omniauth_openid_connect 0.6.1 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 446a75e37d0a98638c32b054b7e4e1443b54c8d067025381ca340e2a80d5db05
4
- data.tar.gz: fe1895242ce7bd7d1910d9db085678cc5cadc9757b62a7660a232462105d21fe
3
+ metadata.gz: 4c2be6aafa448af62c29c2183954e27a374018d270ac09137b04eb6b5e0aaeba
4
+ data.tar.gz: 3254e1780018a43ee507d7a43ad310dcbec9abe4c0de20ba7e93f78f22c61067
5
5
  SHA512:
6
- metadata.gz: c102811330e2e73ea3a76940c4c275799ef01b8b4640a3e49203a9febec8ecdcb16d9f2a48d2df67deb402f65914842964b656e82c71e1676108db7d54577252
7
- data.tar.gz: 2c6e454846927acd7f2456b7b9653f356ac96d3a196b7299ca348c5bcb9f4853a802154da2548bfc86bc65ec3088abcabb16ea1ab37dc7cc0285cfae0c938a9c
6
+ metadata.gz: 00060df4350aad1ed5a402e24562a4e774ef43fcba0cf501286e8d8f25a6d3d35a15b7c3f61541adb316b213fea64bab41ab3dea2a53eebaf9a84f427ea11a5e
7
+ data.tar.gz: 9bdfc6dae8d63c6831611514e02c5108a5f3e417a2409f0e859a1c5262eb0d2939a476d4b70f8582c70bf5f6084e3f84301e9c9cbe7441691aa2b0e076dfc783
@@ -14,7 +14,7 @@ jobs:
14
14
  strategy:
15
15
  fail-fast: false
16
16
  matrix:
17
- ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2"]
17
+ ruby: ["2.7", "3.0", "3.1", "3.2"]
18
18
  name: Ruby ${{ matrix.ruby }}
19
19
 
20
20
  steps:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ # Unreleased
2
+
3
+ # v0.7.1 (26.04.2023)
4
+
5
+ - Fix handling of JWKS response (https://github.com/omniauth/omniauth_openid_connect/pull/157)
6
+
7
+ # v0.7.0 (25.04.2023)
8
+
9
+ - Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
10
+ - Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
11
+ - Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
12
+ - Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
13
+
1
14
  # v0.6.1 (22.02.2023)
2
15
 
3
16
  - Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
data/README.md CHANGED
@@ -23,26 +23,49 @@ Or install it yourself as:
23
23
 
24
24
  ## Supported Ruby Versions
25
25
 
26
- OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
26
+ OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
27
27
 
28
28
  ## Usage
29
29
 
30
30
  Example configuration
31
+
32
+ ```ruby
33
+ Rails.application.config.middleware.use OmniAuth::Builder do
34
+ provider :openid_connect, {
35
+ name: :my_provider,
36
+ scope: [:openid, :email, :profile, :address],
37
+ response_type: :code,
38
+ uid_field: "preferred_username",
39
+ client_options: {
40
+ port: 443,
41
+ scheme: "https",
42
+ host: "myprovider.com",
43
+ identifier: ENV["OP_CLIENT_ID"],
44
+ secret: ENV["OP_SECRET_KEY"],
45
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
46
+ },
47
+ }
48
+ end
49
+ ```
50
+
51
+ ### with Devise
31
52
  ```ruby
32
- config.omniauth :openid_connect, {
33
- name: :my_provider,
34
- scope: [:openid, :email, :profile, :address],
35
- response_type: :code,
36
- uid_field: "preferred_username",
37
- client_options: {
38
- port: 443,
39
- scheme: "https",
40
- host: "myprovider.com",
41
- identifier: ENV["OP_CLIENT_ID"],
42
- secret: ENV["OP_SECRET_KEY"],
43
- redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
44
- },
45
- }
53
+ Devise.setup do |config|
54
+ config.omniauth :openid_connect, {
55
+ name: :my_provider,
56
+ scope: [:openid, :email, :profile, :address],
57
+ response_type: :code,
58
+ uid_field: "preferred_username",
59
+ client_options: {
60
+ port: 443,
61
+ scheme: "https",
62
+ host: "myprovider.com",
63
+ identifier: ENV["OP_CLIENT_ID"],
64
+ secret: ENV["OP_SECRET_KEY"],
65
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
66
+ },
67
+ }
68
+ end
46
69
  ```
47
70
 
48
71
  ### Options Overview
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
70
93
  | pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
71
94
  | client_options | A hash of client options detailed in its own section | yes | | |
72
95
  | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
96
+ | logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
73
97
 
74
98
  ### Client Config Options
75
99
 
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
131
155
 
132
156
  ## Contributing
133
157
 
134
- 1. Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
158
+ 1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
135
159
  2. Create your feature branch (`git checkout -b my-new-feature`)
136
160
  3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
137
161
  4. Commit your changes (`git commit -am 'Add some feature'`)
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module OpenIDConnect
5
- VERSION = '0.6.1'
5
+ VERSION = '0.7.1'
6
6
  end
7
7
  end
@@ -68,6 +68,8 @@ module OmniAuth
68
68
  code_challenge_method: 'S256',
69
69
  }
70
70
 
71
+ option :logout_path, '/logout'
72
+
71
73
  def uid
72
74
  user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
73
75
  end
@@ -226,7 +228,7 @@ module OmniAuth
226
228
  private
227
229
 
228
230
  def fetch_key
229
- @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
231
+ @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
230
232
  end
231
233
 
232
234
  def base64_decoded_jwt_secret
@@ -402,7 +404,7 @@ module OmniAuth
402
404
  end
403
405
 
404
406
  def parse_jwk_key(key)
405
- json = JSON.parse(key)
407
+ json = key.is_a?(String) ? JSON.parse(key) : key
406
408
  return JSON::JWK::Set.new(json['keys']) if json.key?('keys')
407
409
 
408
410
  JSON::JWK.new(json)
@@ -432,7 +434,7 @@ module OmniAuth
432
434
  end
433
435
 
434
436
  def logout_path_pattern
435
- @logout_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/logout)}
437
+ @logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
436
438
  end
437
439
 
438
440
  def id_token_callback_phase
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
28
28
  }
29
29
 
30
30
  spec.add_dependency 'omniauth', '>= 1.9', '< 3'
31
- spec.add_dependency 'openid_connect', '~> 1.1'
31
+ spec.add_dependency 'openid_connect', '~> 2.2'
32
32
  spec.add_development_dependency 'faker', '~> 2.0'
33
33
  spec.add_development_dependency 'guard', '~> 2.14'
34
34
  spec.add_development_dependency 'guard-bundler', '~> 2.2'
@@ -39,4 +39,5 @@ Gem::Specification.new do |spec|
39
39
  spec.add_development_dependency 'rubocop', '~> 1.12'
40
40
  spec.add_development_dependency 'simplecov', '~> 0.21'
41
41
  spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
42
+ spec.add_development_dependency 'webmock', '~> 3.18'
42
43
  end
@@ -69,6 +69,17 @@ module OmniAuth
69
69
  strategy.other_phase
70
70
  end
71
71
 
72
+ def test_logout_phase_with_logout_path
73
+ strategy.options.issuer = 'example.com'
74
+ strategy.options.client_options.host = 'example.com'
75
+ strategy.options.logout_path = '/sign_out'
76
+
77
+ request.stubs(:path).returns('/auth/openid_connect/sign_out')
78
+
79
+ strategy.expects(:call_app!)
80
+ strategy.other_phase
81
+ end
82
+
72
83
  def test_logout_phase
73
84
  strategy.options.issuer = 'example.com'
74
85
  strategy.options.client_options.host = 'example.com'
@@ -509,10 +520,10 @@ module OmniAuth
509
520
  strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
510
521
  strategy.options.response_type = 'id_token'
511
522
 
512
- HTTPClient
513
- .any_instance.stubs(:get_content)
514
- .with(strategy.options.client_options.jwks_uri)
515
- .returns(jwks.to_json)
523
+ stub_request(:get, strategy.options.client_options.jwks_uri).to_return(
524
+ body: jwks.to_json,
525
+ headers: { 'Content-Type' => 'application/json' }
526
+ )
516
527
 
517
528
  strategy.unstub(:user_info)
518
529
  access_token = stub('OpenIDConnect::AccessToken')
@@ -788,8 +799,7 @@ module OmniAuth
788
799
  access_token: 'test_access_token',
789
800
  id_token: jwt.to_s,
790
801
  token_type: 'Bearer',
791
- }.to_json
792
- success = Struct.new(:status, :body).new(200, json_response)
802
+ }
793
803
 
794
804
  request.stubs(:path).returns('')
795
805
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -798,11 +808,13 @@ module OmniAuth
798
808
  id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
799
809
  ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
800
810
 
801
- HTTPClient.any_instance.stubs(:post).with(
802
- "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
803
- { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret },
804
- {}
805
- ).returns(success)
811
+ url = "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }"
812
+ body = { scope: 'openid', grant_type: 'client_credentials', client_id: @identifier, client_secret: @secret }
813
+
814
+ stub_request(:post, url).with(body: body).to_return(
815
+ body: json_response.to_json,
816
+ headers: { 'Content-Type' => 'application/json' }
817
+ )
806
818
 
807
819
  assert(strategy.send(:access_token))
808
820
  end
data/test/test_helper.rb CHANGED
@@ -5,6 +5,7 @@ require 'minitest/autorun'
5
5
  require 'mocha/minitest'
6
6
  require 'faker'
7
7
  require 'active_support'
8
+ require 'webmock/minitest'
8
9
 
9
10
  SimpleCov.start do
10
11
  if ENV['CI']
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Bohn
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-02-23 00:00:00.000000000 Z
12
+ date: 2023-04-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -37,14 +37,14 @@ dependencies:
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.1'
40
+ version: '2.2'
41
41
  type: :runtime
42
42
  prerelease: false
43
43
  version_requirements: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '1.1'
47
+ version: '2.2'
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: faker
50
50
  requirement: !ruby/object:Gem::Requirement
@@ -185,6 +185,20 @@ dependencies:
185
185
  - - "~>"
186
186
  - !ruby/object:Gem::Version
187
187
  version: '0.8'
188
+ - !ruby/object:Gem::Dependency
189
+ name: webmock
190
+ requirement: !ruby/object:Gem::Requirement
191
+ requirements:
192
+ - - "~>"
193
+ - !ruby/object:Gem::Version
194
+ version: '3.18'
195
+ type: :development
196
+ prerelease: false
197
+ version_requirements: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: '3.18'
188
202
  description: OpenID Connect Strategy for OmniAuth.
189
203
  email:
190
204
  - jjbohn@gmail.com
@@ -219,8 +233,8 @@ licenses:
219
233
  metadata:
220
234
  bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
221
235
  changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
222
- documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1#readme
223
- source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1
236
+ documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1#readme
237
+ source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.1
224
238
  rubygems_mfa_required: 'true'
225
239
  post_install_message:
226
240
  rdoc_options: []
@@ -237,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
237
251
  - !ruby/object:Gem::Version
238
252
  version: '0'
239
253
  requirements: []
240
- rubygems_version: 3.4.7
254
+ rubygems_version: 3.4.12
241
255
  signing_key:
242
256
  specification_version: 4
243
257
  summary: OpenID Connect Strategy for OmniAuth