openid_connect 0.3.3 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +1 -9
- data/Gemfile.lock +8 -11
- data/Rakefile +10 -16
- data/VERSION +1 -1
- data/lib/openid_connect.rb +1 -1
- data/lib/openid_connect/access_token.rb +2 -2
- data/lib/openid_connect/client.rb +2 -2
- data/lib/openid_connect/client/registrar.rb +16 -15
- data/lib/openid_connect/discovery/principal.rb +5 -5
- data/lib/openid_connect/discovery/provider/config.rb +1 -1
- data/lib/openid_connect/discovery/provider/config/resource.rb +4 -3
- data/lib/openid_connect/discovery/provider/config/response.rb +41 -1
- data/lib/openid_connect/request_object/claimable.rb +2 -2
- data/lib/openid_connect/response_object/id_token.rb +1 -1
- data/lib/openid_connect/response_object/user_info/open_id.rb +5 -5
- data/lib/rack/oauth2/server/authorize/error_with_connect_ext.rb +7 -7
- data/lib/rack/oauth2/server/id_token_response.rb +1 -1
- data/openid_connect.gemspec +1 -5
- data/spec/mock_response/public_keys/jwk.json +7 -0
- data/spec/mock_response/public_keys/x509.pem +21 -0
- data/spec/openid_connect/access_token_spec.rb +23 -23
- data/spec/openid_connect/client/registrar_spec.rb +45 -45
- data/spec/openid_connect/client_spec.rb +12 -12
- data/spec/openid_connect/connect_object_spec.rb +6 -6
- data/spec/openid_connect/debugger/request_filter_spec.rb +1 -1
- data/spec/openid_connect/discovery/principal_spec.rb +5 -5
- data/spec/openid_connect/discovery/provider/config/response_spec.rb +265 -3
- data/spec/openid_connect/discovery/provider/config_spec.rb +11 -0
- data/spec/openid_connect/discovery/provider_spec.rb +3 -3
- data/spec/openid_connect/request_object_spec.rb +36 -36
- data/spec/openid_connect/response_object/id_token_spec.rb +26 -26
- data/spec/openid_connect/response_object/user_info/open_id_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +6 -6
- data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +7 -7
- data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +6 -6
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +14 -14
- data/spec/rack/oauth2/server/token/refresh_token_spec.rb +13 -13
- data/spec/spec_helper.rb +1 -3
- metadata +15 -11
|
@@ -4,14 +4,14 @@ describe OpenIDConnect::AccessToken do
|
|
|
4
4
|
subject { access_token }
|
|
5
5
|
let :client do
|
|
6
6
|
OpenIDConnect::Client.new(
|
|
7
|
-
:
|
|
8
|
-
:
|
|
7
|
+
identifier:'client_id',
|
|
8
|
+
host: 'server.example.com'
|
|
9
9
|
)
|
|
10
10
|
end
|
|
11
11
|
let :access_token do
|
|
12
12
|
OpenIDConnect::AccessToken.new(
|
|
13
|
-
:
|
|
14
|
-
:
|
|
13
|
+
access_token: 'access_token',
|
|
14
|
+
client: client
|
|
15
15
|
)
|
|
16
16
|
end
|
|
17
17
|
|
|
@@ -22,21 +22,21 @@ describe OpenIDConnect::AccessToken do
|
|
|
22
22
|
subject { access_token }
|
|
23
23
|
let :access_token do
|
|
24
24
|
OpenIDConnect::AccessToken.new(
|
|
25
|
-
:
|
|
26
|
-
:
|
|
27
|
-
:
|
|
25
|
+
access_token: 'access_token',
|
|
26
|
+
id_token: id_token,
|
|
27
|
+
client: client
|
|
28
28
|
)
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
context 'when IdToken object' do
|
|
32
32
|
let :id_token do
|
|
33
33
|
OpenIDConnect::ResponseObject::IdToken.new(
|
|
34
|
-
:
|
|
35
|
-
:
|
|
36
|
-
:
|
|
37
|
-
:
|
|
38
|
-
:
|
|
39
|
-
:
|
|
34
|
+
iss: 'https://server.example.com',
|
|
35
|
+
user_id: 'user_id',
|
|
36
|
+
aud: 'client_id',
|
|
37
|
+
nonce: 'nonce',
|
|
38
|
+
exp: 1.week.from_now,
|
|
39
|
+
iat: Time.now
|
|
40
40
|
)
|
|
41
41
|
end
|
|
42
42
|
its(:id_token) { should be_a OpenIDConnect::ResponseObject::IdToken }
|
|
@@ -53,8 +53,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
53
53
|
shared_examples_for :access_token_error_handling do
|
|
54
54
|
context 'when bad_request' do
|
|
55
55
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
56
|
-
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
57
|
-
:
|
|
56
|
+
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400, params: {
|
|
57
|
+
schema: 'openid'
|
|
58
58
|
} do
|
|
59
59
|
expect { request }.to raise_error OpenIDConnect::BadRequest
|
|
60
60
|
end
|
|
@@ -63,8 +63,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
63
63
|
|
|
64
64
|
context 'when unauthorized' do
|
|
65
65
|
it 'should raise OpenIDConnect::Unauthorized' do
|
|
66
|
-
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
67
|
-
:
|
|
66
|
+
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401, params: {
|
|
67
|
+
schema: 'openid'
|
|
68
68
|
} do
|
|
69
69
|
expect { request }.to raise_error OpenIDConnect::Unauthorized
|
|
70
70
|
end
|
|
@@ -73,8 +73,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
73
73
|
|
|
74
74
|
context 'when forbidden' do
|
|
75
75
|
it 'should raise OpenIDConnect::Forbidden' do
|
|
76
|
-
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
77
|
-
:
|
|
76
|
+
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403, params: {
|
|
77
|
+
schema: 'openid'
|
|
78
78
|
} do
|
|
79
79
|
expect { request }.to raise_error OpenIDConnect::Forbidden
|
|
80
80
|
end
|
|
@@ -83,8 +83,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
83
83
|
|
|
84
84
|
context 'when unknown' do
|
|
85
85
|
it 'should raise OpenIDConnect::HttpError' do
|
|
86
|
-
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
87
|
-
:
|
|
86
|
+
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500, params: {
|
|
87
|
+
schema: 'openid'
|
|
88
88
|
} do
|
|
89
89
|
expect { request }.to raise_error OpenIDConnect::HttpError
|
|
90
90
|
end
|
|
@@ -94,8 +94,8 @@ describe OpenIDConnect::AccessToken do
|
|
|
94
94
|
|
|
95
95
|
describe '#user_info!' do
|
|
96
96
|
it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
|
|
97
|
-
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', :
|
|
98
|
-
:
|
|
97
|
+
mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', params: {
|
|
98
|
+
schema: 'openid'
|
|
99
99
|
} do
|
|
100
100
|
access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
|
|
101
101
|
end
|
|
@@ -5,7 +5,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
5
5
|
let(:attributes) { minimum_attributes }
|
|
6
6
|
let(:minimum_attributes) do
|
|
7
7
|
{
|
|
8
|
-
:
|
|
8
|
+
type: :client_associate
|
|
9
9
|
}
|
|
10
10
|
end
|
|
11
11
|
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
|
|
@@ -24,8 +24,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
24
24
|
context 'when client_id given' do
|
|
25
25
|
let(:attributes) do
|
|
26
26
|
{
|
|
27
|
-
:
|
|
28
|
-
:
|
|
27
|
+
type: :client_update,
|
|
28
|
+
client_id: 'client.example.com'
|
|
29
29
|
}
|
|
30
30
|
end
|
|
31
31
|
it { should be_valid }
|
|
@@ -34,7 +34,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
34
34
|
context 'otherwise' do
|
|
35
35
|
let(:attributes) do
|
|
36
36
|
{
|
|
37
|
-
:
|
|
37
|
+
type: :client_update
|
|
38
38
|
}
|
|
39
39
|
end
|
|
40
40
|
it { should_not be_valid }
|
|
@@ -44,7 +44,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
44
44
|
context 'otherwise' do
|
|
45
45
|
let(:attributes) do
|
|
46
46
|
{
|
|
47
|
-
:
|
|
47
|
+
type: :invalid_type
|
|
48
48
|
}
|
|
49
49
|
end
|
|
50
50
|
it { should_not be_valid }
|
|
@@ -77,7 +77,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
77
77
|
context 'when sector_identifier_url given' do
|
|
78
78
|
let(:attributes) do
|
|
79
79
|
minimum_attributes.merge(
|
|
80
|
-
:
|
|
80
|
+
sector_identifier_url: 'https://client.example.com/sector_identifier.json'
|
|
81
81
|
)
|
|
82
82
|
end
|
|
83
83
|
its(:sector_identifier) { should == 'client.example.com' }
|
|
@@ -85,7 +85,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
85
85
|
context 'when sector_identifier_url is invalid URI' do
|
|
86
86
|
let(:attributes) do
|
|
87
87
|
minimum_attributes.merge(
|
|
88
|
-
:
|
|
88
|
+
sector_identifier_url: ':invalid'
|
|
89
89
|
)
|
|
90
90
|
end
|
|
91
91
|
its(:sector_identifier) { should be_nil }
|
|
@@ -94,8 +94,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
94
94
|
context 'when redirect_uris given' do
|
|
95
95
|
let(:attributes) do
|
|
96
96
|
minimum_attributes.merge(
|
|
97
|
-
:
|
|
98
|
-
:
|
|
97
|
+
sector_identifier_url: 'https://client.example.com/sector_identifier.json',
|
|
98
|
+
redirect_uris: 'https://client2.example.com/callback'
|
|
99
99
|
)
|
|
100
100
|
end
|
|
101
101
|
its(:sector_identifier) { should == 'client.example.com' }
|
|
@@ -107,7 +107,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
107
107
|
context 'when single host' do
|
|
108
108
|
let(:attributes) do
|
|
109
109
|
minimum_attributes.merge(
|
|
110
|
-
:
|
|
110
|
+
redirect_uris: [
|
|
111
111
|
'https://client.example.com/callback/op1',
|
|
112
112
|
'https://client.example.com/callback/op2'
|
|
113
113
|
].join(' ')
|
|
@@ -119,7 +119,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
119
119
|
context 'when multi host' do
|
|
120
120
|
let(:attributes) do
|
|
121
121
|
minimum_attributes.merge(
|
|
122
|
-
:
|
|
122
|
+
redirect_uris: [
|
|
123
123
|
'https://client1.example.com/callback',
|
|
124
124
|
'https://client2.example.com/callback'
|
|
125
125
|
].join(' ')
|
|
@@ -131,7 +131,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
131
131
|
context 'when invalid URI' do
|
|
132
132
|
let(:attributes) do
|
|
133
133
|
minimum_attributes.merge(
|
|
134
|
-
:
|
|
134
|
+
redirect_uris: ':invalid'
|
|
135
135
|
)
|
|
136
136
|
end
|
|
137
137
|
its(:sector_identifier) { should be_nil }
|
|
@@ -149,7 +149,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
149
149
|
context 'when invalid email included' do
|
|
150
150
|
let(:attributes) do
|
|
151
151
|
minimum_attributes.merge(
|
|
152
|
-
:
|
|
152
|
+
contacts: [
|
|
153
153
|
':invalid',
|
|
154
154
|
'nov@matake.jp'
|
|
155
155
|
].join(' ')
|
|
@@ -161,7 +161,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
161
161
|
context 'when localhost address included' do
|
|
162
162
|
let(:attributes) do
|
|
163
163
|
minimum_attributes.merge(
|
|
164
|
-
:
|
|
164
|
+
contacts: [
|
|
165
165
|
'nov@localhost',
|
|
166
166
|
'nov@matake.jp'
|
|
167
167
|
].join(' ')
|
|
@@ -173,7 +173,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
173
173
|
context 'otherwise' do
|
|
174
174
|
let(:attributes) do
|
|
175
175
|
minimum_attributes.merge(
|
|
176
|
-
:
|
|
176
|
+
contacts: 'nov@matake.jp'
|
|
177
177
|
)
|
|
178
178
|
end
|
|
179
179
|
it { should be_valid }
|
|
@@ -185,7 +185,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
185
185
|
context 'when valid' do
|
|
186
186
|
let(:attributes) do
|
|
187
187
|
minimum_attributes.merge(
|
|
188
|
-
:
|
|
188
|
+
redirect_uris: [
|
|
189
189
|
'https://client1.example.com/callback',
|
|
190
190
|
'https://client2.example.com/callback'
|
|
191
191
|
].join(' ')
|
|
@@ -193,8 +193,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
193
193
|
end
|
|
194
194
|
its(:as_json) do
|
|
195
195
|
should == {
|
|
196
|
-
:
|
|
197
|
-
:
|
|
196
|
+
type: 'client_associate',
|
|
197
|
+
redirect_uris: 'https://client1.example.com/callback https://client2.example.com/callback'
|
|
198
198
|
}
|
|
199
199
|
end
|
|
200
200
|
end
|
|
@@ -202,7 +202,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
202
202
|
context 'otherwise' do
|
|
203
203
|
let(:attributes) do
|
|
204
204
|
{
|
|
205
|
-
:
|
|
205
|
+
type: :client_update
|
|
206
206
|
}
|
|
207
207
|
end
|
|
208
208
|
it do
|
|
@@ -219,8 +219,8 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
219
219
|
end
|
|
220
220
|
|
|
221
221
|
it 'should return OpenIDConnect::Client' do
|
|
222
|
-
mock_json :post, endpoint, 'client/registered', :
|
|
223
|
-
:
|
|
222
|
+
mock_json :post, endpoint, 'client/registered', params: {
|
|
223
|
+
type: 'client_associate'
|
|
224
224
|
} do
|
|
225
225
|
client = instance.associate!
|
|
226
226
|
client.should be_instance_of OpenIDConnect::Client
|
|
@@ -232,9 +232,9 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
232
232
|
|
|
233
233
|
context 'when failed' do
|
|
234
234
|
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
235
|
-
mock_json :post, endpoint, 'errors/unknown', :
|
|
236
|
-
:
|
|
237
|
-
}, :
|
|
235
|
+
mock_json :post, endpoint, 'errors/unknown', params: {
|
|
236
|
+
type: 'client_associate'
|
|
237
|
+
}, status: 400 do
|
|
238
238
|
expect do
|
|
239
239
|
instance.associate!
|
|
240
240
|
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
@@ -246,17 +246,17 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
246
246
|
describe '#update!' do
|
|
247
247
|
let(:attributes) do
|
|
248
248
|
{
|
|
249
|
-
:
|
|
250
|
-
:
|
|
249
|
+
client_id: 'client.example.com',
|
|
250
|
+
client_secret: 'client_secret'
|
|
251
251
|
}
|
|
252
252
|
end
|
|
253
253
|
|
|
254
254
|
it 'should return OpenIDConnect::Client' do
|
|
255
|
-
mock_json :post, endpoint, 'client/updated', :
|
|
256
|
-
:
|
|
257
|
-
:
|
|
258
|
-
:
|
|
259
|
-
:
|
|
255
|
+
mock_json :post, endpoint, 'client/updated', params: {
|
|
256
|
+
type: 'client_update',
|
|
257
|
+
client_id: 'client.example.com',
|
|
258
|
+
client_secret: 'client_secret',
|
|
259
|
+
application_name: 'New Name'
|
|
260
260
|
} do
|
|
261
261
|
instance.application_name = 'New Name'
|
|
262
262
|
client = instance.update!
|
|
@@ -267,11 +267,11 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
267
267
|
|
|
268
268
|
context 'when failed' do
|
|
269
269
|
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
270
|
-
mock_json :post, endpoint, 'errors/unknown', :
|
|
271
|
-
:
|
|
272
|
-
:
|
|
273
|
-
:
|
|
274
|
-
}, :
|
|
270
|
+
mock_json :post, endpoint, 'errors/unknown', params: {
|
|
271
|
+
type: 'client_update',
|
|
272
|
+
client_id: 'client.example.com',
|
|
273
|
+
client_secret: 'client_secret'
|
|
274
|
+
}, status: 400 do
|
|
275
275
|
expect do
|
|
276
276
|
instance.update!
|
|
277
277
|
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
@@ -283,16 +283,16 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
283
283
|
describe '#rotate_secret!' do
|
|
284
284
|
let(:attributes) do
|
|
285
285
|
{
|
|
286
|
-
:
|
|
287
|
-
:
|
|
286
|
+
client_id: 'client.example.com',
|
|
287
|
+
client_secret: 'client_secret'
|
|
288
288
|
}
|
|
289
289
|
end
|
|
290
290
|
|
|
291
291
|
it 'should return OpenIDConnect::Client' do
|
|
292
|
-
mock_json :post, endpoint, 'client/rotated', :
|
|
293
|
-
:
|
|
294
|
-
:
|
|
295
|
-
:
|
|
292
|
+
mock_json :post, endpoint, 'client/rotated', params: {
|
|
293
|
+
type: 'rotate_secret',
|
|
294
|
+
client_id: 'client.example.com',
|
|
295
|
+
client_secret: 'client_secret'
|
|
296
296
|
} do
|
|
297
297
|
client = instance.rotate_secret!
|
|
298
298
|
client.should be_instance_of OpenIDConnect::Client
|
|
@@ -315,7 +315,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
315
315
|
context 'otherwise' do
|
|
316
316
|
let(:attributes) do
|
|
317
317
|
{
|
|
318
|
-
:
|
|
318
|
+
type: :client_update
|
|
319
319
|
}
|
|
320
320
|
end
|
|
321
321
|
it do
|
|
@@ -332,13 +332,13 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
332
332
|
context 'when access_token given' do
|
|
333
333
|
let(:attributes) do
|
|
334
334
|
minimum_attributes.merge(
|
|
335
|
-
:
|
|
335
|
+
access_token: access_token
|
|
336
336
|
)
|
|
337
337
|
end
|
|
338
338
|
|
|
339
339
|
context 'when Rack::OAuth2::AccessToken::Bearer given' do
|
|
340
340
|
let(:access_token) do
|
|
341
|
-
Rack::OAuth2::AccessToken::Bearer.new(:
|
|
341
|
+
Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
|
|
342
342
|
end
|
|
343
343
|
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
344
344
|
its(:access_token) { should == 'access_token' }
|
|
@@ -6,7 +6,7 @@ describe OpenIDConnect::Client do
|
|
|
6
6
|
let(:attributes) { required_attributes }
|
|
7
7
|
let :required_attributes do
|
|
8
8
|
{
|
|
9
|
-
:
|
|
9
|
+
identifier: 'client_id'
|
|
10
10
|
}
|
|
11
11
|
end
|
|
12
12
|
|
|
@@ -14,7 +14,7 @@ describe OpenIDConnect::Client do
|
|
|
14
14
|
context 'when host info is given' do
|
|
15
15
|
let :attributes do
|
|
16
16
|
required_attributes.merge(
|
|
17
|
-
:
|
|
17
|
+
host: 'server.example.com'
|
|
18
18
|
)
|
|
19
19
|
end
|
|
20
20
|
its(:authorization_uri) { should include 'https://server.example.com/oauth2/authorize' }
|
|
@@ -36,13 +36,13 @@ describe OpenIDConnect::Client do
|
|
|
36
36
|
describe '#authorization_uri' do
|
|
37
37
|
describe 'scope' do
|
|
38
38
|
subject do
|
|
39
|
-
query = URI.parse(client.authorization_uri :
|
|
39
|
+
query = URI.parse(client.authorization_uri scope: scope).query
|
|
40
40
|
Rack::Utils.parse_query(query).with_indifferent_access[:scope]
|
|
41
41
|
end
|
|
42
42
|
let(:scope) { nil }
|
|
43
43
|
let :attributes do
|
|
44
44
|
required_attributes.merge(
|
|
45
|
-
:
|
|
45
|
+
host: 'server.example.com'
|
|
46
46
|
)
|
|
47
47
|
end
|
|
48
48
|
|
|
@@ -67,14 +67,14 @@ describe OpenIDConnect::Client do
|
|
|
67
67
|
describe '#access_token!' do
|
|
68
68
|
let :attributes do
|
|
69
69
|
required_attributes.merge(
|
|
70
|
-
:
|
|
71
|
-
:
|
|
70
|
+
secret: 'client_secret',
|
|
71
|
+
token_endpoint: 'http://server.example.com/access_tokens'
|
|
72
72
|
)
|
|
73
73
|
end
|
|
74
74
|
let :protocol_params do
|
|
75
75
|
{
|
|
76
|
-
:
|
|
77
|
-
:
|
|
76
|
+
grant_type: 'authorization_code',
|
|
77
|
+
code: 'code'
|
|
78
78
|
}
|
|
79
79
|
end
|
|
80
80
|
let :header_params do
|
|
@@ -90,14 +90,14 @@ describe OpenIDConnect::Client do
|
|
|
90
90
|
|
|
91
91
|
context 'when bearer token is returned' do
|
|
92
92
|
it 'should return OpenIDConnect::AccessToken' do
|
|
93
|
-
mock_json :post, client.token_endpoint, 'access_token/bearer', :
|
|
93
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer', request_header: header_params, params: protocol_params do
|
|
94
94
|
access_token.should be_a OpenIDConnect::AccessToken
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
97
|
|
|
98
98
|
context 'when id_token is returned' do
|
|
99
99
|
it 'should include id_token' do
|
|
100
|
-
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', :
|
|
100
|
+
mock_json :post, client.token_endpoint, 'access_token/bearer_with_id_token', request_header: header_params, params: protocol_params do
|
|
101
101
|
access_token.id_token.should == 'id_token'
|
|
102
102
|
end
|
|
103
103
|
end
|
|
@@ -106,7 +106,7 @@ describe OpenIDConnect::Client do
|
|
|
106
106
|
|
|
107
107
|
context 'when invalid JSON is returned' do
|
|
108
108
|
it 'should raise OpenIDConnect::Exception' do
|
|
109
|
-
mock_json :post, client.token_endpoint, 'access_token/invalid_json', :
|
|
109
|
+
mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
|
|
110
110
|
expect do
|
|
111
111
|
access_token
|
|
112
112
|
end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
|
|
@@ -116,7 +116,7 @@ describe OpenIDConnect::Client do
|
|
|
116
116
|
|
|
117
117
|
context 'otherwise' do
|
|
118
118
|
it 'should raise Unexpected Token Type exception' do
|
|
119
|
-
mock_json :post, client.token_endpoint, 'access_token/mac', :
|
|
119
|
+
mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do
|
|
120
120
|
expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
|
|
121
121
|
end
|
|
122
122
|
end
|
|
@@ -4,14 +4,14 @@ describe OpenIDConnect::ConnectObject do
|
|
|
4
4
|
class OpenIDConnect::ConnectObject::SubClass < OpenIDConnect::ConnectObject
|
|
5
5
|
attr_required :required
|
|
6
6
|
attr_optional :optional
|
|
7
|
-
validates :required, :
|
|
7
|
+
validates :required, inclusion: {in: ['Required', 'required']}, length: 1..10
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
subject { instance }
|
|
11
11
|
let(:klass) { OpenIDConnect::ConnectObject::SubClass }
|
|
12
12
|
let(:instance) { klass.new attributes }
|
|
13
13
|
let :attributes do
|
|
14
|
-
{:
|
|
14
|
+
{required: 'Required', optional: 'Optional'}
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
context 'when required attributes are given' do
|
|
@@ -22,7 +22,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
22
22
|
|
|
23
23
|
context 'otherwise' do
|
|
24
24
|
let :attributes do
|
|
25
|
-
{:
|
|
25
|
+
{required: 'Required'}
|
|
26
26
|
end
|
|
27
27
|
its(:required) { should == 'Required' }
|
|
28
28
|
its(:optional) { should == nil }
|
|
@@ -32,7 +32,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
32
32
|
context 'otherwise' do
|
|
33
33
|
context 'when optional attributes are given' do
|
|
34
34
|
let :attributes do
|
|
35
|
-
{:
|
|
35
|
+
{optional: 'Optional'}
|
|
36
36
|
end
|
|
37
37
|
it do
|
|
38
38
|
expect { klass.new attributes }.to raise_error AttrRequired::AttrMissing
|
|
@@ -55,7 +55,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
55
55
|
|
|
56
56
|
context 'otherwise' do
|
|
57
57
|
let :attributes do
|
|
58
|
-
{:
|
|
58
|
+
{required: 'Out of List and Too Long'}
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|
|
@@ -76,7 +76,7 @@ describe OpenIDConnect::ConnectObject do
|
|
|
76
76
|
|
|
77
77
|
context 'otherwise' do
|
|
78
78
|
let :attributes do
|
|
79
|
-
{:
|
|
79
|
+
{required: 'Out of List and Too Long'}
|
|
80
80
|
end
|
|
81
81
|
|
|
82
82
|
it 'should raise OpenIDConnect::ValidationFailed with ActiveModel::Errors owner' do
|