omniauth_openid_federation 1.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d1df7531d0ec2cac4095580f068c1dc7cb09fe53631d87a647b311c05ee9c89f
+  data.tar.gz: 38f06cb5ca370edd986051c4f547b0e53d07d1a61c685cb727c6f2d0e2b34c46
+SHA512:
+  metadata.gz: 81261964b6f0fd468dde2e70b0331e2435129896114b7d4cd087a366596906f160fac90296f856c9055d15e49e51cd8dd8a5ad83d8234b2bec264c49b625b789
+  data.tar.gz: a9d48264edb247c18ce0160fa339f429c3802033e902da6b7c1ef12de5892c44c392415c8ffd57ac6b976190d85a071a199ad3790cc97f0cfe1d4c164d35acba

data/CHANGELOG.md

@@ -0,0 +1,28 @@
+# CHANGELOG
+
+## 1.1.0 (2025-11-26)
+
+- Enhanced instrumentation: All blocking exceptions automatically reported through instrumentation system, including OmniAuth middleware errors (like AuthenticityTokenProtection)
+- CSRF protection instrumentation: New authenticity_error event type for reporting OmniAuth CSRF protection failures
+- Comprehensive error reporting: Override fail! method in strategy to catch and instrument all authentication failures
+- CSRF protection documentation: Added comprehensive Step 7 in README explaining CSRF protection configuration for both request and callback phases
+- CSRF configuration examples: Added complete examples in examples/config/initializers/devise.rb.example and examples/app/controllers/users/omniauth_callbacks_controller.rb.example
+- Deprecation warnings: Added runtime deprecation warnings for json_jwt method and ftn_spname option to guide users to recommended alternatives
+- Code cleanup: Removed deprecated load_signing_key method (unused, returned nil)
+- Updated deprecation notices: Fixed deprecation notices to reference correct replacement methods (request_object_params instead of non-existent provider_extension_params)
+- Renamed option: `allow_authorize_params` → `request_object_params` for clarity (uses RFC 9101 terminology, clearly indicates params go into JWT request object)
+
+## 1.0.0 (2025-11-26)
+
+- Initial public release, production-ready
+- Full OpenID Federation 1.0 support with automatic entity statement validation and trust chain resolution
+- Secure authentication with automatic signing of authorization requests
+- ID token encryption and decryption support for enhanced security
+- Secure client authentication without shared secrets
+- Automatic provider key rotation handling for seamless key updates
+- Built-in security features: rate limiting, path traversal protection, and error sanitization
+- Production-ready with thread-safe configuration and intelligent retry logic
+- Works with any OpenID Federation provider, supporting provider-specific extensions
+- Framework-agnostic: compatible with Rails, Sinatra, Rack, and other Rack-compatible frameworks
+- Comprehensive management tools for entity statements and key management
+- Enhanced developer experience with type signatures for better IDE support

data/LICENSE.md

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2025 Andrei Makarov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+