omniauth_openid_connect 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5ccd20bf84d71220597692301b64b1c3b0f8bf19faf1d788a6f1185bf42bfcb
-  data.tar.gz: 9336782a2449bfdefc07521f79bcd8030bf4cc2a6f094a01d9613dbcc21727f9
+  metadata.gz: d6a11bcb166756152adda96fe4326a0f2f64b6181cafeab56e2b8e0328830adc
+  data.tar.gz: bcc46e52cc5223ec916874d9adab8692d0d8662152106988b727e926a58c0090
 SHA512:
-  metadata.gz: 07b23acf7a852a2b5a1d7a4b6852108562fc7ce2c7f00ead2fe91989f00d736643c8e9f510ff8029956a0e55006d70b4671006ed4d2ca8a5c9a74f641a0c0e60
-  data.tar.gz: e22f6c174179f08acf046f05a50da341a01d576353a929fca9bd4c49f6d5ceaa5a761ce7ddaa4cfa6dae7470923bd0a646d634f6b7f563dca93df436c9b60a05
+  metadata.gz: eb43c6b0f6c9ff6efa0bf7ca424c24a73c12572401c785f92a8c35e0da459f5a022020d5947155bbe6d80c4ad7af8e12e849f786b29249c8f3bc41a6c313a049
+  data.tar.gz: 657003a0f621975fb906be54e7c2d256f53c9b5539fed4d44f9309be0bf906eccd0ec55277a54fbee58556970a6caaffcd61bcfa1769a8baa4102d22b6fee933

data/.github/workflows/main.yml

@@ -14,12 +14,12 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: ["2.5", "2.6", "2.7", "3.0", "3.1"]
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
     name: Ruby ${{ matrix.ruby }}
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
@@ -51,7 +51,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# Unreleased
+
+# v0.7.0 (25.04.2023)
+
+- Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
+- Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
+- Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
+- Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
+
+# v0.6.1 (22.02.2023)
+
+- Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
+
 # v0.6.0 (21.01.2023)
 
 - Support verification of HS256-signed JWTs (https://github.com/omniauth/omniauth_openid_connect/pull/134)

data/README.md

@@ -23,26 +23,49 @@ Or install it yourself as:
 
 ## Supported Ruby Versions
 
-OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
+OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
 
 ## Usage
 
 Example configuration
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :openid_connect, {
+    name: :my_provider,
+    scope: [:openid, :email, :profile, :address],
+    response_type: :code,
+    uid_field: "preferred_username",
+    client_options: {
+      port: 443,
+      scheme: "https",
+      host: "myprovider.com",
+      identifier: ENV["OP_CLIENT_ID"],
+      secret: ENV["OP_SECRET_KEY"],
+      redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
+    },
+  }
+end
+```
+
+### with Devise
 ```ruby
-config.omniauth :openid_connect, {
-  name: :my_provider,
-  scope: [:openid, :email, :profile, :address],
-  response_type: :code,
-  uid_field: "preferred_username",
-  client_options: {
-    port: 443,
-    scheme: "https",
-    host: "myprovider.com",
-    identifier: ENV["OP_CLIENT_ID"],
-    secret: ENV["OP_SECRET_KEY"],
-    redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
-  },
-}
+Devise.setup do |config|
+  config.omniauth :openid_connect, {
+    name: :my_provider,
+    scope: [:openid, :email, :profile, :address],
+    response_type: :code,
+    uid_field: "preferred_username",
+    client_options: {
+      port: 443,
+      scheme: "https",
+      host: "myprovider.com",
+      identifier: ENV["OP_CLIENT_ID"],
+      secret: ENV["OP_SECRET_KEY"],
+      redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
+    },
+  }
+end
 ```
 
 ### Options Overview
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
 | pkce_options                 | Specify a custom implementation of the PKCE code challenge/method.                                                                                            | no       | SHA256(code_challenge) in hex | Proc to customise the code challenge generation     |
 | client_options               | A hash of client options detailed in its own section                                                                                                          | yes      |                               |                                                     |
 | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
+| logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
 
 ### Client Config Options
 
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
 
 ## Contributing
 
-1. Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
+1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
 4. Commit your changes (`git commit -am 'Add some feature'`)

data/lib/omniauth/openid_connect/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module OpenIDConnect
-    VERSION = '0.6.0'
+    VERSION = '0.7.0'
   end
 end

data/lib/omniauth/strategies/openid_connect.rb

@@ -68,6 +68,8 @@ module OmniAuth
         code_challenge_method: 'S256',
       }
 
+      option :logout_path, '/logout'
+
       def uid
         user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
       end
@@ -226,7 +228,7 @@ module OmniAuth
       private
 
       def fetch_key
-        @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
+        @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
       end
 
       def base64_decoded_jwt_secret
@@ -340,7 +342,7 @@ module OmniAuth
         keyset.each do |key|
           begin
             decoded = decode!(id_token, key)
-          rescue JSON::JWS::VerificationFailed, JSON::JWS::UnexpectedAlgorithm, JSON::JWS::UnknownAlgorithm
+          rescue JSON::JWS::VerificationFailed, JSON::JWS::UnexpectedAlgorithm, JSON::JWK::UnknownAlgorithm
             next
           end
 
@@ -432,7 +434,7 @@ module OmniAuth
       end
 
       def logout_path_pattern
-        @logout_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/logout)}
+        @logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
       end
 
       def id_token_callback_phase

data/omniauth_openid_connect.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   }
 
   spec.add_dependency 'omniauth', '>= 1.9', '< 3'
-  spec.add_dependency 'openid_connect', '~> 1.1'
+  spec.add_dependency 'openid_connect', '~> 2.2'
   spec.add_development_dependency 'faker', '~> 2.0'
   spec.add_development_dependency 'guard', '~> 2.14'
   spec.add_development_dependency 'guard-bundler', '~> 2.2'

data/test/lib/omniauth/strategies/openid_connect_test.rb

@@ -69,6 +69,17 @@ module OmniAuth
         strategy.other_phase
       end
 
+      def test_logout_phase_with_logout_path
+        strategy.options.issuer = 'example.com'
+        strategy.options.client_options.host = 'example.com'
+        strategy.options.logout_path = '/sign_out'
+
+        request.stubs(:path).returns('/auth/openid_connect/sign_out')
+
+        strategy.expects(:call_app!)
+        strategy.other_phase
+      end
+
       def test_logout_phase
         strategy.options.issuer = 'example.com'
         strategy.options.client_options.host = 'example.com'
@@ -509,10 +520,14 @@ module OmniAuth
         strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
         strategy.options.response_type = 'id_token'
 
-        HTTPClient
-          .any_instance.stubs(:get_content)
-          .with(strategy.options.client_options.jwks_uri)
-          .returns(jwks.to_json)
+        ::OpenIDConnect.stubs(:http_client)
+                       .returns(
+                         Faraday.new do |builder|
+                           builder.adapter :test do |stubs|
+                             stubs.get(strategy.options.client_options.jwks_uri) { [200, {}, jwks.to_json] }
+                           end
+                         end
+                       )
 
         strategy.unstub(:user_info)
         access_token = stub('OpenIDConnect::AccessToken')
@@ -788,8 +803,7 @@ module OmniAuth
           access_token: 'test_access_token',
           id_token: jwt.to_s,
           token_type: 'Bearer',
-        }.to_json
-        success = Struct.new(:status, :body).new(200, json_response)
+        }
 
         request.stubs(:path).returns('')
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -798,11 +812,19 @@ module OmniAuth
         id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
         ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
 
-        HTTPClient.any_instance.stubs(:post).with(
-          "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
-          { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret },
-          {}
-        ).returns(success)
+        ::Rack::OAuth2.stubs(:http_client)
+                      .returns(
+                        Faraday.new do |builder|
+                          builder.adapter :test do |stubs|
+                            stubs.post(
+                              "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
+                              { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret }
+                            ) do
+                              [200, {}, json_response]
+                            end
+                          end
+                        end
+                      )
 
         assert(strategy.send(:access_token))
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - John Bohn
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-01-22 00:00:00.000000000 Z
+date: 2023-04-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -37,14 +37,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: faker
   requirement: !ruby/object:Gem::Requirement
@@ -219,8 +219,8 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
   changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
-  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0#readme
-  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.0
+  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.0#readme
+  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.0
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.3
+rubygems_version: 3.4.12
 signing_key:
 specification_version: 4
 summary: OpenID Connect Strategy for OmniAuth