openid_config_parser 0.2.4 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f152202c95951944419ff4d435f83f5dd979c8d85c4f50d31ab4ef9d739a0861
-  data.tar.gz: 6e0bc79543b3d00e5e491b49494d3cb0633cf2046f31e149e4f2efc7553de248
+  metadata.gz: 54756d6c3bcc1ecaec2fc8cd236f0307f685ebe23354909eb94d6335d3fd776a
+  data.tar.gz: 99cc136f8a7a655e31ad3e1a00484c41372c1ce217b39c31c86b32b67dfcb13c
 SHA512:
-  metadata.gz: b86540ee830c373c01f5bbea722289b58938e21ad6fa81d6ad3380eae90dd1604b6fc0b2fe9596b1bf4c718b13a0678df4b0ce8c0d29bffdcfe5e8e8e0c2df16
-  data.tar.gz: 05b6d078869deb3e97ccf0d8e5e27481841e73b9a40848ac7ebd3ab180544756e687154d9ef1c3bed3d3cd4783652380ab8f757764f723c875c28c8ed0f6bf42
+  metadata.gz: dab8ba7401268e2b4024c4d1141b50ecc4f1f256911eb7f5d25355bdc1a6c5e46e9e97e5fea45a05acedf049cee8e97a82a36d0d4161d2f3cb830a58317121f3
+  data.tar.gz: fa8bfec2ac74bcd1c049ab7160b9d330f76dcfee8bec38ddca9990ff6e9c5d36f9fe88f67f122503e607b6c12b9a4c6b56636f67bd6791fc03805e517dd61716

data/.standard.yml

@@ -0,0 +1 @@
+ruby_version: 2.7

data/CHANGELOG.md

@@ -1,5 +1,43 @@
 ## [Released]
 
+## [0.3.0] - 2026-03-16
+
+### Breaking Changes
+- Removed `retryable` runtime dependency — the gem now has zero runtime dependencies
+- Replaced `fetch_user_info` with `fetch_userinfo(config_or_endpoint_url, access_token:)` — now provider-agnostic, uses `Net::HTTP` instead of `HTTParty`, and reads the `userinfo_endpoint` from the OIDC config rather than a hardcoded environment variable
+- `Config` no longer inherits from `OpenStruct` — replaced with a custom class backed by a plain `Hash`
+- `deep_symbolize_keys` no longer stores duplicate string keys alongside symbol keys; all keys are symbols only
+- String key access via `config["key"]` still works — it is converted to a symbol in the `Config#[]` accessor
+
+### Added
+- **Configurable settings** via `OpenidConfigParser.configure` block:
+  - `open_timeout` — HTTP open timeout in seconds (default: 5)
+  - `read_timeout` — HTTP read timeout in seconds (default: 5)
+  - `retries` — number of retry attempts on timeout (default: 3)
+  - `cache_ttl` — cache lifetime in seconds (default: 900 / 15 minutes)
+  - `validate` — toggle OIDC field validation (default: true)
+- **In-memory caching** — repeated calls with the same endpoint URL return a cached result without an HTTP request; cache can be cleared with `OpenidConfigParser.clear_cache!`
+- **OIDC field validation** — responses are validated against required fields from the OpenID Connect Discovery spec (`issuer`, `authorization_endpoint`, `jwks_uri`, `response_types_supported`, `subject_types_supported`, `id_token_signing_alg_values_supported`); can be disabled via configuration
+- **HTTP status code checking** — non-2xx responses now raise `OpenidConfigParser::Error` with the status code (e.g. `HTTP 404: Not Found`) instead of attempting to parse the body as JSON
+- **`fetch_userinfo(config_or_endpoint_url, access_token:)`** — fetches user info from the OIDC `userinfo_endpoint`; accepts either a `Config` object or a discovery endpoint URL; works with any OIDC provider (Cloudflare, Google, Azure AD, etc.)
+- **`Config#to_h`** — returns a duplicate of the underlying hash for easy serialization
+- **`OpenidConfigParser.reset_configuration!`** — resets all settings to defaults
+
+### Changed
+- Retry logic reimplemented using a simple `begin/retry` loop, removing the `retryable` gem dependency
+- `Config` class uses `method_missing` / `respond_to_missing?` backed by a frozen-key hash instead of `OpenStruct`
+- HTTP requests now use `Net::HTTP.new` with explicit `open_timeout` and `read_timeout` instead of `Net::HTTP.get`
+- `rescue StandardError` narrowed — `OpenidConfigParser::Error` is re-raised without wrapping
+
+### Development / CI
+- Replaced `rubocop` with `standardrb` for linting
+- Replaced `bundle-audit` gem with `bundler-audit`
+- GitHub Actions PR workflow now has separate `standardrb`, `bundle-audit`, and `test` jobs
+- Test matrix updated from Ruby 2.7 / 3.2.1 to Ruby 2.7 / 3.1 / 3.3
+- Deployment workflow updated to Ruby 3.3
+- Test suite expanded from 8 to 17 tests covering caching, configuration, HTTP errors, validation, retries, and nested hashes
+- Updated transitive dependencies (`rexml`, `thor`) to resolve security advisories
+
 ## [0.2.4] - 2025-10-11
 - Dependencies update
 

data/README.md

@@ -1,9 +1,8 @@
 # OpenidConfigParser
 
-`openid_config_parser` is a lightweight Rubygem containing a method that fetches and
-parses OpenID Connect configuration data from a specified endpoint URL and returns a Hash
-object. It includes error handling to manage various issues that might occur during the
-HTTP request and JSON parsing process.
+`openid_config_parser` is a lightweight, zero-dependency Ruby gem that fetches and parses
+OpenID Connect configuration data from a specified endpoint URL. It includes built-in
+caching, automatic retries, OIDC field validation, and configurable timeouts.
 
 ## Installation
 
@@ -23,35 +22,78 @@ For non-Rails application you might need to require the gem in your file like so
 require 'openid_config_parser'
 ```
 
-You can use the `openid_config_parser` in any of your Rails controllers, models, or
-other parts of your application.
+### Fetching configuration
 
 ```ruby
-# app/controllers/application_controller.rb
-
-class ApplicationController < ActionController::Base
-  def fetch_openid_config
-    endpoint = "https://example.com/.well-known/openid-configuration"
-    config = OpenidConfigParser.fetch_openid_configuration(endpoint)
-
-    if config
-      issuer = config.issuer # or config[:issuer]
-      auth_endpoint = config.authorization_endpoint # or config[:authorization_endpoint]
-      token_endpoint = config.token_endpoint # or config[:token_endpoint]
-      jwks_uri = config.jwks_uri # or config[:jwks_uri]
-      userinfo_endpoint = config.userinfo_endpoint # or config[:userinfo_endpoint]
-      # and so on
-    else
-      Rails.logger.error "Failed to fetch OpenID configuration"
-    end
-  rescue OpenidConfigParser::Error => e
-    Rails.logger.error "Error fetching OpenID configuration: #{e.message}"
-  end
+endpoint = "https://example.com/.well-known/openid-configuration"
+config = OpenidConfigParser.fetch_openid_configuration(endpoint)
+
+config.issuer                  # => "https://example.com"
+config[:authorization_endpoint] # => "https://example.com/authorize"
+config["jwks_uri"]             # => "https://example.com/.well-known/jwks.json"
+config.to_h                    # => { issuer: "...", ... }
+```
+
+### Configuration
+
+```ruby
+OpenidConfigParser.configure do |config|
+  config.open_timeout = 10   # seconds (default: 5)
+  config.read_timeout = 10   # seconds (default: 5)
+  config.retries      = 5    # retry attempts on timeout (default: 3)
+  config.cache_ttl    = 3600 # cache lifetime in seconds (default: 900)
+  config.validate     = false # disable OIDC field validation (default: true)
 end
 ```
 
-Considering that HTTP request is made to fetch the endpoint configuration, you can call
-this method in a background job for optimized performance.
+### Fetching user info
+
+Fetch user information from the OIDC `userinfo_endpoint` using an access token.
+Works with any OIDC provider (Cloudflare, Google, Azure AD, etc.).
+
+```ruby
+# With a previously fetched config object
+config = OpenidConfigParser.fetch_openid_configuration(endpoint)
+user_info = OpenidConfigParser.fetch_userinfo(config, access_token: "your_access_token")
+
+user_info[:sub]   # => "user123"
+user_info[:email] # => "user@example.com"
+user_info[:name]  # => "Test User"
+
+# Or pass the discovery endpoint URL directly (config is fetched automatically)
+user_info = OpenidConfigParser.fetch_userinfo(endpoint, access_token: "your_access_token")
+```
+
+### Caching
+
+Responses are cached in memory for the duration of `cache_ttl` (default: 15 minutes).
+Subsequent calls with the same endpoint URL return the cached result without making
+an HTTP request.
+
+```ruby
+OpenidConfigParser.clear_cache! # manually clear all cached configurations
+```
+
+### OIDC validation
+
+By default, the gem validates that the response includes the required fields defined
+in the [OpenID Connect Discovery specification](https://openid.net/specs/openid-connect-discovery-1_0.html):
+`issuer`, `authorization_endpoint`, `jwks_uri`, `response_types_supported`,
+`subject_types_supported`, and `id_token_signing_alg_values_supported`.
+
+Validation can be disabled via configuration if needed.
+
+### Error handling
+
+All errors are wrapped in `OpenidConfigParser::Error`:
+
+```ruby
+begin
+  config = OpenidConfigParser.fetch_openid_configuration(endpoint)
+rescue OpenidConfigParser::Error => e
+  puts e.message
+end
+```
 
 ## Contributing
 

data/Rakefile

@@ -5,8 +5,6 @@ require "minitest/test_task"
 
 Minitest::TestTask.create
 
-require "rubocop/rake_task"
+require "standard/rake"
 
-RuboCop::RakeTask.new
-
-task default: %i[test rubocop]
+task default: %i[test standard]

data/lib/openid_config_parser/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenidConfigParser
-  VERSION = "0.2.4"
+  VERSION = "0.3.0"
 end

data/lib/openid_config_parser.rb

@@ -4,83 +4,180 @@ require_relative "openid_config_parser/version"
 require "net/http"
 require "json"
 require "uri"
-require "retryable"
-require "ostruct"
 
-# OpenidConfigParser is a module that fetches and parses OpenID Connect
-# configuration data from a specified endpoint URL and returns a Hash object.
-# It includes error handling to manage various issues that might occur
-# during the HTTP request and JSON parsing process.
 module OpenidConfigParser
   class Error < StandardError; end
 
-  # Config is a class that extends OpenStruct to provide a flexible object
-  # for accessing OpenID Connect configuration data. It allows access to
-  # configuration values both as methods (e.g., config.issuer) and as hash
-  # keys (e.g., config[:issuer]).
-  #
-  # Example usage:
-  #   config = OpenidConfigParser.fetch_openid_configuration(endpoint)
-  #   puts config.issuer        # Method access
-  #   puts config[:issuer]      # Hash-like access
-  #
-  # This class is designed to be used internally by the OpenidConfigParser module
-  # and is not intended to be instantiated directly by users.
-  class Config < OpenStruct
+  REQUIRED_FIELDS = %i[
+    issuer
+    authorization_endpoint
+    jwks_uri
+    response_types_supported
+    subject_types_supported
+    id_token_signing_alg_values_supported
+  ].freeze
+
+  class Configuration
+    attr_accessor :open_timeout, :read_timeout, :retries, :cache_ttl, :validate
+
+    def initialize
+      @open_timeout = 5
+      @read_timeout = 5
+      @retries = 3
+      @cache_ttl = 900
+      @validate = true
+    end
+  end
+
+  class Config
+    def initialize(data)
+      @data = data
+    end
+
     def [](key)
-      send(key)
+      @data[key.to_sym]
     end
 
     def []=(key, value)
-      send("#{key}=", value)
+      @data[key.to_sym] = value
+    end
+
+    def to_h
+      @data.dup
+    end
+
+    def respond_to_missing?(method_name, include_private = false)
+      @data.key?(method_name) || super
+    end
+
+    def method_missing(method_name, *args)
+      if method_name.end_with?("=") && args.length == 1
+        @data[method_name.to_s.chomp("=").to_sym] = args.first
+      elsif @data.key?(method_name)
+        @data[method_name]
+      else
+        super
+      end
     end
   end
 
   class << self
-    # Recursively converts keys of a hash to symbols while retaining the original string keys.
-    def deep_symbolize_keys(hash)
-      result = {}
-      hash.each do |key, value|
-        sym_key = key.to_sym
-        result[sym_key] = value.is_a?(Hash) ? deep_symbolize_keys(value) : value
-        result[key] = result[sym_key] # Add the string key as well
-      end
-      result
-    end
-
-    def fetch_user_info(access_token)
-      Retryable.retryable(tries: 3, on: [Net::ReadTimeout, Net::OpenTimeout]) do
-        response = HTTParty.get(ENV["CLOUDFLARE_USERINFO_ENDPOINT"], {
-                                  headers: {
-                                    "Authorization" => "Bearer #{access_token}",
-                                    "Content-Type" => "application/json"
-                                  },
-                                  timeout: 10
-                                })
-        return response.parsed_response
-      end
-    rescue Net::ReadTimeout, Net::OpenTimeout => e
-      puts "Timeout error: #{e.message}"
-      nil
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+
+    def reset_configuration!
+      @configuration = Configuration.new
     end
 
     def fetch_openid_configuration(endpoint_url)
-      Retryable.retryable(tries: 3, on: [Net::ReadTimeout, Net::OpenTimeout]) do
-        response = Net::HTTP.get(URI(endpoint_url))
-        config = JSON.parse(response)
-        symbolized_config = deep_symbolize_keys(config)
-        return Config.new(symbolized_config)
+      cached = read_cache(endpoint_url)
+      return cached if cached
+
+      response_body = fetch_with_retries(endpoint_url)
+      data = parse_json(response_body)
+      symbolized = deep_symbolize_keys(data)
+      validate!(symbolized) if configuration.validate
+      config = Config.new(symbolized)
+      write_cache(endpoint_url, config)
+      config
+    end
+
+    def fetch_userinfo(config_or_endpoint_url, access_token:)
+      config = if config_or_endpoint_url.is_a?(Config)
+        config_or_endpoint_url
+      else
+        fetch_openid_configuration(config_or_endpoint_url)
+      end
+
+      userinfo_url = config[:userinfo_endpoint]
+      raise Error, "No userinfo_endpoint found in OIDC configuration" unless userinfo_url
+
+      response_body = fetch_with_retries(userinfo_url, headers: {
+        "Authorization" => "Bearer #{access_token}",
+        "Content-Type" => "application/json"
+      })
+      data = parse_json(response_body)
+      deep_symbolize_keys(data)
+    end
+
+    def clear_cache!
+      @cache = {}
+    end
+
+    private
+
+    def fetch_with_retries(endpoint_url, headers: {})
+      uri = URI(endpoint_url)
+      attempts = 0
+
+      begin
+        attempts += 1
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == "https"
+        http.open_timeout = configuration.open_timeout
+        http.read_timeout = configuration.read_timeout
+
+        request = Net::HTTP::Get.new(uri)
+        headers.each { |key, value| request[key] = value }
+        response = http.request(request)
+
+        unless response.is_a?(Net::HTTPSuccess)
+          raise Error, "HTTP #{response.code}: #{response.message}"
+        end
+
+        response.body
+      rescue Net::OpenTimeout, Net::ReadTimeout => e
+        retry if attempts < configuration.retries
+        raise Error, "Network timeout error: #{e.message}"
       end
-    rescue JSON::ParserError => e
-      raise Error, "Failed to parse JSON response: #{e.message}"
     rescue URI::InvalidURIError => e
       raise Error, "Invalid URL provided: #{e.message}"
-    rescue Net::OpenTimeout, Net::ReadTimeout => e
-      raise Error, "Network timeout error: #{e.message}"
     rescue SocketError => e
       raise Error, "Failed to open TCP connection: #{e.message}"
-    rescue StandardError => e
+    rescue Error
+      raise
+    rescue => e
       raise Error, "An unexpected error occurred: #{e.message}"
     end
+
+    def parse_json(body)
+      JSON.parse(body)
+    rescue JSON::ParserError => e
+      raise Error, "Failed to parse JSON response: #{e.message}"
+    end
+
+    def deep_symbolize_keys(hash)
+      hash.each_with_object({}) do |(key, value), result|
+        result[key.to_sym] = value.is_a?(Hash) ? deep_symbolize_keys(value) : value
+      end
+    end
+
+    def validate!(data)
+      missing = REQUIRED_FIELDS.select { |field| data[field].nil? }
+      return if missing.empty?
+
+      raise Error, "Missing required OIDC fields: #{missing.join(", ")}"
+    end
+
+    def cache
+      @cache ||= {}
+    end
+
+    def read_cache(key)
+      entry = cache[key]
+      return nil unless entry
+      return nil if Time.now - entry[:time] > configuration.cache_ttl
+
+      entry[:value]
+    end
+
+    def write_cache(key, value)
+      cache[key] = {value: value, time: Time.now}
+    end
   end
 end

data/openid_config_parser.gemspec

@@ -8,11 +8,10 @@ Gem::Specification.new do |spec|
   spec.authors = ["Suleyman Musayev"]
   spec.email = ["slmusayev@gmail.com"]
 
-  spec.summary = "Fetch data from OpenID Connect (OIDC) configuration endpoint and parse it as a Hash object"
-  spec.description = "`openid_config_parser` is a lightweight Ruby gem designed to fetch and parse
-    OpenID Connect configuration data from any specified endpoint URL.
-    Whether you are building an authentication system or integrating with an OpenID Connect provider,
-    this gem provides a simple and efficient way to retrieve and handle the necessary configuration details."
+  spec.summary = "Fetch and parse OpenID Connect configuration endpoints"
+  spec.description = "`openid_config_parser` is a lightweight, zero-dependency Ruby gem that fetches and parses " \
+    "OpenID Connect configuration data from any specified endpoint URL. " \
+    "It provides built-in caching, retries, OIDC field validation, and configurable timeouts."
   spec.homepage = "https://github.com/msuliq/openid_config_parser"
   spec.license = "MIT"
   spec.required_ruby_version = ">= 2.7.0"
@@ -21,8 +20,6 @@ Gem::Specification.new do |spec|
   spec.metadata["source_code_uri"] = "https://github.com/msuliq/openid_config_parser"
   spec.metadata["changelog_uri"] = "https://github.com/msuliq/openid_config_parser/blob/main/CHANGELOG.md"
 
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(__dir__) do
     `git ls-files -z`.split("\x0").reject do |f|
       (File.expand_path(f) == __FILE__) ||
@@ -32,10 +29,4 @@ Gem::Specification.new do |spec|
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-
-  # Uncomment to register a new dependency of your gem
-  spec.add_dependency "retryable"
-
-  # For more information and examples about making a new gem, check out our
-  # guide at: https://bundler.io/guides/creating_gem.html
 end

metadata

@@ -1,41 +1,26 @@
 --- !ruby/object:Gem::Specification
 name: openid_config_parser
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.0
 platform: ruby
 authors:
 - Suleyman Musayev
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-10-10 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: retryable
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description: |-
-  `openid_config_parser` is a lightweight Ruby gem designed to fetch and parse
-      OpenID Connect configuration data from any specified endpoint URL.
-      Whether you are building an authentication system or integrating with an OpenID Connect provider,
-      this gem provides a simple and efficient way to retrieve and handle the necessary configuration details.
+date: 2026-03-16 00:00:00.000000000 Z
+dependencies: []
+description: "`openid_config_parser` is a lightweight, zero-dependency Ruby gem that
+  fetches and parses OpenID Connect configuration data from any specified endpoint
+  URL. It provides built-in caching, retries, OIDC field validation, and configurable
+  timeouts."
 email:
 - slmusayev@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".rubocop.yml"
+- ".standard.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - LICENSE.txt
@@ -67,9 +52,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
-summary: Fetch data from OpenID Connect (OIDC) configuration endpoint and parse it
-  as a Hash object
+summary: Fetch and parse OpenID Connect configuration endpoints
 test_files: []

data/.rubocop.yml

@@ -1,28 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.7
-
-Style/StringLiterals:
-  Enabled: true
-  EnforcedStyle: double_quotes
-
-Style/StringLiteralsInInterpolation:
-  Enabled: true
-  EnforcedStyle: double_quotes
-
-Layout/LineLength:
-  Max: 120
-
-Metrics/ClassLength:
-  Max: 200
-
-Metrics/MethodLength:
-  Max: 20
-
-Metrics/AbcSize:
-  Max: 35
-
-Metrics/Metrics/CyclomaticComplexity:
-  Max: 10
-
-Metrics/PerceivedComplexity:
-  Max: 10