omniauth-seznam-cz 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f009f7470aef979d8104389d3beb5e477bd09fa974da325913c22dbaafa84959
+  data.tar.gz: 495f8ce948f74219cda3be1df8eb6465a3bd3b5be36b72405f712242c73cc8ca
+SHA512:
+  metadata.gz: '09c096615acd0f366d707812bc2e1faf78277b57636db68dd2f31e1b9fe3dc1a06931e32c6a40f59fc2f0f6a32a769365ccc0fc58075482ae911b69c5516fed4'
+  data.tar.gz: ab3cb2cb209b02e19f7e7d39aa8a9cc3e283f1de54b446f5f6ef2bd4acbd06ee67025fa96aa2156519b90eeaf20d6f5be2e73f20f5c299fd86c5658ab54961ae

data/.gitignore

@@ -0,0 +1,22 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+.ruby-gemset
+.ruby-version
+.rvmrc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.powenv
+.idea/

data/.rubocop.yml

@@ -0,0 +1,20 @@
+Metrics/ClassLength:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/BlockLength:
+  ExcludedMethods: ['describe', 'context', 'shared_examples']
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+Naming:
+  Enabled: false
+Style/MutableConstant:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+cache: bundler
+rvm:
+  - '2.7.2'
+  - '2.7.6'
+  - '3.0.0'

data/CHANGELOG.md

@@ -0,0 +1,16 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+## 1.0.0 - 2022-01-12
+
+### Added
+- copied from https://github.com/zquestz/omniauth-google-oauth2
+
+### Deprecated
+- Nothing.
+
+### Removed
+- Nothing.
+
+### Fixed
+- Nothing.

data/Gemfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,79 @@
+[![Gem Version](https://badge.fury.io/rb/omniauth-seznam-cz.svg)](https://badge.fury.io/rb/omniauth-seznam-cz)
+[![Build Status](https://travis-ci.com/zquestz/omniauth-seznam-cz.svg)](https://travis-ci.com/zquestz/omniauth-seznam-cz)
+
+# OmniAuth Seznam.cz Strategy
+
+Strategy to authenticate with Seznam.cz in OmniAuth.
+
+Get your API key at: https://vyvojari.seznam.cz/oauth/admin  Note the Client ID and the Client Secret.
+
+For more details, read the Seznam.cz docs: https://vyvojari.seznam.cz/oauth
+
+## Installation
+
+Add to your `Gemfile`:
+
+```ruby
+gem 'omniauth-seznam-cz'
+```
+
+Then `bundle install`.
+
+## Usage
+
+Here's an example for adding the middleware to a Rails app in `config/initializers/omniauth.rb`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :seznam_cz, ENV['SEZNAM_CLIENT_ID'], ENV['SEZNAM_CLIENT_SECRET']
+end
+```
+
+You can now access the OmniAuth Seznam.cz URL: `/auth/seznam_cz`
+
+NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server.
+
+## Configuration
+
+You can configure several options, which you pass in to the `provider` method via a hash:
+
+* `scope`: A comma-separated list of permissions you want to request from the user.
+
+* `redirect_uri`: Override the redirect_uri used by the gem.
+
+## Auth Hash
+
+Here's an example of an authentication hash available in the callback by accessing `request.env['omniauth.auth']`:
+
+```ruby
+{
+  "provider" => "seznam_cz",
+  "uid" => "100000000000000000000",
+  "info" => {
+    "name" => "John Smith",
+    "email" => "john@example.com",
+    "first_name" => "John",
+    "last_name" => "Smith",
+    "image" => "https://lh4.googleusercontent.com/photo.jpg",
+    "urls" => {
+      "google" => "https://plus.google.com/+JohnSmith"
+    }
+  },
+  "credentials" => {
+    "token" => "TOKEN",
+    "refresh_token" => "REFRESH_TOKEN",
+    "expires_at" => 1496120719,
+    "expires" => true
+  }
+}
+```
+
+## License
+
+Copyright (c) 2018 by Jan Sterba
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require File.join('bundler', 'gem_tasks')
+require File.join('rspec', 'core', 'rake_task')
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/lib/omniauth/seznam_cz/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module SeznamCz
+    VERSION = '0.0.1'
+  end
+end

data/lib/omniauth/seznam_cz.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/strategies/seznam_cz'

data/lib/omniauth/strategies/seznam_cz.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require 'oauth2'
+require 'omniauth/strategies/oauth2'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    # Main class for Seznam.cz strategy.
+    class SeznamCz < OmniAuth::Strategies::OAuth2
+      ALLOWED_ISSUERS = ['login.szn.cz'].freeze
+      BASE_SCOPES = %w[identity contact-phone avatar].freeze
+      DEFAULT_SCOPE = 'identity'
+      USER_INFO_URL = 'https://login.szn.cz/api/v1/user'
+      IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
+
+      option :name, 'seznam_cz'
+      option :skip_image_info, true
+      option :authorize_options, %i[redirect_uri]
+      option :authorized_client_ids, []
+
+      option :client_options,
+             site: 'https://login.szn.cz/api/v1/oauth',
+             authorize_url: 'https://login.szn.cz/api/v1/oauth/auth',
+             token_url: '/token'
+
+      def authorize_params
+        super.tap do |params|
+          options[:authorize_options].each do |k|
+            params[k] = request.params[k.to_s] unless [nil, ''].include?(request.params[k.to_s])
+          end
+
+          params[:scope] = get_scope(params)
+          session['omniauth.state'] = params[:state] if params[:state]
+        end
+      end
+
+      uid { raw_info['sub'] }
+
+      info do
+        {
+          username: raw_info['username'],
+          email: raw_info['username'],
+          domain: raw_info['domain'],
+          firstname: raw_info['firstname'],
+          contact_phone: raw_info['contact-phone'],
+          avatar_url: raw_info['avatar-url']
+        }
+      end
+
+      extra do
+        { 'raw_info' => raw_info }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get(USER_INFO_URL).parsed
+      end
+
+      private
+
+      def get_scope(params)
+        raw_scope = params[:scope] || DEFAULT_SCOPE
+        scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
+        scope_list.join(',')
+      end
+    end
+  end
+end

data/lib/omniauth-seznam-cz.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/seznam_cz'

data/omniauth-seznam-cz.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require File.expand_path(
+  File.join('..', 'lib', 'omniauth', 'seznam_cz', 'version'),
+  __FILE__
+)
+
+Gem::Specification.new do |gem|
+  gem.name          = 'omniauth-seznam-cz'
+  gem.version       = OmniAuth::SeznamCz::VERSION
+  gem.license       = 'MIT'
+  gem.summary       = %(A Seznam.cz strategy for OmniAuth)
+  gem.description   = %(A Seznam.cz strategy for OmniAuth. This allows you to login via Seznam.cz with your ruby app.)
+  gem.authors       = ['Jan Sterba']
+  gem.email         = ['info@jansterba.com']
+  gem.homepage      = 'https://github.com/honzasterba/omniauth-seznam-cz'
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.require_paths = ['lib']
+
+  gem.required_ruby_version = '>= 2.7'
+
+  gem.add_runtime_dependency 'oauth2', '~> 1.1'
+  gem.add_runtime_dependency 'omniauth', '~> 2.0'
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1'
+
+  gem.add_development_dependency 'rake', '~> 12.0'
+  gem.add_development_dependency 'rspec', '~> 3.6'
+  gem.add_development_dependency 'rubocop', '~> 0.49'
+end

data/spec/omniauth/strategies/seznam_cz_spec.rb

@@ -0,0 +1,425 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'json'
+require 'omniauth-seznam-cz'
+require 'stringio'
+
+describe OmniAuth::Strategies::SeznamCz do
+  let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
+  let(:app) do
+    lambda do
+      [200, {}, ['Hello.']]
+    end
+  end
+
+  subject do
+    OmniAuth::Strategies::SeznamCz.new(app, 'appid', 'secret', @options || {}).tap do |strategy|
+      allow(strategy).to receive(:request) do
+        request
+      end
+    end
+  end
+
+  before do
+    OmniAuth.config.test_mode = true
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  describe '#client_options' do
+    it 'has correct site' do
+      expect(subject.client.site).to eq('https://oauth2.googleapis.com')
+    end
+
+    it 'has correct authorize_url' do
+      expect(subject.client.options[:authorize_url]).to eq('https://accounts.google.com/o/oauth2/auth')
+    end
+
+    it 'has correct token_url' do
+      expect(subject.client.options[:token_url]).to eq('/token')
+    end
+
+    describe 'overrides' do
+      context 'as strings' do
+        it 'should allow overriding the site' do
+          @options = { client_options: { 'site' => 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+
+        it 'should allow overriding the authorize_url' do
+          @options = { client_options: { 'authorize_url' => 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+
+        it 'should allow overriding the token_url' do
+          @options = { client_options: { 'token_url' => 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+
+      context 'as symbols' do
+        it 'should allow overriding the site' do
+          @options = { client_options: { site: 'https://example.com' } }
+          expect(subject.client.site).to eq('https://example.com')
+        end
+
+        it 'should allow overriding the authorize_url' do
+          @options = { client_options: { authorize_url: 'https://example.com' } }
+          expect(subject.client.options[:authorize_url]).to eq('https://example.com')
+        end
+
+        it 'should allow overriding the token_url' do
+          @options = { client_options: { token_url: 'https://example.com' } }
+          expect(subject.client.options[:token_url]).to eq('https://example.com')
+        end
+      end
+    end
+  end
+
+  describe '#authorize_options' do
+    %i[access_type hd login_hint prompt scope state device_id device_name].each do |k|
+      it "should support #{k}" do
+        @options = { k => 'http://someval' }
+        expect(subject.authorize_params[k.to_s]).to eq('http://someval')
+      end
+    end
+
+    describe 'redirect_uri' do
+      it 'should default to nil' do
+        @options = {}
+        expect(subject.authorize_params['redirect_uri']).to eq(nil)
+      end
+
+      it 'should set the redirect_uri parameter if present' do
+        @options = { redirect_uri: 'https://example.com' }
+        expect(subject.authorize_params['redirect_uri']).to eq('https://example.com')
+      end
+    end
+
+    describe 'access_type' do
+      it 'should default to "offline"' do
+        @options = {}
+        expect(subject.authorize_params['access_type']).to eq('offline')
+      end
+
+      it 'should set the access_type parameter if present' do
+        @options = { access_type: 'online' }
+        expect(subject.authorize_params['access_type']).to eq('online')
+      end
+    end
+
+    describe 'hd' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['hd']).to eq(nil)
+      end
+
+      it 'should set the hd (hosted domain) parameter if present' do
+        @options = { hd: 'example.com' }
+        expect(subject.authorize_params['hd']).to eq('example.com')
+      end
+
+      it 'should set the hd parameter and work with nil hd (gmail)' do
+        @options = { hd: nil }
+        expect(subject.authorize_params['hd']).to eq(nil)
+      end
+
+      it 'should set the hd parameter to * if set (only allows G Suite emails)' do
+        @options = { hd: '*' }
+        expect(subject.authorize_params['hd']).to eq('*')
+      end
+    end
+
+    describe 'login_hint' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['login_hint']).to eq(nil)
+      end
+
+      it 'should set the login_hint parameter if present' do
+        @options = { login_hint: 'john@example.com' }
+        expect(subject.authorize_params['login_hint']).to eq('john@example.com')
+      end
+    end
+
+    describe 'prompt' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['prompt']).to eq(nil)
+      end
+
+      it 'should set the prompt parameter if present' do
+        @options = { prompt: 'consent select_account' }
+        expect(subject.authorize_params['prompt']).to eq('consent select_account')
+      end
+    end
+
+    describe 'request_visible_actions' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['request_visible_actions']).to eq(nil)
+      end
+
+      it 'should set the request_visible_actions parameter if present' do
+        @options = { request_visible_actions: 'something' }
+        expect(subject.authorize_params['request_visible_actions']).to eq('something')
+      end
+    end
+
+    describe 'include_granted_scopes' do
+      it 'should default to nil' do
+        expect(subject.authorize_params['include_granted_scopes']).to eq(nil)
+      end
+
+      it 'should set the include_granted_scopes parameter if present' do
+        @options = { include_granted_scopes: 'true' }
+        expect(subject.authorize_params['include_granted_scopes']).to eq('true')
+      end
+    end
+
+    describe 'scope' do
+      it 'should expand scope shortcuts' do
+        @options = { scope: 'calendar' }
+        expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/calendar')
+      end
+
+      it 'should leave base scopes as is' do
+        @options = { scope: 'profile' }
+        expect(subject.authorize_params['scope']).to eq('profile')
+      end
+
+      it 'should join scopes' do
+        @options = { scope: 'profile,email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+
+      it 'should deal with whitespace when joining scopes' do
+        @options = { scope: 'profile, email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+
+      it 'should set default scope to email,profile' do
+        expect(subject.authorize_params['scope']).to eq('email profile')
+      end
+
+      it 'should support space delimited scopes' do
+        @options = { scope: 'profile email' }
+        expect(subject.authorize_params['scope']).to eq('profile email')
+      end
+
+      it 'should support extremely badly formed scopes' do
+        @options = { scope: 'profile email,foo,steve yeah http://example.com' }
+        expect(subject.authorize_params['scope']).to eq('profile email https://www.googleapis.com/auth/foo https://www.googleapis.com/auth/steve https://www.googleapis.com/auth/yeah http://example.com')
+      end
+    end
+
+    describe 'state' do
+      it 'should set the state parameter' do
+        @options = { state: 'some_state' }
+        expect(subject.authorize_params['state']).to eq('some_state')
+        expect(subject.authorize_params[:state]).to eq('some_state')
+        expect(subject.session['omniauth.state']).to eq('some_state')
+      end
+
+      it 'should set the omniauth.state dynamically' do
+        allow(subject).to receive(:request) { double('Request', params: { 'state' => 'some_state' }, env: {}) }
+        expect(subject.authorize_params['state']).to eq('some_state')
+        expect(subject.authorize_params[:state]).to eq('some_state')
+        expect(subject.session['omniauth.state']).to eq('some_state')
+      end
+    end
+
+    describe 'overrides' do
+      it 'should include top-level options that are marked as :authorize_options' do
+        @options = { authorize_options: %i[scope foo request_visible_actions], scope: 'http://bar', foo: 'baz', hd: 'wow', request_visible_actions: 'something' }
+        expect(subject.authorize_params['scope']).to eq('http://bar')
+        expect(subject.authorize_params['foo']).to eq('baz')
+        expect(subject.authorize_params['hd']).to eq(nil)
+        expect(subject.authorize_params['request_visible_actions']).to eq('something')
+      end
+
+      describe 'request overrides' do
+        %i[access_type hd login_hint prompt scope state].each do |k|
+          context "authorize option #{k}" do
+            let(:request) { double('Request', params: { k.to_s => 'http://example.com' }, cookies: {}, env: {}) }
+
+            it "should set the #{k} authorize option dynamically in the request" do
+              @options = { k: '' }
+              expect(subject.authorize_params[k.to_s]).to eq('http://example.com')
+            end
+          end
+        end
+
+        describe 'custom authorize_options' do
+          let(:request) { double('Request', params: { 'foo' => 'something' }, cookies: {}, env: {}) }
+
+          it 'should support request overrides from custom authorize_options' do
+            @options = { authorize_options: [:foo], foo: '' }
+            expect(subject.authorize_params['foo']).to eq('something')
+          end
+        end
+      end
+    end
+  end
+
+  describe '#authorize_params' do
+    it 'should include any authorize params passed in the :authorize_params option' do
+      @options = { authorize_params: { request_visible_actions: 'something', foo: 'bar', baz: 'zip' }, hd: 'wow', bad: 'not_included' }
+      expect(subject.authorize_params['request_visible_actions']).to eq('something')
+      expect(subject.authorize_params['foo']).to eq('bar')
+      expect(subject.authorize_params['baz']).to eq('zip')
+      expect(subject.authorize_params['hd']).to eq('wow')
+      expect(subject.authorize_params['bad']).to eq(nil)
+    end
+  end
+
+  describe '#token_params' do
+    it 'should include any token params passed in the :token_params option' do
+      @options = { token_params: { foo: 'bar', baz: 'zip' } }
+      expect(subject.token_params['foo']).to eq('bar')
+      expect(subject.token_params['baz']).to eq('zip')
+    end
+  end
+
+  describe '#token_options' do
+    it 'should include top-level options that are marked as :token_options' do
+      @options = { token_options: %i[scope foo], scope: 'bar', foo: 'baz', bad: 'not_included' }
+      expect(subject.token_params['scope']).to eq('bar')
+      expect(subject.token_params['foo']).to eq('baz')
+      expect(subject.token_params['bad']).to eq(nil)
+    end
+  end
+
+  describe '#callback_url' do
+    let(:base_url) { 'https://example.com' }
+
+    it 'has the correct default callback path' do
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback')
+    end
+
+    it 'should set the callback path with script_name if present' do
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '/v1' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback')
+    end
+
+    it 'should set the callback_path parameter if present' do
+      @options = { callback_path: '/auth/foo/callback' }
+      allow(subject).to receive(:full_host) { base_url }
+      allow(subject).to receive(:script_name) { '' }
+      expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback')
+    end
+  end
+
+  describe '#info' do
+    let(:client) do
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
+        end
+      end
+    end
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+    before { allow(subject).to receive(:access_token).and_return(access_token) }
+
+    context 'with verified email' do
+      let(:response_hash) do
+        { email: 'something@domain.invalid', email_verified: true }
+      end
+
+      it 'should return equal email and unverified_email' do
+        expect(subject.info[:email]).to eq('something@domain.invalid')
+        expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+      end
+    end
+
+    context 'with unverified email' do
+      let(:response_hash) do
+        { email: 'something@domain.invalid', email_verified: false }
+      end
+
+      it 'should return nil email, and correct unverified email' do
+        expect(subject.info[:email]).to eq(nil)
+        expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
+      end
+    end
+  end
+
+  describe '#extra' do
+    let(:client) do
+      OAuth2::Client.new('abc', 'def') do |builder|
+        builder.request :url_encoded
+        builder.adapter :test do |stub|
+          stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, '{"sub": "12345"}'] }
+        end
+      end
+    end
+    let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
+
+    before { allow(subject).to receive(:access_token).and_return(access_token) }
+
+    describe 'id_token' do
+      shared_examples 'id_token issued by valid issuer' do |issuer|
+        context 'when the id_token is passed into the access token' do
+          let(:token_info) do
+            {
+              'abc' => 'xyz',
+              'exp' => Time.now.to_i + 3600,
+              'nbf' => Time.now.to_i - 60,
+              'iat' => Time.now.to_i,
+              'aud' => 'appid',
+              'iss' => issuer
+            }
+          end
+          let(:id_token) { JWT.encode(token_info, 'secret') }
+          let(:access_token) { OAuth2::AccessToken.from_hash(client, 'id_token' => id_token) }
+
+          it 'should include id_token when set on the access_token' do
+            expect(subject.extra).to include(id_token: id_token)
+          end
+
+
+
+          it 'should include id_info when id_token is set on the access_token by default' do
+            expect(subject.extra).to include(id_info: token_info)
+          end
+        end
+      end
+
+      it_behaves_like 'id_token issued by valid issuer', 'accounts.google.com'
+      it_behaves_like 'id_token issued by valid issuer', 'https://accounts.google.com'
+
+      context 'when the id_token is missing' do
+        it 'should not include id_token' do
+          expect(subject.extra).not_to have_key(:id_token)
+        end
+
+        it 'should not include id_info' do
+          expect(subject.extra).not_to have_key(:id_info)
+        end
+      end
+    end
+
+    describe 'raw_info' do
+      context 'when skip_info is true' do
+        before { subject.options[:skip_info] = true }
+
+        it 'should not include raw_info' do
+          expect(subject.extra).not_to have_key(:raw_info)
+        end
+      end
+
+      context 'when skip_info is false' do
+        before { subject.options[:skip_info] = false }
+
+        it 'should include raw_info' do
+          expect(subject.extra[:raw_info]).to eq('sub' => '12345')
+        end
+      end
+    end
+  end
+
+
+end

data/spec/rubocop_spec.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require_relative 'spec_helper'
+
+describe 'Rubocop' do
+  it 'should pass with no offenses detected' do
+    expect(`rubocop`).to include('no offenses detected')
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require File.join('bundler', 'setup')
+require 'rspec'

metadata

@@ -0,0 +1,143 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-seznam-cz
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jan Sterba
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2022-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.7.1
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+description: A Seznam.cz strategy for OmniAuth. This allows you to login via Seznam.cz
+  with your ruby app.
+email:
+- info@jansterba.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- README.md
+- Rakefile
+- lib/omniauth-seznam-cz.rb
+- lib/omniauth/seznam_cz.rb
+- lib/omniauth/seznam_cz/version.rb
+- lib/omniauth/strategies/seznam_cz.rb
+- omniauth-seznam-cz.gemspec
+- spec/omniauth/strategies/seznam_cz_spec.rb
+- spec/rubocop_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/honzasterba/omniauth-seznam-cz
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.7'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: A Seznam.cz strategy for OmniAuth
+test_files: []