openid_connect 0.3.3 → 0.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +1 -9
- data/Gemfile.lock +8 -11
- data/Rakefile +10 -16
- data/VERSION +1 -1
- data/lib/openid_connect.rb +1 -1
- data/lib/openid_connect/access_token.rb +2 -2
- data/lib/openid_connect/client.rb +2 -2
- data/lib/openid_connect/client/registrar.rb +16 -15
- data/lib/openid_connect/discovery/principal.rb +5 -5
- data/lib/openid_connect/discovery/provider/config.rb +1 -1
- data/lib/openid_connect/discovery/provider/config/resource.rb +4 -3
- data/lib/openid_connect/discovery/provider/config/response.rb +41 -1
- data/lib/openid_connect/request_object/claimable.rb +2 -2
- data/lib/openid_connect/response_object/id_token.rb +1 -1
- data/lib/openid_connect/response_object/user_info/open_id.rb +5 -5
- data/lib/rack/oauth2/server/authorize/error_with_connect_ext.rb +7 -7
- data/lib/rack/oauth2/server/id_token_response.rb +1 -1
- data/openid_connect.gemspec +1 -5
- data/spec/mock_response/public_keys/jwk.json +7 -0
- data/spec/mock_response/public_keys/x509.pem +21 -0
- data/spec/openid_connect/access_token_spec.rb +23 -23
- data/spec/openid_connect/client/registrar_spec.rb +45 -45
- data/spec/openid_connect/client_spec.rb +12 -12
- data/spec/openid_connect/connect_object_spec.rb +6 -6
- data/spec/openid_connect/debugger/request_filter_spec.rb +1 -1
- data/spec/openid_connect/discovery/principal_spec.rb +5 -5
- data/spec/openid_connect/discovery/provider/config/response_spec.rb +265 -3
- data/spec/openid_connect/discovery/provider/config_spec.rb +11 -0
- data/spec/openid_connect/discovery/provider_spec.rb +3 -3
- data/spec/openid_connect/request_object_spec.rb +36 -36
- data/spec/openid_connect/response_object/id_token_spec.rb +26 -26
- data/spec/openid_connect/response_object/user_info/open_id_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +6 -6
- data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +6 -6
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +14 -14
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +13 -13
- data/spec/spec_helper.rb +1 -3
- metadata +15 -11
|
@@ -4,14 +4,14 @@ describe OpenIDConnect::AccessToken do
|
|
|
4
4
|
subject { access_token }
|
|
5
5
|
let :client do
|
|
6
6
|
OpenIDConnect::Client.new(
|
|
7
|
-
:
|
|
8
|
-
:
|
|
7
|
+
identifier:'client_id',
|
|
8
|
+
host: 'server.example.com'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
11
|
let :access_token do
|
|
12
12
|
OpenIDConnect::AccessToken.new(
|
|
13
|
-
:
|
|
14
|
-
:
|
|
13
|
+
access_token: 'access_token',
|
|
14
|
+
client: client
|
|
15
15
|
)
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -22,21 +22,21 @@ describe OpenIDConnect::AccessToken do
|
|
|
22
22
|
subject { access_token }
|
|
23
23
|
let :access_token do
|
|
24
24
|
OpenIDConnect::AccessToken.new(
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
25
|
+
access_token: 'access_token',
|
|
26
|
+
id_token: id_token,
|
|
27
|
+
client: client
|
|
28
28
|
)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
context 'when IdToken object' do
|
|
32
32
|
let :id_token do
|
|
33
33
|
OpenIDConnect::ResponseObject::IdToken.new(
|
|
34
|
-
:
|
|
35
|
-
:
|
|
36
|
-
:
|
|
37
|
-
:
|
|
38
|
-
:
|
|
39
|
-
:
|
|
34
|
+
iss: 'https://server.example.com',
|
|
35
|
+
user_id: 'user_id',
|
|
36
|
+
aud: 'client_id',
|
|
37
|
+
nonce: 'nonce',
|
|
38
|
+
exp: 1.week.from_now,
|
|
39
|
+
iat: Time.now
|
|
40
40
|
)
|
|
41
41
|
end
|
|
42
42
|
its(:id_token) { should be_a OpenIDConnect::ResponseObject::IdToken }
|
|
@@ -53,8 +53,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
53
53
|
shared_examples_for :access_token_error_handling do
|
|
54
54
|
context 'when bad_request' do
|
|
55
55
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
56
|
-
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
57
|
-
:
|
|
56
|
+
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400, params: {
|
|
57
|
+
schema: 'openid'
|
|
58
58
|
} do
|
|
59
59
|
expect { request }.to raise_error OpenIDConnect::BadRequest
|
|
60
60
|
end
|
|
@@ -63,8 +63,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
63
63
|
|
|
64
64
|
context 'when unauthorized' do
|
|
65
65
|
it 'should raise OpenIDConnect::Unauthorized' do
|
|
66
|
-
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
67
|
-
:
|
|
66
|
+
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401, params: {
|
|
67
|
+
schema: 'openid'
|
|
68
68
|
} do
|
|
69
69
|
expect { request }.to raise_error OpenIDConnect::Unauthorized
|
|
70
70
|
end
|
|
@@ -73,8 +73,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
73
73
|
|
|
74
74
|
context 'when forbidden' do
|
|
75
75
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
76
|
-
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
77
|
-
:
|
|
76
|
+
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403, params: {
|
|
77
|
+
schema: 'openid'
|
|
78
78
|
} do
|
|
79
79
|
expect { request }.to raise_error OpenIDConnect::Forbidden
|
|
80
80
|
end
|
|
@@ -83,8 +83,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
83
83
|
|
|
84
84
|
context 'when unknown' do
|
|
85
85
|
it 'should raise OpenIDConnect::HttpError' do
|
|
86
|
-
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
87
|
-
:
|
|
86
|
+
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500, params: {
|
|
87
|
+
schema: 'openid'
|
|
88
88
|
} do
|
|
89
89
|
expect { request }.to raise_error OpenIDConnect::HttpError
|
|
90
90
|
end
|
|
@@ -94,8 +94,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
94
94
|
|
|
95
95
|
describe '#user_info!' do
|
|
96
96
|
it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
|
|
97
|
-
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
98
|
-
:
|
|
97
|
+
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', params: {
|
|
98
|
+
schema: 'openid'
|
|
99
99
|
} do
|
|
100
100
|
access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
|
|
101
101
|
end
|
|
@@ -5,7 +5,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
5
5
|
let(:attributes) { minimum_attributes }
|
|
6
6
|
let(:minimum_attributes) do
|
|
7
7
|
{
|
|
8
|
-
:
|
|
8
|
+
type: :client_associate
|
|
9
9
|
}
|
|
10
10
|
end
|
|
11
11
|
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
|
|
@@ -24,8 +24,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
24
24
|
context 'when client_id given' do
|
|
25
25
|
let(:attributes) do
|
|
26
26
|
{
|
|
27
|
-
:
|
|
28
|
-
:
|
|
27
|
+
type: :client_update,
|
|
28
|
+
client_id: 'client.example.com'
|
|
29
29
|
}
|
|
30
30
|
end
|
|
31
31
|
it { should be_valid }
|
|
@@ -34,7 +34,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
34
34
|
context 'otherwise' do
|
|
35
35
|
let(:attributes) do
|
|
36
36
|
{
|
|
37
|
-
:
|
|
37
|
+
type: :client_update
|
|
38
38
|
}
|
|
39
39
|
end
|
|
40
40
|
it { should_not be_valid }
|
|
@@ -44,7 +44,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
44
44
|
context 'otherwise' do
|
|
45
45
|
let(:attributes) do
|
|
46
46
|
{
|
|
47
|
-
:
|
|
47
|
+
type: :invalid_type
|
|
48
48
|
}
|
|
49
49
|
end
|
|
50
50
|
it { should_not be_valid }
|
|
@@ -77,7 +77,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
77
77
|
context 'when sector_identifier_url given' do
|
|
78
78
|
let(:attributes) do
|
|
79
79
|
minimum_attributes.merge(
|
|
80
|
-
:
|
|
80
|
+
sector_identifier_url: 'https://client.example.com/sector_identifier.json'
|
|
81
81
|
)
|
|
82
82
|
end
|
|
83
83
|
its(:sector_identifier) { should == 'client.example.com' }
|
|
@@ -85,7 +85,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
85
85
|
context 'when sector_identifier_url is invalid URI' do
|
|
86
86
|
let(:attributes) do
|
|
87
87
|
minimum_attributes.merge(
|
|
88
|
-
:
|
|
88
|
+
sector_identifier_url: ':invalid'
|
|
89
89
|
)
|
|
90
90
|
end
|
|
91
91
|
its(:sector_identifier) { should be_nil }
|
|
@@ -94,8 +94,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
94
94
|
context 'when redirect_uris given' do
|
|
95
95
|
let(:attributes) do
|
|
96
96
|
minimum_attributes.merge(
|
|
97
|
-
:
|
|
98
|
-
:
|
|
97
|
+
sector_identifier_url: 'https://client.example.com/sector_identifier.json',
|
|
98
|
+
redirect_uris: 'https://client2.example.com/callback'
|
|
99
99
|
)
|
|
100
100
|
end
|
|
101
101
|
its(:sector_identifier) { should == 'client.example.com' }
|
|
@@ -107,7 +107,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
107
107
|
context 'when single host' do
|
|
108
108
|
let(:attributes) do
|
|
109
109
|
minimum_attributes.merge(
|
|
110
|
-
:
|
|
110
|
+
redirect_uris: [
|
|
111
111
|
'https://client.example.com/callback/op1',
|
|
112
112
|
'https://client.example.com/callback/op2'
|
|
113
113
|
].join(' ')
|
|
@@ -119,7 +119,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
119
119
|
context 'when multi host' do
|
|
120
120
|
let(:attributes) do
|
|
121
121
|
minimum_attributes.merge(
|
|
122
|
-
:
|
|
122
|
+
redirect_uris: [
|
|
123
123
|
'https://client1.example.com/callback',
|
|
124
124
|
'https://client2.example.com/callback'
|
|
125
125
|
].join(' ')
|
|
@@ -131,7 +131,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
131
131
|
context 'when invalid URI' do
|
|
132
132
|
let(:attributes) do
|
|
133
133
|
minimum_attributes.merge(
|
|
134
|
-
:
|
|
134
|
+
redirect_uris: ':invalid'
|
|
135
135
|
)
|
|
136
136
|
end
|
|
137
137
|
its(:sector_identifier) { should be_nil }
|
|
@@ -149,7 +149,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
149
149
|
context 'when invalid email included' do
|
|
150
150
|
let(:attributes) do
|
|
151
151
|
minimum_attributes.merge(
|
|
152
|
-
:
|
|
152
|
+
contacts: [
|
|
153
153
|
':invalid',
|
|
154
154
|
'nov@matake.jp'
|
|
155
155
|
].join(' ')
|
|
@@ -161,7 +161,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
161
161
|
context 'when localhost address included' do
|
|
162
162
|
let(:attributes) do
|
|
163
163
|
minimum_attributes.merge(
|
|
164
|
-
:
|
|
164
|
+
contacts: [
|
|
165
165
|
'nov@localhost',
|
|
166
166
|
'nov@matake.jp'
|
|
167
167
|
].join(' ')
|
|
@@ -173,7 +173,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
173
173
|
context 'otherwise' do
|
|
174
174
|
let(:attributes) do
|
|
175
175
|
minimum_attributes.merge(
|
|
176
|
-
:
|
|
176
|
+
contacts: 'nov@matake.jp'
|
|
177
177
|
)
|
|
178
178
|
end
|
|
179
179
|
it { should be_valid }
|
|
@@ -185,7 +185,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
185
185
|
context 'when valid' do
|
|
186
186
|
let(:attributes) do
|
|
187
187
|
minimum_attributes.merge(
|
|
188
|
-
:
|
|
188
|
+
redirect_uris: [
|
|
189
189
|
'https://client1.example.com/callback',
|
|
190
190
|
'https://client2.example.com/callback'
|
|
191
191
|
].join(' ')
|
|
@@ -193,8 +193,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
193
193
|
end
|
|
194
194
|
its(:as_json) do
|
|
195
195
|
should == {
|
|
196
|
-
:
|
|
197
|
-
:
|
|
196
|
+
type: 'client_associate',
|
|
197
|
+
redirect_uris: 'https://client1.example.com/callback https://client2.example.com/callback'
|
|
198
198
|
}
|
|
199
199
|
end
|
|
200
200
|
end
|
|
@@ -202,7 +202,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
202
202
|
context 'otherwise' do
|
|
203
203
|
let(:attributes) do
|
|
204
204
|
{
|
|
205
|
-
:
|
|
205
|
+
type: :client_update
|
|
206
206
|
}
|
|
207
207
|
end
|
|
208
208
|
it do
|
|
@@ -219,8 +219,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
it 'should return OpenIDConnect::Client' do
|
|
222
|
-
mock_json :post, endpoint, 'client/registered', :
|
|
223
|
-
:
|
|
222
|
+
mock_json :post, endpoint, 'client/registered', params: {
|
|
223
|
+
type: 'client_associate'
|
|
224
224
|
} do
|
|
225
225
|
client = instance.associate!
|
|
226
226
|
client.should be_instance_of OpenIDConnect::Client
|
|
@@ -232,9 +232,9 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
232
232
|
|
|
233
233
|
context 'when failed' do
|
|
234
234
|
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
235
|
-
mock_json :post, endpoint, 'errors/unknown', :
|
|
236
|
-
:
|
|
237
|
-
}, :
|
|
235
|
+
mock_json :post, endpoint, 'errors/unknown', params: {
|
|
236
|
+
type: 'client_associate'
|
|
237
|
+
}, status: 400 do
|
|
238
238
|
expect do
|
|
239
239
|
instance.associate!
|
|
240
240
|
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
@@ -246,17 +246,17 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
246
246
|
describe '#update!' do
|
|
247
247
|
let(:attributes) do
|
|
248
248
|
{
|
|
249
|
-
:
|
|
250
|
-
:
|
|
249
|
+
client_id: 'client.example.com',
|
|
250
|
+
client_secret: 'client_secret'
|
|
251
251
|
}
|
|
252
252
|
end
|
|
253
253
|
|
|
254
254
|
it 'should return OpenIDConnect::Client' do
|
|
255
|
-
mock_json :post, endpoint, 'client/updated', :
|
|
256
|
-
:
|
|
257
|
-
:
|
|
258
|
-
:
|
|
259
|
-
:
|
|
255
|
+
mock_json :post, endpoint, 'client/updated', params: {
|
|
256
|
+
type: 'client_update',
|
|
257
|
+
client_id: 'client.example.com',
|
|
258
|
+
client_secret: 'client_secret',
|
|
259
|
+
application_name: 'New Name'
|
|
260
260
|
} do
|
|
261
261
|
instance.application_name = 'New Name'
|
|
262
262
|
client = instance.update!
|
|
@@ -267,11 +267,11 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
267
267
|
|
|
268
268
|
context 'when failed' do
|
|
269
269
|
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
270
|
-
mock_json :post, endpoint, 'errors/unknown', :
|
|
271
|
-
:
|
|
272
|
-
:
|
|
273
|
-
:
|
|
274
|
-
}, :
|
|
270
|
+
mock_json :post, endpoint, 'errors/unknown', params: {
|
|
271
|
+
type: 'client_update',
|
|
272
|
+
client_id: 'client.example.com',
|
|
273
|
+
client_secret: 'client_secret'
|
|
274
|
+
}, status: 400 do
|
|
275
275
|
expect do
|
|
276
276
|
instance.update!
|
|
277
277
|
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
@@ -283,16 +283,16 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
283
283
|
describe '#rotate_secret!' do
|
|
284
284
|
let(:attributes) do
|
|
285
285
|
{
|
|
286
|
-
:
|
|
287
|
-
:
|
|
286
|
+
client_id: 'client.example.com',
|
|
287
|
+
client_secret: 'client_secret'
|
|
288
288
|
}
|
|
289
289
|
end
|
|
290
290
|
|
|
291
291
|
it 'should return OpenIDConnect::Client' do
|
|
292
|
-
mock_json :post, endpoint, 'client/rotated', :
|
|
293
|
-
:
|
|
294
|
-
:
|
|
295
|
-
:
|
|
292
|
+
mock_json :post, endpoint, 'client/rotated', params: {
|
|
293
|
+
type: 'rotate_secret',
|
|
294
|
+
client_id: 'client.example.com',
|
|
295
|
+
client_secret: 'client_secret'
|
|
296
296
|
} do
|
|
297
297
|
client = instance.rotate_secret!
|
|
298
298
|
client.should be_instance_of OpenIDConnect::Client
|
|
@@ -315,7 +315,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
315
315
|
context 'otherwise' do
|
|
316
316
|
let(:attributes) do
|
|
317
317
|
{
|
|
318
|
-
:
|
|
318
|
+
type: :client_update
|
|
319
319
|
}
|
|
320
320
|
end
|
|
321
321
|
it do
|
|
@@ -332,13 +332,13 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
332
332
|
context 'when access_token given' do
|
|
333
333
|
let(:attributes) do
|
|
334
334
|
minimum_attributes.merge(
|
|
335
|
-
:
|
|
335
|
+
access_token: access_token
|
|
336
336
|
)
|
|
337
337
|
end
|
|
338
338
|
|
|
339
339
|
context 'when Rack::OAuth2::AccessToken::Bearer given' do
|
|
340
340
|
let(:access_token) do
|
|
341
|
-
Rack::OAuth2::AccessToken::Bearer.new(:
|
|
341
|
+
Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
|
|
342
342
|
end
|
|
343
343
|
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
344
344
|
its(:access_token) { should == 'access_token' }
|
|
@@ -6,7 +6,7 @@ describe OpenIDConnect::Client do
|
|
|
6
6
|
let(:attributes) { required_attributes }
|
|
7
7
|
let :required_attributes do
|
|
8
8
|
{
|
|
9
|
-
:
|
|
9
|
+
identifier: 'client_id'
|
|
10
10
|
}
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -14,7 +14,7 @@ describe OpenIDConnect::Client do
|
|
|
14
14
|
context 'when host info is given' do
|
|
15
15
|
let :attributes do
|
|
16
16
|
required_attributes.merge(
|
|
17
|
-
:
|
|
17
|
+
host: 'server.example.com'
|
|
18
18
|
)
|
|
19
19
|
end
|
|
20
20
|
its(:authorization_uri) { should include 'https://server.example.com/oauth2/authorize' }
|
|
@@ -36,13 +36,13 @@ describe OpenIDConnect::Client do
|
|
|
36
36
|
describe '#authorization_uri' do
|
|
37
37
|
describe 'scope' do
|
|
38
38
|
subject do
|
|
39
|
-
query = URI.parse(client.authorization_uri :
|
|
39
|
+
query = URI.parse(client.authorization_uri scope: scope).query
|
|
40
40
|
Rack::Utils.parse_query(query).with_indifferent_access[:scope]
|
|
41
41
|
end
|
|
42
42
|
let(:scope) { nil }
|
|
43
43
|
let :attributes do
|
|
44
44
|
required_attributes.merge(
|
|
45
|
-
:
|
|
45
|
+
host: 'server.example.com'
|
|
46
46
|
)
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -67,14 +67,14 @@ describe OpenIDConnect::Client do
|
|
|
67
67
|
describe '#access_token!' do
|
|
68
68
|
let :attributes do
|
|
69
69
|
required_attributes.merge(
|
|
70
|
-
:
|
|
71
|
-
:
|
|
70
|
+
secret: 'client_secret',
|
|
71
|
+
token_endpoint: 'http://server.example.com/access_tokens'
|
|
72
72
|
)
|
|
73
73
|
end
|
|
74
74
|
let :protocol_params do
|
|
75
75
|
{
|
|
76
|
-
:
|
|
77
|
-
:
|
|
76
|
+
grant_type: 'authorization_code',
|
|
77
|
+
code: 'code'
|
|
78
78
|
}
|
|
79
79
|
end
|
|
80
80
|
let :header_params do
|
|
@@ -90,14 +90,14 @@ describe OpenIDConnect::Client do
|
|
|
90
90
|
|
|
91
91
|
context 'when bearer token is returned' do
|
|
92
92
|
it 'should return OpenIDConnect::AccessToken' do
|
|
93
|
-
mock_json :post, client.token_endpoint, 'access_token/bearer', :
|
|
93
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer', request_header: header_params, params: protocol_params do
|
|
94
94
|
access_token.should be_a OpenIDConnect::AccessToken
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
97
|
|
|
98
98
|
context 'when id_token is returned' do
|
|
99
99
|
it 'should include id_token' do
|
|
100
|
-
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', :
|
|
100
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', request_header: header_params, params: protocol_params do
|
|
101
101
|
access_token.id_token.should == 'id_token'
|
|
102
102
|
end
|
|
103
103
|
end
|
|
@@ -106,7 +106,7 @@ describe OpenIDConnect::Client do
|
|
|
106
106
|
|
|
107
107
|
context 'when invalid JSON is returned' do
|
|
108
108
|
it 'should raise OpenIDConnect::Exception' do
|
|
109
|
-
mock_json :post, client.token_endpoint, 'access_token/invalid_json', :
|
|
109
|
+
mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
|
|
110
110
|
expect do
|
|
111
111
|
access_token
|
|
112
112
|
end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
|
|
@@ -116,7 +116,7 @@ describe OpenIDConnect::Client do
|
|
|
116
116
|
|
|
117
117
|
context 'otherwise' do
|
|
118
118
|
it 'should raise Unexpected Token Type exception' do
|
|
119
|
-
mock_json :post, client.token_endpoint, 'access_token/mac', :
|
|
119
|
+
mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do
|
|
120
120
|
expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
121
121
|
end
|
|
122
122
|
end
|
|
@@ -4,14 +4,14 @@ describe OpenIDConnect::ConnectObject do
|
|
|
4
4
|
class OpenIDConnect::ConnectObject::SubClass < OpenIDConnect::ConnectObject
|
|
5
5
|
attr_required :required
|
|
6
6
|
attr_optional :optional
|
|
7
|
-
validates :required, :
|
|
7
|
+
validates :required, inclusion: {in: ['Required', 'required']}, length: 1..10
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
subject { instance }
|
|
11
11
|
let(:klass) { OpenIDConnect::ConnectObject::SubClass }
|
|
12
12
|
let(:instance) { klass.new attributes }
|
|
13
13
|
let :attributes do
|
|
14
|
-
{:
|
|
14
|
+
{required: 'Required', optional: 'Optional'}
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
context 'when required attributes are given' do
|
|
@@ -22,7 +22,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
22
22
|
|
|
23
23
|
context 'otherwise' do
|
|
24
24
|
let :attributes do
|
|
25
|
-
{:
|
|
25
|
+
{required: 'Required'}
|
|
26
26
|
end
|
|
27
27
|
its(:required) { should == 'Required' }
|
|
28
28
|
its(:optional) { should == nil }
|
|
@@ -32,7 +32,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
32
32
|
context 'otherwise' do
|
|
33
33
|
context 'when optional attributes are given' do
|
|
34
34
|
let :attributes do
|
|
35
|
-
{:
|
|
35
|
+
{optional: 'Optional'}
|
|
36
36
|
end
|
|
37
37
|
it do
|
|
38
38
|
expect { klass.new attributes }.to raise_error AttrRequired::AttrMissing
|
|
@@ -55,7 +55,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
55
55
|
|
|
56
56
|
context 'otherwise' do
|
|
57
57
|
let :attributes do
|
|
58
|
-
{:
|
|
58
|
+
{required: 'Out of List and Too Long'}
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|
|
@@ -76,7 +76,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
76
76
|
|
|
77
77
|
context 'otherwise' do
|
|
78
78
|
let :attributes do
|
|
79
|
-
{:
|
|
79
|
+
{required: 'Out of List and Too Long'}
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|