omniauth_openid_connect 0.6.1 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 446a75e37d0a98638c32b054b7e4e1443b54c8d067025381ca340e2a80d5db05
4
- data.tar.gz: fe1895242ce7bd7d1910d9db085678cc5cadc9757b62a7660a232462105d21fe
3
+ metadata.gz: d6a11bcb166756152adda96fe4326a0f2f64b6181cafeab56e2b8e0328830adc
4
+ data.tar.gz: bcc46e52cc5223ec916874d9adab8692d0d8662152106988b727e926a58c0090
5
5
  SHA512:
6
- metadata.gz: c102811330e2e73ea3a76940c4c275799ef01b8b4640a3e49203a9febec8ecdcb16d9f2a48d2df67deb402f65914842964b656e82c71e1676108db7d54577252
7
- data.tar.gz: 2c6e454846927acd7f2456b7b9653f356ac96d3a196b7299ca348c5bcb9f4853a802154da2548bfc86bc65ec3088abcabb16ea1ab37dc7cc0285cfae0c938a9c
6
+ metadata.gz: eb43c6b0f6c9ff6efa0bf7ca424c24a73c12572401c785f92a8c35e0da459f5a022020d5947155bbe6d80c4ad7af8e12e849f786b29249c8f3bc41a6c313a049
7
+ data.tar.gz: 657003a0f621975fb906be54e7c2d256f53c9b5539fed4d44f9309be0bf906eccd0ec55277a54fbee58556970a6caaffcd61bcfa1769a8baa4102d22b6fee933
@@ -14,7 +14,7 @@ jobs:
14
14
  strategy:
15
15
  fail-fast: false
16
16
  matrix:
17
- ruby: ["2.5", "2.6", "2.7", "3.0", "3.1", "3.2"]
17
+ ruby: ["2.7", "3.0", "3.1", "3.2"]
18
18
  name: Ruby ${{ matrix.ruby }}
19
19
 
20
20
  steps:
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ # Unreleased
2
+
3
+ # v0.7.0 (25.04.2023)
4
+
5
+ - Update openid_connect to 2.2 (https://github.com/omniauth/omniauth_openid_connect/pull/153)
6
+ - Drop Ruby 2.5 and 2.6 CI support (https://github.com/omniauth/omniauth_openid_connect/pull/154)
7
+ - Improvements to README (https://github.com/omniauth/omniauth_openid_connect/pull/152, https://github.com/omniauth/omniauth_openid_connect/pull/151)
8
+ - Add option `logout_path` (https://github.com/omniauth/omniauth_openid_connect/pull/143)
9
+
1
10
  # v0.6.1 (22.02.2023)
2
11
 
3
12
  - Fix uninitialized constant error (https://github.com/omniauth/omniauth_openid_connect/pull/147)
data/README.md CHANGED
@@ -23,26 +23,49 @@ Or install it yourself as:
23
23
 
24
24
  ## Supported Ruby Versions
25
25
 
26
- OmniAuth::OpenIDConnect is tested under 2.5, 2.6, 2.7, 3.0, 3.1
26
+ OmniAuth::OpenIDConnect is tested under 2.7, 3.0, 3.1, 3.2
27
27
 
28
28
  ## Usage
29
29
 
30
30
  Example configuration
31
+
32
+ ```ruby
33
+ Rails.application.config.middleware.use OmniAuth::Builder do
34
+ provider :openid_connect, {
35
+ name: :my_provider,
36
+ scope: [:openid, :email, :profile, :address],
37
+ response_type: :code,
38
+ uid_field: "preferred_username",
39
+ client_options: {
40
+ port: 443,
41
+ scheme: "https",
42
+ host: "myprovider.com",
43
+ identifier: ENV["OP_CLIENT_ID"],
44
+ secret: ENV["OP_SECRET_KEY"],
45
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
46
+ },
47
+ }
48
+ end
49
+ ```
50
+
51
+ ### with Devise
31
52
  ```ruby
32
- config.omniauth :openid_connect, {
33
- name: :my_provider,
34
- scope: [:openid, :email, :profile, :address],
35
- response_type: :code,
36
- uid_field: "preferred_username",
37
- client_options: {
38
- port: 443,
39
- scheme: "https",
40
- host: "myprovider.com",
41
- identifier: ENV["OP_CLIENT_ID"],
42
- secret: ENV["OP_SECRET_KEY"],
43
- redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
44
- },
45
- }
53
+ Devise.setup do |config|
54
+ config.omniauth :openid_connect, {
55
+ name: :my_provider,
56
+ scope: [:openid, :email, :profile, :address],
57
+ response_type: :code,
58
+ uid_field: "preferred_username",
59
+ client_options: {
60
+ port: 443,
61
+ scheme: "https",
62
+ host: "myprovider.com",
63
+ identifier: ENV["OP_CLIENT_ID"],
64
+ secret: ENV["OP_SECRET_KEY"],
65
+ redirect_uri: "http://myapp.com/users/auth/openid_connect/callback",
66
+ },
67
+ }
68
+ end
46
69
  ```
47
70
 
48
71
  ### Options Overview
@@ -70,6 +93,7 @@ config.omniauth :openid_connect, {
70
93
  | pkce_options | Specify a custom implementation of the PKCE code challenge/method. | no | SHA256(code_challenge) in hex | Proc to customise the code challenge generation |
71
94
  | client_options | A hash of client options detailed in its own section | yes | | |
72
95
  | jwt_secret_base64 | For HMAC with SHA2 (e.g. HS256) signing algorithms, specify the base64-encoded secret used to sign the JWT token. Defaults to the OAuth2 client secret if not specified. | no | client_options.secret | "bXlzZWNyZXQ=\n"
96
+ | logout_path | The log out is only triggered when the request path ends on this path | no | '/logout' | '/sign_out'
73
97
 
74
98
  ### Client Config Options
75
99
 
@@ -131,7 +155,7 @@ For the full low down on OpenID Connect, please check out
131
155
 
132
156
  ## Contributing
133
157
 
134
- 1. Fork it ( http://github.com/m0n9oose/omniauth-openid-connect/fork )
158
+ 1. Fork it ( http://github.com/omniauth/omniauth_openid_connect/fork )
135
159
  2. Create your feature branch (`git checkout -b my-new-feature`)
136
160
  3. Cover your changes with tests and make sure they're green (`bundle install && bundle exec rake test`)
137
161
  4. Commit your changes (`git commit -am 'Add some feature'`)
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module OpenIDConnect
5
- VERSION = '0.6.1'
5
+ VERSION = '0.7.0'
6
6
  end
7
7
  end
@@ -68,6 +68,8 @@ module OmniAuth
68
68
  code_challenge_method: 'S256',
69
69
  }
70
70
 
71
+ option :logout_path, '/logout'
72
+
71
73
  def uid
72
74
  user_info.raw_attributes[options.uid_field.to_sym] || user_info.sub
73
75
  end
@@ -226,7 +228,7 @@ module OmniAuth
226
228
  private
227
229
 
228
230
  def fetch_key
229
- @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get_content(client_options.jwks_uri))
231
+ @fetch_key ||= parse_jwk_key(::OpenIDConnect.http_client.get(client_options.jwks_uri).body)
230
232
  end
231
233
 
232
234
  def base64_decoded_jwt_secret
@@ -432,7 +434,7 @@ module OmniAuth
432
434
  end
433
435
 
434
436
  def logout_path_pattern
435
- @logout_path_pattern ||= %r{\A#{Regexp.quote(request_path)}(/logout)}
437
+ @logout_path_pattern ||= /\A#{Regexp.quote(request_path)}#{options.logout_path}/
436
438
  end
437
439
 
438
440
  def id_token_callback_phase
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
28
28
  }
29
29
 
30
30
  spec.add_dependency 'omniauth', '>= 1.9', '< 3'
31
- spec.add_dependency 'openid_connect', '~> 1.1'
31
+ spec.add_dependency 'openid_connect', '~> 2.2'
32
32
  spec.add_development_dependency 'faker', '~> 2.0'
33
33
  spec.add_development_dependency 'guard', '~> 2.14'
34
34
  spec.add_development_dependency 'guard-bundler', '~> 2.2'
@@ -69,6 +69,17 @@ module OmniAuth
69
69
  strategy.other_phase
70
70
  end
71
71
 
72
+ def test_logout_phase_with_logout_path
73
+ strategy.options.issuer = 'example.com'
74
+ strategy.options.client_options.host = 'example.com'
75
+ strategy.options.logout_path = '/sign_out'
76
+
77
+ request.stubs(:path).returns('/auth/openid_connect/sign_out')
78
+
79
+ strategy.expects(:call_app!)
80
+ strategy.other_phase
81
+ end
82
+
72
83
  def test_logout_phase
73
84
  strategy.options.issuer = 'example.com'
74
85
  strategy.options.client_options.host = 'example.com'
@@ -509,10 +520,14 @@ module OmniAuth
509
520
  strategy.options.client_options.jwks_uri = 'https://jwks.example.com'
510
521
  strategy.options.response_type = 'id_token'
511
522
 
512
- HTTPClient
513
- .any_instance.stubs(:get_content)
514
- .with(strategy.options.client_options.jwks_uri)
515
- .returns(jwks.to_json)
523
+ ::OpenIDConnect.stubs(:http_client)
524
+ .returns(
525
+ Faraday.new do |builder|
526
+ builder.adapter :test do |stubs|
527
+ stubs.get(strategy.options.client_options.jwks_uri) { [200, {}, jwks.to_json] }
528
+ end
529
+ end
530
+ )
516
531
 
517
532
  strategy.unstub(:user_info)
518
533
  access_token = stub('OpenIDConnect::AccessToken')
@@ -788,8 +803,7 @@ module OmniAuth
788
803
  access_token: 'test_access_token',
789
804
  id_token: jwt.to_s,
790
805
  token_type: 'Bearer',
791
- }.to_json
792
- success = Struct.new(:status, :body).new(200, json_response)
806
+ }
793
807
 
794
808
  request.stubs(:path).returns('')
795
809
  strategy.call!('rack.session' => { 'omniauth.state' => state, 'omniauth.nonce' => nonce })
@@ -798,11 +812,19 @@ module OmniAuth
798
812
  id_token.stubs(:verify!).with(issuer: strategy.options.issuer, client_id: @identifier, nonce: nonce).returns(true)
799
813
  ::OpenIDConnect::ResponseObject::IdToken.stubs(:decode).returns(id_token)
800
814
 
801
- HTTPClient.any_instance.stubs(:post).with(
802
- "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
803
- { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret },
804
- {}
805
- ).returns(success)
815
+ ::Rack::OAuth2.stubs(:http_client)
816
+ .returns(
817
+ Faraday.new do |builder|
818
+ builder.adapter :test do |stubs|
819
+ stubs.post(
820
+ "#{ opts.scheme }://#{ opts.host }:#{ opts.port }#{ opts.token_endpoint }",
821
+ { scope: 'openid', grant_type: :client_credentials, client_id: @identifier, client_secret: @secret }
822
+ ) do
823
+ [200, {}, json_response]
824
+ end
825
+ end
826
+ end
827
+ )
806
828
 
807
829
  assert(strategy.send(:access_token))
808
830
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Bohn
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2023-02-23 00:00:00.000000000 Z
12
+ date: 2023-04-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -37,14 +37,14 @@ dependencies:
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '1.1'
40
+ version: '2.2'
41
41
  type: :runtime
42
42
  prerelease: false
43
43
  version_requirements: !ruby/object:Gem::Requirement
44
44
  requirements:
45
45
  - - "~>"
46
46
  - !ruby/object:Gem::Version
47
- version: '1.1'
47
+ version: '2.2'
48
48
  - !ruby/object:Gem::Dependency
49
49
  name: faker
50
50
  requirement: !ruby/object:Gem::Requirement
@@ -219,8 +219,8 @@ licenses:
219
219
  metadata:
220
220
  bug_tracker_uri: https://github.com/m0n9oose/omniauth_openid_connect/issues
221
221
  changelog_uri: https://github.com/m0n9oose/omniauth_openid_connect/releases
222
- documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1#readme
223
- source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.6.1
222
+ documentation_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.0#readme
223
+ source_code_uri: https://github.com/m0n9oose/omniauth_openid_connect/tree/v0.7.0
224
224
  rubygems_mfa_required: 'true'
225
225
  post_install_message:
226
226
  rdoc_options: []
@@ -237,7 +237,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
237
237
  - !ruby/object:Gem::Version
238
238
  version: '0'
239
239
  requirements: []
240
- rubygems_version: 3.4.7
240
+ rubygems_version: 3.4.12
241
241
  signing_key:
242
242
  specification_version: 4
243
243
  summary: OpenID Connect Strategy for OmniAuth