omniauth-proconnect 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 65c3097417b5ba5fc2e4a794a05c278377ec3c377dafe26b9f0ec4a9432a1c09
-  data.tar.gz: 5a6777dabb9bc4243fa3ec392654e16791eeb5af2c9ee50dbae828e299c2c7b6
+  metadata.gz: 3798432d91f891378bd3a61ac701ed300d262613b961c9d2e7c6ef9e7f72d8bd
+  data.tar.gz: a13a4a55b57569fbb93907b35966aa6855beb6002f73a66088d19dcd0f4a00b9
 SHA512:
-  metadata.gz: 3acfe7bb5f8ba66bd845462bbfdfbd42f877c0acecdd80a9611efe0d9ddcbb129d7f7842ea1a0970ce83e7a566c2eb0b5c697cd5046015a41434d810786b7690
-  data.tar.gz: c50de51e6dc16a754d75e8acfa58ac8439c7323962154612108edf3fcd8a025b8e14f6411834961d3838afff3ef161fa828a9c26f5916a41f4838c9164fe3fbe
+  metadata.gz: 6bc5467a0edef737742ed477ec0ddb175e45e58298ffde705bb3162a214cc802cf52f98568e5c20ffc98d4a6a2812fab98840a185d0d0ddc9b1e9b37cb464bfe
+  data.tar.gz: d68e03e9eb2e796da1f68d270eb322f52b2e429c1ab0554e78f040bfa768a20c70e09dc89a62d701fd9053cb1f99060e3e16f9c04aa9a15c71e97e7b2bb8c471

data/README.md

@@ -17,6 +17,13 @@ qui malgré son degré de maturité supérieure semble à l'abandon aussi.
 
 ## Utilisation
 
+Une fois que vous avez créé votre application sur [l'espace
+partenaires de
+ProConnect](https://partenaires.proconnect.gouv.fr/apps) et identifié
+vos endpoints grâce à leur [documentation
+technique](https://partenaires.proconnect.gouv.fr/docs/fournisseur-service/implementation_technique))
+:
+
 1. installer la gem `bundle add omniauth-proconnect` ;
 2. configurer une nouvelle stratégie pour OmniAuth :
 

data/lib/omniauth/proconnect/version.rb

@@ -2,6 +2,6 @@
 
 module Omniauth
   class Proconnect
-    VERSION = "0.2.0"
+    VERSION = "0.3.0"
   end
 end

data/lib/omniauth/proconnect.rb

@@ -6,149 +6,150 @@ require "json/jwt"
 
 require_relative "proconnect/version"
 
-module Omniauth
-  class Proconnect
-    class Error < StandardError; end
-
-    include OmniAuth::Strategy
-
-    option :name, "proconnect"
-    option :client_id
-    option :client_secret
-    option :proconnect_domain
-    option :redirect_uri
-    option :post_logout_redirect_uri
-    option :scope, "openid email given_name usual_name"
-
-    def setup_phase
-      discover_endpoint!
-    end
+module OmniAuth
+  module Strategies
+    class Proconnect
+      class Error < StandardError; end
+
+      include OmniAuth::Strategy
+
+      option :name, "proconnect"
+      option :client_id
+      option :client_secret
+      option :proconnect_domain
+      option :redirect_uri
+      option :post_logout_redirect_uri
+      option :scope, "openid email given_name usual_name"
+
+      def setup_phase
+        discover_endpoint!
+      end
 
-    def request_phase
-      redirect(authorization_uri)
-    end
+      def request_phase
+        redirect(authorization_uri)
+      end
 
-    def callback_phase
-      verify_state!(request.params["state"])
+      def callback_phase
+        verify_state!(request.params["state"])
 
-      exchange_authorization_code!(request.params["code"])
-        .then { |response| store_tokens!(response) }
-        .then { get_userinfo! }
-        .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
-        .then { super }
-    end
+        exchange_authorization_code!(request.params["code"])
+          .then { |response| store_tokens!(response) }
+          .then { get_userinfo! }
+          .then { |response| @userinfo = JSON::JWT.decode(response.body, :skip_verification) }
+          .then { super }
+      end
 
-    def other_phase
-      if on_logout_path?
-        engage_logout!
-      else
-        @app.call(env)
+      def other_phase
+        if on_logout_path?
+          engage_logout!
+        else
+          call_app!
+        end
       end
-    end
 
-    def uid
-      session["omniauth.pc.id_token"]["sub"]
-    end
+      def uid
+        session["omniauth.pc.id_token"]["sub"]
+      end
 
-    def info
-      {
-        email: @userinfo["email"]
-      }
-    end
+      def info
+        {
+          email: @userinfo["email"]
+        }
+      end
 
-    private
+      private
 
-    def connection
-      @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
-        c.response :json
-        c.response :raise_error
+      def connection
+        @connection ||= Faraday.new(url: options[:proconnect_domain]) do |c|
+          c.response :json
+          c.response :raise_error
+        end
       end
-    end
 
-    def discovered_configuration
-      @discovered_configuration ||= discover_endpoint!
-    end
+      def discovered_configuration
+        @discovered_configuration ||= discover_endpoint!
+      end
 
-    def discover_endpoint!
-      connection
-        .get(".well-known/openid-configuration")
-        .body
-    end
+      def discover_endpoint!
+        connection
+          .get(".well-known/openid-configuration")
+          .body
+      end
 
-    def authorization_uri
-      URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
-        endpoint.query = URI.encode_www_form(
-          response_type: "code",
-          client_id: options[:client_id],
-          redirect_uri: options[:redirect_uri],
-          scope: options[:scope],
-          state: store_new_state!,
-          nonce: store_new_nonce!
-        )
+      def authorization_uri
+        URI(discovered_configuration["authorization_endpoint"]).tap do |endpoint|
+          endpoint.query = URI.encode_www_form(
+            response_type: "code",
+            client_id: options[:client_id],
+            redirect_uri: options[:redirect_uri],
+            scope: options[:scope],
+            state: store_new_state!,
+            nonce: store_new_nonce!
+          )
+        end
       end
-    end
 
-    def end_session_uri
-      URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
-        endpoint.query = URI.encode_www_form(
-          id_token_hint: session["omniauth.pc.id_token"],
-          state: current_state,
-          post_logout_redirect_uri: options[:post_logout_redirect_uri]
-        )
+      def end_session_uri
+        URI(discovered_configuration["end_session_endpoint"]).tap do |endpoint|
+          endpoint.query = URI.encode_www_form(
+            id_token_hint: session["omniauth.pc.id_token"],
+            state: current_state,
+            post_logout_redirect_uri: options[:post_logout_redirect_uri]
+          )
+        end
       end
-    end
 
-    def exchange_authorization_code!(code)
-      connection.post(URI(discovered_configuration["token_endpoint"]),
-                      URI.encode_www_form(
-                        grant_type: "authorization_code",
-                        client_id: options[:client_id],
-                        client_secret: options[:client_secret],
-                        redirect_uri: options[:redirect_uri],
-                        code: code,
-                        scope: options[:scope]
-                      ))
-    end
+      def exchange_authorization_code!(code)
+        connection.post(URI(discovered_configuration["token_endpoint"]),
+                        URI.encode_www_form(
+                          grant_type: "authorization_code",
+                          client_id: options[:client_id],
+                          client_secret: options[:client_secret],
+                          redirect_uri: options[:redirect_uri],
+                          code: code
+                        ))
+      end
 
-    def store_tokens!(response)
-      response.tap do |res|
-        %w[access id refresh].each do |name|
-          session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
+      def store_tokens!(response)
+        response.tap do |res|
+          %w[access id refresh].each do |name|
+            session["omniauth.pc.#{name}_token"] = res.body["#{name}_token"]
+          end
         end
       end
-    end
 
-    def get_userinfo!
-      endpoint = URI(discovered_configuration["userinfo_endpoint"])
-      token = session["omniauth.pc.access_token"]
+      def get_userinfo!
+        endpoint = URI(discovered_configuration["userinfo_endpoint"])
+        token = session["omniauth.pc.access_token"]
 
-      connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
-    end
+        connection.get(endpoint, {}, "Authorization" => "Bearer #{token}")
+      end
 
-    def engage_logout!
-      redirect end_session_uri
-    end
+      def engage_logout!
+        redirect end_session_uri
+      end
 
-    def on_logout_path?
-      # FIXME: maybe don't hardcode this
-      request.path.end_with?("#{request_path}/logout")
-    end
+      def on_logout_path?
+        # FIXME: maybe don't hardcode this
+        request.path.end_with?("#{request_path}/logout")
+      end
 
-    def store_new_state!
-      session["omniauth.state"] = SecureRandom.hex(16)
-    end
+      def store_new_state!
+        session["omniauth.state"] = SecureRandom.hex(16)
+      end
 
-    def current_state
-      session["omniauth.state"]
-    end
+      def current_state
+        session["omniauth.state"]
+      end
 
-    def store_new_nonce!
-      session["omniauth.nonce"] = SecureRandom.hex(16)
-    end
+      def store_new_nonce!
+        session["omniauth.nonce"] = SecureRandom.hex(16)
+      end
 
-    def verify_state!(other_state)
-      if other_state != current_state
-        raise "a request came back with a different 'state' parameter than what we had last stored."
+      def verify_state!(other_state)
+        if other_state != current_state
+          raise "a request came back with a different 'state' parameter than what we had last stored."
+        end
       end
     end
   end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-proconnect
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Stéphane Maniaci
 bindir: exe
 cert_chain: []
-date: 2025-04-30 00:00:00.000000000 Z
+date: 2025-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday