openid_connect 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. data/Gemfile.lock +6 -6
  2. data/VERSION +1 -1
  3. data/lib/openid_connect/access_token.rb +3 -1
  4. data/lib/openid_connect/response_object/id_token.rb +8 -0
  5. data/spec/mock_response/id_token.json +2 -2
  6. data/spec/openid_connect/access_token_spec.rb +15 -0
  7. data/spec/openid_connect/response_object/id_token_spec.rb +13 -1
  8. metadata +1 -1
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- openid_connect (0.0.4)
4
+ openid_connect (0.0.5)
5
5
  activemodel (>= 3)
6
6
  attr_required (>= 0.0.3)
7
7
  json (>= 1.4.3)
@@ -14,18 +14,18 @@ PATH
14
14
  GEM
15
15
  remote: http://rubygems.org/
16
16
  specs:
17
- activemodel (3.0.9)
18
- activesupport (= 3.0.9)
17
+ activemodel (3.0.5)
18
+ activesupport (= 3.0.5)
19
19
  builder (~> 2.1.2)
20
- i18n (~> 0.5.0)
21
- activesupport (3.0.9)
20
+ i18n (~> 0.4)
21
+ activesupport (3.0.5)
22
22
  addressable (2.2.6)
23
23
  attr_required (0.0.3)
24
24
  builder (2.1.2)
25
25
  crack (0.1.8)
26
26
  diff-lcs (1.1.2)
27
27
  httpclient (2.2.1)
28
- i18n (0.5.0)
28
+ i18n (0.6.0)
29
29
  json (1.5.3)
30
30
  jwt (0.1.3)
31
31
  json (>= 1.2.4)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.5
1
+ 0.0.6
data/lib/openid_connect/access_token.rb CHANGED
@@ -18,7 +18,9 @@ module OpenIDConnect
18
18
  hash = resource_request do
19
19
  get client.introspection_uri
20
20
  end
21
- ResponseObject::IdToken.new hash
21
+ id_token = ResponseObject::IdToken.new hash
22
+ id_token.verify! client.identifier
23
+ id_token
22
24
  end
23
25
 
24
26
  private
data/lib/openid_connect/response_object/id_token.rb CHANGED
@@ -3,9 +3,17 @@ require 'jwt'
3
3
  module OpenIDConnect
4
4
  class ResponseObject
5
5
  class IdToken < ResponseObject
6
+ class InvalidToken < Exception; end
7
+
6
8
  attr_required :iss, :user_id, :aud, :exp
7
9
  attr_optional :iso29115, :nonce, :issued_to, :secret
8
10
 
11
+ def verify!(client_id)
12
+ aud == client_id or
13
+ issued_to == client_id or
14
+ raise InvalidToken.new('Invalid audience or issued_to')
15
+ end
16
+
9
17
  def to_jwt
10
18
  raise Exception.new('Secret Required') unless secret
11
19
  JWT.encode as_json, secret
data/spec/mock_response/id_token.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "iss": "http://server.example.com",
3
- "client_id": "http://client.example.com",
4
- "aud": "http://client.example.com",
3
+ "aud": "client_id",
4
+ "issued_to": "http://client.example.com",
5
5
  "user_id": "user_328723",
6
6
  "exp": 1303852880
7
7
  }
data/spec/openid_connect/access_token_spec.rb CHANGED
@@ -64,5 +64,20 @@ describe OpenIDConnect::AccessToken do
64
64
  token.id_token!.should be_a OpenIDConnect::ResponseObject::IdToken
65
65
  end
66
66
  end
67
+
68
+ context 'when invalid client is given' do
69
+ let :client do
70
+ OpenIDConnect::Client.new(
71
+ :identifier => 'invalid_client',
72
+ :host => 'server.example.com'
73
+ )
74
+ end
75
+
76
+ it 'should raise OpenIDConnect::ResponseObject::IdToken::InvalidToken' do
77
+ mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
78
+ expect { token.id_token! }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
79
+ end
80
+ end
81
+ end
67
82
  end
68
83
  end
data/spec/openid_connect/response_object/id_token_spec.rb CHANGED
@@ -3,6 +3,7 @@ require 'spec_helper'
3
3
  describe OpenIDConnect::ResponseObject::IdToken do
4
4
  let(:klass) { OpenIDConnect::ResponseObject::IdToken }
5
5
  let(:id_token) { klass.new attributes }
6
+ let(:attributes) { required_attributes }
6
7
  let :required_attributes do
7
8
  {
8
9
  :iss => 'https://server.example.com',
@@ -18,6 +19,18 @@ describe OpenIDConnect::ResponseObject::IdToken do
18
19
  its(:optional_attributes) { should == [:iso29115, :nonce, :issued_to, :secret] }
19
20
  end
20
21
 
22
+ describe '#verify!' do
23
+ context 'when valid client_id is given' do
24
+ it { id_token.verify!('client_id').should be_true }
25
+ end
26
+
27
+ context 'otherwise' do
28
+ it do
29
+ expect { id_token.verify! 'invalid_client' }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
30
+ end
31
+ end
32
+ end
33
+
21
34
  describe '#to_jwt' do
22
35
  subject { id_token.to_jwt }
23
36
 
@@ -27,7 +40,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
27
40
  end
28
41
 
29
42
  context 'otherwise' do
30
- let(:attributes) { required_attributes }
31
43
  it do
32
44
  expect { id_token.to_jwt }.should raise_error OpenIDConnect::Exception, 'Secret Required'
33
45
  end
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.0.5
5
+ version: 0.0.6
6
6
  platform: ruby
7
7
  authors:
8
8
  - nov matake