openid_connect 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. data/Gemfile.lock +7 -7
  2. data/VERSION +1 -1
  3. data/lib/openid_connect.rb +1 -0
  4. data/lib/openid_connect/access_token.rb +7 -6
  5. data/lib/openid_connect/client.rb +8 -0
  6. data/lib/openid_connect/response_object.rb +5 -1
  7. data/lib/openid_connect/response_object/id_token.rb +4 -8
  8. data/spec/openid_connect/response_object/id_token_spec.rb +1 -1
  9. data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +12 -2
  10. data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +12 -14
  11. metadata +1 -1
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- openid_connect (0.0.2)
4
+ openid_connect (0.0.3)
5
5
  activemodel (>= 3)
6
6
  attr_required (>= 0.0.3)
7
7
  json (>= 1.4.3)
@@ -14,16 +14,16 @@ PATH
14
14
  GEM
15
15
  remote: http://rubygems.org/
16
16
  specs:
17
- activemodel (3.0.9)
18
- activesupport (= 3.0.9)
17
+ activemodel (3.0.5)
18
+ activesupport (= 3.0.5)
19
19
  builder (~> 2.1.2)
20
- i18n (~> 0.5.0)
21
- activesupport (3.0.9)
20
+ i18n (~> 0.4)
21
+ activesupport (3.0.5)
22
22
  attr_required (0.0.3)
23
23
  builder (2.1.2)
24
24
  diff-lcs (1.1.2)
25
25
  httpclient (2.2.1)
26
- i18n (0.5.0)
26
+ i18n (0.6.0)
27
27
  json (1.5.3)
28
28
  jwt (0.1.3)
29
29
  json (>= 1.2.4)
@@ -34,7 +34,7 @@ GEM
34
34
  mime-types (1.16)
35
35
  polyglot (0.3.2)
36
36
  rack (1.3.2)
37
- rack-oauth2 (0.9.1)
37
+ rack-oauth2 (0.9.2)
38
38
  activesupport (>= 2.3)
39
39
  attr_required (>= 0.0.3)
40
40
  httpclient (>= 2.2.0.2)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.3
1
+ 0.0.4
data/lib/openid_connect.rb CHANGED
@@ -3,6 +3,7 @@ require 'rack/oauth2'
3
3
  require 'rack/oauth2/server/authorize/extension/id_token'
4
4
  require 'rack/oauth2/server/authorize/extension/id_token_and_token'
5
5
 
6
+ require 'openid_connect/exception'
6
7
  require 'openid_connect/client'
7
8
  require 'openid_connect/access_token'
8
9
  require 'openid_connect/response_object'
data/lib/openid_connect/access_token.rb CHANGED
@@ -5,25 +5,26 @@ module OpenIDConnect
5
5
  def user_info!(scheme = :openid)
6
6
  klass = case scheme
7
7
  when :openid
8
- UserInfo::OpenID
8
+ ResponseObject::UserInfo::OpenID
9
9
  else
10
10
  raise "Unknown Scheme: #{scheme}"
11
11
  end
12
- klass.new resource_request do
13
- get absolute_uri_for(user_info_endpoint)
12
+ hash = resource_request do
13
+ get client.user_info_uri
14
14
  end
15
+ klass.new hash
15
16
  end
16
17
 
17
18
  def id_token!
18
- IdToken.new resource_request do
19
- get absolute_uri_for(introspection_endpoint)
19
+ hash = resource_request do
20
+ get client.introspection_uri
20
21
  end
22
+ ResponseObject::IdToken.new hash
21
23
  end
22
24
 
23
25
  private
24
26
 
25
27
  def resource_request
26
- access_token_requied!
27
28
  res = yield
28
29
  case res.status
29
30
  when 200
data/lib/openid_connect/client.rb CHANGED
@@ -22,6 +22,14 @@ module OpenIDConnect
22
22
  AccessToken.new token.token_response.merge(:client => self)
23
23
  end
24
24
 
25
+ def introspection_uri
26
+ absolute_uri_for introspection_endpoint
27
+ end
28
+
29
+ def user_info_uri
30
+ absolute_uri_for user_info_endpoint
31
+ end
32
+
25
33
  private
26
34
 
27
35
  def setup_required_scope(scopes)
data/lib/openid_connect/response_object.rb CHANGED
@@ -20,6 +20,10 @@ module OpenIDConnect
20
20
  required_attributes + optional_attributes
21
21
  end
22
22
 
23
+ def hidden_attributes
24
+ nil
25
+ end
26
+
23
27
  def require_at_least_one_attributes
24
28
  all_blank = all_attriutes.all? do |key|
25
29
  self.send(key).blank?
@@ -28,7 +32,7 @@ module OpenIDConnect
28
32
  end
29
33
 
30
34
  def as_json(options = {})
31
- all_attriutes.inject({}) do |hash, _attr_|
35
+ (all_attriutes - Array(hidden_attributes)).inject({}) do |hash, _attr_|
32
36
  hash.merge! _attr_ => self.send(_attr_)
33
37
  end.delete_if do |key, value|
34
38
  value.nil?
data/lib/openid_connect/response_object/id_token.rb CHANGED
@@ -3,15 +3,11 @@ require 'jwt'
3
3
  module OpenIDConnect
4
4
  class ResponseObject
5
5
  class IdToken < ResponseObject
6
- attr_required :iss, :user_id, :aud, :exp, :secret
7
- attr_optional :iso29115, :nonce, :issued_to
6
+ attr_required :iss, :user_id, :aud, :exp
7
+ attr_optional :iso29115, :nonce, :issued_to, :secret
8
8
 
9
- def as_json
10
- (required_attributes + optional_attributes - [:secret]).inject({}) do |hash, key|
11
- hash.merge! key => self.send(key)
12
- end.delete_if do |key, value|
13
- value.nil?
14
- end
9
+ def hidden_attributes
10
+ :secret
15
11
  end
16
12
 
17
13
  def to_jwt
data/spec/openid_connect/response_object/id_token_spec.rb CHANGED
@@ -6,6 +6,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
6
6
  describe 'attributes' do
7
7
  subject { klass }
8
8
  its(:required_attributes) { should == [:iss, :user_id, :aud, :exp] }
9
- its(:optional_attributes) { should == [:iso29115, :nonce, :issued_to] }
9
+ its(:optional_attributes) { should == [:iso29115, :nonce, :issued_to, :secret] }
10
10
  end
11
11
  end
data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb CHANGED
@@ -7,6 +7,15 @@ describe Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken do
7
7
  let(:response) do
8
8
  request.get("/?response_type=id_token%20token&client_id=client&redirect_uri=#{redirect_uri}")
9
9
  end
10
+ let(:id_token) do
11
+ OpenIDConnect::ResponseObject::IdToken.new(
12
+ :iss => 'iss',
13
+ :user_id => 'user_id',
14
+ :aud => 'aud',
15
+ :exp => 10.minutes.from_now,
16
+ :secret => 'secret'
17
+ )
18
+ end
10
19
 
11
20
  context "when approved" do
12
21
  subject { response }
@@ -15,11 +24,12 @@ describe Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken do
15
24
  Rack::OAuth2::Server::Authorize.new do |request, response|
16
25
  response.redirect_uri = redirect_uri
17
26
  response.access_token = bearer_token
27
+ response.id_token = id_token
18
28
  response.approve!
19
29
  end
20
30
  end
21
31
  its(:status) { should == 302 }
22
- its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
32
+ its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&id_token=#{id_token.to_jwt}&token_type=bearer" }
23
33
 
24
34
  context 'when refresh_token is given' do
25
35
  let :bearer_token do
@@ -28,7 +38,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken do
28
38
  :refresh_token => 'refresh'
29
39
  )
30
40
  end
31
- its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
41
+ its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&id_token=#{id_token.to_jwt}&token_type=bearer" }
32
42
  end
33
43
  end
34
44
 
data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb CHANGED
@@ -3,33 +3,31 @@ require 'spec_helper'
3
3
  describe Rack::OAuth2::Server::Authorize::Extension::IdToken do
4
4
  let(:request) { Rack::MockRequest.new app }
5
5
  let(:redirect_uri) { 'http://client.example.com/callback' }
6
- let(:access_token) { 'access_token' }
7
6
  let(:response) do
8
7
  request.get("/?response_type=id_token&client_id=client&redirect_uri=#{redirect_uri}")
9
8
  end
9
+ let(:id_token) do
10
+ OpenIDConnect::ResponseObject::IdToken.new(
11
+ :iss => 'iss',
12
+ :user_id => 'user_id',
13
+ :aud => 'aud',
14
+ :exp => 10.minutes.from_now,
15
+ :secret => 'secret'
16
+ )
17
+ end
10
18
 
11
19
  context "when approved" do
12
20
  subject { response }
13
- let(:bearer_token) { Rack::OAuth2::AccessToken::Bearer.new(:access_token => access_token) }
21
+
14
22
  let :app do
15
23
  Rack::OAuth2::Server::Authorize.new do |request, response|
16
24
  response.redirect_uri = redirect_uri
17
- response.access_token = bearer_token
25
+ response.id_token = id_token
18
26
  response.approve!
19
27
  end
20
28
  end
21
29
  its(:status) { should == 302 }
22
- its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
23
-
24
- context 'when refresh_token is given' do
25
- let :bearer_token do
26
- Rack::OAuth2::AccessToken::Bearer.new(
27
- :access_token => access_token,
28
- :refresh_token => 'refresh'
29
- )
30
- end
31
- its(:location) { should == "#{redirect_uri}#access_token=#{access_token}&token_type=bearer" }
32
- end
30
+ its(:location) { should == "#{redirect_uri}#id_token=#{id_token.to_jwt}" }
33
31
  end
34
32
 
35
33
  context 'when denied' do
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.0.3
5
+ version: 0.0.4
6
6
  platform: ruby
7
7
  authors:
8
8
  - nov matake