omniauth-proconnect 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +8 -1
  3. data/lib/omniauth/proconnect/version.rb +1 -1
  4. data/lib/omniauth/proconnect.rb +115 -112
  5. metadata +24 -10
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 86b51a87f8ac06c3c00f81ce18d9819420c4a77b8301a61251b2098f1c87565c
4
- data.tar.gz: 9b6973f0b6e425220af7f797b274ae1a2c238d4cbb824baaead6f72077bd277a
3
+ metadata.gz: 3798432d91f891378bd3a61ac701ed300d262613b961c9d2e7c6ef9e7f72d8bd
4
+ data.tar.gz: a13a4a55b57569fbb93907b35966aa6855beb6002f73a66088d19dcd0f4a00b9
5
5
  SHA512:
6
- metadata.gz: 9bba6185dbbb6b95054c928243f1c6e24ed1a618673b221530dd02da1c6ad3999338f92537aa814ba60a3a2677afec85580580a76ef7eca57a9df3449c5fdd21
7
- data.tar.gz: 804977671bf4054b1482f2f8d4e0c10f634dc92bdeaa0491d4bff42e17c1412d87e6fcc3730f5297f1d84da19b76b884774e8f659b8b599d0fa3c468a0e29a50
6
+ metadata.gz: 6bc5467a0edef737742ed477ec0ddb175e45e58298ffde705bb3162a214cc802cf52f98568e5c20ffc98d4a6a2812fab98840a185d0d0ddc9b1e9b37cb464bfe
7
+ data.tar.gz: d68e03e9eb2e796da1f68d270eb322f52b2e429c1ab0554e78f040bfa768a20c70e09dc89a62d701fd9053cb1f99060e3e16f9c04aa9a15c71e97e7b2bb8c471
data/README.md CHANGED
@@ -17,6 +17,13 @@ qui malgré son degré de maturité supérieure semble à l'abandon aussi.
17
17
 
18
18
  ## Utilisation
19
19
 
20
+ Une fois que vous avez créé votre application sur [l'espace
21
+ partenaires de
22
+ ProConnect](https://partenaires.proconnect.gouv.fr/apps) et identifié
23
+ vos endpoints grâce à leur [documentation
24
+ technique](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique))
25
+ :
26
+
20
27
  1. installer la gem `bundle add omniauth-proconnect` ;
21
28
  2. configurer une nouvelle stratégie pour OmniAuth :
22
29
 
@@ -24,7 +31,7 @@ qui malgré son degré de maturité supérieure semble à l'abandon aussi.
24
31
  # config/omniauth.rb
25
32
  Rails.application.config.middleware.use OmniAuth::Builder do
26
33
  provider(
27
- :pro_connect,
34
+ :proconnect,
28
35
  {
29
36
  client_id: ENV.fetch("YOUR_APP_PC_CLIENT_ID"),
30
37
  client_secret: ENV.fetch("YOUR_APP_PC_CLIENT_SECRET"),
data/lib/omniauth/proconnect/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Omniauth
4
4
  class Proconnect
5
- VERSION = "0.1.2"
5
+ VERSION = "0.3.0"
6
6
  end
7
7
  end
data/lib/omniauth/proconnect.rb CHANGED
@@ -1,152 +1,155 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "faraday"
3
4
  require "omniauth"
5
+ require "json/jwt"
4
6
 
5
7
  require_relative "proconnect/version"
6
8
 
7
- module Omniauth
8
- class Proconnect
9
- class Error < StandardError; end
9
+ module OmniAuth
10
+ module Strategies
11
+ class Proconnect
12
+ class Error < StandardError; end
10
13
 
11
- include OmniAuth::Strategy
14
+ include OmniAuth::Strategy
12
15
 
13
- option :name, "proconnect"
14
- option :client_id
15
- option :client_secret
16
- option :proconnect_domain
17
- option :redirect_uri
18
- option :post_logout_redirect_uri
19
- option :scope, "openid email given_name usual_name"
16
+ option :name, "proconnect"
17
+ option :client_id
18
+ option :client_secret
19
+ option :proconnect_domain
20
+ option :redirect_uri
21
+ option :post_logout_redirect_uri
22
+ option :scope, "openid email given_name usual_name"
20
23
 
21
- def setup_phase
22
- discover_endpoint!
23
- end
24
+ def setup_phase
25
+ discover_endpoint!
26
+ end
24
27
 
25
- def request_phase
26
- redirect(authorization_uri)
27
- end
28
+ def request_phase
29
+ redirect(authorization_uri)
30
+ end
28
31
 
29
- def callback_phase
30
- verify_state!(request.params["state"])
32
+ def callback_phase
33
+ verify_state!(request.params["state"])
31
34
 
32
- exchange_authorization_code!(request.params["code"])
33
- .then { |response| store_tokens!(response) }
34
- .then { |response| get_userinfo!(response) }
35
- .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
36
- .then { super }
37
- end
35
+ exchange_authorization_code!(request.params["code"])
36
+ .then { |response| store_tokens!(response) }
37
+ .then { get_userinfo! }
38
+ .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
39
+ .then { super }
40
+ end
38
41
 
39
- def other_phase
40
- if on_logout_path?
41
- engage_logout!
42
- else
43
- @app.call(env)
42
+ def other_phase
43
+ if on_logout_path?
44
+ engage_logout!
45
+ else
46
+ call_app!
47
+ end
44
48
  end
45
- end
46
49
 
47
- def uid
48
- session["omniauth.pc.id_token"]["sub"]
49
- end
50
+ def uid
51
+ session["omniauth.pc.id_token"]["sub"]
52
+ end
50
53
 
51
- def info
52
- {
53
- email: @userinfo["email"]
54
- }
55
- end
54
+ def info
55
+ {
56
+ email: @userinfo["email"]
57
+ }
58
+ end
56
59
 
57
- private
60
+ private
58
61
 
59
- def connection
60
- @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
61
- c.response :json
62
- c.response :raise_error
62
+ def connection
63
+ @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
64
+ c.response :json
65
+ c.response :raise_error
66
+ end
63
67
  end
64
- end
65
68
 
66
- def discovered_configuration
67
- @discovered_configuration ||= discover_endpoint!
68
- end
69
+ def discovered_configuration
70
+ @discovered_configuration ||= discover_endpoint!
71
+ end
69
72
 
70
- def discover_endpoint!
71
- connection
72
- .get(".well-known/openid-configuration")
73
- .body
74
- end
73
+ def discover_endpoint!
74
+ connection
75
+ .get(".well-known/openid-configuration")
76
+ .body
77
+ end
75
78
 
76
- def authorization_uri
77
- URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
78
- endpoint.query = URI.encode_www_form(
79
- response_type: "code",
80
- client_id: options[:client_id],
81
- redirect_uri: options[:redirect_uri],
82
- scope: options[:scope],
83
- state: store_new_state!,
84
- nonce: store_new_nonce!
85
- )
79
+ def authorization_uri
80
+ URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
81
+ endpoint.query = URI.encode_www_form(
82
+ response_type: "code",
83
+ client_id: options[:client_id],
84
+ redirect_uri: options[:redirect_uri],
85
+ scope: options[:scope],
86
+ state: store_new_state!,
87
+ nonce: store_new_nonce!
88
+ )
89
+ end
86
90
  end
87
- end
88
91
 
89
- def end_session_uri
90
- URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
91
- endpoint.query = URI.encode_www_form(
92
- id_token_hint: session["omniauth.pc.id_token"],
93
- state: current_state,
94
- post_logout_redirect_uri: options[:post_logout_redirect_uri]
95
- )
92
+ def end_session_uri
93
+ URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
94
+ endpoint.query = URI.encode_www_form(
95
+ id_token_hint: session["omniauth.pc.id_token"],
96
+ state: current_state,
97
+ post_logout_redirect_uri: options[:post_logout_redirect_uri]
98
+ )
99
+ end
96
100
  end
97
- end
98
101
 
99
- def exchange_authorization_code!(code)
100
- connection.post(URI(discovered_configuration["token_endpoint"]),
101
- URI.encode_www_form(
102
- grant_type: "authorization_code",
103
- client_id: options[:client_id],
104
- client_secret: options[:client_secret],
105
- redirect_uri: options[:redirect_uri],
106
- code: code,
107
- scope: options[:scope]
108
- ))
109
- end
102
+ def exchange_authorization_code!(code)
103
+ connection.post(URI(discovered_configuration["token_endpoint"]),
104
+ URI.encode_www_form(
105
+ grant_type: "authorization_code",
106
+ client_id: options[:client_id],
107
+ client_secret: options[:client_secret],
108
+ redirect_uri: options[:redirect_uri],
109
+ code: code
110
+ ))
111
+ end
110
112
 
111
- def store_tokens!(response)
112
- response.tap do |res|
113
- %w[access id refresh].each do |name|
114
- session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
113
+ def store_tokens!(response)
114
+ response.tap do |res|
115
+ %w[access id refresh].each do |name|
116
+ session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
117
+ end
115
118
  end
116
119
  end
117
- end
118
120
 
119
- def get_userinfo!
120
- endpoint = URI(discovered_configuration["userinfo_endpoint"])
121
- token = session["omniauth.pc.access_token"]
121
+ def get_userinfo!
122
+ endpoint = URI(discovered_configuration["userinfo_endpoint"])
123
+ token = session["omniauth.pc.access_token"]
122
124
 
123
- connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
124
- end
125
+ connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
126
+ end
125
127
 
126
- def engage_logout!
127
- redirect end_session_uri
128
- end
128
+ def engage_logout!
129
+ redirect end_session_uri
130
+ end
129
131
 
130
- def on_logout_path?
131
- # FIXME: maybe don't hardcode this
132
- request.path.end_with?("#{request_path}/logout")
133
- end
132
+ def on_logout_path?
133
+ # FIXME: maybe don't hardcode this
134
+ request.path.end_with?("#{request_path}/logout")
135
+ end
134
136
 
135
- def store_new_state!
136
- session["omniauth.state"] = SecureRandom.hex(16)
137
- end
137
+ def store_new_state!
138
+ session["omniauth.state"] = SecureRandom.hex(16)
139
+ end
138
140
 
139
- def current_state
140
- session["omniauth.state"]
141
- end
141
+ def current_state
142
+ session["omniauth.state"]
143
+ end
142
144
 
143
- def store_new_nonce!
144
- session["omniauth.nonce"] = SecureRandom.hex(16)
145
- end
145
+ def store_new_nonce!
146
+ session["omniauth.nonce"] = SecureRandom.hex(16)
147
+ end
146
148
 
147
- def verify_state!(other_state)
148
- if other_state != current_state
149
- raise "a request came back with a different 'state' parameter than what we had last stored."
149
+ def verify_state!(other_state)
150
+ if other_state != current_state
151
+ raise "a request came back with a different 'state' parameter than what we had last stored."
152
+ end
150
153
  end
151
154
  end
152
155
  end
metadata CHANGED
@@ -1,42 +1,56 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-proconnect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stéphane Maniaci
8
8
  bindir: exe
9
9
  cert_chain: []
10
- date: 2025-04-30 00:00:00.000000000 Z
10
+ date: 2025-05-22 00:00:00.000000000 Z
11
11
  dependencies:
12
12
  - !ruby/object:Gem::Dependency
13
- name: omniauth
13
+ name: faraday
14
14
  requirement: !ruby/object:Gem::Requirement
15
15
  requirements:
16
- - - ">="
16
+ - - "~>"
17
17
  - !ruby/object:Gem::Version
18
- version: '0'
18
+ version: '2'
19
19
  type: :runtime
20
20
  prerelease: false
21
21
  version_requirements: !ruby/object:Gem::Requirement
22
22
  requirements:
23
- - - ">="
23
+ - - "~>"
24
24
  - !ruby/object:Gem::Version
25
- version: '0'
25
+ version: '2'
26
26
  - !ruby/object:Gem::Dependency
27
- name: faraday
27
+ name: json-jwt
28
28
  requirement: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - "~>"
31
31
  - !ruby/object:Gem::Version
32
- version: '2'
32
+ version: '1'
33
33
  type: :runtime
34
34
  prerelease: false
35
35
  version_requirements: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - "~>"
38
38
  - !ruby/object:Gem::Version
39
- version: '2'
39
+ version: '1'
40
+ - !ruby/object:Gem::Dependency
41
+ name: omniauth
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ type: :runtime
48
+ prerelease: false
49
+ version_requirements: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
40
54
  description: An OmniAuth strategy for ProConnect, an official OIDC solution for French
41
55
  professionnals to login.
42
56
  email: