openid_connect 0.0.8 → 0.0.9
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +8 -8
- data/VERSION +1 -1
- data/lib/openid_connect/access_token.rb +0 -9
- data/lib/openid_connect/client.rb +3 -0
- data/lib/openid_connect.rb +1 -1
- data/lib/rack/oauth2/id_token_support.rb +42 -0
- data/spec/mock_response/access_token/bearer_with_id_token.json +7 -0
- data/spec/openid_connect/access_token_spec.rb +50 -30
- data/spec/openid_connect/client_spec.rb +14 -4
- metadata +4 -2
- data/lib/rack/oauth2/server/id_token_support.rb +0 -21
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
openid_connect (0.0.
|
|
4
|
+
openid_connect (0.0.8)
|
|
5
5
|
activemodel (>= 3)
|
|
6
6
|
attr_required (>= 0.0.3)
|
|
7
7
|
json (>= 1.4.3)
|
|
@@ -14,18 +14,18 @@ PATH
|
|
|
14
14
|
GEM
|
|
15
15
|
remote: http://rubygems.org/
|
|
16
16
|
specs:
|
|
17
|
-
activemodel (3.0.
|
|
18
|
-
activesupport (= 3.0.
|
|
17
|
+
activemodel (3.0.10)
|
|
18
|
+
activesupport (= 3.0.10)
|
|
19
19
|
builder (~> 2.1.2)
|
|
20
|
-
i18n (~> 0.
|
|
21
|
-
activesupport (3.0.
|
|
20
|
+
i18n (~> 0.5.0)
|
|
21
|
+
activesupport (3.0.10)
|
|
22
22
|
addressable (2.2.6)
|
|
23
23
|
attr_required (0.0.3)
|
|
24
24
|
builder (2.1.2)
|
|
25
25
|
crack (0.1.8)
|
|
26
26
|
diff-lcs (1.1.2)
|
|
27
27
|
httpclient (2.2.1)
|
|
28
|
-
i18n (0.
|
|
28
|
+
i18n (0.5.0)
|
|
29
29
|
json (1.5.3)
|
|
30
30
|
jwt (0.1.3)
|
|
31
31
|
json (>= 1.2.4)
|
|
@@ -62,8 +62,8 @@ GEM
|
|
|
62
62
|
mail (>= 2.2.5)
|
|
63
63
|
validate_url (0.2.0)
|
|
64
64
|
activemodel (>= 3.0.0)
|
|
65
|
-
webmock (1.
|
|
66
|
-
addressable (
|
|
65
|
+
webmock (1.7.2)
|
|
66
|
+
addressable (~> 2.2, > 2.2.5)
|
|
67
67
|
crack (>= 0.1.7)
|
|
68
68
|
|
|
69
69
|
PLATFORMS
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.9
|
|
@@ -14,15 +14,6 @@ module OpenIDConnect
|
|
|
14
14
|
ResponseObject::UserInfo::OpenID.new hash
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
-
def id_token!
|
|
18
|
-
hash = resource_request do
|
|
19
|
-
get client.introspection_uri
|
|
20
|
-
end
|
|
21
|
-
id_token = ResponseObject::IdToken.new hash
|
|
22
|
-
id_token.verify! client.identifier
|
|
23
|
-
id_token
|
|
24
|
-
end
|
|
25
|
-
|
|
26
17
|
private
|
|
27
18
|
|
|
28
19
|
def resource_request
|
data/lib/openid_connect.rb
CHANGED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Rack::OAuth2
|
|
2
|
+
module IdTokenSupport
|
|
3
|
+
def self.included(klass)
|
|
4
|
+
klass.send :attr_optional, :id_token
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
module AccessTokenExt
|
|
8
|
+
def self.included(klass)
|
|
9
|
+
klass.send :include, IdTokenSupport
|
|
10
|
+
klass.class_eval do
|
|
11
|
+
def token_response_with_id_token(options = {})
|
|
12
|
+
token_response_without_id_token.merge(
|
|
13
|
+
:id_token => if id_token.respond_to?(:to_jwt)
|
|
14
|
+
id_token.to_jwt
|
|
15
|
+
else
|
|
16
|
+
id_token
|
|
17
|
+
end
|
|
18
|
+
)
|
|
19
|
+
end
|
|
20
|
+
alias_method_chain :token_response, :id_token
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
AccessToken::Bearer.send :include, IdTokenSupport, AccessTokenExt
|
|
25
|
+
|
|
26
|
+
module ServerResponseExt
|
|
27
|
+
def self.included(klass)
|
|
28
|
+
klass.send :include, IdTokenSupport
|
|
29
|
+
klass.class_eval do
|
|
30
|
+
def protocol_params_with_id_token
|
|
31
|
+
protocol_params_without_id_token.merge(
|
|
32
|
+
:id_token => id_token.try(:to_jwt)
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
alias_method_chain :protocol_params, :id_token
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
Server::Token::Response.send :include, ServerResponseExt
|
|
40
|
+
Server::Authorize::Token::Response.send :include, ServerResponseExt
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -1,25 +1,68 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe OpenIDConnect::AccessToken do
|
|
4
|
-
subject {
|
|
4
|
+
subject { access_token }
|
|
5
5
|
let :client do
|
|
6
6
|
OpenIDConnect::Client.new(
|
|
7
7
|
:identifier => 'client_id',
|
|
8
8
|
:host => 'server.example.com'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
|
-
let :
|
|
11
|
+
let :access_token do
|
|
12
12
|
OpenIDConnect::AccessToken.new(
|
|
13
13
|
:access_token => 'access_token',
|
|
14
14
|
:client => client
|
|
15
15
|
)
|
|
16
16
|
end
|
|
17
|
+
|
|
17
18
|
its(:token_type) { should == :bearer }
|
|
19
|
+
its(:optional_attributes) { should include :id_token }
|
|
20
|
+
|
|
21
|
+
context 'when id_token is given' do
|
|
22
|
+
subject { access_token }
|
|
23
|
+
let :access_token do
|
|
24
|
+
OpenIDConnect::AccessToken.new(
|
|
25
|
+
:access_token => 'access_token',
|
|
26
|
+
:id_token => id_token,
|
|
27
|
+
:client => client
|
|
28
|
+
)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context 'when IdToken object' do
|
|
32
|
+
let :id_token do
|
|
33
|
+
OpenIDConnect::ResponseObject::IdToken.new(
|
|
34
|
+
:iss => 'https://server.example.com',
|
|
35
|
+
:user_id => 'user_id',
|
|
36
|
+
:aud => 'client_id',
|
|
37
|
+
:exp => 1313424327,
|
|
38
|
+
:secret => 'secret'
|
|
39
|
+
)
|
|
40
|
+
end
|
|
41
|
+
its(:id_token) { should be_a OpenIDConnect::ResponseObject::IdToken }
|
|
42
|
+
describe '#token_response' do
|
|
43
|
+
let(:token_response) { access_token.token_response }
|
|
44
|
+
it 'should stringfy it' do
|
|
45
|
+
token_response[:id_token].should be_a String
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
context 'when JWT string' do
|
|
51
|
+
let(:id_token) { 'id_token' }
|
|
52
|
+
its(:id_token) { should == 'id_token' }
|
|
53
|
+
describe '#token_response' do
|
|
54
|
+
let(:token_response) { access_token.token_response }
|
|
55
|
+
it 'should keep it as is' do
|
|
56
|
+
token_response[:id_token].should == 'id_token'
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
18
61
|
|
|
19
62
|
describe '#user_info!' do
|
|
20
63
|
it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
|
|
21
64
|
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
22
|
-
|
|
65
|
+
access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
|
|
23
66
|
end
|
|
24
67
|
end
|
|
25
68
|
|
|
@@ -27,7 +70,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
27
70
|
context 'when bad_request' do
|
|
28
71
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
29
72
|
mock_json :get, client.user_info_uri, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 400 do
|
|
30
|
-
expect {
|
|
73
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::BadRequest
|
|
31
74
|
end
|
|
32
75
|
end
|
|
33
76
|
end
|
|
@@ -35,7 +78,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
35
78
|
context 'when unauthorized' do
|
|
36
79
|
it 'should raise OpenIDConnect::Unauthorized' do
|
|
37
80
|
mock_json :get, client.user_info_uri, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 401 do
|
|
38
|
-
expect {
|
|
81
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::Unauthorized
|
|
39
82
|
end
|
|
40
83
|
end
|
|
41
84
|
end
|
|
@@ -43,7 +86,7 @@ describe OpenIDConnect::AccessToken do
|
|
|
43
86
|
context 'when forbidden' do
|
|
44
87
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
45
88
|
mock_json :get, client.user_info_uri, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 403 do
|
|
46
|
-
expect {
|
|
89
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::Forbidden
|
|
47
90
|
end
|
|
48
91
|
end
|
|
49
92
|
end
|
|
@@ -51,33 +94,10 @@ describe OpenIDConnect::AccessToken do
|
|
|
51
94
|
context 'when unknown' do
|
|
52
95
|
it 'should raise OpenIDConnect::HttpError' do
|
|
53
96
|
mock_json :get, client.user_info_uri, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 500 do
|
|
54
|
-
expect {
|
|
97
|
+
expect { access_token.user_info! }.should raise_error OpenIDConnect::HttpError
|
|
55
98
|
end
|
|
56
99
|
end
|
|
57
100
|
end
|
|
58
101
|
end
|
|
59
102
|
end
|
|
60
|
-
|
|
61
|
-
describe '#id_token!' do
|
|
62
|
-
it 'should return OpenIDConnect::ResponseObject::IdToken' do
|
|
63
|
-
mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
64
|
-
token.id_token!.should be_a OpenIDConnect::ResponseObject::IdToken
|
|
65
|
-
end
|
|
66
|
-
end
|
|
67
|
-
|
|
68
|
-
context 'when invalid client is given' do
|
|
69
|
-
let :client do
|
|
70
|
-
OpenIDConnect::Client.new(
|
|
71
|
-
:identifier => 'invalid_client',
|
|
72
|
-
:host => 'server.example.com'
|
|
73
|
-
)
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
it 'should raise OpenIDConnect::ResponseObject::IdToken::InvalidToken' do
|
|
77
|
-
mock_json :get, client.introspection_uri, 'id_token', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
|
78
|
-
expect { token.id_token! }.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
|
79
|
-
end
|
|
80
|
-
end
|
|
81
|
-
end
|
|
82
|
-
end
|
|
83
103
|
end
|
|
@@ -80,12 +80,23 @@ describe OpenIDConnect::Client do
|
|
|
80
80
|
:code => 'code'
|
|
81
81
|
}
|
|
82
82
|
end
|
|
83
|
+
let :access_token do
|
|
84
|
+
client.authorization_code = 'code'
|
|
85
|
+
client.access_token!
|
|
86
|
+
end
|
|
83
87
|
|
|
84
88
|
context 'when bearer token is returned' do
|
|
85
89
|
it 'should return OpenIDConnect::AccessToken' do
|
|
86
90
|
mock_json :post, client.token_endpoint, 'access_token/bearer', :params => protocol_params do
|
|
87
|
-
|
|
88
|
-
|
|
91
|
+
access_token.should be_a OpenIDConnect::AccessToken
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
context 'when id_token is returned' do
|
|
96
|
+
it 'should include id_token' do
|
|
97
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', :params => protocol_params do
|
|
98
|
+
access_token.id_token.should == 'id_token'
|
|
99
|
+
end
|
|
89
100
|
end
|
|
90
101
|
end
|
|
91
102
|
end
|
|
@@ -93,8 +104,7 @@ describe OpenIDConnect::Client do
|
|
|
93
104
|
context 'otherwise' do
|
|
94
105
|
it 'should raise Unexpected Token Type exception' do
|
|
95
106
|
mock_json :post, client.token_endpoint, 'access_token/mac', :params => protocol_params do
|
|
96
|
-
|
|
97
|
-
expect { client.access_token! }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
107
|
+
expect { access_token }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
98
108
|
end
|
|
99
109
|
end
|
|
100
110
|
end
|
metadata
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease:
|
|
5
|
-
version: 0.0.
|
|
5
|
+
version: 0.0.9
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
8
8
|
- nov matake
|
|
@@ -171,10 +171,11 @@ files:
|
|
|
171
171
|
- lib/openid_connect/response_object/user_info.rb
|
|
172
172
|
- lib/openid_connect/response_object/user_info/open_id.rb
|
|
173
173
|
- lib/openid_connect/response_object/user_info/open_id/address.rb
|
|
174
|
-
- lib/rack/oauth2/
|
|
174
|
+
- lib/rack/oauth2/id_token_support.rb
|
|
175
175
|
- openid_connect.gemspec
|
|
176
176
|
- spec/helpers/webmock_helper.rb
|
|
177
177
|
- spec/mock_response/access_token/bearer.json
|
|
178
|
+
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
178
179
|
- spec/mock_response/access_token/mac.json
|
|
179
180
|
- spec/mock_response/errors/insufficient_scope.json
|
|
180
181
|
- spec/mock_response/errors/invalid_access_token.json
|
|
@@ -224,6 +225,7 @@ summary: OpenID Connect Server & Client Library
|
|
|
224
225
|
test_files:
|
|
225
226
|
- spec/helpers/webmock_helper.rb
|
|
226
227
|
- spec/mock_response/access_token/bearer.json
|
|
228
|
+
- spec/mock_response/access_token/bearer_with_id_token.json
|
|
227
229
|
- spec/mock_response/access_token/mac.json
|
|
228
230
|
- spec/mock_response/errors/insufficient_scope.json
|
|
229
231
|
- spec/mock_response/errors/invalid_access_token.json
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
module IdTokenSupport
|
|
2
|
-
def self.included(klass)
|
|
3
|
-
klass.send :attr_optional, :id_token
|
|
4
|
-
klass.class_eval do
|
|
5
|
-
def protocol_params_with_id_token
|
|
6
|
-
protocol_params_without_id_token.merge(
|
|
7
|
-
:id_token => id_token.try(:to_jwt)
|
|
8
|
-
)
|
|
9
|
-
end
|
|
10
|
-
alias_method_chain :protocol_params, :id_token
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
class Rack::OAuth2::Server::Token::Response
|
|
16
|
-
include TokenWithIdToken
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
class Rack::OAuth2::Server::Authorize::Token::Response
|
|
20
|
-
include TokenWithIdToken
|
|
21
|
-
end
|