omniauth-openid-connector 1.1.2 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.travis.yml +0 -6
- data/README.md +19 -23
- data/Rakefile +1 -1
- data/lib/{omniauth-openid-connect.rb → omniauth-openid-reconnect.rb} +0 -0
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +27 -161
- data/omniauth-openid-connector.gemspec +19 -18
- data/test/lib/omniauth/strategies/openid_connect_test.rb +14 -269
- data/test/test_helper.rb +3 -3
- metadata +110 -47
- data/test/fixtures/id_token.txt +0 -1
- data/test/fixtures/jwks.json +0 -8
- data/test/fixtures/test.crt +0 -19
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a69bcc57174002bc9f39a4bd117a3d80468acc63
|
4
|
+
data.tar.gz: f5ab0cfe2a4946aeabfc9a97b1248ff5f274dd4a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 50fa8b71d81a966b190e4be4e351e0a757fdfb220993f8c03cde5fbe8396a52acf0efa850c9168ae6f168f17d4a4bb0634da19835e626255b99c13fd242a6a1d
|
7
|
+
data.tar.gz: c5943ab8d31d47641dfc7a1e943f3b0abf9ece5410fb0765947bfe93ce25d454d9a96917a42821cc804f1502a84863560a93e9a3de996abebf835b9e513aecb4
|
data/.gitignore
CHANGED
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -1,16 +1,26 @@
|
|
1
1
|
# OmniAuth::OpenIDConnect
|
2
|
-
|
3
2
|
OpenID Connect strategy for OmniAuth
|
4
|
-
[![Gem Version](https://badge.fury.io/rb/omniauth-openid-
|
5
|
-
[![Build Status](https://travis-ci.org/
|
6
|
-
[![Coverage Status](https://coveralls.io/repos/
|
7
|
-
[![Code Climate](https://codeclimate.com/github/
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/omniauth-openid-reconnect.png)](http://badge.fury.io/rb/omniauth-openid-reconnect)
|
4
|
+
[![Build Status](https://travis-ci.org/thinkthroughmath/omniauth-openid-reconnect.svg?branch=master)](https://travis-ci.org/thinkthroughmath/omniauth-openid-reconnect)
|
5
|
+
[![Coverage Status](https://coveralls.io/repos/thinkthroughmath/omniauth-openid-reconnect/badge.png?branch=master)](https://coveralls.io/r/thinkthroughmath/omniauth-openid-reconnect?branch=master)
|
6
|
+
[![Code Climate](https://codeclimate.com/github/thinkthroughmath/omniauth-openid-reconnect.png)](https://codeclimate.com/github/thinkthroughmath/omniauth-openid-reconnect)
|
7
|
+
|
8
|
+
## Background
|
9
|
+
|
10
|
+
This is derrived work from `jjbohn/omniauth-openid-connect` which appears to be abandoned at this point. I have continued to merge PR's placed against that repo. But I have added enough of my own changes that it is diverged enough to re-release. @ThinkThroughMath actively utilizes this strategy and we will do our best to maintain it.
|
11
|
+
|
12
|
+
### Whats different.
|
13
|
+
|
14
|
+
- Using Addressable 2.2.8 - In 2.3+ `addressable` decided that the way that Rails 3 handles param[] items was too hard to handle and removed the feature. This breaking change within a semantic version makes using addressable > 2.3 difficult in existing applications. There is no impact on the auth strategy though.
|
15
|
+
- Better devise support be returning a default `name` options parameter
|
16
|
+
- Partial integration of google `nonce` requirement.
|
17
|
+
- Inclusing of aging PRs from the parent gem this replaces.
|
8
18
|
|
9
19
|
## Installation
|
10
20
|
|
11
21
|
Add this line to your application's Gemfile:
|
12
22
|
|
13
|
-
gem 'omniauth-openid-
|
23
|
+
gem 'omniauth-openid-reconnect'
|
14
24
|
|
15
25
|
And then execute:
|
16
26
|
|
@@ -18,14 +28,13 @@ And then execute:
|
|
18
28
|
|
19
29
|
Or install it yourself as:
|
20
30
|
|
21
|
-
$ gem install omniauth-openid-
|
31
|
+
$ gem install omniauth-openid-reconnect
|
22
32
|
|
23
33
|
## Usage
|
24
34
|
|
25
35
|
Example configuration
|
26
36
|
```ruby
|
27
37
|
config.omniauth :openid_connect, {
|
28
|
-
name: :my_provider,
|
29
38
|
scope: [:openid, :email, :profile, :address],
|
30
39
|
response_type: :code,
|
31
40
|
client_options: {
|
@@ -40,31 +49,18 @@ config.omniauth :openid_connect, {
|
|
40
49
|
```
|
41
50
|
|
42
51
|
Configuration details:
|
43
|
-
* `name` is
|
44
|
-
configuration exists because you could be using multiple OpenID Connect
|
45
|
-
providers in a single app.
|
52
|
+
* `name` is an optional requirement as of `omniauth-1.2` but it does have an effect with dealing with devise and is the base for which devise uses to create routes identified with `devise_for`. The default is set to the expected camelization of `openid_connect`. If you need to override it you can pass the `name` parameter to the config hash. **Be aware** that what you set this to will be the provider for your devise routes.
|
46
53
|
* Although `response_type` is an available option, currently, only `:code`
|
47
54
|
is valid. There are plans to bring in implicit flow and hybrid flow at some
|
48
55
|
point, but it hasn't come up yet for me. Those flows aren't best practive for
|
49
56
|
server side web apps anyway and are designed more for native/mobile apps.
|
50
|
-
* If you want to pass `state` paramete by yourself. You can set Proc Object.
|
51
|
-
e.g. `state: Proc.new{ SecureRandom.hex(32) }`
|
52
|
-
* `nonce` is optional. If don't want to pass "nonce" parameter to provider, You should specify
|
53
|
-
`false` to `send_nonce` option. (default true)
|
54
|
-
* Support for other client authentication methods. If don't specified
|
55
|
-
`:client_auth_method` option, automatically set `:basic`.
|
56
|
-
* Use "OpenID Connect Discovery", You should specify `true` to `discovery` option. (default false)
|
57
|
-
* In "OpenID Connect Discovery", generally provider should have Webfinger endpoint.
|
58
|
-
If provider does not have Webfinger endpoint, You can specify "Issuer" to option.
|
59
|
-
e.g. `issuer: "https://myprovider.com"`
|
60
|
-
It means to get configuration from "https://myprovider.com/.well-known/openid-configuration".
|
61
57
|
|
62
58
|
For the full low down on OpenID Connect, please check out
|
63
59
|
[the spec](http://openid.net/specs/openid-connect-core-1_0.html).
|
64
60
|
|
65
61
|
## Contributing
|
66
62
|
|
67
|
-
1. Fork it ( http://github.com/
|
63
|
+
1. Fork it ( http://github.com/thinkthroughmath/omniauth-openid-reconnect/fork )
|
68
64
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
69
65
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
70
66
|
4. Push to the branch (`git push origin my-new-feature`)
|
data/Rakefile
CHANGED
File without changes
|
@@ -1,9 +1,7 @@
|
|
1
1
|
require 'addressable/uri'
|
2
|
-
require
|
3
|
-
require 'net/http'
|
4
|
-
require 'open-uri'
|
2
|
+
require "net/http"
|
5
3
|
require 'omniauth'
|
6
|
-
require
|
4
|
+
require "openid_connect"
|
7
5
|
|
8
6
|
module OmniAuth
|
9
7
|
module Strategies
|
@@ -19,28 +17,20 @@ module OmniAuth
|
|
19
17
|
port: 443,
|
20
18
|
authorization_endpoint: "/authorize",
|
21
19
|
token_endpoint: "/token",
|
22
|
-
userinfo_endpoint: "/userinfo"
|
23
|
-
jwks_uri: '/jwk'
|
20
|
+
userinfo_endpoint: "/userinfo"
|
24
21
|
}
|
25
|
-
option :
|
26
|
-
option :discovery, false
|
27
|
-
option :client_signing_alg
|
28
|
-
option :client_jwk_signing_key
|
29
|
-
option :client_x509_signing_key
|
22
|
+
option :name, 'openid_connect'
|
30
23
|
option :scope, [:openid]
|
31
24
|
option :response_type, "code"
|
32
25
|
option :state
|
33
26
|
option :response_mode
|
34
|
-
option :display, nil
|
35
|
-
option :prompt, nil
|
36
|
-
option :hd, nil
|
27
|
+
option :display, nil#, [:page, :popup, :touch, :wap]
|
28
|
+
option :prompt, nil#, [:none, :login, :consent, :select_account]
|
37
29
|
option :max_age
|
38
30
|
option :ui_locales
|
39
31
|
option :id_token_hint
|
40
32
|
option :login_hint
|
41
33
|
option :acr_values
|
42
|
-
option :send_nonce, true
|
43
|
-
option :send_scope_to_token_endpoint, true
|
44
34
|
option :client_auth_method
|
45
35
|
|
46
36
|
uid { user_info.sub }
|
@@ -60,57 +50,31 @@ module OmniAuth
|
|
60
50
|
end
|
61
51
|
|
62
52
|
extra do
|
63
|
-
{raw_info: user_info.raw_attributes}
|
53
|
+
{ raw_info: user_info.raw_attributes }
|
64
54
|
end
|
65
55
|
|
66
56
|
credentials do
|
67
|
-
{
|
68
|
-
id_token: access_token.id_token,
|
69
|
-
token: access_token.access_token,
|
70
|
-
refresh_token: access_token.refresh_token,
|
71
|
-
expires_in: access_token.expires_in,
|
72
|
-
scope: access_token.scope
|
73
|
-
}
|
57
|
+
{ token: access_token.access_token }
|
74
58
|
end
|
75
59
|
|
76
60
|
def client
|
77
61
|
@client ||= ::OpenIDConnect::Client.new(client_options)
|
78
62
|
end
|
79
63
|
|
80
|
-
def config
|
81
|
-
@config ||= ::OpenIDConnect::Discovery::Provider::Config.discover!(options.issuer)
|
82
|
-
end
|
83
|
-
|
84
64
|
def request_phase
|
85
|
-
options.issuer = issuer if options.issuer.blank?
|
86
|
-
discover! if options.discovery
|
87
65
|
redirect authorize_uri
|
88
66
|
end
|
89
67
|
|
90
68
|
def callback_phase
|
91
|
-
|
92
|
-
if error
|
93
|
-
raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
|
94
|
-
elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state
|
95
|
-
return Rack::Response.new(['401 Unauthorized'], 401).finish
|
96
|
-
elsif !request.params["code"]
|
69
|
+
if !request.params["code"]
|
97
70
|
return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params["error"]))
|
98
|
-
else
|
99
|
-
options.issuer = issuer if options.issuer.blank?
|
100
|
-
discover! if options.discovery
|
101
|
-
client.redirect_uri = client_options.redirect_uri
|
102
|
-
client.authorization_code = authorization_code
|
103
|
-
access_token
|
104
|
-
super
|
105
71
|
end
|
106
|
-
rescue CallbackError => e
|
107
|
-
fail!(:invalid_credentials, e)
|
108
|
-
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
|
109
|
-
fail!(:timeout, e)
|
110
|
-
rescue ::SocketError => e
|
111
|
-
fail!(:failed_to_connect, e)
|
112
|
-
end
|
113
72
|
|
73
|
+
client.redirect_uri = client_options.redirect_uri
|
74
|
+
client.authorization_code = authorization_code
|
75
|
+
access_token
|
76
|
+
super
|
77
|
+
end
|
114
78
|
|
115
79
|
def authorization_code
|
116
80
|
request.params["code"]
|
@@ -118,132 +82,34 @@ module OmniAuth
|
|
118
82
|
|
119
83
|
def authorize_uri
|
120
84
|
client.redirect_uri = client_options.redirect_uri
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
hd: options.hd,
|
127
|
-
}
|
128
|
-
client.authorization_uri(opts.reject{|k,v| v.nil?})
|
129
|
-
end
|
130
|
-
|
131
|
-
def public_key
|
132
|
-
if options.discovery
|
133
|
-
config.jwks
|
134
|
-
else
|
135
|
-
key_or_secret
|
136
|
-
end
|
85
|
+
client.authorization_uri(
|
86
|
+
response_type: options.response_type,
|
87
|
+
scope: options.scope#,
|
88
|
+
# nonce: nonce
|
89
|
+
)
|
137
90
|
end
|
138
91
|
|
139
92
|
private
|
140
93
|
|
141
|
-
def issuer
|
142
|
-
resource = "#{client_options.scheme}://#{client_options.host}" + ((client_options.port) ? ":#{client_options.port.to_s}" : '')
|
143
|
-
::OpenIDConnect::Discovery::Provider.discover!(resource).issuer
|
144
|
-
end
|
145
|
-
|
146
|
-
def discover!
|
147
|
-
client_options.authorization_endpoint = config.authorization_endpoint
|
148
|
-
client_options.token_endpoint = config.token_endpoint
|
149
|
-
client_options.userinfo_endpoint = config.userinfo_endpoint
|
150
|
-
client_options.jwks_uri = config.jwks_uri
|
151
|
-
end
|
152
|
-
|
153
94
|
def user_info
|
154
95
|
@user_info ||= access_token.userinfo!
|
155
96
|
end
|
156
97
|
|
157
98
|
def access_token
|
158
|
-
@access_token ||=
|
159
|
-
_access_token = client.access_token!(
|
160
|
-
scope: (options.scope if options.send_scope_to_token_endpoint),
|
161
|
-
client_auth_method: options.client_auth_method
|
162
|
-
)
|
163
|
-
_id_token = decode_id_token _access_token.id_token
|
164
|
-
_id_token.verify!(
|
165
|
-
issuer: options.issuer,
|
166
|
-
client_id: client_options.identifier,
|
167
|
-
nonce: stored_nonce
|
168
|
-
)
|
169
|
-
_access_token
|
170
|
-
}.call()
|
171
|
-
end
|
172
|
-
|
173
|
-
def decode_id_token(id_token)
|
174
|
-
::OpenIDConnect::ResponseObject::IdToken.decode(id_token, public_key)
|
99
|
+
@access_token ||= client.access_token!(:client_auth_method => options.client_auth_method)
|
175
100
|
end
|
176
101
|
|
177
|
-
|
178
102
|
def client_options
|
179
103
|
options.client_options
|
180
104
|
end
|
181
105
|
|
182
|
-
def
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
end
|
190
|
-
|
191
|
-
def new_nonce
|
192
|
-
session['omniauth.nonce'] = SecureRandom.hex(16)
|
193
|
-
end
|
194
|
-
|
195
|
-
def stored_nonce
|
196
|
-
session.delete('omniauth.nonce')
|
197
|
-
end
|
198
|
-
|
199
|
-
def session
|
200
|
-
@env.nil? ? {} : super
|
201
|
-
end
|
202
|
-
|
203
|
-
def key_or_secret
|
204
|
-
case options.client_signing_alg
|
205
|
-
when :HS256, :HS384, :HS512
|
206
|
-
return client_options.secret
|
207
|
-
when :RS256, :RS384, :RS512
|
208
|
-
if options.client_jwk_signing_key
|
209
|
-
return parse_jwk_key(options.client_jwk_signing_key)
|
210
|
-
elsif options.client_x509_signing_key
|
211
|
-
return parse_x509_key(options.client_x509_signing_key)
|
212
|
-
end
|
213
|
-
else
|
214
|
-
end
|
215
|
-
end
|
216
|
-
|
217
|
-
def parse_x509_key(key)
|
218
|
-
OpenSSL::X509::Certificate.new(key).public_key
|
219
|
-
end
|
220
|
-
|
221
|
-
def parse_jwk_key(key)
|
222
|
-
json = JSON.parse(key)
|
223
|
-
if json.has_key?('keys')
|
224
|
-
JSON::JWK::Set.new json['keys']
|
225
|
-
else
|
226
|
-
JSON::JWK.new json
|
227
|
-
end
|
228
|
-
end
|
229
|
-
|
230
|
-
def decode(str)
|
231
|
-
UrlSafeBase64.decode64(str).unpack('B*').first.to_i(2).to_s
|
232
|
-
end
|
233
|
-
|
234
|
-
class CallbackError < StandardError
|
235
|
-
attr_accessor :error, :error_reason, :error_uri
|
236
|
-
|
237
|
-
def initialize(error, error_reason=nil, error_uri=nil)
|
238
|
-
self.error = error
|
239
|
-
self.error_reason = error_reason
|
240
|
-
self.error_uri = error_uri
|
241
|
-
end
|
242
|
-
|
243
|
-
def message
|
244
|
-
[error, error_reason, error_uri].compact.join(' | ')
|
245
|
-
end
|
246
|
-
end
|
106
|
+
# def nonce
|
107
|
+
# session[:nonce] = SecureRandom.hex(16)
|
108
|
+
# end
|
109
|
+
#
|
110
|
+
# def session
|
111
|
+
# @env.nil? ? {} : super
|
112
|
+
# end
|
247
113
|
end
|
248
114
|
end
|
249
115
|
end
|
@@ -7,10 +7,10 @@ Gem::Specification.new do |spec|
|
|
7
7
|
spec.name = "omniauth-openid-connector"
|
8
8
|
spec.version = OmniAuth::OpenIDConnect::VERSION
|
9
9
|
spec.authors = ["Danial Oberg"]
|
10
|
-
spec.email = ["
|
11
|
-
spec.summary = %q{OpenID Connect Strategy for OmniAuth}
|
12
|
-
spec.description = %q{OpenID Connect Strategy for OmniAuth}
|
13
|
-
spec.homepage = "https://github.com/doberg/omniauth-openid-
|
10
|
+
spec.email = ["dan@cs1.com"]
|
11
|
+
spec.summary = %q{OpenID Connect Strategy MK2 for OmniAuth}
|
12
|
+
spec.description = %q{OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with devise and rails and currently maintained. Derived from jjbohn's work which is not actively maintained}
|
13
|
+
spec.homepage = "https://github.com/doberg/omniauth-openid-reconnect"
|
14
14
|
spec.license = "MIT"
|
15
15
|
|
16
16
|
spec.files = `git ls-files -z`.split("\x0")
|
@@ -18,18 +18,19 @@ Gem::Specification.new do |spec|
|
|
18
18
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
19
|
spec.require_paths = ["lib"]
|
20
20
|
|
21
|
-
spec.add_dependency '
|
22
|
-
spec.add_dependency '
|
23
|
-
spec.add_dependency '
|
24
|
-
spec.
|
25
|
-
spec.add_development_dependency
|
26
|
-
spec.add_development_dependency
|
27
|
-
spec.add_development_dependency
|
28
|
-
spec.add_development_dependency
|
29
|
-
spec.add_development_dependency
|
30
|
-
spec.add_development_dependency
|
31
|
-
spec.add_development_dependency
|
32
|
-
spec.add_development_dependency
|
33
|
-
spec.add_development_dependency
|
34
|
-
spec.add_development_dependency
|
21
|
+
spec.add_dependency 'activesupport', '>= 0'
|
22
|
+
spec.add_dependency 'omniauth', '~> 1.6', '>= 1.6.1'
|
23
|
+
spec.add_dependency 'openid_connect', '= 1.1.2'
|
24
|
+
spec.add_dependency 'addressable', '~> 2.3', '>= 2.3.6' # Because there is a breaking change in 2.3 with the way rails params arrays are handled
|
25
|
+
spec.add_development_dependency 'bundler', '~> 1.15', '>= 1.15.1'
|
26
|
+
spec.add_development_dependency 'minitest', '~> 5.4'
|
27
|
+
spec.add_development_dependency 'mocha', '~> 1.2', '>= 1.2.1'
|
28
|
+
spec.add_development_dependency 'guard', '~> 2.14', '>= 2.14.1'
|
29
|
+
spec.add_development_dependency 'guard-minitest', '~> 2.4', '>= 2.4.6'
|
30
|
+
spec.add_development_dependency 'guard-bundler', '~> 2.1', '>= 2.1.0'
|
31
|
+
spec.add_development_dependency 'rake', '~> 12.0', '>= 12.0.0'
|
32
|
+
spec.add_development_dependency 'simplecov', '~> 0.14.1'
|
33
|
+
spec.add_development_dependency 'pry', '~> 0.10.4'
|
34
|
+
spec.add_development_dependency 'coveralls', '~> 0.8.21'
|
35
|
+
spec.add_development_dependency 'faker', '~> 1.8', '>= 1.8.2'
|
35
36
|
end
|
@@ -2,189 +2,35 @@ require_relative '../../../test_helper'
|
|
2
2
|
|
3
3
|
class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
4
4
|
def test_client_options_defaults
|
5
|
-
assert_equal
|
5
|
+
assert_equal "https", strategy.options.client_options.scheme
|
6
6
|
assert_equal 443, strategy.options.client_options.port
|
7
|
-
assert_equal
|
8
|
-
assert_equal
|
7
|
+
assert_equal "/authorize", strategy.options.client_options.authorization_endpoint
|
8
|
+
assert_equal "/token", strategy.options.client_options.token_endpoint
|
9
9
|
end
|
10
10
|
|
11
11
|
def test_request_phase
|
12
|
-
expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&
|
13
|
-
strategy.options.
|
14
|
-
strategy.options.client_options.host = 'example.com'
|
15
|
-
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
16
|
-
strategy.request_phase
|
17
|
-
end
|
18
|
-
|
19
|
-
def test_request_phase_with_discovery
|
20
|
-
expected_redirect = /^https:\/\/example\.com\/authorization\?client_id=1234&nonce=[\w\d]{32}&response_type=code&scope=openid&state=[\w\d]{32}$/
|
21
|
-
strategy.options.client_options.host = 'example.com'
|
22
|
-
strategy.options.discovery = true
|
23
|
-
|
24
|
-
issuer = stub('OpenIDConnect::Discovery::Issuer')
|
25
|
-
issuer.stubs(:issuer).returns('https://example.com/')
|
26
|
-
::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
|
27
|
-
|
28
|
-
config = stub('OpenIDConnect::Discovery::Provder::Config')
|
29
|
-
config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
|
30
|
-
config.stubs(:token_endpoint).returns('https://example.com/token')
|
31
|
-
config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
|
32
|
-
config.stubs(:jwks_uri).returns('https://example.com/jwks')
|
33
|
-
::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
|
34
|
-
|
12
|
+
expected_redirect = /^https:\/\/example\.com\/authorize\?client_id=1234&response_type=code&scope=openid$/
|
13
|
+
strategy.options.client_options.host = "example.com"
|
35
14
|
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
36
15
|
strategy.request_phase
|
37
|
-
|
38
|
-
assert_equal strategy.options.issuer, 'https://example.com/'
|
39
|
-
assert_equal strategy.options.client_options.authorization_endpoint, 'https://example.com/authorization'
|
40
|
-
assert_equal strategy.options.client_options.token_endpoint, 'https://example.com/token'
|
41
|
-
assert_equal strategy.options.client_options.userinfo_endpoint, 'https://example.com/userinfo'
|
42
|
-
assert_equal strategy.options.client_options.jwks_uri, 'https://example.com/jwks'
|
43
16
|
end
|
44
17
|
|
45
18
|
def test_uid
|
46
19
|
assert_equal user_info.sub, strategy.uid
|
47
20
|
end
|
48
21
|
|
49
|
-
def test_callback_phase
|
22
|
+
def test_callback_phase
|
50
23
|
code = SecureRandom.hex(16)
|
51
|
-
|
52
|
-
|
53
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
54
|
-
request.stubs(:path_info).returns('')
|
55
|
-
|
56
|
-
strategy.options.issuer = 'example.com'
|
57
|
-
strategy.options.client_signing_alg = :RS256
|
58
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
59
|
-
|
60
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
61
|
-
id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
|
62
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
63
|
-
|
64
|
-
strategy.unstub(:user_info)
|
65
|
-
access_token = stub('OpenIDConnect::AccessToken')
|
66
|
-
access_token.stubs(:access_token)
|
67
|
-
access_token.stubs(:refresh_token)
|
68
|
-
access_token.stubs(:expires_in)
|
69
|
-
access_token.stubs(:scope)
|
70
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
71
|
-
client.expects(:access_token!).at_least_once.returns(access_token)
|
72
|
-
access_token.expects(:userinfo!).returns(user_info)
|
73
|
-
|
74
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
75
|
-
strategy.callback_phase
|
76
|
-
end
|
77
|
-
|
78
|
-
def test_callback_phase_with_discovery
|
79
|
-
code = SecureRandom.hex(16)
|
80
|
-
state = SecureRandom.hex(16)
|
81
|
-
nonce = SecureRandom.hex(16)
|
82
|
-
jwks = JSON::JWK::Set.new(JSON.parse(File.read('test/fixtures/jwks.json'))['keys'])
|
83
|
-
|
84
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
85
|
-
request.stubs(:path_info).returns('')
|
86
|
-
|
87
|
-
strategy.options.client_options.host = 'example.com'
|
88
|
-
strategy.options.discovery = true
|
89
|
-
|
90
|
-
issuer = stub('OpenIDConnect::Discovery::Issuer')
|
91
|
-
issuer.stubs(:issuer).returns('https://example.com/')
|
92
|
-
::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
|
93
|
-
|
94
|
-
config = stub('OpenIDConnect::Discovery::Provder::Config')
|
95
|
-
config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
|
96
|
-
config.stubs(:token_endpoint).returns('https://example.com/token')
|
97
|
-
config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
|
98
|
-
config.stubs(:jwks_uri).returns('https://example.com/jwks')
|
99
|
-
config.stubs(:jwks).returns(jwks)
|
100
|
-
|
101
|
-
::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
|
102
|
-
|
103
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
104
|
-
id_token.stubs(:verify!).with({:issuer => 'https://example.com/', :client_id => @identifier, :nonce => nonce}).returns(true)
|
105
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
24
|
+
request.stubs(:params).returns({"code" => code})
|
25
|
+
request.stubs(:path_info).returns("")
|
106
26
|
|
107
27
|
strategy.unstub(:user_info)
|
108
28
|
access_token = stub('OpenIDConnect::AccessToken')
|
109
29
|
access_token.stubs(:access_token)
|
110
|
-
|
111
|
-
access_token.stubs(:expires_in)
|
112
|
-
access_token.stubs(:scope)
|
113
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
114
|
-
client.expects(:access_token!).at_least_once.returns(access_token)
|
30
|
+
client.expects(:access_token!).returns(access_token)
|
115
31
|
access_token.expects(:userinfo!).returns(user_info)
|
116
32
|
|
117
|
-
strategy.call!({
|
118
|
-
strategy.callback_phase
|
119
|
-
end
|
120
|
-
|
121
|
-
def test_callback_phase_with_error
|
122
|
-
state = SecureRandom.hex(16)
|
123
|
-
nonce = SecureRandom.hex(16)
|
124
|
-
request.stubs(:params).returns({'error' => 'invalid_request'})
|
125
|
-
request.stubs(:path_info).returns('')
|
126
|
-
|
127
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
128
|
-
strategy.expects(:fail!)
|
129
|
-
strategy.callback_phase
|
130
|
-
end
|
131
|
-
|
132
|
-
def test_callback_phase_with_invalid_state
|
133
|
-
code = SecureRandom.hex(16)
|
134
|
-
state = SecureRandom.hex(16)
|
135
|
-
nonce = SecureRandom.hex(16)
|
136
|
-
request.stubs(:params).returns({'code' => code,'state' => 'foobar'})
|
137
|
-
request.stubs(:path_info).returns('')
|
138
|
-
|
139
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
140
|
-
result = strategy.callback_phase
|
141
|
-
|
142
|
-
assert result.kind_of?(Array)
|
143
|
-
assert result.first == 401, "Expecting unauthorized"
|
144
|
-
end
|
145
|
-
|
146
|
-
def test_callback_phase_with_timeout
|
147
|
-
code = SecureRandom.hex(16)
|
148
|
-
state = SecureRandom.hex(16)
|
149
|
-
nonce = SecureRandom.hex(16)
|
150
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
151
|
-
request.stubs(:path_info).returns('')
|
152
|
-
|
153
|
-
strategy.options.issuer = 'example.com'
|
154
|
-
|
155
|
-
strategy.stubs(:access_token).raises(::Timeout::Error.new('error'))
|
156
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
157
|
-
strategy.expects(:fail!)
|
158
|
-
strategy.callback_phase
|
159
|
-
end
|
160
|
-
|
161
|
-
def test_callback_phase_with_etimeout
|
162
|
-
code = SecureRandom.hex(16)
|
163
|
-
state = SecureRandom.hex(16)
|
164
|
-
nonce = SecureRandom.hex(16)
|
165
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
166
|
-
request.stubs(:path_info).returns('')
|
167
|
-
|
168
|
-
strategy.options.issuer = 'example.com'
|
169
|
-
|
170
|
-
strategy.stubs(:access_token).raises(::Errno::ETIMEDOUT.new('error'))
|
171
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
172
|
-
strategy.expects(:fail!)
|
173
|
-
strategy.callback_phase
|
174
|
-
end
|
175
|
-
|
176
|
-
def test_callback_phase_with_socket_error
|
177
|
-
code = SecureRandom.hex(16)
|
178
|
-
state = SecureRandom.hex(16)
|
179
|
-
nonce = SecureRandom.hex(16)
|
180
|
-
request.stubs(:params).returns({'code' => code,'state' => state})
|
181
|
-
request.stubs(:path_info).returns('')
|
182
|
-
|
183
|
-
strategy.options.issuer = 'example.com'
|
184
|
-
|
185
|
-
strategy.stubs(:access_token).raises(::SocketError.new('error'))
|
186
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
187
|
-
strategy.expects(:fail!)
|
33
|
+
strategy.call!({"rack.session" => {}})
|
188
34
|
strategy.callback_phase
|
189
35
|
end
|
190
36
|
|
@@ -206,40 +52,11 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
|
206
52
|
end
|
207
53
|
|
208
54
|
def test_credentials
|
209
|
-
strategy.options.issuer = 'example.com'
|
210
|
-
strategy.options.client_signing_alg = :RS256
|
211
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
212
|
-
|
213
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
214
|
-
id_token.stubs(:verify!).returns(true)
|
215
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
216
|
-
|
217
55
|
access_token = stub('OpenIDConnect::AccessToken')
|
218
56
|
access_token.stubs(:access_token).returns(SecureRandom.hex(16))
|
219
|
-
access_token.stubs(:refresh_token).returns(SecureRandom.hex(16))
|
220
|
-
access_token.stubs(:expires_in).returns(Time.now)
|
221
|
-
access_token.stubs(:scope).returns('openidconnect')
|
222
|
-
access_token.stubs(:id_token).returns(File.read('test/fixtures/id_token.txt'))
|
223
|
-
|
224
57
|
client.expects(:access_token!).returns(access_token)
|
225
|
-
access_token.expects(:refresh_token).returns(access_token.refresh_token)
|
226
|
-
access_token.expects(:expires_in).returns(access_token.expires_in)
|
227
|
-
|
228
|
-
assert_equal({ id_token: access_token.id_token,
|
229
|
-
token: access_token.access_token,
|
230
|
-
refresh_token: access_token.refresh_token,
|
231
|
-
expires_in: access_token.expires_in,
|
232
|
-
scope: access_token.scope
|
233
|
-
}, strategy.credentials)
|
234
|
-
end
|
235
|
-
|
236
|
-
def test_option_send_nonce
|
237
|
-
strategy.options.client_options[:host] = "foobar.com"
|
238
|
-
|
239
|
-
assert(strategy.authorize_uri =~ /nonce=/, "URI must contain nonce")
|
240
58
|
|
241
|
-
|
242
|
-
assert(!(strategy.authorize_uri =~ /nonce=/), "URI must not contain nonce")
|
59
|
+
assert_equal({ token: access_token.access_token }, strategy.credentials)
|
243
60
|
end
|
244
61
|
|
245
62
|
def test_failure_endpoint_redirect
|
@@ -254,91 +71,19 @@ class OmniAuth::Strategies::OpenIDConnectTest < StrategyTestCase
|
|
254
71
|
assert(result[1]["Location"] =~ /\/auth\/failure/)
|
255
72
|
end
|
256
73
|
|
257
|
-
def test_state
|
258
|
-
strategy.options.state = lambda { 42 }
|
259
|
-
session = { "state" => 42 }
|
260
|
-
|
261
|
-
expected_redirect = /&state=/
|
262
|
-
strategy.options.issuer = 'example.com'
|
263
|
-
strategy.options.client_options.host = "example.com"
|
264
|
-
strategy.expects(:redirect).with(regexp_matches(expected_redirect))
|
265
|
-
strategy.request_phase
|
266
|
-
|
267
|
-
# this should succeed as the correct state is passed with the request
|
268
|
-
test_callback_phase(session, { "state" => 42 })
|
269
|
-
|
270
|
-
# the following should fail because the wrong state is passed to the callback
|
271
|
-
code = SecureRandom.hex(16)
|
272
|
-
request.stubs(:params).returns({"code" => code, "state" => 43})
|
273
|
-
request.stubs(:path_info).returns("")
|
274
|
-
strategy.call!({"rack.session" => session})
|
275
|
-
|
276
|
-
result = strategy.callback_phase
|
277
|
-
|
278
|
-
assert result.kind_of?(Array)
|
279
|
-
assert result.first == 401, "Expecting unauthorized"
|
280
|
-
end
|
281
|
-
|
282
74
|
def test_option_client_auth_method
|
283
|
-
code = SecureRandom.hex(16)
|
284
|
-
state = SecureRandom.hex(16)
|
285
|
-
nonce = SecureRandom.hex(16)
|
286
|
-
|
287
75
|
opts = strategy.options.client_options
|
288
76
|
opts[:host] = "foobar.com"
|
289
|
-
strategy.options.issuer = "foobar.com"
|
290
77
|
strategy.options.client_auth_method = :not_basic
|
291
|
-
|
292
|
-
strategy.options.client_jwk_signing_key = File.read('test/fixtures/jwks.json')
|
293
|
-
|
294
|
-
json_response = {access_token: 'test_access_token',
|
295
|
-
id_token: File.read('test/fixtures/id_token.txt'),
|
296
|
-
token_type: 'Bearer',
|
297
|
-
}.to_json
|
298
|
-
success = Struct.new(:status, :body).new(200, json_response)
|
299
|
-
|
300
|
-
request.stubs(:path_info).returns('')
|
301
|
-
strategy.call!({'rack.session' => {'omniauth.state' => state, 'omniauth.nonce' => nonce}})
|
302
|
-
|
303
|
-
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
304
|
-
id_token.stubs(:verify!).with({:issuer => strategy.options.issuer, :client_id => @identifier, :nonce => nonce}).returns(true)
|
305
|
-
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
78
|
+
success = Struct.new(:status).new(200)
|
306
79
|
|
307
80
|
HTTPClient.any_instance.stubs(:post).with(
|
308
81
|
"#{opts.scheme}://#{opts.host}:#{opts.port}#{opts.token_endpoint}",
|
309
|
-
{
|
82
|
+
{:grant_type => :client_credentials, :client_id => @identifier, :client_secret => @secret},
|
310
83
|
{}
|
311
84
|
).returns(success)
|
85
|
+
OpenIDConnect::Client.any_instance.stubs(:handle_success_response).with(success).returns(true)
|
312
86
|
|
313
87
|
assert(strategy.send :access_token)
|
314
88
|
end
|
315
|
-
|
316
|
-
def test_public_key_with_jwks
|
317
|
-
strategy.options.client_signing_alg = :RS256
|
318
|
-
strategy.options.client_jwk_signing_key = File.read('./test/fixtures/jwks.json')
|
319
|
-
|
320
|
-
assert_equal JSON::JWK::Set, strategy.public_key.class
|
321
|
-
end
|
322
|
-
|
323
|
-
def test_public_key_with_jwk
|
324
|
-
strategy.options.client_signing_alg = :RS256
|
325
|
-
jwks_str = File.read('./test/fixtures/jwks.json')
|
326
|
-
jwks = JSON.parse(jwks_str)
|
327
|
-
jwk = jwks['keys'].first
|
328
|
-
strategy.options.client_jwk_signing_key = jwk.to_json
|
329
|
-
|
330
|
-
assert_equal JSON::JWK, strategy.public_key.class
|
331
|
-
end
|
332
|
-
|
333
|
-
def test_public_key_with_x509
|
334
|
-
strategy.options.client_signing_alg = :RS256
|
335
|
-
strategy.options.client_x509_signing_key = File.read('./test/fixtures/test.crt')
|
336
|
-
assert_equal OpenSSL::PKey::RSA, strategy.public_key.class
|
337
|
-
end
|
338
|
-
|
339
|
-
def test_public_key_with_hmac
|
340
|
-
strategy.options.client_options.secret = 'secret'
|
341
|
-
strategy.options.client_signing_alg = :HS256
|
342
|
-
assert_equal strategy.options.client_options.secret, strategy.public_key
|
343
|
-
end
|
344
89
|
end
|
data/test/test_helper.rb
CHANGED
@@ -8,10 +8,10 @@ Coveralls.wear!
|
|
8
8
|
require 'minitest/autorun'
|
9
9
|
require 'mocha/mini_test'
|
10
10
|
require 'faker'
|
11
|
-
|
12
|
-
require_relative '../lib/omniauth-openid-connect'
|
11
|
+
require_relative '../lib/omniauth-openid-reconnect'
|
13
12
|
|
14
13
|
OmniAuth.config.test_mode = true
|
14
|
+
OmniAuth.config.logger = Logger.new('/dev/null')
|
15
15
|
|
16
16
|
class StrategyTestCase < MiniTest::Test
|
17
17
|
class DummyApp
|
@@ -30,7 +30,7 @@ class StrategyTestCase < MiniTest::Test
|
|
30
30
|
end
|
31
31
|
|
32
32
|
def user_info
|
33
|
-
@user_info ||= OpenIDConnect::ResponseObject::UserInfo.new(
|
33
|
+
@user_info ||= OpenIDConnect::ResponseObject::UserInfo::OpenID.new(
|
34
34
|
sub: SecureRandom.hex(16),
|
35
35
|
name: Faker::Name.name,
|
36
36
|
email: Faker::Internet.email,
|
metadata
CHANGED
@@ -1,20 +1,37 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-openid-connector
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Danial Oberg
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-07-
|
11
|
+
date: 2017-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: activesupport
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
13
27
|
- !ruby/object:Gem::Dependency
|
14
28
|
name: omniauth
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|
16
30
|
requirements:
|
17
31
|
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '1.6'
|
34
|
+
- - ">="
|
18
35
|
- !ruby/object:Gem::Version
|
19
36
|
version: 1.6.1
|
20
37
|
type: :runtime
|
@@ -22,20 +39,23 @@ dependencies:
|
|
22
39
|
version_requirements: !ruby/object:Gem::Requirement
|
23
40
|
requirements:
|
24
41
|
- - "~>"
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: '1.6'
|
44
|
+
- - ">="
|
25
45
|
- !ruby/object:Gem::Version
|
26
46
|
version: 1.6.1
|
27
47
|
- !ruby/object:Gem::Dependency
|
28
48
|
name: openid_connect
|
29
49
|
requirement: !ruby/object:Gem::Requirement
|
30
50
|
requirements:
|
31
|
-
- -
|
51
|
+
- - '='
|
32
52
|
- !ruby/object:Gem::Version
|
33
53
|
version: 1.1.2
|
34
54
|
type: :runtime
|
35
55
|
prerelease: false
|
36
56
|
version_requirements: !ruby/object:Gem::Requirement
|
37
57
|
requirements:
|
38
|
-
- -
|
58
|
+
- - '='
|
39
59
|
- !ruby/object:Gem::Version
|
40
60
|
version: 1.1.2
|
41
61
|
- !ruby/object:Gem::Dependency
|
@@ -44,19 +64,28 @@ dependencies:
|
|
44
64
|
requirements:
|
45
65
|
- - "~>"
|
46
66
|
- !ruby/object:Gem::Version
|
47
|
-
version: '2.
|
67
|
+
version: '2.3'
|
68
|
+
- - ">="
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: 2.3.6
|
48
71
|
type: :runtime
|
49
72
|
prerelease: false
|
50
73
|
version_requirements: !ruby/object:Gem::Requirement
|
51
74
|
requirements:
|
52
75
|
- - "~>"
|
53
76
|
- !ruby/object:Gem::Version
|
54
|
-
version: '2.
|
77
|
+
version: '2.3'
|
78
|
+
- - ">="
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: 2.3.6
|
55
81
|
- !ruby/object:Gem::Dependency
|
56
82
|
name: bundler
|
57
83
|
requirement: !ruby/object:Gem::Requirement
|
58
84
|
requirements:
|
59
85
|
- - "~>"
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: '1.15'
|
88
|
+
- - ">="
|
60
89
|
- !ruby/object:Gem::Version
|
61
90
|
version: 1.15.1
|
62
91
|
type: :development
|
@@ -64,151 +93,192 @@ dependencies:
|
|
64
93
|
version_requirements: !ruby/object:Gem::Requirement
|
65
94
|
requirements:
|
66
95
|
- - "~>"
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '1.15'
|
98
|
+
- - ">="
|
67
99
|
- !ruby/object:Gem::Version
|
68
100
|
version: 1.15.1
|
69
101
|
- !ruby/object:Gem::Dependency
|
70
102
|
name: minitest
|
71
103
|
requirement: !ruby/object:Gem::Requirement
|
72
104
|
requirements:
|
73
|
-
- - "
|
105
|
+
- - "~>"
|
74
106
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
107
|
+
version: '5.4'
|
76
108
|
type: :development
|
77
109
|
prerelease: false
|
78
110
|
version_requirements: !ruby/object:Gem::Requirement
|
79
111
|
requirements:
|
80
|
-
- - "
|
112
|
+
- - "~>"
|
81
113
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
114
|
+
version: '5.4'
|
83
115
|
- !ruby/object:Gem::Dependency
|
84
116
|
name: mocha
|
85
117
|
requirement: !ruby/object:Gem::Requirement
|
86
118
|
requirements:
|
119
|
+
- - "~>"
|
120
|
+
- !ruby/object:Gem::Version
|
121
|
+
version: '1.2'
|
87
122
|
- - ">="
|
88
123
|
- !ruby/object:Gem::Version
|
89
|
-
version:
|
124
|
+
version: 1.2.1
|
90
125
|
type: :development
|
91
126
|
prerelease: false
|
92
127
|
version_requirements: !ruby/object:Gem::Requirement
|
93
128
|
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.2'
|
94
132
|
- - ">="
|
95
133
|
- !ruby/object:Gem::Version
|
96
|
-
version:
|
134
|
+
version: 1.2.1
|
97
135
|
- !ruby/object:Gem::Dependency
|
98
136
|
name: guard
|
99
137
|
requirement: !ruby/object:Gem::Requirement
|
100
138
|
requirements:
|
139
|
+
- - "~>"
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '2.14'
|
101
142
|
- - ">="
|
102
143
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
144
|
+
version: 2.14.1
|
104
145
|
type: :development
|
105
146
|
prerelease: false
|
106
147
|
version_requirements: !ruby/object:Gem::Requirement
|
107
148
|
requirements:
|
149
|
+
- - "~>"
|
150
|
+
- !ruby/object:Gem::Version
|
151
|
+
version: '2.14'
|
108
152
|
- - ">="
|
109
153
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
154
|
+
version: 2.14.1
|
111
155
|
- !ruby/object:Gem::Dependency
|
112
156
|
name: guard-minitest
|
113
157
|
requirement: !ruby/object:Gem::Requirement
|
114
158
|
requirements:
|
159
|
+
- - "~>"
|
160
|
+
- !ruby/object:Gem::Version
|
161
|
+
version: '2.4'
|
115
162
|
- - ">="
|
116
163
|
- !ruby/object:Gem::Version
|
117
|
-
version:
|
164
|
+
version: 2.4.6
|
118
165
|
type: :development
|
119
166
|
prerelease: false
|
120
167
|
version_requirements: !ruby/object:Gem::Requirement
|
121
168
|
requirements:
|
169
|
+
- - "~>"
|
170
|
+
- !ruby/object:Gem::Version
|
171
|
+
version: '2.4'
|
122
172
|
- - ">="
|
123
173
|
- !ruby/object:Gem::Version
|
124
|
-
version:
|
174
|
+
version: 2.4.6
|
125
175
|
- !ruby/object:Gem::Dependency
|
126
176
|
name: guard-bundler
|
127
177
|
requirement: !ruby/object:Gem::Requirement
|
128
178
|
requirements:
|
179
|
+
- - "~>"
|
180
|
+
- !ruby/object:Gem::Version
|
181
|
+
version: '2.1'
|
129
182
|
- - ">="
|
130
183
|
- !ruby/object:Gem::Version
|
131
|
-
version:
|
184
|
+
version: 2.1.0
|
132
185
|
type: :development
|
133
186
|
prerelease: false
|
134
187
|
version_requirements: !ruby/object:Gem::Requirement
|
135
188
|
requirements:
|
189
|
+
- - "~>"
|
190
|
+
- !ruby/object:Gem::Version
|
191
|
+
version: '2.1'
|
136
192
|
- - ">="
|
137
193
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
194
|
+
version: 2.1.0
|
139
195
|
- !ruby/object:Gem::Dependency
|
140
196
|
name: rake
|
141
197
|
requirement: !ruby/object:Gem::Requirement
|
142
198
|
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '12.0'
|
143
202
|
- - ">="
|
144
203
|
- !ruby/object:Gem::Version
|
145
|
-
version:
|
204
|
+
version: 12.0.0
|
146
205
|
type: :development
|
147
206
|
prerelease: false
|
148
207
|
version_requirements: !ruby/object:Gem::Requirement
|
149
208
|
requirements:
|
209
|
+
- - "~>"
|
210
|
+
- !ruby/object:Gem::Version
|
211
|
+
version: '12.0'
|
150
212
|
- - ">="
|
151
213
|
- !ruby/object:Gem::Version
|
152
|
-
version:
|
214
|
+
version: 12.0.0
|
153
215
|
- !ruby/object:Gem::Dependency
|
154
216
|
name: simplecov
|
155
217
|
requirement: !ruby/object:Gem::Requirement
|
156
218
|
requirements:
|
157
|
-
- - "
|
219
|
+
- - "~>"
|
158
220
|
- !ruby/object:Gem::Version
|
159
|
-
version:
|
221
|
+
version: 0.14.1
|
160
222
|
type: :development
|
161
223
|
prerelease: false
|
162
224
|
version_requirements: !ruby/object:Gem::Requirement
|
163
225
|
requirements:
|
164
|
-
- - "
|
226
|
+
- - "~>"
|
165
227
|
- !ruby/object:Gem::Version
|
166
|
-
version:
|
228
|
+
version: 0.14.1
|
167
229
|
- !ruby/object:Gem::Dependency
|
168
230
|
name: pry
|
169
231
|
requirement: !ruby/object:Gem::Requirement
|
170
232
|
requirements:
|
171
|
-
- - "
|
233
|
+
- - "~>"
|
172
234
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
235
|
+
version: 0.10.4
|
174
236
|
type: :development
|
175
237
|
prerelease: false
|
176
238
|
version_requirements: !ruby/object:Gem::Requirement
|
177
239
|
requirements:
|
178
|
-
- - "
|
240
|
+
- - "~>"
|
179
241
|
- !ruby/object:Gem::Version
|
180
|
-
version:
|
242
|
+
version: 0.10.4
|
181
243
|
- !ruby/object:Gem::Dependency
|
182
244
|
name: coveralls
|
183
245
|
requirement: !ruby/object:Gem::Requirement
|
184
246
|
requirements:
|
185
|
-
- - "
|
247
|
+
- - "~>"
|
186
248
|
- !ruby/object:Gem::Version
|
187
|
-
version:
|
249
|
+
version: 0.8.21
|
188
250
|
type: :development
|
189
251
|
prerelease: false
|
190
252
|
version_requirements: !ruby/object:Gem::Requirement
|
191
253
|
requirements:
|
192
|
-
- - "
|
254
|
+
- - "~>"
|
193
255
|
- !ruby/object:Gem::Version
|
194
|
-
version:
|
256
|
+
version: 0.8.21
|
195
257
|
- !ruby/object:Gem::Dependency
|
196
258
|
name: faker
|
197
259
|
requirement: !ruby/object:Gem::Requirement
|
198
260
|
requirements:
|
261
|
+
- - "~>"
|
262
|
+
- !ruby/object:Gem::Version
|
263
|
+
version: '1.8'
|
199
264
|
- - ">="
|
200
265
|
- !ruby/object:Gem::Version
|
201
|
-
version:
|
266
|
+
version: 1.8.2
|
202
267
|
type: :development
|
203
268
|
prerelease: false
|
204
269
|
version_requirements: !ruby/object:Gem::Requirement
|
205
270
|
requirements:
|
271
|
+
- - "~>"
|
272
|
+
- !ruby/object:Gem::Version
|
273
|
+
version: '1.8'
|
206
274
|
- - ">="
|
207
275
|
- !ruby/object:Gem::Version
|
208
|
-
version:
|
209
|
-
description: OpenID Connect Strategy for OmniAuth
|
276
|
+
version: 1.8.2
|
277
|
+
description: OpenID Connect Strategy MK2 for OmniAuth which is fully compliant with
|
278
|
+
devise and rails and currently maintained. Derived from jjbohn's work which is not
|
279
|
+
actively maintained
|
210
280
|
email:
|
211
|
-
-
|
281
|
+
- dan@cs1.com
|
212
282
|
executables: []
|
213
283
|
extensions: []
|
214
284
|
extra_rdoc_files: []
|
@@ -220,19 +290,16 @@ files:
|
|
220
290
|
- LICENSE.txt
|
221
291
|
- README.md
|
222
292
|
- Rakefile
|
223
|
-
- lib/omniauth-openid-
|
293
|
+
- lib/omniauth-openid-reconnect.rb
|
224
294
|
- lib/omniauth/openid_connect.rb
|
225
295
|
- lib/omniauth/openid_connect/errors.rb
|
226
296
|
- lib/omniauth/openid_connect/version.rb
|
227
297
|
- lib/omniauth/strategies/openid_connect.rb
|
228
298
|
- omniauth-openid-connector.gemspec
|
229
|
-
- test/fixtures/id_token.txt
|
230
|
-
- test/fixtures/jwks.json
|
231
|
-
- test/fixtures/test.crt
|
232
299
|
- test/lib/omniauth/openid_connect/version_test.rb
|
233
300
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
234
301
|
- test/test_helper.rb
|
235
|
-
homepage: https://github.com/doberg/omniauth-openid-
|
302
|
+
homepage: https://github.com/doberg/omniauth-openid-reconnect
|
236
303
|
licenses:
|
237
304
|
- MIT
|
238
305
|
metadata: {}
|
@@ -252,15 +319,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
252
319
|
version: '0'
|
253
320
|
requirements: []
|
254
321
|
rubyforge_project:
|
255
|
-
rubygems_version: 2.
|
322
|
+
rubygems_version: 2.6.8
|
256
323
|
signing_key:
|
257
324
|
specification_version: 4
|
258
|
-
summary: OpenID Connect Strategy for OmniAuth
|
325
|
+
summary: OpenID Connect Strategy MK2 for OmniAuth
|
259
326
|
test_files:
|
260
|
-
- test/fixtures/id_token.txt
|
261
|
-
- test/fixtures/jwks.json
|
262
|
-
- test/fixtures/test.crt
|
263
327
|
- test/lib/omniauth/openid_connect/version_test.rb
|
264
328
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
265
329
|
- test/test_helper.rb
|
266
|
-
has_rdoc:
|
data/test/fixtures/id_token.txt
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzcyI6ICJodHRwOi8vc2VydmVyLmV4YW1wbGUuY29tIiwKICJzdWIiOiAiMjQ4Mjg5NzYxMDAxIiwKICJhdWQiOiAiczZCaGRSa3F0MyIsCiAibm9uY2UiOiAibi0wUzZfV3pBMk1qIiwKICJleHAiOiAxMzExMjgxOTcwLAogImlhdCI6IDEzMTEyODA5NzAKfQ.ggW8hZ1EuVLuxNuuIJKX_V8a_OMXzR0EHR9R6jgdqrOOF4daGU96Sr_P6qJp6IcmD3HP99Obi1PRs-cwh3LO-p146waJ8IhehcwL7F09JdijmBqkvPeB2T9CJNqeGpe-gccMg4vfKjkM8FcGvnzZUN4_KSP0aAp1tOJ1zZwgjxqGByKHiOtX7TpdQyHE5lcMiKPXfEIQILVq0pc_E2DzL7emopWoaoZTF_m0_N0YzFC6g6EJbOEoRoSK5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVVk4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg
|
data/test/fixtures/jwks.json
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
{"keys": [{
|
2
|
-
"kty": "RSA",
|
3
|
-
"n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw",
|
4
|
-
"e": "AQAB",
|
5
|
-
"alg": "RS256",
|
6
|
-
"kid": "1e9gdk7"
|
7
|
-
}]
|
8
|
-
}
|
data/test/fixtures/test.crt
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
-----BEGIN CERTIFICATE-----
|
2
|
-
MIIDJDCCAgwCCQC57Ob2JfXb+DANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJK
|
3
|
-
UDEOMAwGA1UECBMFVG9reW8xITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5
|
4
|
-
IEx0ZDESMBAGA1UEAxMJbG9jYWxob3N0MB4XDTE0MDgwMTA4NTAxM1oXDTE1MDgw
|
5
|
-
MTA4NTAxM1owVDELMAkGA1UEBhMCSlAxDjAMBgNVBAgTBVRva3lvMSEwHwYDVQQK
|
6
|
-
ExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMTCWxvY2FsaG9zdDCC
|
7
|
-
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+7czSGHN2087T+oX2kBCY/
|
8
|
-
XN6UOS/mdU2Gn//omZlyxsQXIqvgBLNWeCVt4QdlFUbgPLggfXUelECV/RUOCIIi
|
9
|
-
F2Th4t3x1LviN2XkUiva0DZBnOycqEaJdkyreEuGL1CLVZgZjKmSzNqLl0Yci3D0
|
10
|
-
zgVsXFZSadQebietm4CCmfJYREt9NJxXcrLxVDgat/Xm/KJBsohs3f+cbBT8EXer
|
11
|
-
7+2oZjZoVUgw1hu0alaOvAfE4mxsVwjn3g2mjDqRJLbbuWqgDobjMHah+d4zwJvN
|
12
|
-
ePK8E0hfaz/XBLsJ4e6bQA3M3bANEgSvsicup/qb/0th4gUdc/kj4aJGj0RP7oEC
|
13
|
-
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEADuVec/8u2qJiq6K2W/gSLGYCBZq64OrA
|
14
|
-
s7L2+S82m9/3gAb62wGcDNZjIGFDQubXmO6RhHv7JUT5YZqv9/kRGTJcHDUrwwoN
|
15
|
-
IE99CIPizp7VfnrZ6GsYeszSsw3m+mKTETm+6ELmaSDbYAsrCg4IpGwUF0L88ATv
|
16
|
-
CJ8QzW4X7b9dYVc7UAYyCie2N65GXfesBbRlSwFLuVqIzZfMdNpNijTIUwUqGSME
|
17
|
-
b8IjLYzvekP53CO4wEBRrAVIPNXgftorxIE30OLWua2Qw3y6Pn+Qp5fLe47025S7
|
18
|
-
Lcec18/FbHG0Vbq0qO9cKQw80XyK31N6z556wr2GN2WyixkzVRddXA==
|
19
|
-
-----END CERTIFICATE-----
|