omniauth_openid_connect 0.6.1 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +1 -1
- data/CHANGELOG.md +13 -0
- data/README.md +40 -16
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +5 -3
- data/omniauth_openid_connect.gemspec +2 -1
- data/test/lib/omniauth/strategies/openid_connect_test.rb +23 -11
- data/test/test_helper.rb +1 -0
- metadata +21 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4c2be6aafa448af62c29c2183954e27a374018d270ac09137b04eb6b5e0aaeba
|
4
|
+
data.tar.gz: 3254e1780018a43ee507d7a43ad310dcbec9abe4c0de20ba7e93f78f22c61067
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 00060df4350aad1ed5a402e24562a4e774ef43fcba0cf501286e8d8f25a6d3d35a15b7c3f61541adb316b213fea64bab41ab3dea2a53eebaf9a84f427ea11a5e
|
7
|
+
data.tar.gz: 9bdfc6dae8d63c6831611514e02c5108a5f3e417a2409f0e859a1c5262eb0d2939a476d4b70f8582c70bf5f6084e3f84301e9c9cbe7441691aa2b0e076dfc783
|
data/.github/workflows/main.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
# Unreleased
|
2
|
+
|
3
|
+
# v0.7.1 (26.04.2023)
|
4
|
+
|
5
|
+
- Fix handling of JWKS response (https://github.com/omniauth/omniauth_openid_connect/pull/157)
|
6
|
+
|
7
|
+
# v0.7.0 (25.04.2023)
|
8
|
+
|
9
|
+
- Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
|
10
|
+
- Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
|
11
|
+
- Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
|
12
|
+
- Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
|
13
|
+
|
1
14
|
# v0.6.1 (22.02.2023)
|
2
15
|
|
3
16
|
- Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
|
data/README.md
CHANGED
@@ -23,26 +23,49 @@ Or install it yourself as:
|
|
23
23
|
|
24
24
|
## Supported Ruby Versions
|
25
25
|
|
26
|
-
OmniAuth::OpenIDConnect is tested under 2.
|
26
|
+
OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
|
27
27
|
|
28
28
|
## Usage
|
29
29
|
|
30
30
|
Example configuration
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
34
|
+
provider :openid_connect, {
|
35
|
+
name: :my_provider,
|
36
|
+
scope: [:openid, :email, :profile, :address],
|
37
|
+
response_type: :code,
|
38
|
+
uid_field: "preferred_username",
|
39
|
+
client_options: {
|
40
|
+
port: 443,
|
41
|
+
scheme: "https",
|
42
|
+
host: "myprovider.com",
|
43
|
+
identifier: ENV["OP_CLIENT_ID"],
|
44
|
+
secret: ENV["OP_SECRET_KEY"],
|
45
|
+
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
|
46
|
+
},
|
47
|
+
}
|
48
|
+
end
|
49
|
+
```
|
50
|
+
|
51
|
+
### with Devise
|
31
52
|
```ruby
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
}
|
53
|
+
Devise.setup do |config|
|
54
|
+
config.omniauth :openid_connect, {
|
55
|
+
name: :my_provider,
|
56
|
+
scope: [:openid, :email, :profile, :address],
|
57
|
+
response_type: :code,
|
58
|
+
uid_field: "preferred_username",
|
59
|
+
client_options: {
|
60
|
+
port: 443,
|
61
|
+
scheme: "https",
|
62
|
+
host: "myprovider.com",
|
63
|
+
identifier: ENV["OP_CLIENT_ID"],
|
64
|
+
secret: ENV["OP_SECRET_KEY"],
|
65
|
+
redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
|
66
|
+
},
|
67
|
+
}
|
68
|
+
end
|
46
69
|
```
|
47
70
|
|
48
71
|
### Options Overview
|
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
|
|
70
93
|
| pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
|
71
94
|
| client_options | A hash of client options detailed in its own section | yes | | |
|
72
95
|
| jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
|
96
|
+
| logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
|
73
97
|
|
74
98
|
### Client Config Options
|
75
99
|
|
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
|
|
131
155
|
|
132
156
|
## Contributing
|
133
157
|
|
134
|
-
1. Fork it ( http://github.com/
|
158
|
+
1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
|
135
159
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
136
160
|
3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
|
137
161
|
4. Commit your changes (`git commit -am 'Add some feature'`)
|
@@ -68,6 +68,8 @@ module OmniAuth
|
|
68
68
|
code_challenge_method: 'S256',
|
69
69
|
}
|
70
70
|
|
71
|
+
option :logout_path, '/logout'
|
72
|
+
|
71
73
|
def uid
|
72
74
|
user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
|
73
75
|
end
|
@@ -226,7 +228,7 @@ module OmniAuth
|
|
226
228
|
private
|
227
229
|
|
228
230
|
def fetch_key
|
229
|
-
@fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.
|
231
|
+
@fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
|
230
232
|
end
|
231
233
|
|
232
234
|
def base64_decoded_jwt_secret
|
@@ -402,7 +404,7 @@ module OmniAuth
|
|
402
404
|
end
|
403
405
|
|
404
406
|
def parse_jwk_key(key)
|
405
|
-
json = JSON.parse(key)
|
407
|
+
json = key.is_a?(String) ? JSON.parse(key) : key
|
406
408
|
return JSON::JWK::Set.new(json['keys']) if json.key?('keys')
|
407
409
|
|
408
410
|
JSON::JWK.new(json)
|
@@ -432,7 +434,7 @@ module OmniAuth
|
|
432
434
|
end
|
433
435
|
|
434
436
|
def logout_path_pattern
|
435
|
-
@logout_path_pattern ||=
|
437
|
+
@logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
|
436
438
|
end
|
437
439
|
|
438
440
|
def id_token_callback_phase
|
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
28
28
|
}
|
29
29
|
|
30
30
|
spec.add_dependency 'omniauth', '>= 1.9', '< 3'
|
31
|
-
spec.add_dependency 'openid_connect', '~>
|
31
|
+
spec.add_dependency 'openid_connect', '~> 2.2'
|
32
32
|
spec.add_development_dependency 'faker', '~> 2.0'
|
33
33
|
spec.add_development_dependency 'guard', '~> 2.14'
|
34
34
|
spec.add_development_dependency 'guard-bundler', '~> 2.2'
|
@@ -39,4 +39,5 @@ Gem::Specification.new do |spec|
|
|
39
39
|
spec.add_development_dependency 'rubocop', '~> 1.12'
|
40
40
|
spec.add_development_dependency 'simplecov', '~> 0.21'
|
41
41
|
spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
|
42
|
+
spec.add_development_dependency 'webmock', '~> 3.18'
|
42
43
|
end
|
@@ -69,6 +69,17 @@ module OmniAuth
|
|
69
69
|
strategy.other_phase
|
70
70
|
end
|
71
71
|
|
72
|
+
def test_logout_phase_with_logout_path
|
73
|
+
strategy.options.issuer = 'example.com'
|
74
|
+
strategy.options.client_options.host = 'example.com'
|
75
|
+
strategy.options.logout_path = '/sign_out'
|
76
|
+
|
77
|
+
request.stubs(:path).returns('/auth/openid_connect/sign_out')
|
78
|
+
|
79
|
+
strategy.expects(:call_app!)
|
80
|
+
strategy.other_phase
|
81
|
+
end
|
82
|
+
|
72
83
|
def test_logout_phase
|
73
84
|
strategy.options.issuer = 'example.com'
|
74
85
|
strategy.options.client_options.host = 'example.com'
|
@@ -509,10 +520,10 @@ module OmniAuth
|
|
509
520
|
strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
|
510
521
|
strategy.options.response_type = 'id_token'
|
511
522
|
|
512
|
-
|
513
|
-
.
|
514
|
-
|
515
|
-
|
523
|
+
stub_request(:get, strategy.options.client_options.jwks_uri).to_return(
|
524
|
+
body: jwks.to_json,
|
525
|
+
headers: { 'Content-Type' => 'application/json' }
|
526
|
+
)
|
516
527
|
|
517
528
|
strategy.unstub(:user_info)
|
518
529
|
access_token = stub('OpenIDConnect::AccessToken')
|
@@ -788,8 +799,7 @@ module OmniAuth
|
|
788
799
|
access_token: 'test_access_token',
|
789
800
|
id_token: jwt.to_s,
|
790
801
|
token_type: 'Bearer',
|
791
|
-
}
|
792
|
-
success = Struct.new(:status, :body).new(200, json_response)
|
802
|
+
}
|
793
803
|
|
794
804
|
request.stubs(:path).returns('')
|
795
805
|
strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
|
@@ -798,11 +808,13 @@ module OmniAuth
|
|
798
808
|
id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
|
799
809
|
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
800
810
|
|
801
|
-
|
802
|
-
|
803
|
-
|
804
|
-
|
805
|
-
|
811
|
+
url = "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }"
|
812
|
+
body = { scope: 'openid', grant_type: 'client_credentials', client_id: @identifier, client_secret: @secret }
|
813
|
+
|
814
|
+
stub_request(:post, url).with(body: body).to_return(
|
815
|
+
body: json_response.to_json,
|
816
|
+
headers: { 'Content-Type' => 'application/json' }
|
817
|
+
)
|
806
818
|
|
807
819
|
assert(strategy.send(:access_token))
|
808
820
|
end
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth_openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- John Bohn
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-
|
12
|
+
date: 2023-04-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth
|
@@ -37,14 +37,14 @@ dependencies:
|
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '2.2'
|
41
41
|
type: :runtime
|
42
42
|
prerelease: false
|
43
43
|
version_requirements: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '2.2'
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: faker
|
50
50
|
requirement: !ruby/object:Gem::Requirement
|
@@ -185,6 +185,20 @@ dependencies:
|
|
185
185
|
- - "~>"
|
186
186
|
- !ruby/object:Gem::Version
|
187
187
|
version: '0.8'
|
188
|
+
- !ruby/object:Gem::Dependency
|
189
|
+
name: webmock
|
190
|
+
requirement: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - "~>"
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '3.18'
|
195
|
+
type: :development
|
196
|
+
prerelease: false
|
197
|
+
version_requirements: !ruby/object:Gem::Requirement
|
198
|
+
requirements:
|
199
|
+
- - "~>"
|
200
|
+
- !ruby/object:Gem::Version
|
201
|
+
version: '3.18'
|
188
202
|
description: OpenID Connect Strategy for OmniAuth.
|
189
203
|
email:
|
190
204
|
- jjbohn@gmail.com
|
@@ -219,8 +233,8 @@ licenses:
|
|
219
233
|
metadata:
|
220
234
|
bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
|
221
235
|
changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
|
222
|
-
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
223
|
-
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.
|
236
|
+
documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1#readme
|
237
|
+
source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1
|
224
238
|
rubygems_mfa_required: 'true'
|
225
239
|
post_install_message:
|
226
240
|
rdoc_options: []
|
@@ -237,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
237
251
|
- !ruby/object:Gem::Version
|
238
252
|
version: '0'
|
239
253
|
requirements: []
|
240
|
-
rubygems_version: 3.4.
|
254
|
+
rubygems_version: 3.4.12
|
241
255
|
signing_key:
|
242
256
|
specification_version: 4
|
243
257
|
summary: OpenID Connect Strategy for OmniAuth
|