openid_connect 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +1 -1
- data/README.rdoc +3 -1
- data/VERSION +1 -1
- data/lib/openid_connect/access_token.rb +1 -2
- data/lib/openid_connect/client.rb +2 -6
- data/lib/openid_connect/client/registrar.rb +59 -123
- data/lib/openid_connect/discovery.rb +0 -2
- data/lib/openid_connect/discovery/provider.rb +3 -1
- data/lib/openid_connect/discovery/provider/config/response.rb +57 -78
- data/lib/openid_connect/request_object.rb +1 -8
- data/lib/openid_connect/request_object/{user_info.rb → userinfo.rb} +0 -0
- data/lib/openid_connect/response_object/id_token.rb +1 -1
- data/lib/openid_connect/response_object/userinfo.rb +3 -0
- data/lib/openid_connect/response_object/{user_info → userinfo}/open_id.rb +7 -6
- data/lib/openid_connect/response_object/{user_info → userinfo}/open_id/address.rb +0 -0
- data/openid_connect.gemspec +2 -2
- data/spec/helpers/webmock_helper.rb +2 -1
- data/spec/mock_response/discovery/config.json +3 -2
- data/spec/mock_response/public_keys/{jwk.json → jwks.json} +1 -1
- data/spec/mock_response/{user_info → userinfo}/openid.json +0 -0
- data/spec/openid_connect/access_token_spec.rb +7 -6
- data/spec/openid_connect/client/registrar_spec.rb +82 -207
- data/spec/openid_connect/client_spec.rb +2 -2
- data/spec/openid_connect/discovery/provider/config/response_spec.rb +53 -286
- data/spec/openid_connect/discovery/provider/config_spec.rb +11 -12
- data/spec/openid_connect/discovery/provider_spec.rb +1 -1
- data/spec/openid_connect/request_object_spec.rb +4 -4
- data/spec/openid_connect/response_object/id_token_spec.rb +4 -4
- data/spec/openid_connect/response_object/user_info/open_id_spec.rb +1 -0
- metadata +17 -20
- data/Gemfile.lock +0 -102
- data/lib/openid_connect/response_object/user_info.rb +0 -3
- data/spec/mock_response/public_keys/x509.pem +0 -21
|
@@ -3,14 +3,8 @@ module OpenIDConnect
|
|
|
3
3
|
include JWTnizable
|
|
4
4
|
|
|
5
5
|
attr_optional :client_id, :response_type, :redirect_uri, :scope, :state, :nonce, :display, :prompt, :userinfo, :id_token
|
|
6
|
-
alias_method :user_info, :userinfo
|
|
7
6
|
validate :require_at_least_one_attributes
|
|
8
7
|
|
|
9
|
-
def initialize(attributes = {})
|
|
10
|
-
attributes[:userinfo] ||= attributes[:user_info]
|
|
11
|
-
super attributes
|
|
12
|
-
end
|
|
13
|
-
|
|
14
8
|
def id_token=(attributes = {})
|
|
15
9
|
@id_token = IdToken.new(attributes) if attributes.present?
|
|
16
10
|
end
|
|
@@ -18,7 +12,6 @@ module OpenIDConnect
|
|
|
18
12
|
def userinfo=(attributes = {})
|
|
19
13
|
@userinfo = UserInfo.new(attributes) if attributes.present?
|
|
20
14
|
end
|
|
21
|
-
alias_method :user_info=, :userinfo=
|
|
22
15
|
|
|
23
16
|
def as_json_with_mixed_keys(options = {})
|
|
24
17
|
hash = as_json_without_mixed_keys options
|
|
@@ -41,4 +34,4 @@ end
|
|
|
41
34
|
|
|
42
35
|
require 'openid_connect/request_object/claimable'
|
|
43
36
|
require 'openid_connect/request_object/id_token'
|
|
44
|
-
require 'openid_connect/request_object/
|
|
37
|
+
require 'openid_connect/request_object/userinfo'
|
|
File without changes
|
|
@@ -20,24 +20,25 @@ module OpenIDConnect
|
|
|
20
20
|
:zoneinfo,
|
|
21
21
|
:locale,
|
|
22
22
|
:phone_number,
|
|
23
|
+
:phone_number_verified,
|
|
23
24
|
:address,
|
|
24
25
|
:updated_time
|
|
25
26
|
)
|
|
26
27
|
alias_method :subject, :sub
|
|
27
28
|
alias_method :subject=, :sub=
|
|
28
29
|
|
|
29
|
-
validates :email_verified, inclusion: {in: [true, false]}
|
|
30
|
-
validates :gender,
|
|
31
|
-
validates :zoneinfo,
|
|
32
|
-
validates :profile, :picture, :website,
|
|
33
|
-
validates :email,
|
|
30
|
+
validates :email_verified, :phone_number_verified, allow_nil: true, inclusion: {in: [true, false]}
|
|
31
|
+
validates :gender, allow_nil: true, inclusion: {in: ['male', 'female']}
|
|
32
|
+
validates :zoneinfo, allow_nil: true, inclusion: {in: TZInfo::TimezoneProxy.all.collect(&:name)}
|
|
33
|
+
validates :profile, :picture, :website, allow_nil: true, url: true
|
|
34
|
+
validates :email, allow_nil: true, email: true
|
|
34
35
|
validate :validate_address
|
|
35
36
|
validate :require_at_least_one_attributes
|
|
36
37
|
# TODO: validate locale
|
|
37
38
|
|
|
38
39
|
def initialize(attributes = {})
|
|
39
40
|
super
|
|
40
|
-
(all_attributes - [:email_verified, :address]).each do |key|
|
|
41
|
+
(all_attributes - [:email_verified, :phone_number_verified, :address]).each do |key|
|
|
41
42
|
self.send "#{key}=", self.send(key).try(:to_s)
|
|
42
43
|
end
|
|
43
44
|
end
|
|
File without changes
|
data/openid_connect.gemspec
CHANGED
|
@@ -13,10 +13,10 @@ Gem::Specification.new do |s|
|
|
|
13
13
|
s.add_runtime_dependency "json", ">= 1.4.3"
|
|
14
14
|
s.add_runtime_dependency "tzinfo"
|
|
15
15
|
s.add_runtime_dependency "attr_required", ">= 0.0.5"
|
|
16
|
-
s.add_runtime_dependency "activemodel", "
|
|
16
|
+
s.add_runtime_dependency "activemodel", "< 4"
|
|
17
17
|
s.add_runtime_dependency "validate_url"
|
|
18
18
|
s.add_runtime_dependency "validate_email"
|
|
19
|
-
s.add_runtime_dependency "json-jwt", ">= 0.
|
|
19
|
+
s.add_runtime_dependency "json-jwt", ">= 0.5.5"
|
|
20
20
|
s.add_runtime_dependency "swd", ">= 0.1.2"
|
|
21
21
|
s.add_runtime_dependency "webfinger", ">= 0.0.2"
|
|
22
22
|
s.add_runtime_dependency "rack-oauth2", ">= 1.0.0"
|
|
@@ -3,11 +3,12 @@
|
|
|
3
3
|
"issuer": "https://connect-op.heroku.com",
|
|
4
4
|
"authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
|
|
5
5
|
"token_endpoint": "https://connect-op.heroku.com/access_tokens",
|
|
6
|
-
"userinfo_endpoint": "https://connect-op.heroku.com/
|
|
6
|
+
"userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
|
|
7
7
|
"registration_endpoint": "https://connect-op.heroku.com/connect/client",
|
|
8
8
|
"scopes_supported": ["openid", "profile", "email", "address"],
|
|
9
9
|
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
|
10
10
|
"subject_types_supported": ["public", "pairwise"],
|
|
11
11
|
"claims_supported": ["sub", "iss", "name", "email"],
|
|
12
|
-
"
|
|
12
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
|
13
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
|
13
14
|
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"keys": [{
|
|
3
|
-
"
|
|
3
|
+
"kty": "RSA",
|
|
4
4
|
"e": "AQAB",
|
|
5
5
|
"n": "u4liYNFzgsRr1ERdUY7CY6r4nefi3RzIhK5fdPgdZSMEEflACWAuJu21_TcDpbZ1-6Kbq7zShFsVTAnBkWdO7EP1Rsn11fZpi9m_zEq_uRY-4RpNwp3S9xSdoQ4F3-js1EMaDQ6km0-c0gvr_TyhFqDj_6w_Bb0vFptfGXwfKewPPnhsi7GJ62ihZ32PzxOvEIYcaoXr9xaeudYD3BzWSDmjKGA7PMaEuBhScdUAoibCmsKB-yAGsz2amHnUhcl4B_EBs6wk65Y7ge0ZQJUOGPdUQL49VuALKmr7cMhHKh5KuQmPAi_20K2uZL_EFDaObDWZrclx98s0DmfTRKINtw"
|
|
6
6
|
}]
|
|
File without changes
|
|
@@ -92,18 +92,19 @@ describe OpenIDConnect::AccessToken do
|
|
|
92
92
|
end
|
|
93
93
|
end
|
|
94
94
|
|
|
95
|
-
describe '#
|
|
96
|
-
it
|
|
97
|
-
mock_json :get, client.
|
|
95
|
+
describe '#userinfo!' do
|
|
96
|
+
it do
|
|
97
|
+
userinfo = mock_json :get, client.userinfo_uri, 'userinfo/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', params: {
|
|
98
98
|
schema: 'openid'
|
|
99
99
|
} do
|
|
100
|
-
access_token.
|
|
100
|
+
access_token.userinfo!
|
|
101
101
|
end
|
|
102
|
+
userinfo.should be_instance_of OpenIDConnect::ResponseObject::UserInfo::OpenID
|
|
102
103
|
end
|
|
103
104
|
|
|
104
105
|
describe 'error handling' do
|
|
105
|
-
let(:endpoint) { client.
|
|
106
|
-
let(:request) { access_token.
|
|
106
|
+
let(:endpoint) { client.userinfo_uri }
|
|
107
|
+
let(:request) { access_token.userinfo! }
|
|
107
108
|
it_behaves_like :access_token_error_handling
|
|
108
109
|
end
|
|
109
110
|
end
|
|
@@ -5,140 +5,93 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
5
5
|
let(:attributes) { minimum_attributes }
|
|
6
6
|
let(:minimum_attributes) do
|
|
7
7
|
{
|
|
8
|
-
|
|
8
|
+
redirect_uris: ['https://client.example.com/callback']
|
|
9
9
|
}
|
|
10
10
|
end
|
|
11
11
|
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
|
|
12
12
|
let(:endpoint) { 'https://server.example.com/clients' }
|
|
13
13
|
|
|
14
14
|
context 'when endpoint given' do
|
|
15
|
-
context 'when attributes given' do
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
minimum_attributes
|
|
19
|
-
end
|
|
20
|
-
it { should be_valid }
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
context 'when operation=client_update' do
|
|
24
|
-
context 'when client_id given' do
|
|
25
|
-
let(:attributes) do
|
|
26
|
-
{
|
|
27
|
-
operation: :client_update,
|
|
28
|
-
client_id: 'client.example.com'
|
|
29
|
-
}
|
|
30
|
-
end
|
|
31
|
-
it { should be_valid }
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
context 'otherwise' do
|
|
35
|
-
let(:attributes) do
|
|
36
|
-
{
|
|
37
|
-
operation: :client_update
|
|
38
|
-
}
|
|
39
|
-
end
|
|
40
|
-
it { should_not be_valid }
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
context 'otherwise' do
|
|
45
|
-
let(:attributes) do
|
|
46
|
-
{
|
|
47
|
-
operation: :invalid_operation
|
|
48
|
-
}
|
|
49
|
-
end
|
|
50
|
-
it { should_not be_valid }
|
|
15
|
+
context 'when required attributes given' do
|
|
16
|
+
let(:attributes) do
|
|
17
|
+
minimum_attributes
|
|
51
18
|
end
|
|
19
|
+
it { should be_valid }
|
|
52
20
|
end
|
|
53
21
|
|
|
54
22
|
context 'otherwise' do
|
|
55
23
|
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
|
|
56
|
-
it do
|
|
57
|
-
expect do
|
|
58
|
-
instance
|
|
59
|
-
end.not_to raise_error
|
|
60
|
-
end
|
|
61
24
|
it { should_not be_valid }
|
|
62
25
|
end
|
|
63
26
|
end
|
|
64
27
|
|
|
65
28
|
context 'otherwise' do
|
|
66
|
-
let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
|
|
67
29
|
let(:endpoint) { '' }
|
|
68
|
-
|
|
69
|
-
it do
|
|
70
|
-
expect do
|
|
71
|
-
instance
|
|
72
|
-
end.to raise_error AttrRequired::AttrMissing
|
|
73
|
-
end
|
|
30
|
+
it { should_not be_valid }
|
|
74
31
|
end
|
|
75
32
|
|
|
76
33
|
describe '#sector_identifier' do
|
|
77
|
-
context 'when
|
|
34
|
+
context 'when sector_identifier_uri given' do
|
|
78
35
|
let(:attributes) do
|
|
79
36
|
minimum_attributes.merge(
|
|
80
|
-
|
|
37
|
+
sector_identifier_uri: 'https://client2.example.com/sector_identifier.json'
|
|
81
38
|
)
|
|
82
39
|
end
|
|
83
|
-
its(:sector_identifier) { should == '
|
|
84
|
-
|
|
85
|
-
context 'when sector_identifier_url is invalid URI' do
|
|
86
|
-
let(:attributes) do
|
|
87
|
-
minimum_attributes.merge(
|
|
88
|
-
sector_identifier_url: ':invalid'
|
|
89
|
-
)
|
|
90
|
-
end
|
|
91
|
-
its(:sector_identifier) { should be_nil }
|
|
92
|
-
end
|
|
40
|
+
its(:sector_identifier) { should == 'client2.example.com' }
|
|
93
41
|
|
|
94
|
-
context 'when
|
|
42
|
+
context 'when sector_identifier_uri is invalid URI' do
|
|
95
43
|
let(:attributes) do
|
|
96
44
|
minimum_attributes.merge(
|
|
97
|
-
|
|
98
|
-
redirect_uris: 'https://client2.example.com/callback'
|
|
45
|
+
sector_identifier_uri: 'invalid'
|
|
99
46
|
)
|
|
100
47
|
end
|
|
101
|
-
|
|
48
|
+
it { should_not be_valid }
|
|
102
49
|
end
|
|
103
50
|
end
|
|
104
51
|
|
|
105
52
|
context 'otherwise' do
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
53
|
+
let(:attributes) do
|
|
54
|
+
minimum_attributes.merge(
|
|
55
|
+
redirect_uris: redirect_uris
|
|
56
|
+
)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
context 'when redirect_uris includes only one host' do
|
|
60
|
+
let(:redirect_uris) do
|
|
61
|
+
[
|
|
62
|
+
'https://client.example.com/callback/op1',
|
|
63
|
+
'https://client.example.com/callback/op2'
|
|
64
|
+
]
|
|
117
65
|
end
|
|
66
|
+
its(:sector_identifier) { should == 'client.example.com' }
|
|
67
|
+
end
|
|
118
68
|
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
].join(' ')
|
|
126
|
-
)
|
|
127
|
-
end
|
|
128
|
-
its(:sector_identifier) { should be_nil }
|
|
69
|
+
context 'when redirect_uris includes multiple hosts' do
|
|
70
|
+
let(:redirect_uris) do
|
|
71
|
+
[
|
|
72
|
+
'https://client1.example.com/callback',
|
|
73
|
+
'https://client2.example.com/callback'
|
|
74
|
+
]
|
|
129
75
|
end
|
|
76
|
+
its(:sector_identifier) { should be_nil }
|
|
130
77
|
|
|
131
|
-
context 'when
|
|
78
|
+
context 'when subject_type=pairwise' do
|
|
132
79
|
let(:attributes) do
|
|
133
80
|
minimum_attributes.merge(
|
|
134
|
-
redirect_uris:
|
|
81
|
+
redirect_uris: redirect_uris,
|
|
82
|
+
subject_type: :pairwise
|
|
135
83
|
)
|
|
136
84
|
end
|
|
137
|
-
|
|
85
|
+
it { should_not be_valid }
|
|
138
86
|
end
|
|
139
87
|
end
|
|
140
88
|
|
|
141
|
-
context '
|
|
89
|
+
context 'when redirect_uris includes invalid URL' do
|
|
90
|
+
let(:redirect_uris) do
|
|
91
|
+
[
|
|
92
|
+
'invalid'
|
|
93
|
+
]
|
|
94
|
+
end
|
|
142
95
|
its(:sector_identifier) { should be_nil }
|
|
143
96
|
end
|
|
144
97
|
end
|
|
@@ -146,7 +99,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
146
99
|
|
|
147
100
|
describe '#redirect_uris' do
|
|
148
101
|
let(:base_url) { 'http://client.example.com/callback' }
|
|
149
|
-
let(:attributes) { minimum_attributes.merge(redirect_uris: redirect_uri) }
|
|
102
|
+
let(:attributes) { minimum_attributes.merge(redirect_uris: [redirect_uri]) }
|
|
150
103
|
|
|
151
104
|
context 'when query included' do
|
|
152
105
|
let(:redirect_uri) { [base_url, '?foo=bar'].join }
|
|
@@ -156,41 +109,41 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
156
109
|
|
|
157
110
|
context 'when fragment included' do
|
|
158
111
|
let(:redirect_uri) { [base_url, '#foo=bar'].join }
|
|
159
|
-
it {
|
|
112
|
+
it { should be_valid }
|
|
160
113
|
end
|
|
161
114
|
end
|
|
162
115
|
|
|
163
116
|
describe '#contacts' do
|
|
164
117
|
context 'when contacts given' do
|
|
118
|
+
let(:attributes) do
|
|
119
|
+
minimum_attributes.merge(
|
|
120
|
+
contacts: contacts
|
|
121
|
+
)
|
|
122
|
+
end
|
|
123
|
+
|
|
165
124
|
context 'when invalid email included' do
|
|
166
|
-
let(:
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
].join(' ')
|
|
172
|
-
)
|
|
125
|
+
let(:contacts) do
|
|
126
|
+
[
|
|
127
|
+
'invalid',
|
|
128
|
+
'nov@matake.jp'
|
|
129
|
+
]
|
|
173
130
|
end
|
|
174
131
|
it { should_not be_valid }
|
|
175
132
|
end
|
|
176
133
|
|
|
177
134
|
context 'when localhost address included' do
|
|
178
|
-
let(:
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
].join(' ')
|
|
184
|
-
)
|
|
135
|
+
let(:contacts) do
|
|
136
|
+
[
|
|
137
|
+
'nov@localhost',
|
|
138
|
+
'nov@matake.jp'
|
|
139
|
+
]
|
|
185
140
|
end
|
|
186
141
|
it { should_not be_valid }
|
|
187
142
|
end
|
|
188
143
|
|
|
189
144
|
context 'otherwise' do
|
|
190
|
-
let(:
|
|
191
|
-
|
|
192
|
-
contacts: 'nov@matake.jp'
|
|
193
|
-
)
|
|
145
|
+
let(:contacts) do
|
|
146
|
+
['nov@matake.jp']
|
|
194
147
|
end
|
|
195
148
|
it { should be_valid }
|
|
196
149
|
end
|
|
@@ -199,27 +152,16 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
199
152
|
|
|
200
153
|
describe '#as_json' do
|
|
201
154
|
context 'when valid' do
|
|
202
|
-
let(:attributes) do
|
|
203
|
-
minimum_attributes.merge(
|
|
204
|
-
redirect_uris: [
|
|
205
|
-
'https://client1.example.com/callback',
|
|
206
|
-
'https://client2.example.com/callback'
|
|
207
|
-
].join(' ')
|
|
208
|
-
)
|
|
209
|
-
end
|
|
210
155
|
its(:as_json) do
|
|
211
|
-
should ==
|
|
212
|
-
operation: 'client_register',
|
|
213
|
-
redirect_uris: 'https://client1.example.com/callback https://client2.example.com/callback'
|
|
214
|
-
}
|
|
156
|
+
should == minimum_attributes
|
|
215
157
|
end
|
|
216
158
|
end
|
|
217
159
|
|
|
218
160
|
context 'otherwise' do
|
|
219
161
|
let(:attributes) do
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
162
|
+
minimum_attributes.merge(
|
|
163
|
+
sector_identifier_uri: 'invalid'
|
|
164
|
+
)
|
|
223
165
|
end
|
|
224
166
|
it do
|
|
225
167
|
expect do
|
|
@@ -230,27 +172,19 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
230
172
|
end
|
|
231
173
|
|
|
232
174
|
describe '#register!' do
|
|
233
|
-
let(:attributes) do
|
|
234
|
-
{}
|
|
235
|
-
end
|
|
236
|
-
|
|
237
175
|
it 'should return OpenIDConnect::Client' do
|
|
238
|
-
mock_json :post, endpoint, 'client/registered', params:
|
|
239
|
-
|
|
240
|
-
} do
|
|
241
|
-
client = instance.register!
|
|
242
|
-
client.should be_instance_of OpenIDConnect::Client
|
|
243
|
-
client.identifier.should == 'client.example.com'
|
|
244
|
-
client.secret.should == 'client_secret'
|
|
245
|
-
client.expires_in.should == 3600
|
|
176
|
+
client = mock_json :post, endpoint, 'client/registered', params: minimum_attributes do
|
|
177
|
+
instance.register!
|
|
246
178
|
end
|
|
179
|
+
client.should be_instance_of OpenIDConnect::Client
|
|
180
|
+
client.identifier.should == 'client.example.com'
|
|
181
|
+
client.secret.should == 'client_secret'
|
|
182
|
+
client.expires_in.should == 3600
|
|
247
183
|
end
|
|
248
184
|
|
|
249
185
|
context 'when failed' do
|
|
250
186
|
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
251
|
-
mock_json :post, endpoint, 'errors/unknown', params:
|
|
252
|
-
operation: 'client_register'
|
|
253
|
-
}, status: 400 do
|
|
187
|
+
mock_json :post, endpoint, 'errors/unknown', params: minimum_attributes, status: 400 do
|
|
254
188
|
expect do
|
|
255
189
|
instance.register!
|
|
256
190
|
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
@@ -259,66 +193,6 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
259
193
|
end
|
|
260
194
|
end
|
|
261
195
|
|
|
262
|
-
describe '#update!' do
|
|
263
|
-
let(:attributes) do
|
|
264
|
-
{
|
|
265
|
-
client_id: 'client.example.com',
|
|
266
|
-
client_secret: 'client_secret'
|
|
267
|
-
}
|
|
268
|
-
end
|
|
269
|
-
|
|
270
|
-
it 'should return OpenIDConnect::Client' do
|
|
271
|
-
mock_json :post, endpoint, 'client/updated', params: {
|
|
272
|
-
operation: 'client_update',
|
|
273
|
-
client_id: 'client.example.com',
|
|
274
|
-
client_secret: 'client_secret',
|
|
275
|
-
client_name: 'New Name'
|
|
276
|
-
} do
|
|
277
|
-
instance.client_name = 'New Name'
|
|
278
|
-
client = instance.update!
|
|
279
|
-
client.should be_instance_of OpenIDConnect::Client
|
|
280
|
-
client.identifier.should == 'client.example.com'
|
|
281
|
-
end
|
|
282
|
-
end
|
|
283
|
-
|
|
284
|
-
context 'when failed' do
|
|
285
|
-
it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
|
|
286
|
-
mock_json :post, endpoint, 'errors/unknown', params: {
|
|
287
|
-
operation: 'client_update',
|
|
288
|
-
client_id: 'client.example.com',
|
|
289
|
-
client_secret: 'client_secret'
|
|
290
|
-
}, status: 400 do
|
|
291
|
-
expect do
|
|
292
|
-
instance.update!
|
|
293
|
-
end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
|
|
294
|
-
end
|
|
295
|
-
end
|
|
296
|
-
end
|
|
297
|
-
end
|
|
298
|
-
|
|
299
|
-
describe '#rotate_secret!' do
|
|
300
|
-
let(:attributes) do
|
|
301
|
-
{
|
|
302
|
-
client_id: 'client.example.com',
|
|
303
|
-
client_secret: 'client_secret'
|
|
304
|
-
}
|
|
305
|
-
end
|
|
306
|
-
|
|
307
|
-
it 'should return OpenIDConnect::Client' do
|
|
308
|
-
mock_json :post, endpoint, 'client/rotated', params: {
|
|
309
|
-
operation: 'rotate_secret',
|
|
310
|
-
client_id: 'client.example.com',
|
|
311
|
-
client_secret: 'client_secret'
|
|
312
|
-
} do
|
|
313
|
-
client = instance.rotate_secret!
|
|
314
|
-
client.should be_instance_of OpenIDConnect::Client
|
|
315
|
-
client.identifier.should == 'client.example.com'
|
|
316
|
-
client.secret.should == 'new_client_secret'
|
|
317
|
-
client.expires_in.should == 3600
|
|
318
|
-
end
|
|
319
|
-
end
|
|
320
|
-
end
|
|
321
|
-
|
|
322
196
|
describe '#validate!' do
|
|
323
197
|
context 'when valid' do
|
|
324
198
|
it do
|
|
@@ -330,10 +204,11 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
330
204
|
|
|
331
205
|
context 'otherwise' do
|
|
332
206
|
let(:attributes) do
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
207
|
+
minimum_attributes.merge(
|
|
208
|
+
sector_identifier_uri: 'invalid'
|
|
209
|
+
)
|
|
336
210
|
end
|
|
211
|
+
|
|
337
212
|
it do
|
|
338
213
|
expect do
|
|
339
214
|
instance.validate!
|
|
@@ -345,15 +220,15 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
345
220
|
describe 'http_client' do
|
|
346
221
|
subject { instance.send(:http_client) }
|
|
347
222
|
|
|
348
|
-
context 'when
|
|
223
|
+
context 'when initial_access_token given' do
|
|
349
224
|
let(:attributes) do
|
|
350
225
|
minimum_attributes.merge(
|
|
351
|
-
|
|
226
|
+
initial_access_token: initial_access_token
|
|
352
227
|
)
|
|
353
228
|
end
|
|
354
229
|
|
|
355
230
|
context 'when Rack::OAuth2::AccessToken::Bearer given' do
|
|
356
|
-
let(:
|
|
231
|
+
let(:initial_access_token) do
|
|
357
232
|
Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
|
|
358
233
|
end
|
|
359
234
|
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
@@ -361,7 +236,7 @@ describe OpenIDConnect::Client::Registrar do
|
|
|
361
236
|
end
|
|
362
237
|
|
|
363
238
|
context 'otherwise' do
|
|
364
|
-
let(:
|
|
239
|
+
let(:initial_access_token) { 'access_token' }
|
|
365
240
|
it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
|
|
366
241
|
its(:access_token) { should == 'access_token' }
|
|
367
242
|
end
|