omniauth_openid_federation 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +35 -4
- data/lib/omniauth_openid_federation/engine.rb +21 -0
- data/lib/omniauth_openid_federation/federation_endpoint.rb +8 -8
- data/lib/omniauth_openid_federation/railtie.rb +3 -17
- data/lib/omniauth_openid_federation/version.rb +1 -1
- data/lib/omniauth_openid_federation.rb +2 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e299269e65c33735c84f2bec3ee0164bc5cb136c8dac5088be188998d826d5bc
|
|
4
|
+
data.tar.gz: c35464efdf1af7957456641275cfa3a374a1600a0570fa7db7a6ceeb1a31417f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9e96511bd8c6972d774435015822297a44892e263b13187ef1a52741186288bf25ded9b15bb0f3c5d856796e7e3b30df9d845c5c3f67987bf7fcd94160c26eda
|
|
7
|
+
data.tar.gz: 6c5a94f3bb8f429cc9dd583b98032418858520cc93658e9fdba1fe7192d8cb03b9b7e11575d22f44ce5e18cd2cf7bf05f5d512d7a7f96a47404dde00445923e9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# CHANGELOG
|
|
2
2
|
|
|
3
|
+
## 1.2.0 (2025-11-27)
|
|
4
|
+
|
|
5
|
+
- Created `OmniauthOpenidFederation::Engine` class inheriting from `Rails::Engine`
|
|
6
|
+
- Engine provides controllers via standard Rails autoloading mechanisms
|
|
7
|
+
- Routes are now defined in Engine's `config/routes.rb` file
|
|
8
|
+
- Routes must now be mounted using `mount OmniauthOpenidFederation::Engine => "/"` in `config/routes.rb`
|
|
9
|
+
- `FederationEndpoint.mount_routes` is still available for backward compatibility
|
|
10
|
+
|
|
3
11
|
## 1.1.0 (2025-11-26)
|
|
4
12
|
|
|
5
13
|
- Enhanced instrumentation: All blocking exceptions automatically reported through instrumentation system, including OmniAuth middleware errors (like AuthenticityTokenProtection)
|
data/README.md
CHANGED
|
@@ -178,7 +178,11 @@ OmniauthOpenidFederation::FederationEndpoint.auto_configure(
|
|
|
178
178
|
|
|
179
179
|
```ruby
|
|
180
180
|
# config/routes.rb
|
|
181
|
-
|
|
181
|
+
# RECOMMENDED: Mount the Engine (Rails-idiomatic way)
|
|
182
|
+
mount OmniauthOpenidFederation::Engine => "/"
|
|
183
|
+
|
|
184
|
+
# ALTERNATIVE: Use mount_routes helper (for backward compatibility)
|
|
185
|
+
# OmniauthOpenidFederation::FederationEndpoint.mount_routes(self)
|
|
182
186
|
```
|
|
183
187
|
|
|
184
188
|
**Key Points**:
|
|
@@ -188,27 +192,50 @@ OmniauthOpenidFederation::FederationEndpoint.mount_routes(self)
|
|
|
188
192
|
|
|
189
193
|
### Step 6: Add Routes
|
|
190
194
|
|
|
191
|
-
####
|
|
195
|
+
#### Mount the Engine (Required for Federation Endpoints)
|
|
196
|
+
|
|
197
|
+
The gem provides a Rails Engine that serves the well-known OpenID Federation endpoints. Mount it in your routes:
|
|
192
198
|
|
|
193
199
|
```ruby
|
|
194
200
|
# config/routes.rb
|
|
195
201
|
Rails.application.routes.draw do
|
|
202
|
+
# Mount the Engine to enable /.well-known/openid-federation endpoint
|
|
203
|
+
mount OmniauthOpenidFederation::Engine => "/"
|
|
204
|
+
|
|
205
|
+
# Your other routes...
|
|
196
206
|
devise_for :users, controllers: {
|
|
197
207
|
omniauth_callbacks: "users/omniauth_callbacks"
|
|
198
208
|
}
|
|
199
209
|
end
|
|
200
210
|
```
|
|
201
211
|
|
|
202
|
-
|
|
212
|
+
**Note**: The Engine is mounted at root (`"/"`) because OpenID Federation requires endpoints at specific well-known paths (e.g., `/.well-known/openid-federation`). The Engine's routes are defined in the gem and automatically available when mounted.
|
|
213
|
+
|
|
214
|
+
#### For OmniAuth (Non-Devise)
|
|
203
215
|
|
|
204
216
|
```ruby
|
|
205
217
|
# config/routes.rb
|
|
206
218
|
Rails.application.routes.draw do
|
|
219
|
+
mount OmniauthOpenidFederation::Engine => "/"
|
|
220
|
+
|
|
207
221
|
get "/auth/:provider/callback", to: "sessions#create"
|
|
208
222
|
get "/auth/failure", to: "sessions#failure"
|
|
209
223
|
end
|
|
210
224
|
```
|
|
211
225
|
|
|
226
|
+
#### Alternative: Manual Route Mounting (Backward Compatibility)
|
|
227
|
+
|
|
228
|
+
If you need custom paths or prefer manual route definition, you can use the `mount_routes` helper (deprecated):
|
|
229
|
+
|
|
230
|
+
```ruby
|
|
231
|
+
# config/routes.rb
|
|
232
|
+
Rails.application.routes.draw do
|
|
233
|
+
# Use mount_routes helper for custom paths (deprecated - prefer Engine mounting)
|
|
234
|
+
OmniauthOpenidFederation::FederationEndpoint.mount_routes(self)
|
|
235
|
+
# ... your other routes
|
|
236
|
+
end
|
|
237
|
+
```
|
|
238
|
+
|
|
212
239
|
### Step 7: Configure CSRF Protection
|
|
213
240
|
|
|
214
241
|
OmniAuth requires CSRF protection configuration to handle both the request phase (initiating OAuth) and callback phase (external provider redirect).
|
|
@@ -583,7 +610,11 @@ OmniauthOpenidFederation::FederationEndpoint.auto_configure(
|
|
|
583
610
|
|
|
584
611
|
```ruby
|
|
585
612
|
# config/routes.rb
|
|
586
|
-
|
|
613
|
+
# RECOMMENDED: Mount the Engine (Rails-idiomatic way)
|
|
614
|
+
mount OmniauthOpenidFederation::Engine => "/"
|
|
615
|
+
|
|
616
|
+
# ALTERNATIVE: Use mount_routes helper (for backward compatibility)
|
|
617
|
+
# OmniauthOpenidFederation::FederationEndpoint.mount_routes(self)
|
|
587
618
|
```
|
|
588
619
|
|
|
589
620
|
**What `auto_configure` does automatically**:
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# Rails Engine for OpenID Federation endpoints
|
|
2
|
+
# Provides controllers and routes for well-known OpenID Federation endpoints
|
|
3
|
+
#
|
|
4
|
+
# @see https://guides.rubyonrails.org/engines.html Rails Engines Guide
|
|
5
|
+
module OmniauthOpenidFederation
|
|
6
|
+
class Engine < ::Rails::Engine
|
|
7
|
+
# Don't isolate namespace because we need routes at specific well-known paths
|
|
8
|
+
# (/.well-known/openid-federation) rather than under a mount point
|
|
9
|
+
# isolate_namespace OmniauthOpenidFederation
|
|
10
|
+
|
|
11
|
+
# Explicitly require the controller to avoid Zeitwerk conflicts
|
|
12
|
+
# For local path gems, autoload_once_paths can cause conflicts with main app's loader
|
|
13
|
+
# We require the controller explicitly in to_prepare to ensure it's available for routing
|
|
14
|
+
config.to_prepare do
|
|
15
|
+
# Use self.class to access Engine class methods (root is a class method)
|
|
16
|
+
engine_root = OmniauthOpenidFederation::Engine.root
|
|
17
|
+
controller_path = engine_root.join("app", "controllers", "omniauth_openid_federation", "federation_controller.rb")
|
|
18
|
+
require controller_path.to_s if controller_path.exist?
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -547,22 +547,21 @@ module OmniauthOpenidFederation
|
|
|
547
547
|
|
|
548
548
|
# Mount the federation endpoint routes in Rails routes
|
|
549
549
|
#
|
|
550
|
-
#
|
|
550
|
+
# RECOMMENDED: Use the Engine (Rails-idiomatic way):
|
|
551
551
|
# Rails.application.routes.draw do
|
|
552
|
-
# OmniauthOpenidFederation::
|
|
552
|
+
# mount OmniauthOpenidFederation::Engine => "/"
|
|
553
553
|
# end
|
|
554
554
|
#
|
|
555
|
-
# This mounts all four endpoints:
|
|
555
|
+
# This mounts all four endpoints at the root level:
|
|
556
556
|
# - GET /.well-known/openid-federation (entity statement)
|
|
557
557
|
# - GET /.well-known/openid-federation/fetch (fetch endpoint for Subordinate Statements)
|
|
558
558
|
# - GET /.well-known/jwks.json (standard JWKS)
|
|
559
559
|
# - GET /.well-known/signed-jwks.json (signed JWKS)
|
|
560
560
|
#
|
|
561
|
-
#
|
|
562
|
-
#
|
|
563
|
-
#
|
|
564
|
-
#
|
|
565
|
-
# get "/.well-known/signed-jwks.json", to: "omniauth_openid_federation/federation#signed_jwks"
|
|
561
|
+
# ALTERNATIVE: Use mount_routes helper (for backward compatibility or custom paths):
|
|
562
|
+
# Rails.application.routes.draw do
|
|
563
|
+
# OmniauthOpenidFederation::FederationEndpoint.mount_routes(self)
|
|
564
|
+
# end
|
|
566
565
|
#
|
|
567
566
|
# @param router [ActionDispatch::Routing::Mapper] The routes mapper (pass `self` from routes.rb)
|
|
568
567
|
# @param entity_statement_path [String] Path for entity statement endpoint (default: "/.well-known/openid-federation")
|
|
@@ -570,6 +569,7 @@ module OmniauthOpenidFederation
|
|
|
570
569
|
# @param jwks_path [String] Path for standard JWKS endpoint (default: "/.well-known/jwks.json")
|
|
571
570
|
# @param signed_jwks_path [String] Path for signed JWKS endpoint (default: "/.well-known/signed-jwks.json")
|
|
572
571
|
# @param as [String, Symbol] Route name prefix (default: :openid_federation)
|
|
572
|
+
# @deprecated Use `mount OmniauthOpenidFederation::Engine => "/"` instead (Rails-idiomatic way)
|
|
573
573
|
def mount_routes(router, entity_statement_path: "/.well-known/openid-federation", fetch_path: "/.well-known/openid-federation/fetch", jwks_path: "/.well-known/jwks.json", signed_jwks_path: "/.well-known/signed-jwks.json", as: :openid_federation)
|
|
574
574
|
# Controller uses Rails-conventional naming (OmniauthOpenidFederation)
|
|
575
575
|
# which matches natural inflection from omniauth_openid_federation
|
|
@@ -1,26 +1,12 @@
|
|
|
1
|
-
# Railtie to load rake tasks
|
|
1
|
+
# Railtie to load rake tasks
|
|
2
|
+
# Note: Controllers and routes are now handled by the Engine (lib/omniauth_openid_federation/engine.rb)
|
|
3
|
+
# This Railtie is kept for backward compatibility and for loading rake tasks
|
|
2
4
|
if defined?(Rails)
|
|
3
5
|
module OmniauthOpenidFederation
|
|
4
6
|
class Railtie < Rails::Railtie
|
|
5
|
-
# Add gem's controllers to autoload paths
|
|
6
|
-
# This ensures the controller can be found by Rails routing
|
|
7
|
-
initializer "omniauth_openid_federation.add_autoload_paths", before: :set_autoload_paths do |app|
|
|
8
|
-
controllers_path = File.join(File.dirname(__FILE__), "..", "..", "app", "controllers")
|
|
9
|
-
app.config.autoload_once_paths << controllers_path if File.exist?(controllers_path)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# Load controller when Rails is available (for development reloading)
|
|
13
|
-
config.to_prepare do
|
|
14
|
-
controller_path = File.join(File.dirname(__FILE__), "..", "..", "app", "controllers", "omniauth_openid_federation", "federation_controller.rb")
|
|
15
|
-
require controller_path if File.exist?(controller_path)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
7
|
rake_tasks do
|
|
19
8
|
# Load rake tasks from lib/tasks
|
|
20
9
|
# Rails automatically loads lib/tasks/**/*.rake, but we ensure they're loaded here too
|
|
21
|
-
# File.dirname(__FILE__) = lib/omniauth_openid_federation
|
|
22
|
-
# .. = lib
|
|
23
|
-
# tasks = lib/tasks
|
|
24
10
|
task_files = Dir[File.join(File.dirname(__FILE__), "..", "tasks", "**", "*.rake")]
|
|
25
11
|
task_files.each { |task_file| load task_file } if task_files.any?
|
|
26
12
|
end
|
|
@@ -82,8 +82,9 @@ module OmniauthOpenidFederation
|
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
84
|
|
|
85
|
-
# Load
|
|
85
|
+
# Load Engine for Rails integration (controllers, routes, etc.)
|
|
86
86
|
if defined?(Rails)
|
|
87
|
+
require_relative "omniauth_openid_federation/engine"
|
|
87
88
|
require_relative "omniauth_openid_federation/railtie"
|
|
88
89
|
end
|
|
89
90
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth_openid_federation
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrei Makarov
|
|
@@ -291,6 +291,7 @@ files:
|
|
|
291
291
|
- lib/omniauth_openid_federation/configuration.rb
|
|
292
292
|
- lib/omniauth_openid_federation/constants.rb
|
|
293
293
|
- lib/omniauth_openid_federation/endpoint_resolver.rb
|
|
294
|
+
- lib/omniauth_openid_federation/engine.rb
|
|
294
295
|
- lib/omniauth_openid_federation/entity_statement_reader.rb
|
|
295
296
|
- lib/omniauth_openid_federation/errors.rb
|
|
296
297
|
- lib/omniauth_openid_federation/federation/entity_statement.rb
|