omniauth_openid_connect 0.3.5 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +63 -0
- data/.rubocop.yml +8 -5
- data/CHANGELOG.md +16 -0
- data/Gemfile +6 -0
- data/Guardfile +1 -1
- data/README.md +32 -20
- data/Rakefile +2 -0
- data/lib/omniauth/openid_connect/errors.rb +2 -0
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +66 -18
- data/omniauth_openid_connect.gemspec +13 -6
- data/test/lib/omniauth/strategies/openid_connect_test.rb +226 -79
- data/test/strategy_test_case.rb +37 -3
- data/test/test_helper.rb +17 -7
- metadata +41 -50
- data/.github/config/rubocop_linter_action.yml +0 -59
- data/.github/workflows/rubocop.yml +0 -22
- data/.travis.yml +0 -8
- data/test/fixtures/id_token.txt +0 -1
- data/test/fixtures/jwks.json +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 34218d7218e2aca766623a1252b641baa20d81330cfd38c67a733f9221d76aad
|
|
4
|
+
data.tar.gz: 54f874832122f3cc1444280d8820d222a4dff7ef4c3580eb899d4da1efb38051
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e4465213a06e82fd61d9997d0ec1b9f993620dead092add6ba2f07b34aa08dca53bcb63d92a256839c7310478c89ecff9359778e5721cf1cc6dcc300e5d780f8
|
|
7
|
+
data.tar.gz: 8fdbda1f579f271f6273a6380a7a9cf581b4b1239b589a1e2cb98799b8731056c3ec222c519e445d95387749ab62b58839e4005906938e0e1f76b9d396e76565
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
name: Main
|
|
2
|
+
on:
|
|
3
|
+
push:
|
|
4
|
+
branches:
|
|
5
|
+
- main
|
|
6
|
+
- master
|
|
7
|
+
|
|
8
|
+
pull_request:
|
|
9
|
+
types: [opened, synchronize, reopened]
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
test:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
strategy:
|
|
15
|
+
fail-fast: false
|
|
16
|
+
matrix:
|
|
17
|
+
ruby: ["2.5", "2.6", "2.7", "3.0", "3.1"]
|
|
18
|
+
name: Ruby ${{ matrix.ruby }}
|
|
19
|
+
|
|
20
|
+
steps:
|
|
21
|
+
- name: Checkout code
|
|
22
|
+
uses: actions/checkout@v2
|
|
23
|
+
|
|
24
|
+
- name: Setup Ruby
|
|
25
|
+
uses: ruby/setup-ruby@v1
|
|
26
|
+
with:
|
|
27
|
+
ruby-version: ${{ matrix.ruby }}
|
|
28
|
+
bundler-cache: true
|
|
29
|
+
|
|
30
|
+
- name: Run tests
|
|
31
|
+
run: bundle exec rake
|
|
32
|
+
|
|
33
|
+
- name: Coveralls Parallel
|
|
34
|
+
uses: coverallsapp/github-action@master
|
|
35
|
+
with:
|
|
36
|
+
github-token: ${{ secrets.github_token }}
|
|
37
|
+
flag-name: ruby-${{ matrix.ruby }}
|
|
38
|
+
parallel: true
|
|
39
|
+
|
|
40
|
+
finish:
|
|
41
|
+
needs: test
|
|
42
|
+
runs-on: ubuntu-latest
|
|
43
|
+
steps:
|
|
44
|
+
- name: Coveralls Finished
|
|
45
|
+
uses: coverallsapp/github-action@master
|
|
46
|
+
with:
|
|
47
|
+
github-token: ${{ secrets.github_token }}
|
|
48
|
+
parallel-finished: true
|
|
49
|
+
|
|
50
|
+
rubocop:
|
|
51
|
+
runs-on: ubuntu-latest
|
|
52
|
+
steps:
|
|
53
|
+
- name: Checkout code
|
|
54
|
+
uses: actions/checkout@v2
|
|
55
|
+
|
|
56
|
+
- name: Setup Ruby
|
|
57
|
+
uses: ruby/setup-ruby@v1
|
|
58
|
+
with:
|
|
59
|
+
bundler-cache: true
|
|
60
|
+
ruby-version: "2.7"
|
|
61
|
+
|
|
62
|
+
- name: rubocop
|
|
63
|
+
run: bundle exec rubocop --parallel
|
data/.rubocop.yml
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
Gemspec/RequiredRubyVersion:
|
|
2
|
+
Enabled: false
|
|
3
|
+
|
|
1
4
|
LineLength:
|
|
2
5
|
Description: 'Limit lines to 130 characters.'
|
|
3
6
|
Max: 130
|
|
@@ -36,7 +39,10 @@ Documentation:
|
|
|
36
39
|
Enabled: false
|
|
37
40
|
|
|
38
41
|
Metrics/AbcSize:
|
|
39
|
-
Max:
|
|
42
|
+
Max: 60
|
|
43
|
+
|
|
44
|
+
Metrics/ClassLength:
|
|
45
|
+
Max: 300
|
|
40
46
|
|
|
41
47
|
Metrics/CyclomaticComplexity:
|
|
42
48
|
Max: 50
|
|
@@ -52,7 +58,4 @@ Metrics/MethodLength:
|
|
|
52
58
|
|
|
53
59
|
AllCops:
|
|
54
60
|
Exclude:
|
|
55
|
-
-
|
|
56
|
-
- Rakefile
|
|
57
|
-
- config/**/*
|
|
58
|
-
- test/**/*
|
|
61
|
+
- vendor/bundle/**/*
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,19 @@
|
|
|
1
|
+
# v0.5.0 (26.12.2022)
|
|
2
|
+
|
|
3
|
+
- Support the "nonce" parameter forwarding without a session [#130](https://github.com/omniauth/omniauth_openid_connect/pull/130)
|
|
4
|
+
- Fetch key from JWKS URI if available [#133](https://github.com/omniauth/omniauth_openid_connect/pull/133)
|
|
5
|
+
- Make the state parameter verification optional [#122](https://github.com/omniauth/omniauth_openid_connect/pull/122)
|
|
6
|
+
- Add email_verified claim in user info [#131](https://github.com/omniauth/omniauth_openid_connect/pull/131)
|
|
7
|
+
- Add PKCE verification support [#128](https://github.com/omniauth/omniauth_openid_connect/pull/128)
|
|
8
|
+
|
|
9
|
+
# v0.4.0 (06.02.2022)
|
|
10
|
+
|
|
11
|
+
- Support dynamic parameters to the authorize URI [#90](https://github.com/omniauth/omniauth_openid_connect/pull/90)
|
|
12
|
+
- Upgrade Faker and replace Travis with Github Actions [#102](https://github.com/omniauth/omniauth_openid_connect/pull/102)
|
|
13
|
+
- Make `omniauth_openid_connect` gem compatible with `omniauth v2.0` [#95](https://github.com/omniauth/omniauth_openid_connect/pull/95)
|
|
14
|
+
- Fall back to the discovered jwks when no key specified [#97](https://github.com/omniauth/omniauth_openid_connect/pull/97)
|
|
15
|
+
- Allow updating to omniauth v2 [#88](https://github.com/omniauth/omniauth_openid_connect/pull/88)
|
|
16
|
+
|
|
1
17
|
# v0.3.5 (07.06.2020)
|
|
2
18
|
|
|
3
19
|
- bugfix: Info from decoded id_token is not exposed into `request.env['omniauth.auth']` [#61](https://github.com/m0n9oose/omniauth_openid_connect/pull/61)
|
data/Gemfile
CHANGED
data/Guardfile
CHANGED
data/README.md
CHANGED
|
@@ -4,7 +4,8 @@ Originally was [omniauth-openid-connect](https://github.com/jjbohn/omniauth-open
|
|
|
4
4
|
|
|
5
5
|
I've forked this repository and launch as separate gem because maintaining of original was dropped.
|
|
6
6
|
|
|
7
|
-
[](https://github.com/omniauth/omniauth_openid_connect/actions/workflows/main.yml)
|
|
8
|
+
[](https://coveralls.io/github/omniauth/omniauth_openid_connect)
|
|
8
9
|
|
|
9
10
|
## Installation
|
|
10
11
|
|
|
@@ -19,10 +20,10 @@ And then execute:
|
|
|
19
20
|
Or install it yourself as:
|
|
20
21
|
|
|
21
22
|
$ gem install omniauth_openid_connect
|
|
22
|
-
|
|
23
|
+
|
|
23
24
|
## Supported Ruby Versions
|
|
24
25
|
|
|
25
|
-
OmniAuth::OpenIDConnect is tested under 2.
|
|
26
|
+
OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
|
|
26
27
|
|
|
27
28
|
## Usage
|
|
28
29
|
|
|
@@ -46,22 +47,28 @@ config.omniauth :openid_connect, {
|
|
|
46
47
|
|
|
47
48
|
### Options Overview
|
|
48
49
|
|
|
49
|
-
| Field | Description | Required | Default
|
|
50
|
-
|
|
51
|
-
| name | Arbitrary string to identify connection and identify it from other openid_connect providers
|
|
52
|
-
| issuer | Root url for the authorization server | yes |
|
|
53
|
-
| discovery | Should OpenID discovery be used. This is recommended if the IDP provides a discovery endpoint. See client config for how to manually enter discovered values. | no | false
|
|
54
|
-
| client_auth_method | Which authentication method to use to authenticate your app with the authorization server | no | Sym: basic
|
|
55
|
-
| scope | Which OpenID scopes to include (:openid is always required) | no | Array<sym> [:openid]
|
|
56
|
-
| response_type | Which OAuth2 response type to use with the authorization request | no | String: code
|
|
57
|
-
| state | A value to be used for the OAuth2 state parameter on the authorization request. Can be a proc that generates a string. | no | Random 16 character string
|
|
58
|
-
|
|
|
59
|
-
|
|
|
60
|
-
|
|
|
61
|
-
|
|
|
62
|
-
|
|
|
63
|
-
|
|
|
64
|
-
|
|
|
50
|
+
| Field | Description | Required | Default | Example/Options |
|
|
51
|
+
|------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------------------------------|-----------------------------------------------------|
|
|
52
|
+
| name | Arbitrary string to identify connection and identify it from other openid_connect providers | no | String: openid_connect | :my_idp |
|
|
53
|
+
| issuer | Root url for the authorization server | yes | | https://myprovider.com |
|
|
54
|
+
| discovery | Should OpenID discovery be used. This is recommended if the IDP provides a discovery endpoint. See client config for how to manually enter discovered values. | no | false | one of: true, false |
|
|
55
|
+
| client_auth_method | Which authentication method to use to authenticate your app with the authorization server | no | Sym: basic | "basic", "jwks" |
|
|
56
|
+
| scope | Which OpenID scopes to include (:openid is always required) | no | Array<sym> [:openid] | [:openid, :profile, :email] |
|
|
57
|
+
| response_type | Which OAuth2 response type to use with the authorization request | no | String: code | one of: 'code', 'id_token' |
|
|
58
|
+
| state | A value to be used for the OAuth2 state parameter on the authorization request. Can be a proc that generates a string. | no | Random 16 character string | Proc.new { SecureRandom.hex(32) } |
|
|
59
|
+
| require_state | Should state param be verified - this is recommended, not required by the OIDC specification | no | true | false |
|
|
60
|
+
| response_mode | The response mode per [spec](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html) | no | nil | one of: :query, :fragment, :form_post, :web_message |
|
|
61
|
+
| display | An optional parameter to the authorization request to determine how the authorization and consent page | no | nil | one of: :page, :popup, :touch, :wap |
|
|
62
|
+
| prompt | An optional parameter to the authrization request to determine what pages the user will be shown | no | nil | one of: :none, :login, :consent, :select_account |
|
|
63
|
+
| send_scope_to_token_endpoint | Should the scope parameter be sent to the authorization token endpoint? | no | true | one of: true, false |
|
|
64
|
+
| post_logout_redirect_uri | The logout redirect uri to use per the [session management draft](https://openid.net/specs/openid-connect-session-1_0.html) | no | empty | https://myapp.com/logout/callback |
|
|
65
|
+
| uid_field | The field of the user info response to be used as a unique id | no | 'sub' | "sub", "preferred_username" |
|
|
66
|
+
| extra_authorize_params | A hash of extra fixed parameters that will be merged to the authorization request | no | Hash | {"tenant" => "common"} |
|
|
67
|
+
| allow_authorize_params | A list of allowed dynamic parameters that will be merged to the authorization request | no | Array | [:screen_name] |
|
|
68
|
+
| pkce | Enable [PKCE flow](https://oauth.net/2/pkce/) | no | false | one of: true, false |
|
|
69
|
+
| pkce_verifier | Specify a custom PKCE verifier code. | no | A random 128-char string | Proc.new { SecureRandom.hex(64) } |
|
|
70
|
+
| pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
|
|
71
|
+
| client_options | A hash of client options detailed in its own section | yes | | |
|
|
65
72
|
|
|
66
73
|
### Client Config Options
|
|
67
74
|
|
|
@@ -91,7 +98,7 @@ These are the configuration options for the client_options hash of the configura
|
|
|
91
98
|
|
|
92
99
|
* `response_type` tells the authorization server which grant type the application wants to use,
|
|
93
100
|
currently, only `:code` (Authorization Code grant) and `:id_token` (Implicit grant) are valid.
|
|
94
|
-
* If you want to pass `state`
|
|
101
|
+
* If you want to pass `state` parameter by yourself. You can set Proc Object.
|
|
95
102
|
e.g. `state: Proc.new { SecureRandom.hex(32) }`
|
|
96
103
|
* `nonce` is optional. If don't want to pass "nonce" parameter to provider, You should specify
|
|
97
104
|
`false` to `send_nonce` option. (default true)
|
|
@@ -113,6 +120,11 @@ These are the configuration options for the client_options hash of the configura
|
|
|
113
120
|
property can be used to add the attribute to the token request. Initial value is `true`, which means that the
|
|
114
121
|
scope attribute is included by default.
|
|
115
122
|
|
|
123
|
+
## Additional notes
|
|
124
|
+
* In some cases, you may want to go straight to the callback phase - e.g. when requested by a stateless client, like a mobile app.
|
|
125
|
+
In such example, the session is empty, so you have to forward certain parameters received from the client.
|
|
126
|
+
Currently supported ones are `code_verifier` and `nonce` - simply provide them as the `/callback` request parameters.
|
|
127
|
+
|
|
116
128
|
For the full low down on OpenID Connect, please check out
|
|
117
129
|
[the spec](http://openid.net/specs/openid-connect-core-1_0.html).
|
|
118
130
|
|
data/Rakefile
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'addressable/uri'
|
|
4
3
|
require 'timeout'
|
|
5
4
|
require 'net/http'
|
|
6
5
|
require 'open-uri'
|
|
@@ -10,7 +9,7 @@ require 'forwardable'
|
|
|
10
9
|
|
|
11
10
|
module OmniAuth
|
|
12
11
|
module Strategies
|
|
13
|
-
class OpenIDConnect
|
|
12
|
+
class OpenIDConnect # rubocop:disable Metrics/ClassLength
|
|
14
13
|
include OmniAuth::Strategy
|
|
15
14
|
extend Forwardable
|
|
16
15
|
|
|
@@ -41,6 +40,7 @@ module OmniAuth
|
|
|
41
40
|
option :client_x509_signing_key
|
|
42
41
|
option :scope, [:openid]
|
|
43
42
|
option :response_type, 'code' # ['code', 'id_token']
|
|
43
|
+
option :require_state, true
|
|
44
44
|
option :state
|
|
45
45
|
option :response_mode # [:query, :fragment, :form_post, :web_message]
|
|
46
46
|
option :display, nil # [:page, :popup, :touch, :wap]
|
|
@@ -55,7 +55,16 @@ module OmniAuth
|
|
|
55
55
|
option :client_auth_method
|
|
56
56
|
option :post_logout_redirect_uri
|
|
57
57
|
option :extra_authorize_params, {}
|
|
58
|
+
option :allow_authorize_params, []
|
|
58
59
|
option :uid_field, 'sub'
|
|
60
|
+
option :pkce, false
|
|
61
|
+
option :pkce_verifier, nil
|
|
62
|
+
option :pkce_options, {
|
|
63
|
+
code_challenge: proc { |verifier|
|
|
64
|
+
Base64.urlsafe_encode64(Digest::SHA2.digest(verifier), padding: false)
|
|
65
|
+
},
|
|
66
|
+
code_challenge_method: 'S256',
|
|
67
|
+
}
|
|
59
68
|
|
|
60
69
|
def uid
|
|
61
70
|
user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
|
|
@@ -65,6 +74,7 @@ module OmniAuth
|
|
|
65
74
|
{
|
|
66
75
|
name: user_info.name,
|
|
67
76
|
email: user_info.email,
|
|
77
|
+
email_verified: user_info.email_verified,
|
|
68
78
|
nickname: user_info.preferred_username,
|
|
69
79
|
first_name: user_info.given_name,
|
|
70
80
|
last_name: user_info.family_name,
|
|
@@ -106,7 +116,7 @@ module OmniAuth
|
|
|
106
116
|
def callback_phase
|
|
107
117
|
error = params['error_reason'] || params['error']
|
|
108
118
|
error_description = params['error_description'] || params['error_reason']
|
|
109
|
-
invalid_state = params['state'].to_s.empty? || params['state'] != stored_state
|
|
119
|
+
invalid_state = (options.require_state && params['state'].to_s.empty?) || params['state'] != stored_state
|
|
110
120
|
|
|
111
121
|
raise CallbackError, error: params['error'], reason: error_description, uri: params['error_uri'] if error
|
|
112
122
|
raise CallbackError, error: :csrf_detected, reason: "Invalid 'state' parameter" if invalid_state
|
|
@@ -173,17 +183,44 @@ module OmniAuth
|
|
|
173
183
|
|
|
174
184
|
opts.merge!(options.extra_authorize_params) unless options.extra_authorize_params.empty?
|
|
175
185
|
|
|
186
|
+
options.allow_authorize_params.each do |key|
|
|
187
|
+
opts[key] = request.params[key.to_s] unless opts.key?(key)
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
if options.pkce
|
|
191
|
+
verifier = options.pkce_verifier ? options.pkce_verifier.call : SecureRandom.hex(64)
|
|
192
|
+
|
|
193
|
+
opts.merge!(pkce_authorize_params(verifier))
|
|
194
|
+
session['omniauth.pkce.verifier'] = verifier
|
|
195
|
+
end
|
|
196
|
+
|
|
176
197
|
client.authorization_uri(opts.reject { |_k, v| v.nil? })
|
|
177
198
|
end
|
|
178
199
|
|
|
179
200
|
def public_key
|
|
180
|
-
|
|
201
|
+
@public_key ||= if options.discovery
|
|
202
|
+
config.jwks
|
|
203
|
+
elsif key_or_secret
|
|
204
|
+
key_or_secret
|
|
205
|
+
elsif client_options.jwks_uri
|
|
206
|
+
fetch_key
|
|
207
|
+
end
|
|
208
|
+
end
|
|
181
209
|
|
|
182
|
-
|
|
210
|
+
def pkce_authorize_params(verifier)
|
|
211
|
+
# NOTE: see https://tools.ietf.org/html/rfc7636#appendix-A
|
|
212
|
+
{
|
|
213
|
+
code_challenge: options.pkce_options[:code_challenge].call(verifier),
|
|
214
|
+
code_challenge_method: options.pkce_options[:code_challenge_method],
|
|
215
|
+
}
|
|
183
216
|
end
|
|
184
217
|
|
|
185
218
|
private
|
|
186
219
|
|
|
220
|
+
def fetch_key
|
|
221
|
+
@fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
|
|
222
|
+
end
|
|
223
|
+
|
|
187
224
|
def issuer
|
|
188
225
|
resource = "#{ client_options.scheme }://#{ client_options.host }"
|
|
189
226
|
resource = "#{ resource }:#{ client_options.port }" if client_options.port
|
|
@@ -215,11 +252,14 @@ module OmniAuth
|
|
|
215
252
|
def access_token
|
|
216
253
|
return @access_token if @access_token
|
|
217
254
|
|
|
218
|
-
|
|
255
|
+
token_request_params = {
|
|
219
256
|
scope: (options.scope if options.send_scope_to_token_endpoint),
|
|
220
|
-
client_auth_method: options.client_auth_method
|
|
221
|
-
|
|
257
|
+
client_auth_method: options.client_auth_method,
|
|
258
|
+
}
|
|
222
259
|
|
|
260
|
+
token_request_params[:code_verifier] = params['code_verifier'] || session.delete('omniauth.pkce.verifier') if options.pkce
|
|
261
|
+
|
|
262
|
+
@access_token = client.access_token!(token_request_params)
|
|
223
263
|
verify_id_token!(@access_token.id_token) if configured_response_type == 'code'
|
|
224
264
|
|
|
225
265
|
@access_token
|
|
@@ -256,6 +296,12 @@ module OmniAuth
|
|
|
256
296
|
session.delete('omniauth.nonce')
|
|
257
297
|
end
|
|
258
298
|
|
|
299
|
+
def script_name
|
|
300
|
+
return '' if @env.nil?
|
|
301
|
+
|
|
302
|
+
super
|
|
303
|
+
end
|
|
304
|
+
|
|
259
305
|
def session
|
|
260
306
|
return {} if @env.nil?
|
|
261
307
|
|
|
@@ -263,16 +309,17 @@ module OmniAuth
|
|
|
263
309
|
end
|
|
264
310
|
|
|
265
311
|
def key_or_secret
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
312
|
+
@key_or_secret ||=
|
|
313
|
+
case options.client_signing_alg&.to_sym
|
|
314
|
+
when :HS256, :HS384, :HS512
|
|
315
|
+
client_options.secret
|
|
316
|
+
when :RS256, :RS384, :RS512
|
|
317
|
+
if options.client_jwk_signing_key
|
|
318
|
+
parse_jwk_key(options.client_jwk_signing_key)
|
|
319
|
+
elsif options.client_x509_signing_key
|
|
320
|
+
parse_x509_key(options.client_x509_signing_key)
|
|
321
|
+
end
|
|
274
322
|
end
|
|
275
|
-
end
|
|
276
323
|
end
|
|
277
324
|
|
|
278
325
|
def parse_x509_key(key)
|
|
@@ -342,13 +389,14 @@ module OmniAuth
|
|
|
342
389
|
|
|
343
390
|
decode_id_token(id_token).verify!(issuer: options.issuer,
|
|
344
391
|
client_id: client_options.identifier,
|
|
345
|
-
nonce: stored_nonce)
|
|
392
|
+
nonce: params['nonce'].presence || stored_nonce)
|
|
346
393
|
end
|
|
347
394
|
|
|
348
395
|
class CallbackError < StandardError
|
|
349
396
|
attr_accessor :error, :error_reason, :error_uri
|
|
350
397
|
|
|
351
398
|
def initialize(data)
|
|
399
|
+
super
|
|
352
400
|
self.error = data[:error]
|
|
353
401
|
self.error_reason = data[:reason]
|
|
354
402
|
self.error_uri = data[:uri]
|
|
@@ -19,17 +19,24 @@ Gem::Specification.new do |spec|
|
|
|
19
19
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
20
20
|
spec.require_paths = ['lib']
|
|
21
21
|
|
|
22
|
-
spec.
|
|
23
|
-
|
|
22
|
+
spec.metadata = {
|
|
23
|
+
'bug_tracker_uri' => 'https://github.com/m0n9oose/omniauth_openid_connect/issues',
|
|
24
|
+
'changelog_uri' => 'https://github.com/m0n9oose/omniauth_openid_connect/releases',
|
|
25
|
+
'documentation_uri' => "https://github.com/m0n9oose/omniauth_openid_connect/tree/v#{spec.version}#readme",
|
|
26
|
+
'source_code_uri' => "https://github.com/m0n9oose/omniauth_openid_connect/tree/v#{spec.version}",
|
|
27
|
+
'rubygems_mfa_required' => 'true',
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
spec.add_dependency 'omniauth', '>= 1.9', '< 3'
|
|
24
31
|
spec.add_dependency 'openid_connect', '~> 1.1'
|
|
25
|
-
spec.add_development_dependency '
|
|
26
|
-
spec.add_development_dependency 'faker', '~> 1.6'
|
|
32
|
+
spec.add_development_dependency 'faker', '~> 2.0'
|
|
27
33
|
spec.add_development_dependency 'guard', '~> 2.14'
|
|
28
34
|
spec.add_development_dependency 'guard-bundler', '~> 2.2'
|
|
29
35
|
spec.add_development_dependency 'guard-minitest', '~> 2.4'
|
|
30
36
|
spec.add_development_dependency 'minitest', '~> 5.1'
|
|
31
37
|
spec.add_development_dependency 'mocha', '~> 1.7'
|
|
32
38
|
spec.add_development_dependency 'rake', '~> 12.0'
|
|
33
|
-
spec.add_development_dependency 'rubocop', '~>
|
|
34
|
-
spec.add_development_dependency 'simplecov', '~> 0.
|
|
39
|
+
spec.add_development_dependency 'rubocop', '~> 1.12'
|
|
40
|
+
spec.add_development_dependency 'simplecov', '~> 0.21'
|
|
41
|
+
spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
|
|
35
42
|
end
|