omniauth_openid_federation 1.2.2 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -1
  3. data/README.md +210 -708
  4. data/app/controllers/omniauth_openid_federation/federation_controller.rb +14 -1
  5. data/config/routes.rb +20 -10
  6. data/examples/config/initializers/devise.rb.example +44 -55
  7. data/examples/config/initializers/federation_endpoint.rb.example +2 -2
  8. data/examples/config/open_id_connect_config.rb.example +12 -15
  9. data/examples/config/routes.rb.example +9 -5
  10. data/examples/integration_test_flow.rb +4 -4
  11. data/examples/mock_op_server.rb +3 -3
  12. data/examples/mock_rp_server.rb +3 -3
  13. data/lib/omniauth_openid_federation/configuration.rb +8 -0
  14. data/lib/omniauth_openid_federation/constants.rb +5 -0
  15. data/lib/omniauth_openid_federation/entity_statement_reader.rb +39 -14
  16. data/lib/omniauth_openid_federation/federation/entity_statement_builder.rb +7 -14
  17. data/lib/omniauth_openid_federation/federation/entity_statement_helper.rb +40 -11
  18. data/lib/omniauth_openid_federation/federation/entity_statement_validator.rb +6 -87
  19. data/lib/omniauth_openid_federation/federation/trust_chain_resolver.rb +3 -15
  20. data/lib/omniauth_openid_federation/federation_endpoint.rb +39 -193
  21. data/lib/omniauth_openid_federation/jwks/decode.rb +0 -15
  22. data/lib/omniauth_openid_federation/jwks/rotate.rb +45 -20
  23. data/lib/omniauth_openid_federation/jws.rb +23 -20
  24. data/lib/omniauth_openid_federation/rack_endpoint.rb +30 -5
  25. data/lib/omniauth_openid_federation/strategy.rb +143 -194
  26. data/lib/omniauth_openid_federation/tasks_helper.rb +501 -2
  27. data/lib/omniauth_openid_federation/time_helpers.rb +60 -0
  28. data/lib/omniauth_openid_federation/utils.rb +4 -7
  29. data/lib/omniauth_openid_federation/validators.rb +294 -8
  30. data/lib/omniauth_openid_federation/version.rb +1 -1
  31. data/lib/omniauth_openid_federation.rb +1 -0
  32. data/lib/tasks/omniauth_openid_federation.rake +301 -2
  33. data/sig/federation.rbs +0 -8
  34. data/sig/jwks.rbs +0 -6
  35. data/sig/omniauth_openid_federation.rbs +6 -1
  36. data/sig/strategy.rbs +0 -2
  37. metadata +100 -1
data/sig/jwks.rbs CHANGED
@@ -35,12 +35,6 @@ module OmniauthOpenidFederation
35
35
  ?entity_statement_keys: untyped
36
36
  ) -> Array[Hash[String, untyped]]
37
37
 
38
- def self.json_jwt: (
39
- String encoded_jwt,
40
- String jwks_uri,
41
- ?retried: bool,
42
- ?entity_statement_keys: untyped
43
- ) -> untyped
44
38
  end
45
39
 
46
40
  class Selector
data/sig/omniauth_openid_federation.rbs CHANGED
@@ -87,7 +87,6 @@ module OmniauthOpenidFederation
87
87
  attr_accessor private_key: untyped
88
88
  attr_accessor state: String?
89
89
  attr_accessor nonce: String?
90
- attr_accessor ftn_spname: String?
91
90
 
92
91
  def initialize: (
93
92
  client_id: String,
@@ -184,6 +183,12 @@ module OmniauthOpenidFederation
184
183
  def self.blank?: (untyped value) -> bool
185
184
  end
186
185
 
186
+ module TimeHelpers
187
+ def self.now: () -> Time
188
+ def self.at: (Integer | Float timestamp) -> Time
189
+ def self.parse: (String time_string) -> Time
190
+ end
191
+
187
192
  module Validators
188
193
  def self.validate_private_key!: (untyped private_key) -> void
189
194
  def self.normalize_hash: (untyped hash) -> Hash[Symbol, untyped]
data/sig/strategy.rbs CHANGED
@@ -38,8 +38,6 @@ module OmniAuth
38
38
  def extract_client_jwk_signing_key: () -> untyped
39
39
  def extract_entity_identifier_from_statement: (Hash[Symbol, untyped] entity_statement, String? configured_identifier) -> String?
40
40
  def load_provider_metadata_for_encryption: () -> Hash[String, untyped]?
41
- def combine_acr_values: (?configured_acr: String?, ?request_acr: String?) -> String?
42
- def normalize_acr_values: (untyped acr_values) -> String?
43
41
  def fetch_jwks: (String jwks_uri) -> Hash[String, untyped]
44
42
  end
45
43
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth_openid_federation
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.2
4
+ version: 1.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrei Makarov
@@ -197,6 +197,104 @@ dependencies:
197
197
  - - "~>"
198
198
  - !ruby/object:Gem::Version
199
199
  version: '1.52'
200
+ - !ruby/object:Gem::Dependency
201
+ name: standard-custom
202
+ requirement: !ruby/object:Gem::Requirement
203
+ requirements:
204
+ - - "~>"
205
+ - !ruby/object:Gem::Version
206
+ version: '1.0'
207
+ type: :development
208
+ prerelease: false
209
+ version_requirements: !ruby/object:Gem::Requirement
210
+ requirements:
211
+ - - "~>"
212
+ - !ruby/object:Gem::Version
213
+ version: '1.0'
214
+ - !ruby/object:Gem::Dependency
215
+ name: standard-performance
216
+ requirement: !ruby/object:Gem::Requirement
217
+ requirements:
218
+ - - "~>"
219
+ - !ruby/object:Gem::Version
220
+ version: '1.8'
221
+ type: :development
222
+ prerelease: false
223
+ version_requirements: !ruby/object:Gem::Requirement
224
+ requirements:
225
+ - - "~>"
226
+ - !ruby/object:Gem::Version
227
+ version: '1.8'
228
+ - !ruby/object:Gem::Dependency
229
+ name: standard-rails
230
+ requirement: !ruby/object:Gem::Requirement
231
+ requirements:
232
+ - - "~>"
233
+ - !ruby/object:Gem::Version
234
+ version: '1.5'
235
+ type: :development
236
+ prerelease: false
237
+ version_requirements: !ruby/object:Gem::Requirement
238
+ requirements:
239
+ - - "~>"
240
+ - !ruby/object:Gem::Version
241
+ version: '1.5'
242
+ - !ruby/object:Gem::Dependency
243
+ name: standard-rspec
244
+ requirement: !ruby/object:Gem::Requirement
245
+ requirements:
246
+ - - "~>"
247
+ - !ruby/object:Gem::Version
248
+ version: '0.3'
249
+ type: :development
250
+ prerelease: false
251
+ version_requirements: !ruby/object:Gem::Requirement
252
+ requirements:
253
+ - - "~>"
254
+ - !ruby/object:Gem::Version
255
+ version: '0.3'
256
+ - !ruby/object:Gem::Dependency
257
+ name: rubocop-rails
258
+ requirement: !ruby/object:Gem::Requirement
259
+ requirements:
260
+ - - "~>"
261
+ - !ruby/object:Gem::Version
262
+ version: '2.33'
263
+ type: :development
264
+ prerelease: false
265
+ version_requirements: !ruby/object:Gem::Requirement
266
+ requirements:
267
+ - - "~>"
268
+ - !ruby/object:Gem::Version
269
+ version: '2.33'
270
+ - !ruby/object:Gem::Dependency
271
+ name: rubocop-rspec
272
+ requirement: !ruby/object:Gem::Requirement
273
+ requirements:
274
+ - - "~>"
275
+ - !ruby/object:Gem::Version
276
+ version: '3.8'
277
+ type: :development
278
+ prerelease: false
279
+ version_requirements: !ruby/object:Gem::Requirement
280
+ requirements:
281
+ - - "~>"
282
+ - !ruby/object:Gem::Version
283
+ version: '3.8'
284
+ - !ruby/object:Gem::Dependency
285
+ name: rubocop-thread_safety
286
+ requirement: !ruby/object:Gem::Requirement
287
+ requirements:
288
+ - - "~>"
289
+ - !ruby/object:Gem::Version
290
+ version: '0.7'
291
+ type: :development
292
+ prerelease: false
293
+ version_requirements: !ruby/object:Gem::Requirement
294
+ requirements:
295
+ - - "~>"
296
+ - !ruby/object:Gem::Version
297
+ version: '0.7'
200
298
  - !ruby/object:Gem::Dependency
201
299
  name: appraisal
202
300
  requirement: !ruby/object:Gem::Requirement
@@ -323,6 +421,7 @@ files:
323
421
  - lib/omniauth_openid_federation/strategy.rb
324
422
  - lib/omniauth_openid_federation/string_helpers.rb
325
423
  - lib/omniauth_openid_federation/tasks_helper.rb
424
+ - lib/omniauth_openid_federation/time_helpers.rb
326
425
  - lib/omniauth_openid_federation/utils.rb
327
426
  - lib/omniauth_openid_federation/validators.rb
328
427
  - lib/omniauth_openid_federation/version.rb