omniauth_openid_connect 0.6.1 → 0.7.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 446a75e37d0a98638c32b054b7e4e1443b54c8d067025381ca340e2a80d5db05
4
- data.tar.gz: fe1895242ce7bd7d1910d9db085678cc5cadc9757b62a7660a232462105d21fe
3
+ metadata.gz: 4c2be6aafa448af62c29c2183954e27a374018d270ac09137b04eb6b5e0aaeba
4
+ data.tar.gz: 3254e1780018a43ee507d7a43ad310dcbec9abe4c0de20ba7e93f78f22c61067
5
5
  SHA512:
6
- metadata.gz: c102811330e2e73ea3a76940c4c275799ef01b8b4640a3e49203a9febec8ecdcb16d9f2a48d2df67deb402f65914842964b656e82c71e1676108db7d54577252
7
- data.tar.gz: 2c6e454846927acd7f2456b7b9653f356ac96d3a196b7299ca348c5bcb9f4853a802154da2548bfc86bc65ec3088abcabb16ea1ab37dc7cc0285cfae0c938a9c
6
+ metadata.gz: 00060df4350aad1ed5a402e24562a4e774ef43fcba0cf501286e8d8f25a6d3d35a15b7c3f61541adb316b213fea64bab41ab3dea2a53eebaf9a84f427ea11a5e
7
+ data.tar.gz: 9bdfc6dae8d63c6831611514e02c5108a5f3e417a2409f0e859a1c5262eb0d2939a476d4b70f8582c70bf5f6084e3f84301e9c9cbe7441691aa2b0e076dfc783
@@ -14,7 +14,7 @@ jobs:
14
14
  strategy:
15
15
  fail-fast: false
16
16
  matrix:
17
- ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2"]
17
+ ruby: ["2.7", "3.0", "3.1", "3.2"]
18
18
  name: Ruby ${{ matrix.ruby }}
19
19
 
20
20
  steps:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ # Unreleased
2
+
3
+ # v0.7.1 (26.04.2023)
4
+
5
+ - Fix handling of JWKS response (https://github.com/omniauth/omniauth_openid_connect/pull/157)
6
+
7
+ # v0.7.0 (25.04.2023)
8
+
9
+ - Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
10
+ - Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
11
+ - Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
12
+ - Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
13
+
1
14
  # v0.6.1 (22.02.2023)
2
15
 
3
16
  - Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
data/README.md CHANGED
@@ -23,26 +23,49 @@ Or install it yourself as:
23
23
 
24
24
  ## Supported Ruby Versions
25
25
 
26
- OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
26
+ OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
27
27
 
28
28
  ## Usage
29
29
 
30
30
  Example configuration
31
+
32
+ ```ruby
33
+ Rails.application.config.middleware.use OmniAuth::Builder do
34
+ provider :openid_connect, {
35
+ name: :my_provider,
36
+ scope: [:openid, :email, :profile, :address],
37
+ response_type: :code,
38
+ uid_field: "preferred_username",
39
+ client_options: {
40
+ port: 443,
41
+ scheme: "https",
42
+ host: "myprovider.com",
43
+ identifier: ENV["OP_CLIENT_ID"],
44
+ secret: ENV["OP_SECRET_KEY"],
45
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
46
+ },
47
+ }
48
+ end
49
+ ```
50
+
51
+ ### with Devise
31
52
  ```ruby
32
- config.omniauth :openid_connect, {
33
- name: :my_provider,
34
- scope: [:openid, :email, :profile, :address],
35
- response_type: :code,
36
- uid_field: "preferred_username",
37
- client_options: {
38
- port: 443,
39
- scheme: "https",
40
- host: "myprovider.com",
41
- identifier: ENV["OP_CLIENT_ID"],
42
- secret: ENV["OP_SECRET_KEY"],
43
- redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
44
- },
45
- }
53
+ Devise.setup do |config|
54
+ config.omniauth :openid_connect, {
55
+ name: :my_provider,
56
+ scope: [:openid, :email, :profile, :address],
57
+ response_type: :code,
58
+ uid_field: "preferred_username",
59
+ client_options: {
60
+ port: 443,
61
+ scheme: "https",
62
+ host: "myprovider.com",
63
+ identifier: ENV["OP_CLIENT_ID"],
64
+ secret: ENV["OP_SECRET_KEY"],
65
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
66
+ },
67
+ }
68
+ end
46
69
  ```
47
70
 
48
71
  ### Options Overview
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
70
93
  | pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
71
94
  | client_options | A hash of client options detailed in its own section | yes | | |
72
95
  | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
96
+ | logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
73
97
 
74
98
  ### Client Config Options
75
99
 
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
131
155
 
132
156
  ## Contributing
133
157
 
134
- 1. Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
158
+ 1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
135
159
  2. Create your feature branch (`git checkout -b my-new-feature`)
136
160
  3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
137
161
  4. Commit your changes (`git commit -am 'Add some feature'`)
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module OpenIDConnect
5
- VERSION = '0.6.1'
5
+ VERSION = '0.7.1'
6
6
  end
7
7
  end
@@ -68,6 +68,8 @@ module OmniAuth
68
68
  code_challenge_method: 'S256',
69
69
  }
70
70
 
71
+ option :logout_path, '/logout'
72
+
71
73
  def uid
72
74
  user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
73
75
  end
@@ -226,7 +228,7 @@ module OmniAuth
226
228
  private
227
229
 
228
230
  def fetch_key
229
- @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
231
+ @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
230
232
  end
231
233
 
232
234
  def base64_decoded_jwt_secret
@@ -402,7 +404,7 @@ module OmniAuth
402
404
  end
403
405
 
404
406
  def parse_jwk_key(key)
405
- json = JSON.parse(key)
407
+ json = key.is_a?(String) ? JSON.parse(key) : key
406
408
  return JSON::JWK::Set.new(json['keys']) if json.key?('keys')
407
409
 
408
410
  JSON::JWK.new(json)
@@ -432,7 +434,7 @@ module OmniAuth
432
434
  end
433
435
 
434
436
  def logout_path_pattern
435
- @logout_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/logout)}
437
+ @logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
436
438
  end
437
439
 
438
440
  def id_token_callback_phase
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
28
28
  }
29
29
 
30
30
  spec.add_dependency 'omniauth', '>= 1.9', '< 3'
31
- spec.add_dependency 'openid_connect', '~> 1.1'
31
+ spec.add_dependency 'openid_connect', '~> 2.2'
32
32
  spec.add_development_dependency 'faker', '~> 2.0'
33
33
  spec.add_development_dependency 'guard', '~> 2.14'
34
34
  spec.add_development_dependency 'guard-bundler', '~> 2.2'
@@ -39,4 +39,5 @@ Gem::Specification.new do |spec|
39
39
  spec.add_development_dependency 'rubocop', '~> 1.12'
40
40
  spec.add_development_dependency 'simplecov', '~> 0.21'
41
41
  spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
42
+ spec.add_development_dependency 'webmock', '~> 3.18'
42
43
  end
@@ -69,6 +69,17 @@ module OmniAuth
69
69
  strategy.other_phase
70
70
  end
71
71
 
72
+ def test_logout_phase_with_logout_path
73
+ strategy.options.issuer = 'example.com'
74
+ strategy.options.client_options.host = 'example.com'
75
+ strategy.options.logout_path = '/sign_out'
76
+
77
+ request.stubs(:path).returns('/auth/openid_connect/sign_out')
78
+
79
+ strategy.expects(:call_app!)
80
+ strategy.other_phase
81
+ end
82
+
72
83
  def test_logout_phase
73
84
  strategy.options.issuer = 'example.com'
74
85
  strategy.options.client_options.host = 'example.com'
@@ -509,10 +520,10 @@ module OmniAuth
509
520
  strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
510
521
  strategy.options.response_type = 'id_token'
511
522
 
512
- HTTPClient
513
- .any_instance.stubs(:get_content)
514
- .with(strategy.options.client_options.jwks_uri)
515
- .returns(jwks.to_json)
523
+ stub_request(:get, strategy.options.client_options.jwks_uri).to_return(
524
+ body: jwks.to_json,
525
+ headers: { 'Content-Type' => 'application/json' }
526
+ )
516
527
 
517
528
  strategy.unstub(:user_info)
518
529
  access_token = stub('OpenIDConnect::AccessToken')
@@ -788,8 +799,7 @@ module OmniAuth
788
799
  access_token: 'test_access_token',
789
800
  id_token: jwt.to_s,
790
801
  token_type: 'Bearer',
791
- }.to_json
792
- success = Struct.new(:status, :body).new(200, json_response)
802
+ }
793
803
 
794
804
  request.stubs(:path).returns('')
795
805
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -798,11 +808,13 @@ module OmniAuth
798
808
  id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
799
809
  ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
800
810
 
801
- HTTPClient.any_instance.stubs(:post).with(
802
- "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
803
- { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret },
804
- {}
805
- ).returns(success)
811
+ url = "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }"
812
+ body = { scope: 'openid', grant_type: 'client_credentials', client_id: @identifier, client_secret: @secret }
813
+
814
+ stub_request(:post, url).with(body: body).to_return(
815
+ body: json_response.to_json,
816
+ headers: { 'Content-Type' => 'application/json' }
817
+ )
806
818
 
807
819
  assert(strategy.send(:access_token))
808
820
  end
data/test/test_helper.rb CHANGED
@@ -5,6 +5,7 @@ require 'minitest/autorun'
5
5
  require 'mocha/minitest'
6
6
  require 'faker'
7
7
  require 'active_support'
8
+ require 'webmock/minitest'
8
9
 
9
10
  SimpleCov.start do
10
11
  if ENV['CI']
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Bohn
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-02-23 00:00:00.000000000 Z
12
+ date: 2023-04-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -37,14 +37,14 @@ dependencies:
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.1'
40
+ version: '2.2'
41
41
  type: :runtime
42
42
  prerelease: false
43
43
  version_requirements: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '1.1'
47
+ version: '2.2'
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: faker
50
50
  requirement: !ruby/object:Gem::Requirement
@@ -185,6 +185,20 @@ dependencies:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
187
  version: '0.8'
188
+ - !ruby/object:Gem::Dependency
189
+ name: webmock
190
+ requirement: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - "~>"
193
+ - !ruby/object:Gem::Version
194
+ version: '3.18'
195
+ type: :development
196
+ prerelease: false
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: '3.18'
188
202
  description: OpenID Connect Strategy for OmniAuth.
189
203
  email:
190
204
  - jjbohn@gmail.com
@@ -219,8 +233,8 @@ licenses:
219
233
  metadata:
220
234
  bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
221
235
  changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
222
- documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1#readme
223
- source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1
236
+ documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1#readme
237
+ source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1
224
238
  rubygems_mfa_required: 'true'
225
239
  post_install_message:
226
240
  rdoc_options: []
@@ -237,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
237
251
  - !ruby/object:Gem::Version
238
252
  version: '0'
239
253
  requirements: []
240
- rubygems_version: 3.4.7
254
+ rubygems_version: 3.4.12
241
255
  signing_key:
242
256
  specification_version: 4
243
257
  summary: OpenID Connect Strategy for OmniAuth