omniauth_openid_connect 0.6.1 → 0.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 446a75e37d0a98638c32b054b7e4e1443b54c8d067025381ca340e2a80d5db05
-  data.tar.gz: fe1895242ce7bd7d1910d9db085678cc5cadc9757b62a7660a232462105d21fe
+  metadata.gz: 4c2be6aafa448af62c29c2183954e27a374018d270ac09137b04eb6b5e0aaeba
+  data.tar.gz: 3254e1780018a43ee507d7a43ad310dcbec9abe4c0de20ba7e93f78f22c61067
 SHA512:
-  metadata.gz: c102811330e2e73ea3a76940c4c275799ef01b8b4640a3e49203a9febec8ecdcb16d9f2a48d2df67deb402f65914842964b656e82c71e1676108db7d54577252
-  data.tar.gz: 2c6e454846927acd7f2456b7b9653f356ac96d3a196b7299ca348c5bcb9f4853a802154da2548bfc86bc65ec3088abcabb16ea1ab37dc7cc0285cfae0c938a9c
+  metadata.gz: 00060df4350aad1ed5a402e24562a4e774ef43fcba0cf501286e8d8f25a6d3d35a15b7c3f61541adb316b213fea64bab41ab3dea2a53eebaf9a84f427ea11a5e
+  data.tar.gz: 9bdfc6dae8d63c6831611514e02c5108a5f3e417a2409f0e859a1c5262eb0d2939a476d4b70f8582c70bf5f6084e3f84301e9c9cbe7441691aa2b0e076dfc783

data/.github/workflows/main.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2"]
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
     name: Ruby ${{ matrix.ruby }}
 
     steps:

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+# Unreleased
+
+# v0.7.1 (26.04.2023)
+
+- Fix handling of JWKS response (https://github.com/omniauth/omniauth_openid_connect/pull/157)
+
+# v0.7.0 (25.04.2023)
+
+- Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
+- Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
+- Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
+- Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
+
 # v0.6.1 (22.02.2023)
 
 - Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)

data/README.md

@@ -23,26 +23,49 @@ Or install it yourself as:
 
 ## Supported Ruby Versions
 
-OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
+OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
 
 ## Usage
 
 Example configuration
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :openid_connect, {
+    name: :my_provider,
+    scope: [:openid, :email, :profile, :address],
+    response_type: :code,
+    uid_field: "preferred_username",
+    client_options: {
+      port: 443,
+      scheme: "https",
+      host: "myprovider.com",
+      identifier: ENV["OP_CLIENT_ID"],
+      secret: ENV["OP_SECRET_KEY"],
+      redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
+    },
+  }
+end
+```
+
+### with Devise
 ```ruby
-config.omniauth :openid_connect, {
-  name: :my_provider,
-  scope: [:openid, :email, :profile, :address],
-  response_type: :code,
-  uid_field: "preferred_username",
-  client_options: {
-    port: 443,
-    scheme: "https",
-    host: "myprovider.com",
-    identifier: ENV["OP_CLIENT_ID"],
-    secret: ENV["OP_SECRET_KEY"],
-    redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
-  },
-}
+Devise.setup do |config|
+  config.omniauth :openid_connect, {
+    name: :my_provider,
+    scope: [:openid, :email, :profile, :address],
+    response_type: :code,
+    uid_field: "preferred_username",
+    client_options: {
+      port: 443,
+      scheme: "https",
+      host: "myprovider.com",
+      identifier: ENV["OP_CLIENT_ID"],
+      secret: ENV["OP_SECRET_KEY"],
+      redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
+    },
+  }
+end
 ```
 
 ### Options Overview
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
 | pkce_options                 | Specify a custom implementation of the PKCE code challenge/method.                                                                                            | no       | SHA256(code_challenge) in hex | Proc to customise the code challenge generation     |
 | client_options               | A hash of client options detailed in its own section                                                                                                          | yes      |                               |                                                     |
 | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
+| logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
 
 ### Client Config Options
 
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
 
 ## Contributing
 
-1. Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
+1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
 4. Commit your changes (`git commit -am 'Add some feature'`)

data/lib/omniauth/openid_connect/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module OpenIDConnect
-    VERSION = '0.6.1'
+    VERSION = '0.7.1'
   end
 end

data/lib/omniauth/strategies/openid_connect.rb

@@ -68,6 +68,8 @@ module OmniAuth
         code_challenge_method: 'S256',
       }
 
+      option :logout_path, '/logout'
+
       def uid
         user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
       end
@@ -226,7 +228,7 @@ module OmniAuth
       private
 
       def fetch_key
-        @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
+        @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
       end
 
       def base64_decoded_jwt_secret
@@ -402,7 +404,7 @@ module OmniAuth
       end
 
       def parse_jwk_key(key)
-        json = JSON.parse(key)
+        json = key.is_a?(String) ? JSON.parse(key) : key
         return JSON::JWK::Set.new(json['keys']) if json.key?('keys')
 
         JSON::JWK.new(json)
@@ -432,7 +434,7 @@ module OmniAuth
       end
 
       def logout_path_pattern
-        @logout_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/logout)}
+        @logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
       end
 
       def id_token_callback_phase

data/omniauth_openid_connect.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   }
 
   spec.add_dependency 'omniauth', '>= 1.9', '< 3'
-  spec.add_dependency 'openid_connect', '~> 1.1'
+  spec.add_dependency 'openid_connect', '~> 2.2'
   spec.add_development_dependency 'faker', '~> 2.0'
   spec.add_development_dependency 'guard', '~> 2.14'
   spec.add_development_dependency 'guard-bundler', '~> 2.2'
@@ -39,4 +39,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rubocop', '~> 1.12'
   spec.add_development_dependency 'simplecov', '~> 0.21'
   spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
+  spec.add_development_dependency 'webmock', '~> 3.18'
 end

data/test/lib/omniauth/strategies/openid_connect_test.rb

@@ -69,6 +69,17 @@ module OmniAuth
         strategy.other_phase
       end
 
+      def test_logout_phase_with_logout_path
+        strategy.options.issuer = 'example.com'
+        strategy.options.client_options.host = 'example.com'
+        strategy.options.logout_path = '/sign_out'
+
+        request.stubs(:path).returns('/auth/openid_connect/sign_out')
+
+        strategy.expects(:call_app!)
+        strategy.other_phase
+      end
+
       def test_logout_phase
         strategy.options.issuer = 'example.com'
         strategy.options.client_options.host = 'example.com'
@@ -509,10 +520,10 @@ module OmniAuth
         strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
         strategy.options.response_type = 'id_token'
 
-        HTTPClient
-          .any_instance.stubs(:get_content)
-          .with(strategy.options.client_options.jwks_uri)
-          .returns(jwks.to_json)
+        stub_request(:get, strategy.options.client_options.jwks_uri).to_return(
+          body: jwks.to_json,
+          headers: { 'Content-Type' => 'application/json' }
+        )
 
         strategy.unstub(:user_info)
         access_token = stub('OpenIDConnect::AccessToken')
@@ -788,8 +799,7 @@ module OmniAuth
           access_token: 'test_access_token',
           id_token: jwt.to_s,
           token_type: 'Bearer',
-        }.to_json
-        success = Struct.new(:status, :body).new(200, json_response)
+        }
 
         request.stubs(:path).returns('')
         strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -798,11 +808,13 @@ module OmniAuth
         id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
         ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
 
-        HTTPClient.any_instance.stubs(:post).with(
-          "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
-          { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret },
-          {}
-        ).returns(success)
+        url = "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }"
+        body = { scope: 'openid', grant_type: 'client_credentials', client_id: @identifier, client_secret: @secret }
+
+        stub_request(:post, url).with(body: body).to_return(
+          body: json_response.to_json,
+          headers: { 'Content-Type' => 'application/json' }
+        )
 
         assert(strategy.send(:access_token))
       end

data/test/test_helper.rb

@@ -5,6 +5,7 @@ require 'minitest/autorun'
 require 'mocha/minitest'
 require 'faker'
 require 'active_support'
+require 'webmock/minitest'
 
 SimpleCov.start do
   if ENV['CI']

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth_openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.1
 platform: ruby
 authors:
 - John Bohn
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-02-23 00:00:00.000000000 Z
+date: 2023-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth
@@ -37,14 +37,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: faker
   requirement: !ruby/object:Gem::Requirement
@@ -185,6 +185,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
 description: OpenID Connect Strategy for OmniAuth.
 email:
 - jjbohn@gmail.com
@@ -219,8 +233,8 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
   changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
-  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1#readme
-  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1
+  documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1#readme
+  source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -237,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.7
+rubygems_version: 3.4.12
 signing_key:
 specification_version: 4
 summary: OpenID Connect Strategy for OmniAuth