RubyGems - omniauth_oidc - Versions diffs - 0.1.1 → 0.2.1 - Mend

omniauth_oidc 0.1.1 → 0.2.1

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +6 -0
data/README.md +45 -0
data/lib/omniauth/oidc/version.rb +1 -1
data/lib/omniauth/strategies/oidc/callback.rb +15 -1
data/lib/omniauth/strategies/oidc/verify.rb +4 -5
data/lib/omniauth/strategies/oidc.rb +4 -3
data/omniauth_oidc.gemspec +1 -1
metadata +5 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9938b98ee466c6cc178261c9ae304cfe35ab8e8944aa4c267717badbde1aa2d
-  data.tar.gz: aa202f151604d5f83d087541af1810b87645a0a49c14206ac92eedc579314c9c
+  metadata.gz: 801521d0f3ce8e7cdfa427b09c09689db790784bbacb90f9c1d46e8194db1bb6
+  data.tar.gz: 5a5ddd24e583e982304fca72de602dc8b405b11c98c2d019fbc88fe7058ad48f
 SHA512:
-  metadata.gz: 7b01ce26e049dd86893188edd3662fb52d1de8c553773812dca9900c47912d4e7259602e114dd8dff35cb03889408dac6f4e110140fcf4d4b805348604095f56
-  data.tar.gz: bdb799687fa7b29a16d35a9b417f0c55df59c3f47e94daa7d68b59a2c5baea28b692fec8862957e76e6a441af7c75e36023bd45401f078c297b5192f2d32911e
+  metadata.gz: 8480664bb2f337914f7eefc8aa012d58bc9b67fa66fb0e206d2aef09c0352f9228a4d9212e5a1a36a5689676b01dacc00d888dd5a186fbd6af5a69f69f519174
+  data.tar.gz: 45645700fc002901880944adc41cf1d97ee9d108132c5416718198955b7620203e293938646e225d798e7fd86f028c9bd4f5108aa41f2e3ba822fe6489eef936

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 ## [Released]
+## [0.2.0] - 2024-07-21
+- Update dependencies
+## [0.2.0] - 2024-07-06
+- Add option to fetch user info or skip it
 ## [0.1.1] - 2024-06-16
 - Add dependabot

data/README.md CHANGED Viewed

@@ -4,6 +4,8 @@ This gem provides an OmniAuth strategy for integrating OpenID Connect (OIDC) aut
 Developed with reference to [omniauth-openid-connect](https://github.com/jjbohn/omniauth-openid-connect) and [omniauth_openid_connect](https://github.dev/omniauth/omniauth_openid_connect).
+[Article on Medium](https://msuliq.medium.com/authenticating-with-omniauth-and-openid-connect-oidc-in-ruby-on-rails-applications-e136ec5b48c0) about the development of this gem.
 ## Installation
 To install the gem run the following command in the terminal:
@@ -157,6 +159,48 @@ end
 **Please note that you should register `https://your_app.com/auth/<simple_provider>/callback` with your OIDC provider
 as a callback redirect url.**
+### Using Access Token Without User Info
+In case your app requries only an access token and not the user information, then you can specify an optional
+configuration in the omniauth initializer:
+```ruby
+# config/initializers/omniauth.rb
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :oidc, {
+    name: :simple_provider_access_token_only,
+    fetch_user_info: false, # if not specified, default value of true will be applied
+    client_options: {
+      identifier: '23575f4602bebbd9a17dbc38d85bd1a77',
+      secret: ENV['SIMPLE_PROVIDER_CLIENT_SECRET'],
+      config_endpoint: 'https://simpleprovider.com/cdn-cgi/access/sso/oidc/23575f4602bebbd9a17dbc38d85bd1a77/.well-known/openid-configuration'
+    }
+  }
+end
+```
+Then the callback returned once your user authenticates with the OIDC provider will contain only access token parameters:
+```ruby
+# app/controllers/callbacks_controller.rb
+class CallbacksController < ApplicationController
+  def omniauth
+    # access token parameters received from OIDC provider will be available in `request.env['omniauth.auth']`
+    omniauth_params = request.env['omniauth.auth']
+    # omniauth_params will contain similar data as shown below
+    # {"provider"=>:simple_provider_access_token_only,
+    #  "credentials"=>
+    #   {"id_token"=> "id token value",
+    #    "token"=> "token value",
+    #    "refresh_token"=>"refresh token value",
+    #    "expires_in"=>300,
+    #    "scope"=>nil
+    #   }
+    # }
+  end
+end
+```
 ### Advanced Configuration
 You can customize the OIDC strategy further by adding additional configuration options:
@@ -165,6 +209,7 @@ You can customize the OIDC strategy further by adding additional configuration o
 |------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------|-------------------------------------|-------------------------------------------------------|
 | name                         | Arbitrary string to identify OIDC provider and segregate it from other OIDC providers                                                                                 | no                      | `"oidc"`                            | `:simple_provider`                                    |
 | issuer                       | Root url for the OIDC authorization server                                                                                                                            | no                      | retrived from config_endpoint       | `"https://simpleprovider.com"`                        |
+| fetch_user_info              | Fetches user information from user_info_endpoint using the access token. If set to false the omniauth params will include only access token                           | no                      | `true`                              | `fetch_user_info: false`                              |
 | client_auth_method           | Authentication method to be used with the OIDC authorization server                                                                                                   | no                      | `:basic`                            | `"basic"`, `"jwks"`                                   |
 | scope                        | OIDC scopes to be included in the server's response                                                                                                                   | `[:openid]` is required | all scopes offered by OIDC provider | `[:openid, :profile, :email]`                         |
 | response_type                | OAuth2 response type expected from OIDC provider during authorization                                                                                                 | no                      | `"code"`                            | `"code"` or `"id_token"`                              |

data/lib/omniauth/oidc/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module OmniauthOidc
-  VERSION = "0.1.1"
+  VERSION = "0.2.1"
 end

data/lib/omniauth/strategies/oidc/callback.rb CHANGED Viewed

@@ -58,7 +58,7 @@ module OmniAuth
           verify_id_token!(@access_token.id_token) if configured_response_type == "code"
-          user_info_from_access_token
+          options.fetch_user_info ? user_info_from_access_token : define_access_token
         end
         def id_token_callback_phase
@@ -106,6 +106,20 @@ module OmniAuth
           call_app!
         end
+        def define_access_token
+          env["omniauth.auth"] = AuthHash.new(
+            provider: name,
+            credentials: {
+              id_token: @access_token.id_token,
+              token: @access_token.access_token,
+              refresh_token: @access_token.refresh_token,
+              expires_in: @access_token.expires_in,
+              scope: @access_token.scope
+            }
+          )
+          call_app!
+        end
         def configured_response_type
           @configured_response_type ||= options.response_type.to_s
         end

data/lib/omniauth/strategies/oidc/verify.rb CHANGED Viewed

@@ -30,7 +30,7 @@ module OmniAuth
         private
         def fetch_key
-          @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(config.jwks_uri).body)
+          @fetch_key ||= parse_jwk_key(::Oidc.http_client.get(config.jwks_uri).body)
         end
         def base64_decoded_jwt_secret
@@ -47,7 +47,6 @@ module OmniAuth
                                             nonce: params["nonce"].presence || stored_nonce)
         end
-        # Workaround for https://github.com/nov/openid_connect/issues/61
         def decode_id_token(id_token)
           decoded = JSON::JWT.decode(id_token, :skip_verification)
           algorithm = decoded.algorithm.to_sym
@@ -63,7 +62,7 @@ module OmniAuth
             end
           decoded.verify!(keyset)
-          ::OpenIDConnect::ResponseObject::IdToken.new(decoded)
+          ::Oidc::ResponseObject::IdToken.new(decoded)
         rescue JSON::JWK::Set::KidNotFound
           # Workaround for https://github.com/nov/json-jwt/pull/92#issuecomment-824654949
           raise if decoded&.header&.key?("kid")
@@ -88,7 +87,7 @@ module OmniAuth
         end
         def decode!(id_token, key)
-          ::OpenIDConnect::ResponseObject::IdToken.decode(id_token, key)
+          ::Oidc::ResponseObject::IdToken.decode(id_token, key)
         end
         def decode_with_each_key!(id_token, keyset)
@@ -140,7 +139,7 @@ module OmniAuth
           if access_token.id_token
             decoded = decode_id_token(access_token.id_token).raw_attributes
-            @user_info = ::OpenIDConnect::ResponseObject::UserInfo.new(
+            @user_info = ::Oidc::ResponseObject::UserInfo.new(
               access_token.userinfo!.raw_attributes.merge(decoded)
             )
           else

data/lib/omniauth/strategies/oidc.rb CHANGED Viewed

@@ -5,7 +5,7 @@ require "timeout"
 require "net/http"
 require "open-uri"
 require "omniauth"
-require "openid_connect"
+require "oidc"
 require "openid_config_parser"
 require "forwardable"
 require "httparty"
@@ -61,6 +61,7 @@ module OmniAuth
       option :id_token_hint
       option :acr_values
       option :send_nonce, true
+      option :fetch_user_info, true
       option :send_scope_to_token_endpoint, true
       option :client_auth_method
       option :post_logout_redirect_uri
@@ -111,9 +112,9 @@ module OmniAuth
         }
       end
-      # Initialize OpenIDConnect Client with options
+      # Initialize Oidc Client with options
       def client
-        @client ||= ::OpenIDConnect::Client.new(client_options)
+        @client ||= ::Oidc::Client.new(client_options)
       end
       # Config is build from the json response from the OIDC config endpoint

data/omniauth_oidc.gemspec CHANGED Viewed

@@ -33,9 +33,9 @@ Gem::Specification.new do |spec|
   # Uncomment to register a new dependency of your gem
   spec.add_dependency "httparty"
+  spec.add_dependency "oidc"
   spec.add_dependency "omniauth"
   spec.add_dependency "openid_config_parser"
-  spec.add_dependency "openid_connect"
   # For more information and examples about making a new gem, check out our
   # guide at: https://bundler.io/guides/creating_gem.html

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_oidc
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.1
 platform: ruby
 authors:
 - Suleyman Musayev
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-06-16 00:00:00.000000000 Z
+date: 2024-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: httparty
@@ -25,7 +25,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: omniauth
+  name: oidc
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: openid_config_parser
+  name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: openid_connect
+  name: openid_config_parser
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="