omniauth-uaa-oauth2 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7fe4a29f5011900aff6fc87ce882a2f2ba441aa4
+  data.tar.gz: d7e147f3ad95e22019747f78b2dcaba4c60283b8
+SHA512:
+  metadata.gz: e8c6cc4f46f1452d0aa18103f3577a743675803422c8859bb94780871e9f61d6759268471299e7505f3606ab1682e3c8d9685789f1458006c33bfba4a095db74
+  data.tar.gz: ef3331f8537c246c350802a6f51b719460cf1295d322c24bf51fcc4ecbb33fda918046269a8b976e9e63fb99d814fcbd49e8e444320659e2078807097ed7f287

data/.gitignore

@@ -0,0 +1,3 @@
+*.swp
+*.swo
+*.gem

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+
+rvm:
+  - 1.9.3
+
+
+

data/Gemfile

@@ -0,0 +1,22 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+source 'http://rubygems.org'
+
+gem 'cf-uaa-lib', '~> 1.3.7'
+
+gemspec
+
+group :example do
+  gem 'sinatra'
+end

data/Gemfile.lock

@@ -0,0 +1,46 @@
+PATH
+  remote: .
+  specs:
+    omniauth-uaa-oauth2 (0.0.3)
+      cf-uaa-lib (>= 1.3.1, < 2.0)
+      cf-uaa-lib (>= 1.3.1, < 2.0)
+      omniauth (~> 1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    cf-uaa-lib (1.3.7)
+      multi_json
+    diff-lcs (1.1.3)
+    hashie (2.0.5)
+    multi_json (1.6.0)
+    omniauth (1.1.4)
+      hashie (>= 1.2, < 3)
+      rack
+    rack (1.4.1)
+    rack-protection (1.2.0)
+      rack
+    rake (0.9.2.2)
+    rspec (2.6.0)
+      rspec-core (~> 2.6.0)
+      rspec-expectations (~> 2.6.0)
+      rspec-mocks (~> 2.6.0)
+    rspec-core (2.6.4)
+    rspec-expectations (2.6.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.6.0)
+    sinatra (1.3.3)
+      rack (~> 1.3, >= 1.3.6)
+      rack-protection (~> 1.2)
+      tilt (~> 1.3, >= 1.3.3)
+    tilt (1.3.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cf-uaa-lib (~> 1.3.7)
+  omniauth-uaa-oauth2!
+  rake
+  rspec (~> 2.6.0)
+  sinatra

data/LICENSE

@@ -0,0 +1,320 @@
+				Apache License
+           Version 2.0, January 2004
+        http://www.apache.org/licenses/
+
+		
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+=======================================================================   
+
+
+omniauth-uaa-oauth2 09012012
+
+omniauth-uaa-oauth2 09012012 : includes a number of subcomponents with
+separate copyright notices and license terms.  The product that 
+includes this file does not necessarily use all the open source 
+subcomponents referred to below. Your use of the source
+code for the these subcomponents is subject to the terms and
+conditions of the following licenses.
+
+
+
+
+SECTION 1: BSD-STYLE, MIT-STYLE, OR SIMILAR STYLE LICENSES
+
+   >>> launchy-2.1.2
+   >>> omniauth-1.1.1
+
+
+
+SECTION 2: Apache License, V2.0
+
+   >>> omniauth-uaa-oauth2-0.0.1
+
+
+
+
+
+
+--------------- SECTION 1:  BSD-STYLE, MIT-STYLE, OR SIMILAR STYLE LICENSES ----------
+
+BSD-STYLE, MIT-STYLE, OR SIMILAR STYLE LICENSES are applicable to the following component(s).
+
+
+>>> launchy-2.1.2
+
+ISC LICENSE - http://opensource.org/licenses/isc-license.txt
+
+Copyright (c) 2007-2011 Jeremy Hinegardner
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+
+>>> omniauth-1.1.1
+
+Copyright (c) 2010-2011 Michael Bleigh and Intridea, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+
+--------------- SECTION 2: Apache License, V2.0 ----------
+
+Apache License, V2.0 is applicable to the following component(s).
+
+
+>>> omniauth-uaa-oauth2-0.0.1
+
+omniauth-uaa-oauth2 v0.0.1
+Copyright (c) 2012 VMware, Inc. All Rights Reserved.
+
+This product is licensed to you under the Apache License, Version 2.0 (the "License").
+You may not use this product except in compliance with the License.
+
+This product may include a number of subcomponents with separate copyright notices
+and license terms. Your use of these subcomponents is subject to the terms and
+conditions of the subcomponent's license, as noted in the LICENSE file.
+
+
+
+===========================================================================
+
+To the extent any open source components are licensed under the
+GPL and/or LGPL, or other similar licenses that require the
+source code and/or modifications to source code to be made
+available (as would be noted above), you may obtain a copy of
+the source code corresponding to the binaries for such open
+source components and modifications thereto, if any, (the
+"Source Files"), by downloading the Source Files from VMware's website at
+http://www.vmware.com/download/open_source.html, or by sending a request, with
+your name and address to: VMware, Inc., 3401 Hillview Avenue,
+Palo Alto, CA 94304,United States of America. All such
+requests should clearly specify: OPEN SOURCE FILES REQUEST,
+Attention General Counsel. VMware shall mail a copy of the
+Source Files to you on a CD or equivalent physical medium. This
+offer to obtain a copy of the Source Files is valid for three
+years from the date you acquired this Software product. Alternatively,
+the Source Files may accompany the VMware product.
+
+[CFOMNIAUTHUAAOAUTH09012012NV120512]

data/NOTICE

@@ -0,0 +1,10 @@
+omniauth-uaa-oauth2 09012012
+
+Copyright (c) 2012 VMware, Inc. All Rights Reserved. 
+
+This product is licensed to you under the Apache License, Version 2.0 (the "License").  
+You may not use this product except in compliance with the License.  
+
+This product may include a number of subcomponents with separate copyright notices 
+and license terms. Your use of these subcomponents is subject to the terms and 
+conditions of the subcomponent's license, as noted in the LICENSE file.

data/README.md

@@ -0,0 +1,30 @@
+CloudFoundry UAA OmniAuth Strategy
+==================================
+
+OmniAuth strategy for authenticating users using the CloudFoundry UAA server.
+
+Set up a local ruby environment (so sudo not required):
+
+    $ rvm use 1.9.2
+
+or
+
+    $ rbenv global 1.9.2-p180
+
+see: https://rvm.io/ or http://rbenv.org/
+
+Build and install the cf-uaa-lib gem located at https://github.com/cloudfoundry/cf-uaa-lib
+
+Build the gem
+
+      $ bundle install
+      $ bundle exec gem build omniauth-uaa-oauth2.gemspec
+
+Install it
+
+      $ gem install omniauth-uaa-oauth2-*.gem
+
+
+See the examples folder for details on how to use it.
+
+Warning: Unlike the omniauth-oauth2 gem, this gem does not support the oauth2 'state' security parameter.

data/Rakefile

@@ -0,0 +1,20 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/examples/config.ru

@@ -0,0 +1,49 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+# Run with "bundle exec rackup"
+
+require 'rubygems'
+require 'bundler'
+require 'sinatra'
+require 'omniauth'
+require 'omniauth-uaa-oauth2'
+
+class App < Sinatra::Base
+  get '/' do
+    <<-HTML
+    <ul>
+      <li><a href='/auth/cloudfoundry'>Sign in with Cloud Foundry</a></li>
+    </ul>
+    HTML
+  end
+
+  get '/auth/cloudfoundry/callback' do
+    content_type 'application/json'
+    request.env['omniauth.auth'].to_hash.to_json rescue "No Data"
+  end
+  
+  get '/auth/failure' do
+    content_type 'text/plain'
+    request.env['omniauth.auth'].to_hash.inspect rescue "No Data"
+  end
+end
+
+use Rack::Session::Cookie, :secret => ENV['RACK_COOKIE_SECRET']
+
+use OmniAuth::Builder do
+  provider :cloudfoundry, 'app', 'appclientsecret', {:auth_server_url => "http://localhost:8080/uaa", :token_server_url => "http://localhost:8080/uaa"}
+  #provider :cloudfoundry, '<register your client>', '<register your client secret>', {:auth_server_url => "https://login.cloudfoundry.com", :token_server_url => "https://uaa.cloudfoundry.com"}
+end
+
+run App.new

data/lib/omniauth-uaa-oauth2.rb

@@ -0,0 +1,14 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+require "omniauth/cloudfoundry"

data/lib/omniauth/cloudfoundry.rb

@@ -0,0 +1,14 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+require 'omniauth/strategies/cloudfoundry'

data/lib/omniauth/strategies/cloudfoundry.rb

@@ -0,0 +1,153 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+require 'uaa'
+require 'omniauth'
+require 'timeout'
+require 'securerandom'
+
+module OmniAuth
+  module Strategies
+    class Cloudfoundry
+      include OmniAuth::Strategy
+
+      args [:client_id, :client_secret]
+
+      option :name, "cloudfoundry"
+      option :auth_server_url, nil
+      option :token_server_url, nil
+      option :scope, nil
+      option :async_calls, false
+
+      attr_accessor :access_token
+      attr_reader :token_issuer
+      attr_reader :auth_server_url
+      attr_reader :token_server_url
+
+
+      def client
+
+        unless @token_issuer
+          unless @auth_server_url
+            @auth_server_url ||= options.auth_server_url
+            unless @auth_server_url.start_with?("http")
+              @auth_server_url = "https://#{@auth_server_url}"
+            end
+          end
+
+          unless @token_server_url
+            @token_server_url = options.token_server_url || options.auth_server_url
+
+            unless @token_server_url.start_with?("http")
+              @token_server_url = "https://#{@token_server_url}"
+            end
+          end
+
+          @token_issuer ||= CF::UAA::TokenIssuer.new(@auth_server_url,
+                                                     options.client_id,
+                                                     options.client_secret,
+                                                     {:token_target => @token_server_url})
+          log :info, "Client: #{options.client_id} auth_server: #{@auth_server_url} token_server: #{@token_server_url}"
+          @token_issuer.logger = OmniAuth.logger
+        end
+
+        @token_issuer
+      end
+
+      def callback_url
+        full_host + script_name + callback_path
+      end
+
+      def request_phase
+        authcode_uri = client.authcode_uri(callback_url, options.scope)
+        log :info, "Redirect URI #{authcode_uri}"
+        session['redir_uri'] = authcode_uri
+        redirect authcode_uri
+      end
+
+      def authorize_params
+        params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
+        if OmniAuth.config.test_mode
+          @env ||= {}
+          @env['rack.session'] ||= {}
+        end
+        params
+      end
+
+      def token_params
+        options.token_params.merge(options.token_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
+      end
+
+      def callback_phase
+        log :info, "In callback phase #{request.query_string}"
+        self.access_token = build_access_token(request.query_string)
+        self.access_token = refresh(access_token) if expired?(access_token)
+        log :info, "Got access token #{access_token.inspect}"
+
+        super
+      end
+
+      credentials do
+        {
+          'token' => access_token.info["access_token"],
+          'refresh_token' => access_token.info["refresh_token"],
+          'authorized_scopes' => access_token.info["scope"]
+        }
+      end
+
+      uid{ raw_info["user_id"] || raw_info["email"] }
+
+      info do
+        prune!({
+          :name       => raw_info["name"],
+          :email      => raw_info["email"],
+          :first_name => raw_info["given_name"],
+          :last_name  => raw_info["family_name"]
+        })
+      end
+
+      extra do
+        hash = {}
+        hash[:raw_info] = raw_info unless skip_info?
+        prune! hash
+      end
+
+      def raw_info
+        @raw_info ||= CF::UAA::Misc.whoami(@token_server_url, self.access_token.auth_header)
+      end
+
+      def prune!(hash)
+        hash.delete_if do |_, value|
+          prune!(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def build_access_token(query_string)
+        log :info, "Fetching access token"
+        client.authcode_grant(session.delete('redir_uri'), query_string)
+      end
+
+      def refresh(access_token)
+        log :info, "Refreshing access token"
+        client.refresh_token_grant(access_token.info[:refresh_token])
+      end
+
+      def expired?(access_token)
+        access_token = access_token.auth_header if access_token.respond_to? :auth_header
+        expiry = CF::UAA::TokenCoder.decode(access_token.split()[1], nil, nil, false)[:expires_at]		
+        expiry.is_a?(Integer) && expiry <= Time.now.to_i
+      end
+    end
+  end
+end

data/lib/omniauth/uaa_oauth2/version.rb

@@ -0,0 +1,18 @@
+#--
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#++
+
+module OmniAuth
+  module Cloudfoundry
+    VERSION = "0.0.3"
+  end
+end

data/omniauth-uaa-oauth2.gemspec

@@ -0,0 +1,38 @@
+# -*- encoding: utf-8 -*-
+#
+# Cloud Foundry 2012.02.03 Beta
+# Copyright (c) [2009-2012] VMware, Inc. All Rights Reserved.
+#
+# This product is licensed to you under the Apache License, Version 2.0 (the "License").
+# You may not use this product except in compliance with the License.
+#
+# This product includes a number of subcomponents with
+# separate copyright notices and license terms. Your use of these
+# subcomponents is subject to the terms and conditions of the
+# subcomponent's license, as noted in the LICENSE file.
+#
+
+require File.expand_path('../lib/omniauth/uaa_oauth2/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.add_dependency 'omniauth', '~> 1.0'
+  gem.add_dependency 'cf-uaa-lib', ['>= 1.3.1', '< 2.0']
+
+  gem.authors       = ["Joel D'sa", "Dave Syer", "Dale Olds", "Vidya Valmikinathan", "Luke Taylor"]
+  gem.email         = ["jdsa@vmware.com", "olds@vmware.com", "dsyer@vmware.com", "vidya@vmware.com", "ltaylor@vmware.com"]
+  gem.description   = %q{An OmniAuth strategy for the Cloudfoundry UAA}
+  gem.summary       = %q{An OmniAuth strategy for the Cloudfoundry UAA}
+  gem.homepage      = ""
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "omniauth-uaa-oauth2"
+  gem.require_paths = ["lib"]
+  gem.version       = OmniAuth::Cloudfoundry::VERSION
+
+  gem.add_runtime_dependency 'cf-uaa-lib', ['>= 1.3.1', '< 2.0']
+
+  gem.add_development_dependency 'rspec', '~> 2.6.0'
+  gem.add_development_dependency 'rake'
+end

data/spec/omniauth/strategies/uaa_oauth2_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+require 'omniauth-uaa-oauth2'
+
+describe OmniAuth::Strategies::Cloudfoundry do
+  def app; lambda{|env| [200, {}, ["Hello."]]} end
+
+  before :each do
+    OmniAuth.config.test_mode = true
+    @request = double('Request')
+    @request.stub(:params) { {} }
+    @request.stub(:cookies) { {} }
+    @request.stub(:env) { {} }
+  end
+
+  after do
+    OmniAuth.config.test_mode = false
+  end
+
+  subject do
+    args = ['app', 'appclientsecret', @options || {}].compact
+    OmniAuth::Strategies::Cloudfoundry.new(app, *args).tap do |strategy|
+      strategy.stub(:request) { @request }
+    end
+  end
+
+  describe '#callback_path' do
+    it 'has the correct callback path' do
+      subject.callback_path.should eq('/auth/cloudfoundry/callback')
+    end
+  end
+
+  describe 'set auth and token server' do
+    it 'should set the right auth and token server' do
+      @options = {:auth_server_url => 'https://login.cloudfoundry.com'}
+      subject.client
+      subject.auth_server_url.should eq('https://login.cloudfoundry.com')
+      subject.token_server_url.should eq('https://login.cloudfoundry.com')
+    end
+
+    it 'should set the right auth and token server if independently set' do
+      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com'}
+      subject.client
+      subject.auth_server_url.should eq('https://login.cloudfoundry.com')
+      subject.token_server_url.should eq('https://uaa.cloudfoundry.com')
+    end
+
+    it 'should set the right auth and token server' do
+      @options = {:auth_server_url => 'login.cloudfoundry.com'}
+      subject.client
+      subject.auth_server_url.should eq('https://login.cloudfoundry.com')
+      subject.token_server_url.should eq('https://login.cloudfoundry.com')
+    end
+  end
+
+  describe 'set scopes' do
+    it 'should set the right scopes if requested' do
+      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com', :scope => "openid cloud_controller.read"}
+      subject.client
+      subject.options[:scope].should eq("openid cloud_controller.read")
+    end
+
+    it 'should not set any scopes if not requested' do
+      @options = {:auth_server_url => 'https://login.cloudfoundry.com', :token_server_url => 'https://uaa.cloudfoundry.com'}
+      subject.client
+      subject.options[:scope].should eq(nil)
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'bundler/setup'
+require 'rspec'
+
+RSpec.configure do |config|
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-uaa-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- Joel D'sa
+- Dave Syer
+- Dale Olds
+- Vidya Valmikinathan
+- Luke Taylor
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-02-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: cf-uaa-lib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: cf-uaa-lib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.1
+    - - <
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An OmniAuth strategy for the Cloudfoundry UAA
+email:
+- jdsa@vmware.com
+- olds@vmware.com
+- dsyer@vmware.com
+- vidya@vmware.com
+- ltaylor@vmware.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- NOTICE
+- README.md
+- Rakefile
+- examples/config.ru
+- lib/omniauth-uaa-oauth2.rb
+- lib/omniauth/cloudfoundry.rb
+- lib/omniauth/strategies/cloudfoundry.rb
+- lib/omniauth/uaa_oauth2/version.rb
+- omniauth-uaa-oauth2.gemspec
+- spec/omniauth/strategies/uaa_oauth2_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: An OmniAuth strategy for the Cloudfoundry UAA
+test_files: []