RubyGems - openid_connect - Versions diffs - 0.3.1 → 0.3.2 - Mend

openid_connect 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

data/Gemfile.lock CHANGED Viewed

@@ -1,11 +1,11 @@
 PATH
   remote: .
   specs:
-    openid_connect (0.3.0)
+    openid_connect (0.3.1)
       activemodel (>= 3)
       attr_required (>= 0.0.5)
       json (>= 1.4.3)
-      json-jwt (>= 0.0.3)
+      json-jwt (>= 0.3.0)
       rack-oauth2 (>= 0.14.2)
       swd (>= 0.1.2)
       tzinfo
@@ -15,16 +15,16 @@ PATH
 GEM
   remote: http://rubygems.org/
   specs:
-    activemodel (3.2.6)
-      activesupport (= 3.2.6)
+    activemodel (3.2.8)
+      activesupport (= 3.2.8)
       builder (~> 3.0.0)
-    activesupport (3.2.6)
+    activesupport (3.2.8)
       i18n (~> 0.6)
       multi_json (~> 1.0)
-    addressable (2.2.8)
+    addressable (2.3.2)
     attr_required (0.0.5)
     bouncy-castle-java (1.5.0146.1)
-    builder (3.0.0)
+    builder (3.0.3)
     configatron (2.9.1)
       yamler (>= 0.1.0)
     cover_me (1.2.0)
@@ -33,12 +33,13 @@ GEM
     crack (0.3.1)
     diff-lcs (1.1.3)
     hashie (1.2.0)
-    httpclient (2.2.5)
-    i18n (0.6.0)
+    httpclient (2.2.7)
+    i18n (0.6.1)
     jruby-openssl (0.7.7)
       bouncy-castle-java (>= 1.5.0146.1)
-    json (1.7.3)
-    json-jwt (0.1.0)
+    json (1.7.5)
+    json (1.7.5-java)
+    json-jwt (0.3.0)
       activesupport (>= 2.3)
       i18n
       json (>= 1.4.3)
@@ -51,22 +52,22 @@ GEM
     multi_json (1.3.6)
     polyglot (0.3.3)
     rack (1.4.1)
-    rack-oauth2 (0.14.4)
+    rack-oauth2 (0.14.9)
       activesupport (>= 2.3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.2.0.2)
       i18n
-      json (>= 1.4.3)
+      multi_json (>= 1.3.6)
       rack (>= 1.1)
     rake (0.9.2.2)
-    rspec (2.10.0)
-      rspec-core (~> 2.10.0)
-      rspec-expectations (~> 2.10.0)
-      rspec-mocks (~> 2.10.0)
-    rspec-core (2.10.1)
-    rspec-expectations (2.10.0)
+    rspec (2.11.0)
+      rspec-core (~> 2.11.0)
+      rspec-expectations (~> 2.11.0)
+      rspec-mocks (~> 2.11.0)
+    rspec-core (2.11.1)
+    rspec-expectations (2.11.3)
       diff-lcs (~> 1.1.3)
-    rspec-mocks (2.10.1)
+    rspec-mocks (2.11.3)
     swd (0.1.2)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
@@ -78,12 +79,12 @@ GEM
       polyglot (>= 0.3.1)
     tzinfo (0.3.33)
     url_safe_base64 (0.2.1)
-    validate_email (0.1.5)
+    validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
     validate_url (0.2.0)
       activemodel (>= 3.0.0)
-    webmock (1.8.7)
+    webmock (1.8.11)
       addressable (>= 2.2.7)
       crack (>= 0.1.7)
     yamler (0.1.0)

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.3.1
1	+ 0.3.2

data/lib/openid_connect/connect_object.rb CHANGED Viewed

@@ -2,10 +2,13 @@ module OpenIDConnect
   class ConnectObject
     include ActiveModel::Validations, AttrRequired, AttrOptional
+    attr_accessor :raw_attributes
     def initialize(attributes = {})
       all_attributes.each do |_attr_|
         self.send :"#{_attr_}=", attributes[_attr_]
       end
+      self.raw_attributes = attributes
       attr_missing!
     end

data/lib/openid_connect/response_object/id_token.rb CHANGED Viewed

@@ -6,11 +6,11 @@ module OpenIDConnect
       class InvalidToken < Exception; end
       attr_required :iss, :user_id, :aud, :exp, :iat
-      attr_optional :acr, :auth_time, :nonce, :at_hash, :c_hash
+      attr_optional :acr, :auth_time, :nonce, :user_jwk, :at_hash, :c_hash
       def initialize(attributes = {})
         super
-        (all_attributes - [:exp, :iat, :auth_time]).each do |key|
+        (all_attributes - [:exp, :iat, :auth_time, :user_jwk]).each do |key|
           self.send "#{key}=", self.send(key).try(:to_s)
         end
       end
@@ -26,7 +26,31 @@ module OpenIDConnect
       include JWTnizable
       class << self
         def decode(jwt_string, key)
-          new JSON::JWT.decode(jwt_string, key)
+          if key == :self_issued
+            decode_self_issued jwt_string
+          else
+            new JSON::JWT.decode jwt_string, key
+          end
+        end
+        def decode_self_issued(jwt_string)
+          jwt = JSON::JWT.decode jwt_string, :skip_verification
+          jwk = jwt[:user_jwk]
+          raise InvalidToken.new('Missing user_jwk') if jwk.blank?
+          public_key = JSON::JWK.decode jwk
+          user_id_base_string = case public_key
+          when OpenSSL::PKey::RSA
+            [jwk[:mod], jwk[:exp]].join
+          when OpenSSL::PKey::EC
+            raise NotImplementedError.new('Not Implemented Yet')
+          else
+            # Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
+            raise InvalidToken.new('Unknown Algorithm')
+          end
+          expected_user_id = UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(user_id_base_string)
+          raise InvalidToken.new('Invalid user_id') unless jwt[:user_id] == expected_user_id
+          jwt.verify public_key
+          new jwt
         end
       end
     end

data/openid_connect.gemspec CHANGED Viewed

@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel", ">= 3"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 0.0.3"
+  s.add_runtime_dependency "json-jwt", ">= 0.3.0"
   s.add_runtime_dependency "swd", ">= 0.1.2"
   s.add_runtime_dependency "rack-oauth2", ">= 0.14.2"
   s.add_development_dependency "rake", ">= 0.8"

data/spec/openid_connect/access_token_spec.rb CHANGED Viewed

@@ -56,7 +56,7 @@ describe OpenIDConnect::AccessToken do
         mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 400, :params => {
           :schema => 'openid'
         } do
-          expect { request }.should raise_error OpenIDConnect::BadRequest
+          expect { request }.to raise_error OpenIDConnect::BadRequest
         end
       end
     end
@@ -66,7 +66,7 @@ describe OpenIDConnect::AccessToken do
         mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 401, :params => {
           :schema => 'openid'
         } do
-          expect { request }.should raise_error OpenIDConnect::Unauthorized
+          expect { request }.to raise_error OpenIDConnect::Unauthorized
         end
       end
     end
@@ -76,7 +76,7 @@ describe OpenIDConnect::AccessToken do
         mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 403, :params => {
           :schema => 'openid'
         } do
-          expect { request }.should raise_error OpenIDConnect::Forbidden
+          expect { request }.to raise_error OpenIDConnect::Forbidden
         end
       end
     end
@@ -86,7 +86,7 @@ describe OpenIDConnect::AccessToken do
         mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :status => 500, :params => {
           :schema => 'openid'
         } do
-          expect { request }.should raise_error OpenIDConnect::HttpError
+          expect { request }.to raise_error OpenIDConnect::HttpError
         end
       end
     end

data/spec/openid_connect/client/registrar_spec.rb CHANGED Viewed

@@ -56,7 +56,7 @@ describe OpenIDConnect::Client::Registrar do
       it do
         expect do
           instance
-        end.should_not raise_error
+        end.not_to raise_error
       end
       it { should_not be_valid }
     end
@@ -69,7 +69,7 @@ describe OpenIDConnect::Client::Registrar do
     it do
       expect do
         instance
-      end.should raise_error AttrRequired::AttrMissing
+      end.to raise_error AttrRequired::AttrMissing
     end
   end
@@ -208,7 +208,7 @@ describe OpenIDConnect::Client::Registrar do
       it do
         expect do
           instance.as_json
-        end.should raise_error OpenIDConnect::ValidationFailed
+        end.to raise_error OpenIDConnect::ValidationFailed
       end
     end
   end
@@ -237,7 +237,7 @@ describe OpenIDConnect::Client::Registrar do
         }, :status => 400 do
           expect do
             instance.associate!
-          end.should raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
+          end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
         end
       end
     end
@@ -274,7 +274,7 @@ describe OpenIDConnect::Client::Registrar do
         }, :status => 400 do
           expect do
             instance.update!
-          end.should raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
+          end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
         end
       end
     end
@@ -308,7 +308,7 @@ describe OpenIDConnect::Client::Registrar do
       it do
         expect do
           instance.validate!
-        end.should_not raise_error OpenIDConnect::ValidationFailed
+        end.not_to raise_error OpenIDConnect::ValidationFailed
       end
     end
@@ -321,7 +321,7 @@ describe OpenIDConnect::Client::Registrar do
       it do
         expect do
           instance.validate!
-        end.should raise_error OpenIDConnect::ValidationFailed
+        end.to raise_error OpenIDConnect::ValidationFailed
       end
     end
   end

data/spec/openid_connect/client_spec.rb CHANGED Viewed

@@ -26,7 +26,7 @@ describe OpenIDConnect::Client do
       [:authorization_uri, :user_info_uri].each do |endpoint|
         describe endpoint do
           it do
-            expect { client.send endpoint }.should raise_error 'No Host Info'
+            expect { client.send endpoint }.to raise_error 'No Host Info'
           end
         end
       end
@@ -109,7 +109,7 @@ describe OpenIDConnect::Client do
         mock_json :post, client.token_endpoint, 'access_token/invalid_json', :request_header => header_params, :params => protocol_params do
           expect do
             access_token
-          end.should raise_error OpenIDConnect::Exception, 'Unknown Token Type'
+          end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
         end
       end
     end
@@ -117,7 +117,7 @@ describe OpenIDConnect::Client do
     context 'otherwise' do
       it 'should raise Unexpected Token Type exception' do
         mock_json :post, client.token_endpoint, 'access_token/mac', :request_header => header_params, :params => protocol_params do
-          expect { access_token }.should raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
+          expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
         end
       end
     end

data/spec/openid_connect/connect_object_spec.rb CHANGED Viewed

@@ -35,13 +35,13 @@ describe OpenIDConnect::ConnectObject do
         {:optional => 'Optional'}
       end
       it do
-        expect { klass.new attributes }.should raise_error AttrRequired::AttrMissing
+        expect { klass.new attributes }.to raise_error AttrRequired::AttrMissing
       end
     end
     context 'otherwise' do
       it do
-        expect { klass.new }.should raise_error AttrRequired::AttrMissing
+        expect { klass.new }.to raise_error AttrRequired::AttrMissing
       end
     end
   end
@@ -59,7 +59,7 @@ describe OpenIDConnect::ConnectObject do
       end
       it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
-        expect { instance.as_json }.should raise_error(OpenIDConnect::ValidationFailed) { |e|
+        expect { instance.as_json }.to raise_error(OpenIDConnect::ValidationFailed) { |e|
           e.message.should include 'Required is not included in the list'
           e.message.should include 'Required is too long (maximum is 10 characters)'
           e.object.errors.should be_a ActiveModel::Errors
@@ -80,7 +80,7 @@ describe OpenIDConnect::ConnectObject do
       end
       it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
-        expect { instance.validate! }.should raise_error(OpenIDConnect::ValidationFailed) { |e|
+        expect { instance.validate! }.to raise_error(OpenIDConnect::ValidationFailed) { |e|
           e.message.should include 'Required is not included in the list'
           e.message.should include 'Required is too long (maximum is 10 characters)'
           e.object.errors.should be_a ActiveModel::Errors

data/spec/openid_connect/discovery/principal/uri_spec.rb CHANGED Viewed

@@ -37,7 +37,7 @@ describe OpenIDConnect::Discovery::Principal::URI do
   describe 'error handling' do
     let(:identifier) { '**' }
     it do
-      expect { uri }.should raise_error OpenIDConnect::Discovery::InvalidIdentifier
+      expect { uri }.to raise_error OpenIDConnect::Discovery::InvalidIdentifier
     end
   end
 end

data/spec/openid_connect/discovery/principal_spec.rb CHANGED Viewed

@@ -26,7 +26,7 @@ describe OpenIDConnect::Discovery::Principal do
     context 'when discovery failed' do
       it do
         SWD.should_receive(:discover!).and_raise(SWD::Exception)
-        expect { request }.should raise_error OpenIDConnect::Discovery::DiscoveryFailed
+        expect { request }.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
       end
     end
   end

data/spec/openid_connect/request_object_spec.rb CHANGED Viewed

@@ -104,7 +104,7 @@ describe OpenIDConnect::RequestObject do
     it do
       expect do
         request_object.as_json
-      end.should raise_error OpenIDConnect::ValidationFailed
+      end.to raise_error OpenIDConnect::ValidationFailed
     end
   end
 end

data/spec/openid_connect/response_object/id_token_spec.rb CHANGED Viewed

@@ -19,7 +19,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
   describe 'attributes' do
     subject { klass }
     its(:required_attributes) { should == [:iss, :user_id, :aud, :exp, :iat] }
-    its(:optional_attributes) { should == [:acr, :auth_time, :nonce, :at_hash, :c_hash] }
+    its(:optional_attributes) { should == [:acr, :auth_time, :nonce, :user_jwk, :at_hash, :c_hash] }
   end
   describe '#verify!' do
@@ -39,7 +39,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
               :issuer => attributes[:iss],
               :client_id => attributes[:aud]
             )
-          end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+          end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
         end
       end
     end
@@ -51,7 +51,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
             :issuer => 'invalid_issuer',
             :client_id => attributes[:aud]
           )
-        end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
       end
     end
@@ -61,7 +61,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
           id_token.verify!(
             :client_id => attributes[:aud]
           )
-        end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
       end
     end
@@ -72,7 +72,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
             :issuer => attributes[:iss],
             :client_id => 'invalid_client'
           )
-        end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
       end
     end
@@ -82,7 +82,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
           id_token.verify!(
             :issuer => attributes[:iss]
           )
-        end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
       end
     end
@@ -107,7 +107,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
               :client_id => attributes[:aud],
               :nonce => 'invalid_nonce'
             )
-          end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+          end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
         end
       end
@@ -118,7 +118,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
               :issuer => attributes[:iss],
               :client_id => attributes[:aud]
             )
-          end.should raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
+          end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
         end
       end
     end
@@ -157,5 +157,53 @@ describe OpenIDConnect::ResponseObject::IdToken do
       its(key) { should == attributes[key] }
     end
     its(:exp) { should == attributes[:exp].to_i }
+    context 'when self-issued' do
+      context 'when valid' do
+        let(:self_issued) do
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwidXNlcl9pZCI6IkN5amplQ0trLU9xSS1YcW5GYzduX1pSOG4xaXlLNFlIcXNzNkp1SHlnNkUiLCJhdWQiOiJ0YXBpZC50YXBpZGVudGl0eS5jb20iLCJleHAiOjEzNDkyNDc3ODAsImlhdCI6MTM0OTI0NDE4MCwidXNlcl9qd2siOnsiYWxnIjoiUlNBIiwibW9kIjoibWtra29uTXZuQkxiWkRCZE9lNkM3Ukk3T2xLbjVZazl0eTBSQ0NFa2E5TkVDVVhWRmJqaHdrVjlNeFpSekQ2Q3ZIZDQzUmU5ak5iRFFVQVloNm1peHZtdFFSODlDUFlMeWNvOXIzTlEySXpEZmVPZjlUbFpMUXhpOG9FSVBOeURyN1FoSHlpUTlBRkd6YUhNLW1DU1hCcTRnM0Z4Nko4U1d0MFBRSERoZV9MN3FURTJHbzA4NGRyZUtXMFZSazhBRkxrM2V3cVlvV0RQRXhjcFlNYWNNSUhnaFd1N0pRSG9xX0xId2hmdnk3cnN2MFh1QTR0ai1oNnhvaDhubUR6MjBfdUc5Wm9MZHJ0cE44ZHF1MTdOTDgwTmQ1cVotaHRwVUpSemUzVzdyN3F4Y0dwNEtzQnRhc0NqWlcyWGlyQlZ1eXU2bDNqc3JnTlB2S1NaZ2NpUGdRIiwiZXhwIjoiQVFBQiJ9fQ.gp7Yr3mT3oneZusYMOKB3_777QwJNrQlqiK4x7HpYreuPNbBYHOKo8Jsmqe8gCnrWcOtGHe2Flt1NvN_Yy-7TgVP9L8XyaM9KnWrVEPVCDlf2tIqIAd6MSOfWtiDsA--a7AHfg7o2HcxH3-V3JXS3LQJnzpKBHuaJJIYwj1_8W9sUXwljqNCmnCytrqkmIWocQazoAy5mvmUcpcTWGnSsiibQGk_eQTRjZaiouDDbHWi87IneVQ7UeuurPIYoVK6PWhj0894zcJEyJFWkf2UshgP1grGVO8FC6dvlF5dayt6aUYeGMrTEV8KL6FNYAB9dZKR7xDC4uOjumHTjvQFfA'
+        end
+        context 'when key == :self_issued' do
+          it do
+            expect do
+              klass.decode self_issued, :self_issued
+            end.not_to raise_error
+          end
+        end
+        context 'when key == public_key' do
+          it do
+            expect do
+              klass.decode self_issued, public_key
+            end.to raise_error JSON::JWS::VerificationFailed
+          end
+        end
+      end
+      context 'when invalid user_id' do
+        let(:self_issued) do
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwidXNlcl9pZCI6ImludmFsaWRfdXNlcl9pZCIsImF1ZCI6InRhcGlkLnRhcGlkZW50aXR5LmNvbSIsImV4cCI6MTM0OTI0ODgxOCwiaWF0IjoxMzQ5MjQ1MjE4LCJ1c2VyX2p3ayI6eyJhbGciOiJSU0EiLCJtb2QiOiJta2trb25Ndm5CTGJaREJkT2U2QzdSSTdPbEtuNVlrOXR5MFJDQ0VrYTlORUNVWFZGYmpod2tWOU14WlJ6RDZDdkhkNDNSZTlqTmJEUVVBWWg2bWl4dm10UVI4OUNQWUx5Y285cjNOUTJJekRmZU9mOVRsWkxReGk4b0VJUE55RHI3UWhIeWlROUFGR3phSE0tbUNTWEJxNGczRng2SjhTV3QwUFFIRGhlX0w3cVRFMkdvMDg0ZHJlS1cwVlJrOEFGTGszZXdxWW9XRFBFeGNwWU1hY01JSGdoV3U3SlFIb3FfTEh3aGZ2eTdyc3YwWHVBNHRqLWg2eG9oOG5tRHoyMF91Rzlab0xkcnRwTjhkcXUxN05MODBOZDVxWi1odHBVSlJ6ZTNXN3I3cXhjR3A0S3NCdGFzQ2paVzJYaXJCVnV5dTZsM2pzcmdOUHZLU1pnY2lQZ1EiLCJleHAiOiJBUUFCIn19.JTIAhIrjbI5s4-1QelTveJYqFjHz2vMQrkRo---TLtSkSDL4IaBXxXabQm_hgXR_Rh80GV2nAD9BR7PSdH2v4BK-xBzHnVzOIfWGzbB-fySvwEF3AO0cQpy8v95no6R8cbVF6exzVmuC5kLesS3BCjoHjywl-fS1H9fUMhUwDS6OatVg4AC3guz0_9l-cM1JE4Ryko-zLAzAkE8cfvVYyH0UCHAQUcTd2T45JmW4_hzN37ziuTs-xKkQ4fZ6TLURS_Q0sxX2vNIhdP1QQWzBwHwxObFK1O_Zb00KVe7MCB7Uxfisz1FDlFgq0Z0QCrQHuVyFqHqcJQjvPh3ORv0_6g'
+        end
+        it do
+          expect do
+            klass.decode self_issued, :self_issued
+          end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken, 'Invalid user_id'
+        end
+      end
+      context 'when no user_jwk' do
+        let(:self_issued) do
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwidXNlcl9pZCI6IkN5amplQ0trLU9xSS1YcW5GYzduX1pSOG4xaXlLNFlIcXNzNkp1SHlnNkUiLCJhdWQiOiJ0YXBpZC50YXBpZGVudGl0eS5jb20iLCJleHAiOjEzNDkyNDg5NjAsImlhdCI6MTM0OTI0NTM2MH0.SyXFCTAAB0l29qxnfUxj5G217cQqVhCiPlQDCq_ZZmtZyGqM4eLI-5D2MPZTc905i10sbwKHTeKqwjhYki2pVOuU5n-N9duTlO64kimg8hAnwEJKsil9jvRPb5hCnc-5vRyXaRV3N1zYFurCEZFmVvXCg4ccKbA_viyuhIYtiMQPHOGY-ELFokfwsbEv11hi9d0kt89pfBMlDyEIZiEDYT0fEl-w7e8tPEk99rCzD_jkitTtdXv18_UsgeM2pDaO9G7_8wQYAX4ldHZjXSihKp2DuTY7edZpP4arYIFHPibtPVcKEnpmK-25mk9Ujo6k7N5kqz9SX6isktbE9-3W4Q'
+        end
+        it do
+          expect do
+            klass.decode self_issued, :self_issued
+          end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken, 'Missing user_jwk'
+        end
+      end
+    end
   end
 end

data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb CHANGED Viewed

@@ -50,7 +50,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndIdTokenAndToken do
       end
     end
     it do
-      expect { response }.should raise_error AttrRequired::AttrMissing, "'access_token', 'code', 'id_token' required."
+      expect { response }.to raise_error AttrRequired::AttrMissing, "'access_token', 'code', 'id_token' required."
     end
   end
 end

data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb CHANGED Viewed

@@ -47,7 +47,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndIdToken do
       end
     end
     it do
-      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token' required."
+      expect { response }.to raise_error AttrRequired::AttrMissing, "'id_token' required."
     end
   end
 end

data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb CHANGED Viewed

@@ -48,7 +48,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::IdTokenAndToken do
       end
     end
     it do
-      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token' required."
+      expect { response }.to raise_error AttrRequired::AttrMissing, "'id_token' required."
     end
   end
 end

data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb CHANGED Viewed

@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::IdToken do
       end
     end
     it do
-      expect { response }.should raise_error AttrRequired::AttrMissing, "'id_token' required."
+      expect { response }.to raise_error AttrRequired::AttrMissing, "'id_token' required."
     end
   end
 end

data/spec/rack/oauth2/server/resource/error_with_connect_ext_spec.rb CHANGED Viewed

@@ -6,7 +6,7 @@ describe Rack::OAuth2::Server::Resource::ErrorWithConnectExt do
   describe 'invalid_schema!' do
     it do
-      expect { request.invalid_schema! }.should raise_error Rack::OAuth2::Server::Resource::BadRequest
+      expect { request.invalid_schema! }.to raise_error Rack::OAuth2::Server::Resource::BadRequest
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-06 00:00:00.000000000 Z
+date: 2012-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -114,7 +114,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -122,7 +122,7 @@ dependencies:
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: swd
   requirement: !ruby/object:Gem::Requirement