omniauth_openid_connect 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/main.yml +1 -1
- data/CHANGELOG.md +20 -12
- data/README.md +26 -24
- data/lib/omniauth/openid_connect/version.rb +1 -1
- data/lib/omniauth/strategies/openid_connect.rb +10 -4
- data/omniauth_openid_connect.gemspec +8 -7
- data/test/lib/omniauth/strategies/openid_connect_test.rb +55 -21
- data/test/strategy_test_case.rb +1 -1
- data/test/test_helper.rb +1 -0
- metadata +26 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a88d5af43ae7fa7338b12da92488397a3d9ea250b9bdc7f285f5621f9571b609
|
|
4
|
+
data.tar.gz: baa1254704b191df4aebc92a78c0733585e43ae85a4f50506571e27854a2f561
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7689fc4611d597687bf25f8ad7c3b54f8b9dd1955f4940bd126ebbcfb6bb1203d1774828cd6f6f9fcd922e82d0ddbe4de97025eeb4d883236323b78e57aacf1d
|
|
7
|
+
data.tar.gz: 42c6116449d17622dfc8b98d81ec315b1ee7b5c741e7f160884845413e3d2bc3aa99bf1cbf34d97c9066e0673670128b81ccea873b41e8ce559b4dbfe863e851
|
data/.github/workflows/main.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,21 +1,29 @@
|
|
|
1
1
|
# Unreleased
|
|
2
2
|
|
|
3
|
-
# v0.
|
|
3
|
+
# v0.8.0 (2024-07-04)
|
|
4
|
+
|
|
5
|
+
- Add `send_state` parameter to disable sending of state (https://github.com/omniauth/omniauth_openid_connect/pull/182)
|
|
6
|
+
|
|
7
|
+
# v0.7.1 (2023-04-26)
|
|
8
|
+
|
|
9
|
+
- Fix handling of JWKS response (https://github.com/omniauth/omniauth_openid_connect/pull/157)
|
|
10
|
+
|
|
11
|
+
# v0.7.0 (2023-04-25)
|
|
4
12
|
|
|
5
13
|
- Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
|
|
6
14
|
- Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
|
|
7
15
|
- Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
|
|
8
16
|
- Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
|
|
9
17
|
|
|
10
|
-
# v0.6.1 (22
|
|
18
|
+
# v0.6.1 (2023-02-22)
|
|
11
19
|
|
|
12
20
|
- Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
|
|
13
21
|
|
|
14
|
-
# v0.6.0 (
|
|
22
|
+
# v0.6.0 (2023-01-22)
|
|
15
23
|
|
|
16
24
|
- Support verification of HS256-signed JWTs (https://github.com/omniauth/omniauth_openid_connect/pull/134)
|
|
17
25
|
|
|
18
|
-
# v0.5.0 (26
|
|
26
|
+
# v0.5.0 (2022-12-26)
|
|
19
27
|
|
|
20
28
|
- Support the "nonce" parameter forwarding without a session [#130](https://github.com/omniauth/omniauth_openid_connect/pull/130)
|
|
21
29
|
- Fetch key from JWKS URI if available [#133](https://github.com/omniauth/omniauth_openid_connect/pull/133)
|
|
@@ -23,7 +31,7 @@
|
|
|
23
31
|
- Add email_verified claim in user info [#131](https://github.com/omniauth/omniauth_openid_connect/pull/131)
|
|
24
32
|
- Add PKCE verification support [#128](https://github.com/omniauth/omniauth_openid_connect/pull/128)
|
|
25
33
|
|
|
26
|
-
# v0.4.0 (06
|
|
34
|
+
# v0.4.0 (2022-02-06)
|
|
27
35
|
|
|
28
36
|
- Support dynamic parameters to the authorize URI [#90](https://github.com/omniauth/omniauth_openid_connect/pull/90)
|
|
29
37
|
- Upgrade Faker and replace Travis with Github Actions [#102](https://github.com/omniauth/omniauth_openid_connect/pull/102)
|
|
@@ -31,12 +39,12 @@
|
|
|
31
39
|
- Fall back to the discovered jwks when no key specified [#97](https://github.com/omniauth/omniauth_openid_connect/pull/97)
|
|
32
40
|
- Allow updating to omniauth v2 [#88](https://github.com/omniauth/omniauth_openid_connect/pull/88)
|
|
33
41
|
|
|
34
|
-
# v0.3.5 (07
|
|
42
|
+
# v0.3.5 (2020-06-07)
|
|
35
43
|
|
|
36
44
|
- bugfix: Info from decoded id_token is not exposed into `request.env['omniauth.auth']` [#61](https://github.com/m0n9oose/omniauth_openid_connect/pull/61)
|
|
37
45
|
- bugfix: NoMethodError (`undefined method 'count' for #<OpenIDConnect::ResponseObject::IdToken>`) [#60](https://github.com/m0n9oose/omniauth_openid_connect/pull/60)
|
|
38
46
|
|
|
39
|
-
# v0.3.4 (21
|
|
47
|
+
# v0.3.4 (2020-05-21)
|
|
40
48
|
|
|
41
49
|
- Try to verify id_token when response_type is code [#44](https://github.com/m0n9oose/omniauth_openid_connect/pull/44)
|
|
42
50
|
- Provide more information on error [#49](https://github.com/m0n9oose/omniauth_openid_connect/pull/49)
|
|
@@ -45,7 +53,7 @@
|
|
|
45
53
|
- refactor: take uid_field from raw_attributes [#54](https://github.com/m0n9oose/omniauth_openid_connect/pull/54)
|
|
46
54
|
- chore(ci): add 2.7, ruby-head and jruby-head [#55](https://github.com/m0n9oose/omniauth_openid_connect/pull/55)
|
|
47
55
|
|
|
48
|
-
# v0.3.3 (09
|
|
56
|
+
# v0.3.3 (2019-11-09)
|
|
49
57
|
|
|
50
58
|
- Pass `acr_values` to authorize url [#43](https://github.com/m0n9oose/omniauth_openid_connect/pull/43)
|
|
51
59
|
- Add raw info for id token [#42](https://github.com/m0n9oose/omniauth_openid_connect/pull/42)
|
|
@@ -55,17 +63,17 @@
|
|
|
55
63
|
- Fix gemspec homepage [#33](https://github.com/m0n9oose/omniauth_openid_connect/pull/33)
|
|
56
64
|
- Add support for `response_type` `id_token` [#32](https://github.com/m0n9oose/omniauth_openid_connect/pull/32)
|
|
57
65
|
|
|
58
|
-
# v0.3.2 (03
|
|
66
|
+
# v0.3.2 (2019-08-03)
|
|
59
67
|
|
|
60
68
|
- Use response_mode in `authorize_uri` if the option is defined [#30](https://github.com/m0n9oose/omniauth_openid_connect/pull/30)
|
|
61
69
|
- Move verification of `id_token` to before accessing tokens [#28](https://github.com/m0n9oose/omniauth_openid_connect/pull/28)
|
|
62
70
|
- Update omniauth dependency [#26](https://github.com/m0n9oose/omniauth_openid_connect/pull/26)
|
|
63
71
|
|
|
64
|
-
# v0.3.1 (08
|
|
72
|
+
# v0.3.1 (2019-06-08)
|
|
65
73
|
|
|
66
74
|
- Set default OmniAuth name to openid_connect [#23](https://github.com/m0n9oose/omniauth_openid_connect/pull/23)
|
|
67
75
|
|
|
68
|
-
# v0.3.0 (
|
|
76
|
+
# v0.3.0 (2019-04-07)
|
|
69
77
|
|
|
70
78
|
- RP-Initiated Logout phase [#5](https://github.com/m0n9oose/omniauth_openid_connect/pull/5)
|
|
71
79
|
- Allows `ui_locales`, `claims_locales` and `login_hint` as request params [#6](https://github.com/m0n9oose/omniauth_openid_connect/pull/6)
|
|
@@ -74,7 +82,7 @@
|
|
|
74
82
|
- Handle errors when fetching access_token at callback_phase [#17](https://github.com/m0n9oose/omniauth_openid_connect/pull/17)
|
|
75
83
|
- Allow state method to receive env [#19](https://github.com/m0n9oose/omniauth_openid_connect/pull/19)
|
|
76
84
|
|
|
77
|
-
# v0.2.4 (06
|
|
85
|
+
# v0.2.4 (2019-01-06)
|
|
78
86
|
|
|
79
87
|
- Prompt and login hint [#4](https://github.com/m0n9oose/omniauth_openid_connect/pull/4)
|
|
80
88
|
- Bump openid_connect dependency [#9](https://github.com/m0n9oose/omniauth_openid_connect/pull/9)
|
data/README.md
CHANGED
|
@@ -70,30 +70,32 @@ end
|
|
|
70
70
|
|
|
71
71
|
### Options Overview
|
|
72
72
|
|
|
73
|
-
| Field | Description
|
|
74
|
-
|
|
75
|
-
| name | Arbitrary string to identify connection and identify it from other openid_connect providers
|
|
76
|
-
| issuer | Root url for the authorization server
|
|
77
|
-
| discovery | Should OpenID discovery be used. This is recommended if the IDP provides a discovery endpoint. See client config for how to manually enter discovered values.
|
|
78
|
-
| client_auth_method | Which authentication method to use to authenticate your app with the authorization server
|
|
79
|
-
| scope | Which OpenID scopes to include (:openid is always required)
|
|
80
|
-
| response_type | Which OAuth2 response type to use with the authorization request
|
|
81
|
-
| state | A value to be used for the OAuth2 state parameter on the authorization request. Can be a proc that generates a string.
|
|
82
|
-
| require_state | Should state
|
|
83
|
-
|
|
|
84
|
-
|
|
|
85
|
-
|
|
|
86
|
-
|
|
|
87
|
-
|
|
|
88
|
-
|
|
|
89
|
-
|
|
|
90
|
-
|
|
|
91
|
-
|
|
|
92
|
-
|
|
|
93
|
-
|
|
|
94
|
-
|
|
|
95
|
-
|
|
|
96
|
-
|
|
|
73
|
+
| Field | Description | Required | Default | Example/Options |
|
|
74
|
+
|------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|-------------------------------|-----------------------------------------------------|
|
|
75
|
+
| name | Arbitrary string to identify connection and identify it from other openid_connect providers | no | String: openid_connect | :my_idp |
|
|
76
|
+
| issuer | Root url for the authorization server | yes | | https://myprovider.com |
|
|
77
|
+
| discovery | Should OpenID discovery be used. This is recommended if the IDP provides a discovery endpoint. See client config for how to manually enter discovered values. | no | false | one of: true, false |
|
|
78
|
+
| client_auth_method | Which authentication method to use to authenticate your app with the authorization server | no | Sym: basic | "basic", "jwks" |
|
|
79
|
+
| scope | Which OpenID scopes to include (:openid is always required) | no | Array<sym> [:openid] | [:openid, :profile, :email] |
|
|
80
|
+
| response_type | Which OAuth2 response type to use with the authorization request | no | String: code | one of: 'code', 'id_token' |
|
|
81
|
+
| state | A value to be used for the OAuth2 state parameter on the authorization request. Can be a proc that generates a string. | no | Random 16 character string | Proc.new { SecureRandom.hex(32) } |
|
|
82
|
+
| require_state | Should the callback phase require that a state is present. If `send_state` is true, then the callback state must match the authorize state. This is recommended, not required by the OIDC specification. | no | true | false |
|
|
83
|
+
| send_state | Should the authorize phase send a `state` parameter - this is recommended, not required by the OIDC specification | no | true | false |
|
|
84
|
+
| response_mode | The response mode per [spec](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html) | no | nil | one of: :query, :fragment, :form_post, :web_message |
|
|
85
|
+
| display | An optional parameter to the authorization request to determine how the authorization and consent page | no | nil | one of: :page, :popup, :touch, :wap |
|
|
86
|
+
| prompt | An optional parameter to the authrization request to determine what pages the user will be shown | no | nil | one of: :none, :login, :consent, :select_account |
|
|
87
|
+
| send_scope_to_token_endpoint | Should the scope parameter be sent to the authorization token endpoint? | no | true | one of: true, false |
|
|
88
|
+
| post_logout_redirect_uri | The logout redirect uri to use per the [session management draft](https://openid.net/specs/openid-connect-session-1_0.html) | no | empty | https://myapp.com/logout/callback |
|
|
89
|
+
| uid_field | The field of the user info response to be used as a unique id | no | 'sub' | "sub", "preferred_username" |
|
|
90
|
+
| extra_authorize_params | A hash of extra fixed parameters that will be merged to the authorization request | no | Hash | {"tenant" => "common"} |
|
|
91
|
+
| allow_authorize_params | A list of allowed dynamic parameters that will be merged to the authorization request | no | Array | [:screen_name] |
|
|
92
|
+
| pkce | Enable [PKCE flow](https://oauth.net/2/pkce/) | no | false | one of: true, false |
|
|
93
|
+
| pkce_verifier | Specify a custom PKCE verifier code. | no | A random 128-char string | Proc.new { SecureRandom.hex(64) } |
|
|
94
|
+
| pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
|
|
95
|
+
| client_options | A hash of client options detailed in its own section | yes | | |
|
|
96
|
+
| jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n" |
|
|
97
|
+
| logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out' |
|
|
98
|
+
| acr_values | Authentication Class Reference(ACR) values to be passed to the authorize_uri to enforce a specific level, see [RFC9470](https://www.rfc-editor.org/rfc/rfc9470.html) | no | nil | "c1 c2" |
|
|
97
99
|
|
|
98
100
|
### Client Config Options
|
|
99
101
|
|
|
@@ -42,6 +42,7 @@ module OmniAuth
|
|
|
42
42
|
option :client_x509_signing_key
|
|
43
43
|
option :scope, [:openid]
|
|
44
44
|
option :response_type, 'code' # ['code', 'id_token']
|
|
45
|
+
option :send_state, true
|
|
45
46
|
option :require_state, true
|
|
46
47
|
option :state
|
|
47
48
|
option :response_mode # [:query, :fragment, :form_post, :web_message]
|
|
@@ -120,7 +121,12 @@ module OmniAuth
|
|
|
120
121
|
def callback_phase
|
|
121
122
|
error = params['error_reason'] || params['error']
|
|
122
123
|
error_description = params['error_description'] || params['error_reason']
|
|
123
|
-
invalid_state =
|
|
124
|
+
invalid_state =
|
|
125
|
+
if options.send_state
|
|
126
|
+
(options.require_state && params['state'].to_s.empty?) || params['state'] != stored_state
|
|
127
|
+
else
|
|
128
|
+
false
|
|
129
|
+
end
|
|
124
130
|
|
|
125
131
|
raise CallbackError, error: params['error'], reason: error_description, uri: params['error_uri'] if error
|
|
126
132
|
raise CallbackError, error: :csrf_detected, reason: "Invalid 'state' parameter" if invalid_state
|
|
@@ -169,13 +175,12 @@ module OmniAuth
|
|
|
169
175
|
end_session_uri.to_s
|
|
170
176
|
end
|
|
171
177
|
|
|
172
|
-
def authorize_uri
|
|
178
|
+
def authorize_uri # rubocop:disable Metrics/AbcSize
|
|
173
179
|
client.redirect_uri = redirect_uri
|
|
174
180
|
opts = {
|
|
175
181
|
response_type: options.response_type,
|
|
176
182
|
response_mode: options.response_mode,
|
|
177
183
|
scope: options.scope,
|
|
178
|
-
state: new_state,
|
|
179
184
|
login_hint: params['login_hint'],
|
|
180
185
|
ui_locales: params['ui_locales'],
|
|
181
186
|
claims_locales: params['claims_locales'],
|
|
@@ -185,6 +190,7 @@ module OmniAuth
|
|
|
185
190
|
acr_values: options.acr_values,
|
|
186
191
|
}
|
|
187
192
|
|
|
193
|
+
opts[:state] = new_state if options.send_state
|
|
188
194
|
opts.merge!(options.extra_authorize_params) unless options.extra_authorize_params.empty?
|
|
189
195
|
|
|
190
196
|
options.allow_authorize_params.each do |key|
|
|
@@ -404,7 +410,7 @@ module OmniAuth
|
|
|
404
410
|
end
|
|
405
411
|
|
|
406
412
|
def parse_jwk_key(key)
|
|
407
|
-
json = JSON.parse(key)
|
|
413
|
+
json = key.is_a?(String) ? JSON.parse(key) : key
|
|
408
414
|
return JSON::JWK::Set.new(json['keys']) if json.key?('keys')
|
|
409
415
|
|
|
410
416
|
JSON::JWK.new(json)
|
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.email = ['jjbohn@gmail.com', 'm0n9oose@gmail.com']
|
|
12
12
|
spec.summary = 'OpenID Connect Strategy for OmniAuth'
|
|
13
13
|
spec.description = 'OpenID Connect Strategy for OmniAuth.'
|
|
14
|
-
spec.homepage = 'https://github.com/
|
|
14
|
+
spec.homepage = 'https://github.com/omniauth/omniauth_openid_connect'
|
|
15
15
|
spec.license = 'MIT'
|
|
16
16
|
|
|
17
17
|
spec.files = `git ls-files -z`.split("\x0")
|
|
@@ -20,10 +20,10 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.require_paths = ['lib']
|
|
21
21
|
|
|
22
22
|
spec.metadata = {
|
|
23
|
-
'bug_tracker_uri' => 'https://github.com/
|
|
24
|
-
'changelog_uri' => 'https://github.com/
|
|
25
|
-
'documentation_uri' => "https://github.com/
|
|
26
|
-
'source_code_uri' => "https://github.com/
|
|
23
|
+
'bug_tracker_uri' => 'https://github.com/omniauth/omniauth_openid_connect/issues',
|
|
24
|
+
'changelog_uri' => 'https://github.com/omniauth/omniauth_openid_connect/releases',
|
|
25
|
+
'documentation_uri' => "https://github.com/omniauth/omniauth_openid_connect/tree/v#{spec.version}#readme",
|
|
26
|
+
'source_code_uri' => "https://github.com/omniauth/omniauth_openid_connect/tree/v#{spec.version}",
|
|
27
27
|
'rubygems_mfa_required' => 'true',
|
|
28
28
|
}
|
|
29
29
|
|
|
@@ -33,10 +33,11 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.add_development_dependency 'guard', '~> 2.14'
|
|
34
34
|
spec.add_development_dependency 'guard-bundler', '~> 2.2'
|
|
35
35
|
spec.add_development_dependency 'guard-minitest', '~> 2.4'
|
|
36
|
-
spec.add_development_dependency 'minitest', '~> 5.
|
|
37
|
-
spec.add_development_dependency 'mocha', '~> 1
|
|
36
|
+
spec.add_development_dependency 'minitest', '~> 5.20'
|
|
37
|
+
spec.add_development_dependency 'mocha', '~> 2.1'
|
|
38
38
|
spec.add_development_dependency 'rake', '~> 12.0'
|
|
39
39
|
spec.add_development_dependency 'rubocop', '~> 1.12'
|
|
40
40
|
spec.add_development_dependency 'simplecov', '~> 0.21'
|
|
41
41
|
spec.add_development_dependency 'simplecov-lcov', '~> 0.8'
|
|
42
|
+
spec.add_development_dependency 'webmock', '~> 3.18'
|
|
42
43
|
end
|
|
@@ -453,6 +453,50 @@ module OmniAuth
|
|
|
453
453
|
strategy.callback_phase
|
|
454
454
|
end
|
|
455
455
|
|
|
456
|
+
def test_callback_phase_with_send_state_disabled # rubocop:disable Metrics/AbcSize
|
|
457
|
+
code = SecureRandom.hex(16)
|
|
458
|
+
|
|
459
|
+
strategy.options.client_options.host = 'example.com'
|
|
460
|
+
strategy.options.require_state = true
|
|
461
|
+
strategy.options.send_state = false
|
|
462
|
+
strategy.options.discovery = true
|
|
463
|
+
refute_match(/state/, strategy.authorize_uri, 'URI must not contain state')
|
|
464
|
+
|
|
465
|
+
request.stubs(:params).returns('code' => code)
|
|
466
|
+
request.stubs(:path).returns('')
|
|
467
|
+
|
|
468
|
+
issuer = stub('OpenIDConnect::Discovery::Issuer')
|
|
469
|
+
issuer.stubs(:issuer).returns('https://example.com/')
|
|
470
|
+
::OpenIDConnect::Discovery::Provider.stubs(:discover!).returns(issuer)
|
|
471
|
+
|
|
472
|
+
config = stub('OpenIDConnect::Discovery::Provder::Config')
|
|
473
|
+
config.stubs(:authorization_endpoint).returns('https://example.com/authorization')
|
|
474
|
+
config.stubs(:token_endpoint).returns('https://example.com/token')
|
|
475
|
+
config.stubs(:userinfo_endpoint).returns('https://example.com/userinfo')
|
|
476
|
+
config.stubs(:jwks_uri).returns('https://example.com/jwks')
|
|
477
|
+
config.stubs(:jwks).returns(JSON::JWK::Set.new(jwks['keys']))
|
|
478
|
+
|
|
479
|
+
::OpenIDConnect::Discovery::Provider::Config.stubs(:discover!).with('https://example.com/').returns(config)
|
|
480
|
+
|
|
481
|
+
id_token = stub('OpenIDConnect::ResponseObject::IdToken')
|
|
482
|
+
id_token.stubs(:raw_attributes).returns('sub' => 'sub', 'name' => 'name', 'email' => 'email')
|
|
483
|
+
id_token.stubs(:verify!).with(issuer: 'https://example.com/', client_id: @identifier, nonce: nonce).returns(true)
|
|
484
|
+
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
|
485
|
+
|
|
486
|
+
strategy.unstub(:user_info)
|
|
487
|
+
access_token = stub('OpenIDConnect::AccessToken')
|
|
488
|
+
access_token.stubs(:access_token)
|
|
489
|
+
access_token.stubs(:refresh_token)
|
|
490
|
+
access_token.stubs(:expires_in)
|
|
491
|
+
access_token.stubs(:scope)
|
|
492
|
+
access_token.stubs(:id_token).returns(jwt.to_s)
|
|
493
|
+
client.expects(:access_token!).at_least_once.returns(access_token)
|
|
494
|
+
access_token.expects(:userinfo!).returns(user_info)
|
|
495
|
+
|
|
496
|
+
strategy.call!('rack.session' => { 'omniauth.nonce' => nonce })
|
|
497
|
+
strategy.callback_phase
|
|
498
|
+
end
|
|
499
|
+
|
|
456
500
|
def test_callback_phase_with_no_state_without_state_verification # rubocop:disable Metrics/AbcSize
|
|
457
501
|
code = SecureRandom.hex(16)
|
|
458
502
|
|
|
@@ -520,14 +564,10 @@ module OmniAuth
|
|
|
520
564
|
strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
|
|
521
565
|
strategy.options.response_type = 'id_token'
|
|
522
566
|
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
stubs.get(strategy.options.client_options.jwks_uri) { [200, {}, jwks.to_json] }
|
|
528
|
-
end
|
|
529
|
-
end
|
|
530
|
-
)
|
|
567
|
+
stub_request(:get, strategy.options.client_options.jwks_uri).to_return(
|
|
568
|
+
body: jwks.to_json,
|
|
569
|
+
headers: { 'Content-Type' => 'application/json' }
|
|
570
|
+
)
|
|
531
571
|
|
|
532
572
|
strategy.unstub(:user_info)
|
|
533
573
|
access_token = stub('OpenIDConnect::AccessToken')
|
|
@@ -812,19 +852,13 @@ module OmniAuth
|
|
|
812
852
|
id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
|
|
813
853
|
::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
|
|
814
854
|
|
|
815
|
-
|
|
816
|
-
|
|
817
|
-
|
|
818
|
-
|
|
819
|
-
|
|
820
|
-
|
|
821
|
-
|
|
822
|
-
) do
|
|
823
|
-
[200, {}, json_response]
|
|
824
|
-
end
|
|
825
|
-
end
|
|
826
|
-
end
|
|
827
|
-
)
|
|
855
|
+
url = "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }"
|
|
856
|
+
body = { scope: 'openid', grant_type: 'client_credentials', client_id: @identifier, client_secret: @secret }
|
|
857
|
+
|
|
858
|
+
stub_request(:post, url).with(body: body).to_return(
|
|
859
|
+
body: json_response.to_json,
|
|
860
|
+
headers: { 'Content-Type' => 'application/json' }
|
|
861
|
+
)
|
|
828
862
|
|
|
829
863
|
assert(strategy.send(:access_token))
|
|
830
864
|
end
|
data/test/strategy_test_case.rb
CHANGED
data/test/test_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth_openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.8.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- John Bohn
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-07-04 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth
|
|
@@ -107,28 +107,28 @@ dependencies:
|
|
|
107
107
|
requirements:
|
|
108
108
|
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '5.
|
|
110
|
+
version: '5.20'
|
|
111
111
|
type: :development
|
|
112
112
|
prerelease: false
|
|
113
113
|
version_requirements: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
115
|
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: '5.
|
|
117
|
+
version: '5.20'
|
|
118
118
|
- !ruby/object:Gem::Dependency
|
|
119
119
|
name: mocha
|
|
120
120
|
requirement: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: '1
|
|
124
|
+
version: '2.1'
|
|
125
125
|
type: :development
|
|
126
126
|
prerelease: false
|
|
127
127
|
version_requirements: !ruby/object:Gem::Requirement
|
|
128
128
|
requirements:
|
|
129
129
|
- - "~>"
|
|
130
130
|
- !ruby/object:Gem::Version
|
|
131
|
-
version: '1
|
|
131
|
+
version: '2.1'
|
|
132
132
|
- !ruby/object:Gem::Dependency
|
|
133
133
|
name: rake
|
|
134
134
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -185,6 +185,20 @@ dependencies:
|
|
|
185
185
|
- - "~>"
|
|
186
186
|
- !ruby/object:Gem::Version
|
|
187
187
|
version: '0.8'
|
|
188
|
+
- !ruby/object:Gem::Dependency
|
|
189
|
+
name: webmock
|
|
190
|
+
requirement: !ruby/object:Gem::Requirement
|
|
191
|
+
requirements:
|
|
192
|
+
- - "~>"
|
|
193
|
+
- !ruby/object:Gem::Version
|
|
194
|
+
version: '3.18'
|
|
195
|
+
type: :development
|
|
196
|
+
prerelease: false
|
|
197
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
198
|
+
requirements:
|
|
199
|
+
- - "~>"
|
|
200
|
+
- !ruby/object:Gem::Version
|
|
201
|
+
version: '3.18'
|
|
188
202
|
description: OpenID Connect Strategy for OmniAuth.
|
|
189
203
|
email:
|
|
190
204
|
- jjbohn@gmail.com
|
|
@@ -213,14 +227,14 @@ files:
|
|
|
213
227
|
- test/lib/omniauth/strategies/openid_connect_test.rb
|
|
214
228
|
- test/strategy_test_case.rb
|
|
215
229
|
- test/test_helper.rb
|
|
216
|
-
homepage: https://github.com/
|
|
230
|
+
homepage: https://github.com/omniauth/omniauth_openid_connect
|
|
217
231
|
licenses:
|
|
218
232
|
- MIT
|
|
219
233
|
metadata:
|
|
220
|
-
bug_tracker_uri: https://github.com/
|
|
221
|
-
changelog_uri: https://github.com/
|
|
222
|
-
documentation_uri: https://github.com/
|
|
223
|
-
source_code_uri: https://github.com/
|
|
234
|
+
bug_tracker_uri: https://github.com/omniauth/omniauth_openid_connect/issues
|
|
235
|
+
changelog_uri: https://github.com/omniauth/omniauth_openid_connect/releases
|
|
236
|
+
documentation_uri: https://github.com/omniauth/omniauth_openid_connect/tree/v0.8.0#readme
|
|
237
|
+
source_code_uri: https://github.com/omniauth/omniauth_openid_connect/tree/v0.8.0
|
|
224
238
|
rubygems_mfa_required: 'true'
|
|
225
239
|
post_install_message:
|
|
226
240
|
rdoc_options: []
|
|
@@ -237,7 +251,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
237
251
|
- !ruby/object:Gem::Version
|
|
238
252
|
version: '0'
|
|
239
253
|
requirements: []
|
|
240
|
-
rubygems_version: 3.
|
|
254
|
+
rubygems_version: 3.5.14
|
|
241
255
|
signing_key:
|
|
242
256
|
specification_version: 4
|
|
243
257
|
summary: OpenID Connect Strategy for OmniAuth
|