
-
spec.add_development_dependency
|
26
|
-
spec.add_development_dependency
|
27
|
-
spec.add_development_dependency
|
28
|
-
spec.add_development_dependency
|
29
|
-
spec.add_development_dependency
|
30
|
-
spec.add_development_dependency
|
31
|
-
spec.add_development_dependency
|
32
|
-
spec.add_development_dependency
|
33
|
-
spec.add_development_dependency
|
34
|
-
spec.add_development_dependency
|
21
|
+
spec.add_dependency 'activesupport', '>= 0'
|
22
|
+
spec.add_dependency 'omniauth', '~> 1.6', '>= 1.6.1'
|
23
|
+
spec.add_dependency 'openid_connect', '= 1.1.2'
|
24
|
+
spec.add_dependency 'addressable', '~> 2.3', '>= 2.3.6' # Because there is a breaking change in 2.3 with the way rails params arrays are handled
|
25
|
+
spec.add_development_dependency 'bundler', '~> 1.15', '>= 1.15.1'
|
26
|
+
spec.add_development_dependency 'minitest', '~> 5.4'
|
27
|
+
spec.add_development_dependency 'mocha', '~> 1.2', '>= 1.2.1'
|
28
|
+
spec.add_development_dependency 'guard', '~> 2.14', '>= 2.14.1'
|
29
|
+
spec.add_development_dependency 'guard-minitest', '~> 2.4', '>= 2.4.6'
|
30
|
+
spec.add_development_dependency 'guard-bundler', '~> 2.1', '>= 2.1.0'
|
31
|
+
spec.add_development_dependency 'rake', '~> 12.0', '>= 12.0.0'
|
32
|
+
spec.add_development_dependency 'simplecov', '~> 0.14.1'
|
33
|
+
spec.add_development_dependency 'pry', '~> 0.10.4'
|
34
|
+
spec.add_development_dependency 'coveralls', '~> 0.8.21'
|
35
|
+
spec.add_development_dependency 'faker', '~> 1.8', '>= 1.8.2'
|
35
36
|
end
|
@@ -2,189 +2,35 @@ require_relative '../../../test_helper'
|
|
2
2
|
|
3
3
|
class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
4
4
|
def test_client_options_defaults
|
5
|
-
assert_equal
|
5
|
+
assert_equal "https", strategy.options.client_options.scheme
|
6
6
|
assert_equal 443, strategy.options.client_options.port
|
7
|
-
assert_equal
|
8
|
-
assert_equal
|
7
|
+
assert_equal "/authorize", strategy.options.client_options.authorization_endpoint
|
8
|
+
assert_equal "/token", strategy.options.client_options.token_endpoint
|
9
9
|
end
|
10
10
|
|
11
11
|
def test_request_phase
|
12
|
-
expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&
|
13
|
-
strategy.options.
|
14
|
-
strategy.options.client_options.host = 'example.com'
|
15
|
-
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
16
|
-
strategy.request_phase
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_request_phase_with_discovery
|
20
|
-
expected_redirect = /^https:\/\/example\.com\/authorization\?client_id=1234&nonce=[\w\d]{32}&response_type=code&scope=openid&state=[\w\d]{32}$/
|
21
|
-
strategy.options.client_options.host = 'example.com'
|
22
|
-
strategy.options.discovery = true
|
23
|
-
|
24
|
-
issuer = stub('OpenIDConnect::Discovery::Issuer')
|
25
|
-
issuer.stubs(:issuer).returns('https://example.com/')
|
26
|
-
::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
|
27
|
-
|
28
|
-
config = stub('OpenIDConnect::Discovery::Provder::Config')
|
29
|
-
config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
|
30
|
-
config.stubs(:token_endpoint).returns('https://example.com/token')
|
31
|
-
config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
|
32
|
-
config.stubs(:jwks_uri).returns('https://example.com/jwks')
|
33
|
-
::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
|
34
|
-
|
12
|
+
expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&response_type=code&scope=openid$/
|
13
|
+
strategy.options.client_options.host = "example.com"
|
35
14
|
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
36
15
|
strategy.request_phase
|
37
|
-
|
38
|
-
assert_equal strategy.options.issuer, 'https://example.com/'
|
39
|
-
assert_equal strategy.options.client_options.authorization_endpoint, 'https://example.com/authorization'
|
40
|
-
assert_equal strategy.options.client_options.token_endpoint, 'https://example.com/token'
|
41
|
-
assert_equal strategy.options.client_options.userinfo_endpoint, 'https://example.com/userinfo'
|
42
|
-
assert_equal strategy.options.client_options.jwks_uri, 'https://example.com/jwks'
|
43
16
|
end
|
44
17
|
|
45
18
|
def test_uid
|
46
19
|
assert_equal user_info.sub, strategy.uid
|
47
20
|
end
|
48
21
|
|
49
|
-
def test_callback_phase
|
22
|
+
def test_callback_phase
|
50
23
|
code = SecureRandom.hex(16)
|
51
|
-
|
52
|
-
|
53
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
54
|
-
request.stubs(:path_info).returns('')
|
55
|
-
|
56
|
-
strategy.options.issuer = 'example.com'
|
57
|
-
strategy.options.client_signing_alg = :RS256
|
58
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
59
|
-
|
60
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
61
|
-
id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
|
62
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
63
|
-
|
64
|
-
strategy.unstub(:user_info)
|
65
|
-
access_token = stub('OpenIDConnect::AccessToken')
|
66
|
-
access_token.stubs(:access_token)
|
67
|
-
access_token.stubs(:refresh_token)
|
68
|
-
access_token.stubs(:expires_in)
|
69
|
-
access_token.stubs(:scope)
|
70
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
71
|
-
client.expects(:access_token!).at_least_once.returns(access_token)
|
72
|
-
access_token.expects(:userinfo!).returns(user_info)
|
73
|
-
|
74
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
75
|
-
strategy.callback_phase
|
76
|
-
end
|
77
|
-
|
78
|
-
def test_callback_phase_with_discovery
|
79
|
-
code = SecureRandom.hex(16)
|
80
|
-
state = SecureRandom.hex(16)
|
81
|
-
nonce = SecureRandom.hex(16)
|
82
|
-
jwks = JSON::JWK::Set.new(JSON.parse(File.read('test/fixtures/jwks.json'))['keys'])
|
83
|
-
|
84
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
85
|
-
request.stubs(:path_info).returns('')
|
86
|
-
|
87
|
-
strategy.options.client_options.host = 'example.com'
|
88
|
-
strategy.options.discovery = true
|
89
|
-
|
90
|
-
issuer = stub('OpenIDConnect::Discovery::Issuer')
|
91
|
-
issuer.stubs(:issuer).returns('https://example.com/')
|
92
|
-
::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
|
93
|
-
|
94
|
-
config = stub('OpenIDConnect::Discovery::Provder::Config')
|
95
|
-
config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
|
96
|
-
config.stubs(:token_endpoint).returns('https://example.com/token')
|
97
|
-
config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
|
98
|
-
config.stubs(:jwks_uri).returns('https://example.com/jwks')
|
99
|
-
config.stubs(:jwks).returns(jwks)
|
100
|
-
|
101
|
-
::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
|
102
|
-
|
103
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
104
|
-
id_token.stubs(:verify!).with({:issuer => 'https://example.com/', :client_id => @identifier, :nonce => nonce}).returns(true)
|
105
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
24
|
+
request.stubs(:params).returns({"code" => code})
|
25
|
+
request.stubs(:path_info).returns("")
|
106
26
|
|
107
27
|
strategy.unstub(:user_info)
|
108
28
|
access_token = stub('OpenIDConnect::AccessToken')
|
109
29
|
access_token.stubs(:access_token)
|
110
|
-
|
111
|
-
access_token.stubs(:expires_in)
|
112
|
-
access_token.stubs(:scope)
|
113
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
114
|
-
client.expects(:access_token!).at_least_once.returns(access_token)
|
30
|
+
client.expects(:access_token!).returns(access_token)
|
115
31
|
access_token.expects(:userinfo!).returns(user_info)
|
116
32
|
|
117
|
-
strategy.call!({
|
118
|
-
strategy.callback_phase
|
119
|
-
end
|
120
|
-
|
121
|
-
def test_callback_phase_with_error
|
122
|
-
state = SecureRandom.hex(16)
|
123
|
-
nonce = SecureRandom.hex(16)
|
124
|
-
request.stubs(:params).returns({'error' => 'invalid_request'})
|
125
|
-
request.stubs(:path_info).returns('')
|
126
|
-
|
127
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
128
|
-
strategy.expects(:fail!)
|
129
|
-
strategy.callback_phase
|
130
|
-
end
|
131
|
-
|
132
|
-
def test_callback_phase_with_invalid_state
|
133
|
-
code = SecureRandom.hex(16)
|
134
|
-
state = SecureRandom.hex(16)
|
135
|
-
nonce = SecureRandom.hex(16)
|
136
|
-
request.stubs(:params).returns({'code' => code,'state' => 'foobar'})
|
137
|
-
request.stubs(:path_info).returns('')
|
138
|
-
|
139
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
140
|
-
result = strategy.callback_phase
|
141
|
-
|
142
|
-
assert result.kind_of?(Array)
|
143
|
-
assert result.first == 401, "Expecting unauthorized"
|
144
|
-
end
|
145
|
-
|
146
|
-
def test_callback_phase_with_timeout
|
147
|
-
code = SecureRandom.hex(16)
|
148
|
-
state = SecureRandom.hex(16)
|
149
|
-
nonce = SecureRandom.hex(16)
|
150
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
151
|
-
request.stubs(:path_info).returns('')
|
152
|
-
|
153
|
-
strategy.options.issuer = 'example.com'
|
154
|
-
|
155
|
-
strategy.stubs(:access_token).raises(::Timeout::Error.new('error'))
|
156
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
157
|
-
strategy.expects(:fail!)
|
158
|
-
strategy.callback_phase
|
159
|
-
end
|
160
|
-
|
161
|
-
def test_callback_phase_with_etimeout
|
162
|
-
code = SecureRandom.hex(16)
|
163
|
-
state = SecureRandom.hex(16)
|
164
|
-
nonce = SecureRandom.hex(16)
|
165
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
166
|
-
request.stubs(:path_info).returns('')
|
167
|
-
|
168
|
-
strategy.options.issuer = 'example.com'
|
169
|
-
|
170
|
-
strategy.stubs(:access_token).raises(::Errno::ETIMEDOUT.new('error'))
|
171
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
172
|
-
strategy.expects(:fail!)
|
173
|
-
strategy.callback_phase
|
174
|
-
end
|
175
|
-
|
176
|
-
def test_callback_phase_with_socket_error
|
177
|
-
code = SecureRandom.hex(16)
|
178
|
-
state = SecureRandom.hex(16)
|
179
|
-
nonce = SecureRandom.hex(16)
|
180
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
181
|
-
request.stubs(:path_info).returns('')
|
182
|
-
|
183
|
-
strategy.options.issuer = 'example.com'
|
184
|
-
|
185
|
-
strategy.stubs(:access_token).raises(::SocketError.new('error'))
|
186
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
187
|
-
strategy.expects(:fail!)
|
33
|
+
strategy.call!({"rack.session" => {}})
|
188
34
|
strategy.callback_phase
|
189
35
|
end
|
190
36
|
|
@@ -206,40 +52,11 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
|
206
52
|
end
|
207
53
|
|
208
54
|
def test_credentials
|
209
|
-
strategy.options.issuer = 'example.com'
|
210
|
-
strategy.options.client_signing_alg = :RS256
|
211
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
212
|
-
|
213
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
214
|
-
id_token.stubs(:verify!).returns(true)
|
215
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
216
|
-
|
217
55
|
access_token = stub('OpenIDConnect::AccessToken')
|
218
56
|
access_token.stubs(:access_token).returns(SecureRandom.hex(16))
|
219
|
-
access_token.stubs(:refresh_token).returns(SecureRandom.hex(16))
|
220
|
-
access_token.stubs(:expires_in).returns(Time.now)
|
221
|
-
access_token.stubs(:scope).returns('openidconnect')
|
222
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
223
|
-
|
224
57
|
client.expects(:access_token!).returns(access_token)
|
225
|
-
access_token.expects(:refresh_token).returns(access_token.refresh_token)
|
226
|
-
access_token.expects(:expires_in).returns(access_token.expires_in)
|
227
|
-
|
228
|
-
assert_equal({ id_token: access_token.id_token,
|
229
|
-
token: access_token.access_token,
|
230
|
-
refresh_token: access_token.refresh_token,
|
231
|
-
expires_in: access_token.expires_in,
|
232
|
-
scope: access_token.scope
|
233
|
-
}, strategy.credentials)
|
234
|
-
end
|
235
|
-
|
236
|
-
def test_option_send_nonce
|
237
|
-
strategy.options.client_options[:host] = "foobar.com"
|
238
|
-
|
239
|
-
assert(strategy.authorize_uri =~ /nonce=/, "URI must contain nonce")
|
240
58
|
|
241
|
-
|
242
|
-
assert(!(strategy.authorize_uri =~ /nonce=/), "URI must not contain nonce")
|
59
|
+
assert_equal({ token: access_token.access_token }, strategy.credentials)
|
243
60
|
end
|
244
61
|
|
245
62
|
def test_failure_endpoint_redirect
|
@@ -254,91 +71,19 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
|
254
71
|
assert(result[1]["Location"] =~ /\/auth\/failure/)
|
255
72
|
end
|
256
73
|
|
257
|
-
def test_state
|
258
|
-
strategy.options.state = lambda { 42 }
|
259
|
-
session = { "state" => 42 }
|
260
|
-
|
261
|
-
expected_redirect = /&state=/
|
262
|
-
strategy.options.issuer = 'example.com'
|
263
|
-
strategy.options.client_options.host = "example.com"
|
264
|
-
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
265
|
-
strategy.request_phase
|
266
|
-
|
267
|
-
# this should succeed as the correct state is passed with the request
|
268
|
-
test_callback_phase(session, { "state" => 42 })
|
269
|
-
|
270
|
-
# the following should fail because the wrong state is passed to the callback
|
271
|
-
code = SecureRandom.hex(16)
|
272
|
-
request.stubs(:params).returns({"code" => code, "state" => 43})
|
273
|
-
request.stubs(:path_info).returns("")
|
274
|
-
strategy.call!({"rack.session" => session})
|
275
|
-
|
276
|
-
result = strategy.callback_phase
|
277
|
-
|
278
|
-
assert result.kind_of?(Array)
|
279
|
-
assert result.first == 401, "Expecting unauthorized"
|
280
|
-
end
|
281
|
-
|
282
74
|
def test_option_client_auth_method
|
283
|
-
code = SecureRandom.hex(16)
|
284
|
-
state = SecureRandom.hex(16)
|
285
|
-
nonce = SecureRandom.hex(16)
|
286
|
-
|
287
75
|
opts = strategy.options.client_options
|
288
76
|
opts[:host] = "foobar.com"
|
289
|
-
strategy.options.issuer = "foobar.com"
|
290
77
|
strategy.options.client_auth_method = :not_basic
|
291
|
-
|
292
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
293
|
-
|
294
|
-
json_response = {access_token: 'test_access_token',
|
295
|
-
id_token: File.read('test/fixtures/id_token.txt'),
|
296
|
-
token_type: 'Bearer',
|
297
|
-
}.to_json
|
298
|
-
success = Struct.new(:status, :body).new(200, json_response)
|
299
|
-
|
300
|
-
request.stubs(:path_info).returns('')
|
301
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
302
|
-
|
303
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
304
|
-
id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
|
305
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
78
|
+
success = Struct.new(:status).new(200)
|
306
79
|
|
307
80
|
HTTPClient.any_instance.stubs(:post).with(
|
308
81
|
"#{opts.scheme}://#{opts.host}:#{opts.port}#{opts.token_endpoint}",
|
309
|
-
{
|
82
|
+
{:grant_type => :client_credentials, :client_id => @identifier, :client_secret => @secret},
|
310
83
|
{}
|
311
84
|
).returns(success)
|
85
|
+
OpenIDConnect::Client.any_instance.stubs(:handle_success_response).with(success).returns(true)
|
312
86
|
|
313
87
|
assert(strategy.send :access_token)
|
314
88
|
end
|
315
|
-
|
316
|
-
def test_public_key_with_jwks
|
317
|
-
strategy.options.client_signing_alg = :RS256
|
318
|
-
strategy.options.client_jwk_signing_key = File.read('./test/fixtures/jwks.json')
|
319
|
-
|
320
|
-
assert_equal JSON::JWK::Set, strategy.public_key.class
|
321
|
-
end
|
322
|
-
|
323
|
-
def test_public_key_with_jwk
|
324
|
-
strategy.options.client_signing_alg = :RS256
|
325
|
-
jwks_str = File.read('./test/fixtures/jwks.json')
|
326
|
-
jwks = JSON.parse(jwks_str)
|
327
|
-
jwk = jwks['keys'].first
|
328
|
-
strategy.options.client_jwk_signing_key = jwk.to_json
|
329
|
-
|
330
|
-
assert_equal JSON::JWK, strategy.public_key.class
|
331
|
-
end
|
332
|
-
|
333
|
-
def test_public_key_with_x509
|
334
|
-
strategy.options.client_signing_alg = :RS256
|
335
|
-
strategy.options.client_x509_signing_key = File.read('./test/fixtures/test.crt')
|
336
|
-
assert_equal OpenSSL::PKey::RSA, strategy.public_key.class
|
337
|
-
end
|
338
|
-
|
339
|
-
def test_public_key_with_hmac
|
340
|
-
strategy.options.client_options.secret = 'secret'
|
341
|
-
strategy.options.client_signing_alg = :HS256
|
342
|
-
assert_equal strategy.options.client_options.secret, strategy.public_key
|
343
|
-
end
|
344
89
|
end
|
data/test/test_helper.rb
CHANGED
@@ -8,10 +8,10 @@ Coveralls.wear!
|
|
8
8
|
require 'minitest/autorun'
|
9
9
|
require 'mocha/mini_test'
|
10
10
|
require 'faker'
|
11
|
-
|
12
|
-
require_relative '../lib/omniauth-openid-connect'
|
11
|
+
require_relative '../lib/omniauth-openid-reconnect'
|
13
12
|
|
14
13
|
OmniAuth.config.test_mode = true
|
14
|
+
OmniAuth.config.logger = Logger.new('/dev/null')
|
15
15
|
|
16
16
|
class StrategyTestCase < MiniTest::Test
|
17
17
|
class DummyApp
|
@@ -30,7 +30,7 @@ class StrategyTestCase < MiniTest::Test
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def user_info
|
33
|
-
@user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
|
33
|
+
@user_info ||= OpenIDConnect::ResponseObject::UserInfo::OpenID.new(
|
34
34
|
sub: SecureRandom.hex(16),
|
35
35
|
name: Faker::Name.name,
|
36
36
|
email: Faker::Internet.email,
|
metadata
CHANGED
@@ -1,20 +1,37 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-openid-connector
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Danial Oberg
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-07-
|
11
|
+
date: 2017-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: activesupport
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: omniauth
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
16
30
|
requirements:
|
17
31
|
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.6'
|
34
|
+
- - ">="
|
18
35
|
- !ruby/object:Gem::Version
|
19
36
|
version: 1.6.1
|
20
37
|
type: :runtime
|
@@ -22,20 +39,23 @@ dependencies:
|
|
22
39
|
version_requirements: !ruby/object:Gem::Requirement
|
23
40
|
requirements:
|
24
41
|
- - "~>"
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '1.6'
|
44
|
+
- - ">="
|
25
45
|
- !ruby/object:Gem::Version
|
26
46
|
version: 1.6.1
|
27
47
|
- !ruby/object:Gem::Dependency
|
28
48
|
name: openid_connect
|
29
49
|
requirement: !ruby/object:Gem::Requirement
|
30
50
|
requirements:
|
31
|
-
- -
|
51
|
+
- - '='
|
32
52
|
- !ruby/object:Gem::Version
|
33
53
|
version: 1.1.2
|
34
54
|
type: :runtime
|
35
55
|
prerelease: false
|
36
56
|
version_requirements: !ruby/object:Gem::Requirement
|
37
57
|
requirements:
|
38
|
-
- -
|
58
|
+
- - '='
|
39
59
|
- !ruby/object:Gem::Version
|
40
60
|
version: 1.1.2
|
41
61
|
- !ruby/object:Gem::Dependency
|
@@ -44,19 +64,28 @@ dependencies:
|
|
44
64
|
requirements:
|
45
65
|
- - "~>"
|
46
66
|
- !ruby/object:Gem::Version
|
47
|
-
version: '2.
|
67
|
+
version: '2.3'
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 2.3.6
|
48
71
|
type: :runtime
|
49
72
|
prerelease: false
|
50
73
|
version_requirements: !ruby/object:Gem::Requirement
|
51
74
|
requirements:
|
52
75
|
- - "~>"
|
53
76
|
- !ruby/object:Gem::Version
|
54
|
-
version: '2.
|
77
|
+
version: '2.3'
|
78
|
+
- - ">="
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: 2.3.6
|
55
81
|
- !ruby/object:Gem::Dependency
|
56
82
|
name: bundler
|
57
83
|
requirement: !ruby/object:Gem::Requirement
|
58
84
|
requirements:
|
59
85
|
- - "~>"
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '1.15'
|
88
|
+
- - ">="
|
60
89
|
- !ruby/object:Gem::Version
|
61
90
|
version: 1.15.1
|
62
91
|
type: :development
|
@@ -64,151 +93,192 @@ dependencies:
|
|
64
93
|
version_requirements: !ruby/object:Gem::Requirement
|
65
94
|
requirements:
|
66
95
|
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '1.15'
|
98
|
+
- - ">="
|
67
99
|
- !ruby/object:Gem::Version
|
68
100
|
version: 1.15.1
|
69
101
|
- !ruby/object:Gem::Dependency
|
70
102
|
name: minitest
|
71
103
|
requirement: !ruby/object:Gem::Requirement
|
72
104
|
requirements:
|
73
|
-
- - "
|
105
|
+
- - "~>"
|
74
106
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
107
|
+
version: '5.4'
|
76
108
|
type: :development
|
77
109
|
prerelease: false
|
78
110
|
version_requirements: !ruby/object:Gem::Requirement
|
79
111
|
requirements:
|
80
|
-
- - "
|
112
|
+
- - "~>"
|
81
113
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
114
|
+
version: '5.4'
|
83
115
|
- !ruby/object:Gem::Dependency
|
84
116
|
name: mocha
|
85
117
|
requirement: !ruby/object:Gem::Requirement
|
86
118
|
requirements:
|
119
|
+
- - "~>"
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '1.2'
|
87
122
|
- - ">="
|
88
123
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
124
|
+
version: 1.2.1
|
90
125
|
type: :development
|
91
126
|
prerelease: false
|
92
127
|
version_requirements: !ruby/object:Gem::Requirement
|
93
128
|
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.2'
|
94
132
|
- - ">="
|
95
133
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
134
|
+
version: 1.2.1
|
97
135
|
- !ruby/object:Gem::Dependency
|
98
136
|
name: guard
|
99
137
|
requirement: !ruby/object:Gem::Requirement
|
100
138
|
requirements:
|
139
|
+
- - "~>"
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '2.14'
|
101
142
|
- - ">="
|
102
143
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
144
|
+
version: 2.14.1
|
104
145
|
type: :development
|
105
146
|
prerelease: false
|
106
147
|
version_requirements: !ruby/object:Gem::Requirement
|
107
148
|
requirements:
|
149
|
+
- - "~>"
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
version: '2.14'
|
108
152
|
- - ">="
|
109
153
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
154
|
+
version: 2.14.1
|
111
155
|
- !ruby/object:Gem::Dependency
|
112
156
|
name: guard-minitest
|
113
157
|
requirement: !ruby/object:Gem::Requirement
|
114
158
|
requirements:
|
159
|
+
- - "~>"
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: '2.4'
|
115
162
|
- - ">="
|
116
163
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
164
|
+
version: 2.4.6
|
118
165
|
type: :development
|
119
166
|
prerelease: false
|
120
167
|
version_requirements: !ruby/object:Gem::Requirement
|
121
168
|
requirements:
|
169
|
+
- - "~>"
|
170
|
+
- !ruby/object:Gem::Version
|
171
|
+
version: '2.4'
|
122
172
|
- - ">="
|
123
173
|
- !ruby/object:Gem::Version
|
124
|
-
version:
|
174
|
+
version: 2.4.6
|
125
175
|
- !ruby/object:Gem::Dependency
|
126
176
|
name: guard-bundler
|
127
177
|
requirement: !ruby/object:Gem::Requirement
|
128
178
|
requirements:
|
179
|
+
- - "~>"
|
180
|
+
- !ruby/object:Gem::Version
|
181
|
+
version: '2.1'
|
129
182
|
- - ">="
|
130
183
|
- !ruby/object:Gem::Version
|
131
|
-
version:
|
184
|
+
version: 2.1.0
|
132
185
|
type: :development
|
133
186
|
prerelease: false
|
134
187
|
version_requirements: !ruby/object:Gem::Requirement
|
135
188
|
requirements:
|
189
|
+
- - "~>"
|
190
|
+
- !ruby/object:Gem::Version
|
191
|
+
version: '2.1'
|
136
192
|
- - ">="
|
137
193
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
194
|
+
version: 2.1.0
|
139
195
|
- !ruby/object:Gem::Dependency
|
140
196
|
name: rake
|
141
197
|
requirement: !ruby/object:Gem::Requirement
|
142
198
|
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '12.0'
|
143
202
|
- - ">="
|
144
203
|
- !ruby/object:Gem::Version
|
145
|
-
version:
|
204
|
+
version: 12.0.0
|
146
205
|
type: :development
|
147
206
|
prerelease: false
|
148
207
|
version_requirements: !ruby/object:Gem::Requirement
|
149
208
|
requirements:
|
209
|
+
- - "~>"
|
210
|
+
- !ruby/object:Gem::Version
|
211
|
+
version: '12.0'
|
150
212
|
- - ">="
|
151
213
|
- !ruby/object:Gem::Version
|
152
|
-
version:
|
214
|
+
version: 12.0.0
|
153
215
|
- !ruby/object:Gem::Dependency
|
154
216
|
name: simplecov
|
155
217
|
requirement: !ruby/object:Gem::Requirement
|
156
218
|
requirements:
|
157
|
-
- - "
|
219
|
+
- - "~>"
|
158
220
|
- !ruby/object:Gem::Version
|
159
|
-
version:
|
221
|
+
version: 0.14.1
|
160
222
|
type: :development
|
161
223
|
prerelease: false
|
162
224
|
version_requirements: !ruby/object:Gem::Requirement
|
163
225
|
requirements:
|
164
|
-
- - "
|
226
|
+
- - "~>"
|
165
227
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
228
|
+
version: 0.14.1
|
167
229
|
- !ruby/object:Gem::Dependency
|
168
230
|
name: pry
|
169
231
|
requirement: !ruby/object:Gem::Requirement
|
170
232
|
requirements:
|
171
|
-
- - "
|
233
|
+
- - "~>"
|
172
234
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
235
|
+
version: 0.10.4
|
174
236
|
type: :development
|
175
237
|
prerelease: false
|
176
238
|
version_requirements: !ruby/object:Gem::Requirement
|
177
239
|
requirements:
|
178
|
-
- - "
|
240
|
+
- - "~>"
|
179
241
|
- !ruby/object:Gem::Version
|
180
|
-
version:
|
242
|
+
version: 0.10.4
|
181
243
|
- !ruby/object:Gem::Dependency
|
182
244
|
name: coveralls
|
183
245
|
requirement: !ruby/object:Gem::Requirement
|
184
246
|
requirements:
|
185
|
-
- - "
|
247
|
+
- - "~>"
|
186
248
|
- !ruby/object:Gem::Version
|
187
|
-
version:
|
249
|
+
version: 0.8.21
|
188
250
|
type: :development
|
189
251
|
prerelease: false
|
190
252
|
version_requirements: !ruby/object:Gem::Requirement
|
191
253
|
requirements:
|
192
|
-
- - "
|
254
|
+
- - "~>"
|
193
255
|
- !ruby/object:Gem::Version
|
194
|
-
version:
|
256
|
+
version: 0.8.21
|
195
257
|
- !ruby/object:Gem::Dependency
|
196
258
|
name: faker
|
197
259
|
requirement: !ruby/object:Gem::Requirement
|
198
260
|
requirements:
|
261
|
+
- - "~>"
|
262
|
+
- !ruby/object:Gem::Version
|
263
|
+
version: '1.8'
|
199
264
|
- - ">="
|
200
265
|
- !ruby/object:Gem::Version
|
201
|
-
version:
|
266
|
+
version: 1.8.2
|
202
267
|
type: :development
|
203
268
|
prerelease: false
|
204
269
|
version_requirements: !ruby/object:Gem::Requirement
|
205
270
|
requirements:
|
271
|
+
- - "~>"
|
272
|
+
- !ruby/object:Gem::Version
|
273
|
+
version: '1.8'
|
206
274
|
- - ">="
|
207
275
|
- !ruby/object:Gem::Version
|
208
|
-
version:
|
209
|
-
description: OpenID Connect Strategy for OmniAuth
|
276
|
+
version: 1.8.2
|
277
|
+
description: OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with
|
278
|
+
devise and rails and currently maintained. Derived from jjbohn's work which is not
|
279
|
+
actively maintained
|
210
280
|
email:
|
211
|
-
-
|
281
|
+
- dan@cs1.com
|
212
282
|
executables: []
|
213
283
|
extensions: []
|
214
284
|
extra_rdoc_files: []
|
@@ -220,19 +290,16 @@ files:
|
|
220
290
|
- LICENSE.txt
|
221
291
|
- README.md
|
222
292
|
- Rakefile
|
223
|
-
- lib/omniauth-openid-
|
293
|
+
- lib/omniauth-openid-reconnect.rb
|
224
294
|
- lib/omniauth/openid_connect.rb
|
225
295
|
- lib/omniauth/openid_connect/errors.rb
|
226
296
|
- lib/omniauth/openid_connect/version.rb
|
227
297
|
- lib/omniauth/strategies/openid_connect.rb
|
228
298
|
- omniauth-openid-connector.gemspec
|
229
|
-
- test/fixtures/id_token.txt
|
230
|
-
- test/fixtures/jwks.json
|
231
|
-
- test/fixtures/test.crt
|
232
299
|
- test/lib/omniauth/openid_connect/version_test.rb
|
233
300
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
234
301
|
- test/test_helper.rb
|
235
|
-
homepage: https://github.com/doberg/omniauth-openid-
|
302
|
+
homepage: https://github.com/doberg/omniauth-openid-reconnect
|
236
303
|
licenses:
|
237
304
|
- MIT
|
238
305
|
metadata: {}
|
@@ -252,15 +319,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
252
319
|
version: '0'
|
253
320
|
requirements: []
|
254
321
|
rubyforge_project:
|
255
|
-
rubygems_version: 2.
|
322
|
+
rubygems_version: 2.6.8
|
256
323
|
signing_key:
|
257
324
|
specification_version: 4
|
258
|
-
summary: OpenID Connect Strategy for OmniAuth
|
325
|
+
summary: OpenID Connect Strategy MK2 for OmniAuth
|
259
326
|
test_files:
|
260
|
-
- test/fixtures/id_token.txt
|
261
|
-
- test/fixtures/jwks.json
|
262
|
-
- test/fixtures/test.crt
|
263
327
|
- test/lib/omniauth/openid_connect/version_test.rb
|
264
328
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
265
329
|
- test/test_helper.rb
|
266
|
-
has_rdoc:
|
data/test/fixtures/id_token.txt
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg
|
data/test/fixtures/jwks.json
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
{"keys": [{
|
2
|
-
"kty": "RSA",
|
3
|
-
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
|
4
|
-
"e": "AQAB",
|
5
|
-
"alg": "RS256",
|
6
|
-
"kid": "1e9gdk7"
|
7
|
-
}]
|
8
|
-
}
|
data/test/fixtures/test.crt
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDJDCCAgwCCQC57Ob2JfXb+DANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJK
|
3
|
-
UDEOMAwGA1UECBMFVG9reW8xITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
|
4
|
-
IEx0ZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDgwMTA4NTAxM1oXDTE1MDgw
|
5
|
-
MTA4NTAxM1owVDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMSEwHwYDVQQK
|
6
|
-
ExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDCC
|
7
|
-
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+7czSGHN2087T+oX2kBCY/
|
8
|
-
XN6UOS/mdU2Gn//omZlyxsQXIqvgBLNWeCVt4QdlFUbgPLggfXUelECV/RUOCIIi
|
9
|
-
F2Th4t3x1LviN2XkUiva0DZBnOycqEaJdkyreEuGL1CLVZgZjKmSzNqLl0Yci3D0
|
10
|
-
zgVsXFZSadQebietm4CCmfJYREt9NJxXcrLxVDgat/Xm/KJBsohs3f+cbBT8EXer
|
11
|
-
7+2oZjZoVUgw1hu0alaOvAfE4mxsVwjn3g2mjDqRJLbbuWqgDobjMHah+d4zwJvN
|
12
|
-
ePK8E0hfaz/XBLsJ4e6bQA3M3bANEgSvsicup/qb/0th4gUdc/kj4aJGj0RP7oEC
|
13
|
-
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEADuVec/8u2qJiq6K2W/gSLGYCBZq64OrA
|
14
|
-
s7L2+S82m9/3gAb62wGcDNZjIGFDQubXmO6RhHv7JUT5YZqv9/kRGTJcHDUrwwoN
|
15
|
-
IE99CIPizp7VfnrZ6GsYeszSsw3m+mKTETm+6ELmaSDbYAsrCg4IpGwUF0L88ATv
|
16
|
-
CJ8QzW4X7b9dYVc7UAYyCie2N65GXfesBbRlSwFLuVqIzZfMdNpNijTIUwUqGSME
|
17
|
-
b8IjLYzvekP53CO4wEBRrAVIPNXgftorxIE30OLWua2Qw3y6Pn+Qp5fLe47025S7
|
18
|
-
Lcec18/FbHG0Vbq0qO9cKQw80XyK31N6z556wr2GN2WyixkzVRddXA==
|
19
|
-
-----END CERTIFICATE-----
|