openid_connect 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile.lock +8 -8
- data/VERSION +1 -1
- data/lib/openid_connect/access_token.rb +0 -9
- data/lib/openid_connect/client.rb +3 -0
- data/lib/openid_connect.rb +1 -1
- data/lib/rack/oauth2/id_token_support.rb +42 -0
- data/spec/mock_response/access_token/bearer_with_id_token.json +7 -0
- data/spec/openid_connect/access_token_spec.rb +50 -30
- data/spec/openid_connect/client_spec.rb +14 -4
- metadata +4 -2
- data/lib/rack/oauth2/server/id_token_support.rb +0 -21
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
openid_connect (0.0.
|
|
4
|
+
openid_connect (0.0.8)
|
|
5
5
|
activemodel (>= 3)
|
|
6
6
|
attr_required (>= 0.0.3)
|
|
7
7
|
json (>= 1.4.3)
|
|
@@ -14,18 +14,18 @@ PATH
|
|
|
14
14
|
GEM
|
|
15
15
|
remote: http://rubygems.org/
|
|
16
16
|
specs:
|
|
17
|
-
activemodel (3.0.
|
|
18
|
-
activesupport (= 3.0.
|
|
17
|
+
activemodel (3.0.10)
|
|
18
|
+
activesupport (= 3.0.10)
|
|
19
19
|
builder (~> 2.1.2)
|
|
20
|
-
i18n (~> 0.
|
|
21
|
-
activesupport (3.0.
|
|
20
|
+
i18n (~> 0.5.0)
|
|
21
|
+
activesupport (3.0.10)
|
|
22
22
|
addressable (2.2.6)
|
|
23
23
|
attr_required (0.0.3)
|
|
24
24
|
builder (2.1.2)
|
|
25
25
|
crack (0.1.8)
|
|
26
26
|
diff-lcs (1.1.2)
|
|
27
27
|
httpclient (2.2.1)
|
|
28
|
-
i18n (0.
|
|
28
|
+
i18n (0.5.0)
|
|
29
29
|
json (1.5.3)
|
|
30
30
|
jwt (0.1.3)
|
|
31
31
|
json (>= 1.2.4)
|
|
@@ -62,8 +62,8 @@ GEM
|
|
|
62
62
|
mail (>= 2.2.5)
|
|
63
63
|
validate_url (0.2.0)
|
|
64
64
|
activemodel (>= 3.0.0)
|
|
65
|
-
webmock (1.
|
|
66
|
-
addressable (
|
|
65
|
+
webmock (1.7.2)
|
|
66
|
+
addressable (~> 2.2, > 2.2.5)
|
|
67
67
|
crack (>= 0.1.7)
|
|
68
68
|
|
|
69
69
|
PLATFORMS
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.9
|
|
@@ -14,15 +14,6 @@ module OpenIDConnect
|
|
|
14
14
|
ResponseObject::UserInfo::OpenID.new hash
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def id_token!
|
|
18
|
-
hash = resource_request do
|
|
19
|
-
get client.introspection_uri
|
|
20
|
-
end
|
|
21
|
-
id_token = ResponseObject::IdToken.new hash
|
|
22
|
-
id_token.verify! client.identifier
|
|
23
|
-
id_token
|
|
24
|
-
end
|
|
25
|
-
|
|
26
17
|
private
|
|
27
18
|
|
|
28
19
|
def resource_request
|
data/lib/openid_connect.rb
CHANGED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Rack::OAuth2
|
|
2
|
+
module IdTokenSupport
|
|
3
|
+
def self.included(klass)
|
|
4
|
+
klass.send :attr_optional, :id_token
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
module AccessTokenExt
|
|
8
|
+
def self.included(klass)
|
|
9
|
+
klass.send :include, IdTokenSupport
|
|
10
|
+
klass.class_eval do
|
|
11
|
+
def token_response_with_id_token(options = {})
|
|
12
|
+
token_response_without_id_token.merge(
|
|
13
|
+
:id_token => if id_token.respond_to?(:to_jwt)
|
|
14
|
+
id_token.to_jwt
|
|
15
|
+
else
|
|
16
|
+
id_token
|
|
17
|
+
end
|
|
18
|
+
)
|
|
19
|
+
end
|
|
20
|
+
alias_method_chain :token_response, :id_token
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
AccessToken::Bearer.send :include, IdTokenSupport, AccessTokenExt
|
|
25
|
+
|
|
26
|
+
module ServerResponseExt
|
|
27
|
+
def self.included(klass)
|
|
28
|
+
klass.send :include, IdTokenSupport
|
|
29
|
+
klass.class_eval do
|
|
30
|
+
def protocol_params_with_id_token
|
|
31
|
+
protocol_params_without_id_token.merge(
|
|
32
|
+
:id_token => id_token.try(:to_jwt)
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
alias_method_chain :protocol_params, :id_token
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
Server::Token::Response.send :include, ServerResponseExt
|
|
40
|
+
Server::Authorize::Token::Response.send :include, ServerResponseExt
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -1,25 +1,68 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe OpenIDConnect::AccessToken do
|
|
4
|
-
subject {
|
|
4
|
+
subject { access_token }
|
|
5
5
|
let :client do
|
|
6
6
|
OpenIDConnect::Client.new(
|
|
7
7
|
:identifier => 'client_id',
|
|
8
8
|
:host => 'server.example.com'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
|
-
let :
|
|
11
|
+
let :access_token do
|
|
12
12
|
OpenIDConnect::AccessToken.new(
|
|
13
13
|
:access_token => 'access_token',
|
|
14
14
|
:client => client
|
|
15
15
|
)
|
|
16
16
|
end
|
|
17
|
+
|
|
17
18
|
its(:token_type) { should == :bearer }
|
|
19
|
+
its(:optional_attributes) { should include :id_token }
|
|
20
|
+
|
|
21
|
+
context 'when id_token is given' do
|
|
22
|
+
subject { access_token }
|
|
23
|
+
let :access_token do
|
|
24
|
+
OpenIDConnect::AccessToken.new(
|
|
25
|
+
:access_token => 'access_token',
|
|
26
|
+
:id_token => id_token,
|
|
27
|
+
:client => client
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context 'when IdToken object' do
|
|
32
|
+
let :id_token do
|
|
33
|
+
OpenIDConnect::ResponseObject::IdToken.new(
|
|
34
|
+
:iss => 'https://server.example.com',
|
|
35
|
+
:user_id => 'user_id',
|
|
36
|
+
:aud => 'client_id',
|
|
37
|
+
:exp => 1313424327,
|
|
38
|
+
:secret => 'secret'
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
its(:id_token) { should be_a OpenIDConnect::ResponseObject::IdToken }
|
|
42
|
+
describe '#token_response' do
|
|
43
|
+
let(:token_response) { access_token.token_response }
|
|
44
|
+
it 'should stringfy it' do
|
|
45
|
+
token_response[:id_token].should be_a String
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
context 'when JWT string' do
|
|
51
|
+
let(:id_token) { 'id_token' }
|
|
52
|
+
its(:id_token) { should == 'id_token' }
|
|
53
|
+
describe '#token_response' do
|
|
54
|
+
let(:token_response) { access_token.token_response }
|
|
55
|
+
it 'should keep it as is' do
|
|
56
|
+
token_response[:id_token].should == 'id_token'
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
18
61
|
|
|
19
62
|
describe '#user_info!' do
|
|
20
63
|
it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
|
|
21
64
|
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
22
|
-
|
|
65
|
+
access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
|
|
23
66
|
end
|
|
24
67
|
end
|
|
25
68
|
|
|
@@ -27,7 +70,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
27
70
|
context 'when bad_request' do
|
|
28
71
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
29
72
|
mock_json :get, client.user_info_uri, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 400 do
|
|
30
|
-
expect {
|
|
73
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::BadRequest
|
|
31
74
|
end
|
|
32
75
|
end
|
|
33
76
|
end
|
|
@@ -35,7 +78,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
35
78
|
context 'when unauthorized' do
|
|
36
79
|
it 'should raise OpenIDConnect::Unauthorized' do
|
|
37
80
|
mock_json :get, client.user_info_uri, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 401 do
|
|
38
|
-
expect {
|
|
81
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::Unauthorized
|
|
39
82
|
end
|
|
40
83
|
end
|
|
41
84
|
end
|
|
@@ -43,7 +86,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
43
86
|
context 'when forbidden' do
|
|
44
87
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
45
88
|
mock_json :get, client.user_info_uri, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 403 do
|
|
46
|
-
expect {
|
|
89
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::Forbidden
|
|
47
90
|
end
|
|
48
91
|
end
|
|
49
92
|
end
|
|
@@ -51,33 +94,10 @@ describe OpenIDConnect::AccessToken do
|
|
|
51
94
|
context 'when unknown' do
|
|
52
95
|
it 'should raise OpenIDConnect::HttpError' do
|
|
53
96
|
mock_json :get, client.user_info_uri, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 500 do
|
|
54
|
-
expect {
|
|
97
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::HttpError
|
|
55
98
|
end
|
|
56
99
|
end
|
|
57
100
|
end
|
|
58
101
|
end
|
|
59
102
|
end
|
|
60
|
-
|
|
61
|
-
describe '#id_token!' do
|
|
62
|
-
it 'should return OpenIDConnect::ResponseObject::IdToken' do
|
|
63
|
-
mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
64
|
-
token.id_token!.should be_a OpenIDConnect::ResponseObject::IdToken
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
context 'when invalid client is given' do
|
|
69
|
-
let :client do
|
|
70
|
-
OpenIDConnect::Client.new(
|
|
71
|
-
:identifier => 'invalid_client',
|
|
72
|
-
:host => 'server.example.com'
|
|
73
|
-
)
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
it 'should raise OpenIDConnect::ResponseObject::IdToken::InvalidToken' do
|
|
77
|
-
mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
78
|
-
expect { token.id_token! }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
79
|
-
end
|
|
80
|
-
end
|
|
81
|
-
end
|
|
82
|
-
end
|
|
83
103
|
end
|
|
@@ -80,12 +80,23 @@ describe OpenIDConnect::Client do
|
|
|
80
80
|
:code => 'code'
|
|
81
81
|
}
|
|
82
82
|
end
|
|
83
|
+
let :access_token do
|
|
84
|
+
client.authorization_code = 'code'
|
|
85
|
+
client.access_token!
|
|
86
|
+
end
|
|
83
87
|
|
|
84
88
|
context 'when bearer token is returned' do
|
|
85
89
|
it 'should return OpenIDConnect::AccessToken' do
|
|
86
90
|
mock_json :post, client.token_endpoint, 'access_token/bearer', :params => protocol_params do
|
|
87
|
-
|
|
88
|
-
|
|
91
|
+
access_token.should be_a OpenIDConnect::AccessToken
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
context 'when id_token is returned' do
|
|
96
|
+
it 'should include id_token' do
|
|
97
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', :params => protocol_params do
|
|
98
|
+
access_token.id_token.should == 'id_token'
|
|
99
|
+
end
|
|
89
100
|
end
|
|
90
101
|
end
|
|
91
102
|
end
|
|
@@ -93,8 +104,7 @@ describe OpenIDConnect::Client do
|
|
|
93
104
|
context 'otherwise' do
|
|
94
105
|
it 'should raise Unexpected Token Type exception' do
|
|
95
106
|
mock_json :post, client.token_endpoint, 'access_token/mac', :params => protocol_params do
|
|
96
|
-
|
|
97
|
-
expect { client.access_token! }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
107
|
+
expect { access_token }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
98
108
|
end
|
|
99
109
|
end
|
|
100
110
|
end
|
metadata
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.0.
|
|
5
|
+
version: 0.0.9
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- nov matake
|
|
@@ -171,10 +171,11 @@ files:
|
|
|
171
171
|
- lib/openid_connect/response_object/user_info.rb
|
|
172
172
|
- lib/openid_connect/response_object/user_info/open_id.rb
|
|
173
173
|
- lib/openid_connect/response_object/user_info/open_id/address.rb
|
|
174
|
-
- lib/rack/oauth2/
|
|
174
|
+
- lib/rack/oauth2/id_token_support.rb
|
|
175
175
|
- openid_connect.gemspec
|
|
176
176
|
- spec/helpers/webmock_helper.rb
|
|
177
177
|
- spec/mock_response/access_token/bearer.json
|
|
178
|
+
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
178
179
|
- spec/mock_response/access_token/mac.json
|
|
179
180
|
- spec/mock_response/errors/insufficient_scope.json
|
|
180
181
|
- spec/mock_response/errors/invalid_access_token.json
|
|
@@ -224,6 +225,7 @@ summary: OpenID Connect Server & Client Library
|
|
|
224
225
|
test_files:
|
|
225
226
|
- spec/helpers/webmock_helper.rb
|
|
226
227
|
- spec/mock_response/access_token/bearer.json
|
|
228
|
+
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
227
229
|
- spec/mock_response/access_token/mac.json
|
|
228
230
|
- spec/mock_response/errors/insufficient_scope.json
|
|
229
231
|
- spec/mock_response/errors/invalid_access_token.json
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
module IdTokenSupport
|
|
2
|
-
def self.included(klass)
|
|
3
|
-
klass.send :attr_optional, :id_token
|
|
4
|
-
klass.class_eval do
|
|
5
|
-
def protocol_params_with_id_token
|
|
6
|
-
protocol_params_without_id_token.merge(
|
|
7
|
-
:id_token => id_token.try(:to_jwt)
|
|
8
|
-
)
|
|
9
|
-
end
|
|
10
|
-
alias_method_chain :protocol_params, :id_token
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
class Rack::OAuth2::Server::Token::Response
|
|
16
|
-
include TokenWithIdToken
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
class Rack::OAuth2::Server::Authorize::Token::Response
|
|
20
|
-
include TokenWithIdToken
|
|
21
|
-
end
|