RubyGems - omniauth_oidc - Versions diffs - 0.1.1 → 0.2.1 - Mend

omniauth_oidc 0.1.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/README.md +45 -0
data/lib/omniauth/oidc/version.rb +1 -1
data/lib/omniauth/strategies/oidc/callback.rb +15 -1
data/lib/omniauth/strategies/oidc/verify.rb +4 -5
data/lib/omniauth/strategies/oidc.rb +4 -3
data/omniauth_oidc.gemspec +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9938b98ee466c6cc178261c9ae304cfe35ab8e8944aa4c267717badbde1aa2d
-  data.tar.gz: aa202f151604d5f83d087541af1810b87645a0a49c14206ac92eedc579314c9c
+  metadata.gz: 801521d0f3ce8e7cdfa427b09c09689db790784bbacb90f9c1d46e8194db1bb6
+  data.tar.gz: 5a5ddd24e583e982304fca72de602dc8b405b11c98c2d019fbc88fe7058ad48f
 SHA512:
-  metadata.gz: 7b01ce26e049dd86893188edd3662fb52d1de8c553773812dca9900c47912d4e7259602e114dd8dff35cb03889408dac6f4e110140fcf4d4b805348604095f56
-  data.tar.gz: bdb799687fa7b29a16d35a9b417f0c55df59c3f47e94daa7d68b59a2c5baea28b692fec8862957e76e6a441af7c75e36023bd45401f078c297b5192f2d32911e
+  metadata.gz: 8480664bb2f337914f7eefc8aa012d58bc9b67fa66fb0e206d2aef09c0352f9228a4d9212e5a1a36a5689676b01dacc00d888dd5a186fbd6af5a69f69f519174
+  data.tar.gz: 45645700fc002901880944adc41cf1d97ee9d108132c5416718198955b7620203e293938646e225d798e7fd86f028c9bd4f5108aa41f2e3ba822fe6489eef936

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 ## [Released]
+## [0.2.0] - 2024-07-21
+- Update dependencies
+## [0.2.0] - 2024-07-06
+- Add option to fetch user info or skip it
 ## [0.1.1] - 2024-06-16
 - Add dependabot

data/README.md CHANGED Viewed

@@ -4,6 +4,8 @@ This gem provides an OmniAuth strategy for integrating OpenID Connect (OIDC) aut
 Developed with reference to [omniauth-openid-connect](https://github.com/jjbohn/omniauth-openid-connect) and [omniauth_openid_connect](https://github.dev/omniauth/omniauth_openid_connect).
+[Article on Medium](https://msuliq.medium.com/authenticating-with-omniauth-and-openid-connect-oidc-in-ruby-on-rails-applications-e136ec5b48c0) about the development of this gem.
 ## Installation
 To install the gem run the following command in the terminal:
@@ -157,6 +159,48 @@ end
 **Please note that you should register `https://your_app.com/auth/<simple_provider>/callback` with your OIDC provider
 as a callback redirect url.**
+### Using Access Token Without User Info
+In case your app requries only an access token and not the user information, then you can specify an optional
+configuration in the omniauth initializer:
+```ruby
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :oidc, {
+    name: :simple_provider_access_token_only,
+    fetch_user_info: false, # if not specified, default value of true will be applied
+    client_options: {
+      identifier: '23575f4602bebbd9a17dbc38d85bd1a77',
+      secret: ENV['SIMPLE_PROVIDER_CLIENT_SECRET'],
+      config_endpoint: 'https://simpleprovider.com/cdn-cgi/access/sso/oidc/23575f4602bebbd9a17dbc38d85bd1a77/.well-known/openid-configuration'
+    }
+  }
+end
+```
+Then the callback returned once your user authenticates with the OIDC provider will contain only access token parameters:
+```ruby
+# app/controllers/callbacks_controller.rb
+class CallbacksController < ApplicationController
+  def omniauth
+    # access token parameters received from OIDC provider will be available in `request.env['omniauth.auth']`
+    omniauth_params = request.env['omniauth.auth']
+    # omniauth_params will contain similar data as shown below
+    # {"provider"=>:simple_provider_access_token_only,
+    #  "credentials"=>
+    #   {"id_token"=> "id token value",
+    #    "token"=> "token value",
+    #    "refresh_token"=>"refresh token value",
+    #    "expires_in"=>300,
+    #    "scope"=>nil
+    #   }
+    # }
+  end
+end
+```
 ### Advanced Configuration
 You can customize the OIDC strategy further by adding additional configuration options:
@@ -165,6 +209,7 @@ You can customize the OIDC strategy further by adding additional configuration o
 |------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|-------------------------------------|-------------------------------------------------------|
 | name                         | Arbitrary string to identify OIDC provider and segregate it from other OIDC providers                                                                                 | no                      | `"oidc"`                            | `:simple_provider`                                    |
 | issuer                       | Root url for the OIDC authorization server                                                                                                                            | no                      | retrived from config_endpoint       | `"https://simpleprovider.com"`                        |
+| fetch_user_info              | Fetches user information from user_info_endpoint using the access token. If set to false the omniauth params will include only access token                           | no                      | `true`                              | `fetch_user_info: false`                              |
 | client_auth_method           | Authentication method to be used with the OIDC authorization server                                                                                                   | no                      | `:basic`                            | `"basic"`, `"jwks"`                                   |
 | scope                        | OIDC scopes to be included in the server's response                                                                                                                   | `[:openid]` is required | all scopes offered by OIDC provider | `[:openid, :profile, :email]`                         |
 | response_type                | OAuth2 response type expected from OIDC provider during authorization                                                                                                 | no                      | `"code"`                            | `"code"` or `"id_token"`                              |

data/lib/omniauth/oidc/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module OmniauthOidc
-  VERSION = "0.1.1"
+  VERSION = "0.2.1"
 end

data/lib/omniauth/strategies/oidc/callback.rb CHANGED Viewed

@@ -58,7 +58,7 @@ module OmniAuth
           verify_id_token!(@access_token.id_token) if configured_response_type == "code"
-          user_info_from_access_token
+          options.fetch_user_info ? user_info_from_access_token : define_access_token
         end
         def id_token_callback_phase
@@ -106,6 +106,20 @@ module OmniAuth
           call_app!
         end
+        def define_access_token
+          env["omniauth.auth"] = AuthHash.new(
+            provider: name,
+            credentials: {
+              id_token: @access_token.id_token,
+              token: @access_token.access_token,
+              refresh_token: @access_token.refresh_token,
+              expires_in: @access_token.expires_in,
+              scope: @access_token.scope
+            }
+          )
+          call_app!
+        end
         def configured_response_type
           @configured_response_type ||= options.response_type.to_s
         end

data/lib/omniauth/strategies/oidc/verify.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module OmniAuth
         private
         def fetch_key
-          @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(config.jwks_uri).body)
+          @fetch_key ||= parse_jwk_key(::Oidc.http_client.get(config.jwks_uri).body)
         end
         def base64_decoded_jwt_secret
@@ -47,7 +47,6 @@ module OmniAuth
                                             nonce: params["nonce"].presence || stored_nonce)
         end
-        # Workaround for https://github.com/nov/openid_connect/issues/61
         def decode_id_token(id_token)
           decoded = JSON::JWT.decode(id_token, :skip_verification)
           algorithm = decoded.algorithm.to_sym
@@ -63,7 +62,7 @@ module OmniAuth
             end
           decoded.verify!(keyset)
-          ::OpenIDConnect::ResponseObject::IdToken.new(decoded)
+          ::Oidc::ResponseObject::IdToken.new(decoded)
         rescue JSON::JWK::Set::KidNotFound
           # Workaround for https://github.com/nov/json-jwt/pull/92#issuecomment-824654949
           raise if decoded&.header&.key?("kid")
@@ -88,7 +87,7 @@ module OmniAuth
         end
         def decode!(id_token, key)
-          ::OpenIDConnect::ResponseObject::IdToken.decode(id_token, key)
+          ::Oidc::ResponseObject::IdToken.decode(id_token, key)
         end
         def decode_with_each_key!(id_token, keyset)
@@ -140,7 +139,7 @@ module OmniAuth
           if access_token.id_token
             decoded = decode_id_token(access_token.id_token).raw_attributes
-            @user_info = ::OpenIDConnect::ResponseObject::UserInfo.new(
+            @user_info = ::Oidc::ResponseObject::UserInfo.new(
               access_token.userinfo!.raw_attributes.merge(decoded)
             )
           else

data/lib/omniauth/strategies/oidc.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require "timeout"
 require "net/http"
 require "open-uri"
 require "omniauth"
-require "openid_connect"
+require "oidc"
 require "openid_config_parser"
 require "forwardable"
 require "httparty"
@@ -61,6 +61,7 @@ module OmniAuth
       option :id_token_hint
       option :acr_values
       option :send_nonce, true
+      option :fetch_user_info, true
       option :send_scope_to_token_endpoint, true
       option :client_auth_method
       option :post_logout_redirect_uri
@@ -111,9 +112,9 @@ module OmniAuth
         }
       end
-      # Initialize OpenIDConnect Client with options
+      # Initialize Oidc Client with options
       def client
-        @client ||= ::OpenIDConnect::Client.new(client_options)
+        @client ||= ::Oidc::Client.new(client_options)
       end
       # Config is build from the json response from the OIDC config endpoint

data/omniauth_oidc.gemspec CHANGED Viewed

@@ -33,9 +33,9 @@ Gem::Specification.new do |spec|
   # Uncomment to register a new dependency of your gem
   spec.add_dependency "httparty"
+  spec.add_dependency "oidc"
   spec.add_dependency "omniauth"
   spec.add_dependency "openid_config_parser"
-  spec.add_dependency "openid_connect"
   # For more information and examples about making a new gem, check out our
   # guide at: https://bundler.io/guides/creating_gem.html

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_oidc
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Suleyman Musayev
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-16 00:00:00.000000000 Z
+date: 2024-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -25,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: omniauth
+  name: oidc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: openid_config_parser
+  name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: openid_connect
+  name: openid_config_parser
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="