openid_connect 0.6.1 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +31 -0
- data/.gitignore +1 -0
- data/CHANGELOG.md +23 -0
- data/LICENSE +3 -1
- data/README.rdoc +10 -3
- data/Rakefile +6 -6
- data/TODOs +12 -0
- data/VERSION +1 -1
- data/lib/openid_connect/access_token/mtls.rb +9 -0
- data/lib/openid_connect/access_token.rb +14 -6
- data/lib/openid_connect/client/registrar.rb +69 -130
- data/lib/openid_connect/client.rb +7 -12
- data/lib/openid_connect/discovery/provider/config/resource.rb +5 -3
- data/lib/openid_connect/discovery/provider/config/response.rb +73 -78
- data/lib/openid_connect/discovery/provider/config.rb +5 -2
- data/lib/openid_connect/discovery/provider.rb +6 -2
- data/lib/openid_connect/discovery.rb +0 -2
- data/lib/openid_connect/jwtnizable.rb +6 -4
- data/lib/openid_connect/request_object/claimable.rb +4 -6
- data/lib/openid_connect/request_object.rb +6 -13
- data/lib/openid_connect/response_object/id_token.rb +38 -37
- data/lib/openid_connect/response_object/user_info/address.rb +10 -0
- data/lib/openid_connect/response_object/user_info.rb +64 -2
- data/lib/openid_connect.rb +26 -11
- data/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb +5 -1
- data/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb +1 -1
- data/lib/rack/oauth2/server/authorize/extension/id_token.rb +1 -1
- data/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb +1 -1
- data/lib/rack/oauth2/server/authorize/request_with_connect_params.rb +17 -14
- data/lib/rack/oauth2/server/id_token_response.rb +11 -13
- data/openid_connect.gemspec +19 -13
- data/spec/helpers/crypto_spec_helper.rb +2 -2
- data/spec/helpers/webmock_helper.rb +14 -9
- data/spec/mock_response/access_token/without_token_type.json +3 -0
- data/spec/mock_response/discovery/config.json +3 -3
- data/spec/mock_response/discovery/config_with_custom_port.json +13 -0
- data/spec/mock_response/discovery/config_with_invalid_issuer.json +13 -0
- data/spec/mock_response/discovery/config_with_path.json +13 -0
- data/spec/mock_response/discovery/config_without_issuer.json +12 -0
- data/spec/mock_response/errors/unknown.json +3 -1
- data/spec/mock_response/public_keys/{jwk.json → jwks.json} +1 -1
- data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
- data/spec/mock_response/public_keys/private_key.pem +27 -0
- data/spec/openid_connect/access_token_spec.rb +11 -20
- data/spec/openid_connect/client/registrar_spec.rb +93 -208
- data/spec/openid_connect/client_spec.rb +79 -22
- data/spec/openid_connect/connect_object_spec.rb +1 -1
- data/spec/openid_connect/discovery/provider/config/response_spec.rb +76 -284
- data/spec/openid_connect/discovery/provider/config_spec.rb +64 -27
- data/spec/openid_connect/discovery/provider_spec.rb +2 -2
- data/spec/openid_connect/request_object_spec.rb +4 -4
- data/spec/openid_connect/response_object/id_token_spec.rb +94 -52
- data/spec/openid_connect/response_object/user_info/{open_id/address_spec.rb → address_spec.rb} +3 -3
- data/spec/openid_connect/response_object/{user_info/open_id_spec.rb → user_info_spec.rb} +13 -12
- data/spec/openid_connect_spec.rb +19 -19
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +11 -0
- data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +11 -0
- data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +11 -0
- data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +1 -1
- data/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb +45 -0
- data/spec/spec_helper.rb +12 -1
- metadata +155 -90
- data/.travis.yml +0 -3
- data/Gemfile.lock +0 -102
- data/lib/openid_connect/debugger/request_filter.rb +0 -28
- data/lib/openid_connect/debugger.rb +0 -3
- data/lib/openid_connect/response_object/user_info/open_id/address.rb +0 -12
- data/lib/openid_connect/response_object/user_info/open_id.rb +0 -64
- data/lib/rack/oauth2/server/resource/error_with_connect_ext.rb +0 -14
- data/spec/mock_response/public_keys/x509.pem +0 -21
- data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/error_with_connect_ext_spec.rb +0 -12
- /data/spec/mock_response/{user_info → userinfo}/openid.json +0 -0
@@ -1,23 +1,26 @@
|
|
1
1
|
class Rack::OAuth2::Server::Authorize
|
2
2
|
module RequestWithConnectParams
|
3
|
-
CONNECT_EXT_PARAMS = [
|
3
|
+
CONNECT_EXT_PARAMS = [
|
4
|
+
:nonce, :display, :prompt, :max_age, :ui_locales, :claims_locales,
|
5
|
+
:id_token_hint, :login_hint, :acr_values, :claims, :request, :request_uri
|
6
|
+
]
|
4
7
|
|
5
|
-
def self.
|
8
|
+
def self.prepended(klass)
|
6
9
|
klass.send :attr_optional, *CONNECT_EXT_PARAMS
|
7
|
-
|
8
|
-
def initialize_with_connect_params(env)
|
9
|
-
initialize_without_connect_params env
|
10
|
-
CONNECT_EXT_PARAMS.each do |attribute|
|
11
|
-
self.send :"#{attribute}=", params[attribute.to_s]
|
12
|
-
end
|
13
|
-
end
|
14
|
-
alias_method_chain :initialize, :connect_params
|
10
|
+
end
|
15
11
|
|
16
|
-
|
17
|
-
|
18
|
-
|
12
|
+
def initialize(env)
|
13
|
+
super
|
14
|
+
CONNECT_EXT_PARAMS.each do |attribute|
|
15
|
+
self.send :"#{attribute}=", params[attribute.to_s]
|
19
16
|
end
|
17
|
+
self.prompt = Array(prompt.to_s.split(' '))
|
18
|
+
self.max_age = max_age.try(:to_i)
|
19
|
+
end
|
20
|
+
|
21
|
+
def openid_connect_request?
|
22
|
+
scope.include?('openid')
|
20
23
|
end
|
21
24
|
end
|
22
|
-
Request.send :
|
25
|
+
Request.send :prepend, RequestWithConnectParams
|
23
26
|
end
|
@@ -1,22 +1,20 @@
|
|
1
1
|
module Rack::OAuth2::Server
|
2
2
|
module IdTokenResponse
|
3
|
-
def self.
|
3
|
+
def self.prepended(klass)
|
4
4
|
klass.send :attr_optional, :id_token
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
5
|
+
end
|
6
|
+
|
7
|
+
def protocol_params_location
|
8
|
+
:fragment
|
9
|
+
end
|
9
10
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
end
|
15
|
-
alias_method_chain :protocol_params, :id_token
|
16
|
-
end
|
11
|
+
def protocol_params
|
12
|
+
super.merge(
|
13
|
+
id_token: id_token
|
14
|
+
)
|
17
15
|
end
|
18
16
|
end
|
19
|
-
Token::Response.send :
|
17
|
+
Token::Response.send :prepend, IdTokenResponse
|
20
18
|
end
|
21
19
|
|
22
20
|
require 'rack/oauth2/server/authorize/extension/code_and_id_token'
|
data/openid_connect.gemspec
CHANGED
@@ -6,22 +6,28 @@ Gem::Specification.new do |s|
|
|
6
6
|
s.homepage = "https://github.com/nov/openid_connect"
|
7
7
|
s.summary = %q{OpenID Connect Server & Client Library}
|
8
8
|
s.description = %q{OpenID Connect Server & Client Library}
|
9
|
+
s.license = 'MIT'
|
10
|
+
|
9
11
|
s.files = `git ls-files`.split("\n")
|
10
12
|
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
11
13
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
12
14
|
s.require_paths = ["lib"]
|
13
|
-
s.add_runtime_dependency "json", ">= 1.4.3"
|
14
15
|
s.add_runtime_dependency "tzinfo"
|
15
|
-
s.add_runtime_dependency "attr_required", ">= 0.0
|
16
|
-
s.add_runtime_dependency "activemodel"
|
16
|
+
s.add_runtime_dependency "attr_required", ">= 1.0.0"
|
17
|
+
s.add_runtime_dependency "activemodel"
|
17
18
|
s.add_runtime_dependency "validate_url"
|
18
|
-
s.add_runtime_dependency "
|
19
|
-
s.add_runtime_dependency "
|
20
|
-
s.add_runtime_dependency
|
21
|
-
s.add_runtime_dependency
|
22
|
-
s.add_runtime_dependency "
|
23
|
-
s.
|
24
|
-
s.
|
25
|
-
s.
|
26
|
-
s.add_development_dependency "
|
27
|
-
|
19
|
+
s.add_runtime_dependency "email_validator"
|
20
|
+
s.add_runtime_dependency "mail"
|
21
|
+
s.add_runtime_dependency 'faraday', '~> 2.0'
|
22
|
+
s.add_runtime_dependency 'faraday-follow_redirects'
|
23
|
+
s.add_runtime_dependency "json-jwt", ">= 1.16"
|
24
|
+
s.add_runtime_dependency "swd", "~> 2.0"
|
25
|
+
s.add_runtime_dependency "webfinger", "~> 2.0"
|
26
|
+
s.add_runtime_dependency "rack-oauth2", "~> 2.2"
|
27
|
+
s.add_development_dependency "rake"
|
28
|
+
s.add_development_dependency "rspec"
|
29
|
+
s.add_development_dependency "rspec-its"
|
30
|
+
s.add_development_dependency "webmock"
|
31
|
+
s.add_development_dependency "simplecov"
|
32
|
+
s.add_development_dependency "rexml"
|
33
|
+
end
|
@@ -8,11 +8,11 @@ module CryptoSpecHelper
|
|
8
8
|
end
|
9
9
|
|
10
10
|
def private_key
|
11
|
-
@private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher
|
11
|
+
@private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher.new('DES-EDE3-CBC'), 'pass-phrase'), 'pass-phrase'
|
12
12
|
end
|
13
13
|
|
14
14
|
def ec_key
|
15
|
-
@ec_key ||= OpenSSL::PKey::EC.new('
|
15
|
+
@ec_key ||= OpenSSL::PKey::EC.new('prime256v1').generate_key
|
16
16
|
end
|
17
17
|
|
18
18
|
def ec_public_key
|
@@ -7,23 +7,22 @@ module WebMockHelper
|
|
7
7
|
).to_return(
|
8
8
|
response_for(response_file, options)
|
9
9
|
)
|
10
|
-
yield
|
10
|
+
result = yield
|
11
11
|
a_request(method, endpoint).with(
|
12
12
|
request_for(method, options)
|
13
13
|
).should have_been_made.once
|
14
|
+
result
|
14
15
|
end
|
15
16
|
|
16
17
|
private
|
17
18
|
|
18
19
|
def request_for(method, options = {})
|
19
20
|
request = {}
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
request[:query] = options[:params]
|
26
|
-
end
|
21
|
+
case method
|
22
|
+
when :post, :put
|
23
|
+
request[:body] = options[:params]
|
24
|
+
else
|
25
|
+
request[:query] = options[:params]
|
27
26
|
end
|
28
27
|
if options[:request_header]
|
29
28
|
request[:headers] = options[:request_header]
|
@@ -33,7 +32,13 @@ module WebMockHelper
|
|
33
32
|
|
34
33
|
def response_for(response_file, options = {})
|
35
34
|
response = {}
|
36
|
-
|
35
|
+
format = options[:format] || :json
|
36
|
+
if format == :json
|
37
|
+
response[:headers] = {
|
38
|
+
'Content-Type': 'application/json'
|
39
|
+
}
|
40
|
+
end
|
41
|
+
response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
|
37
42
|
if options[:status]
|
38
43
|
response[:status] = options[:status]
|
39
44
|
end
|
@@ -1,13 +1,13 @@
|
|
1
1
|
{
|
2
|
-
"version": "3.0",
|
3
2
|
"issuer": "https://connect-op.heroku.com",
|
4
3
|
"authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
|
5
4
|
"token_endpoint": "https://connect-op.heroku.com/access_tokens",
|
6
|
-
"userinfo_endpoint": "https://connect-op.heroku.com/
|
5
|
+
"userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
|
7
6
|
"registration_endpoint": "https://connect-op.heroku.com/connect/client",
|
8
7
|
"scopes_supported": ["openid", "profile", "email", "address"],
|
9
8
|
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
10
9
|
"subject_types_supported": ["public", "pairwise"],
|
11
10
|
"claims_supported": ["sub", "iss", "name", "email"],
|
12
|
-
"
|
11
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
12
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
13
13
|
}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"issuer": "https://connect-op.heroku.com:8080",
|
3
|
+
"authorization_endpoint": "https://connect-op.heroku.com:8080/authorizations/new",
|
4
|
+
"token_endpoint": "https://connect-op.heroku.com:8080/access_tokens",
|
5
|
+
"userinfo_endpoint": "https://connect-op.heroku.com:8080/userinfo",
|
6
|
+
"registration_endpoint": "https://connect-op.heroku.com:8080/connect/client",
|
7
|
+
"scopes_supported": ["openid", "profile", "email", "address"],
|
8
|
+
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
9
|
+
"subject_types_supported": ["public", "pairwise"],
|
10
|
+
"claims_supported": ["sub", "iss", "name", "email"],
|
11
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
12
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
13
|
+
}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"issuer": "https://attacker.example.com",
|
3
|
+
"authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
|
4
|
+
"token_endpoint": "https://connect-op.heroku.com/access_tokens",
|
5
|
+
"userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
|
6
|
+
"registration_endpoint": "https://connect-op.heroku.com/connect/client",
|
7
|
+
"scopes_supported": ["openid", "profile", "email", "address"],
|
8
|
+
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
9
|
+
"subject_types_supported": ["public", "pairwise"],
|
10
|
+
"claims_supported": ["sub", "iss", "name", "email"],
|
11
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
12
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
13
|
+
}
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"issuer": "https://connect.openid4.us/abop",
|
3
|
+
"authorization_endpoint": "https://connect.openid4.us/abop/authorizations/new",
|
4
|
+
"token_endpoint": "https://connect.openid4.us/abop/access_tokens",
|
5
|
+
"userinfo_endpoint": "https://connect.openid4.us/abop/userinfo",
|
6
|
+
"registration_endpoint": "https://connect.openid4.us/abop/connect/client",
|
7
|
+
"scopes_supported": ["openid", "profile", "email", "address"],
|
8
|
+
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
9
|
+
"subject_types_supported": ["public", "pairwise"],
|
10
|
+
"claims_supported": ["sub", "iss", "name", "email"],
|
11
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
12
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
13
|
+
}
|
@@ -0,0 +1,12 @@
|
|
1
|
+
{
|
2
|
+
"authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
|
3
|
+
"token_endpoint": "https://connect-op.heroku.com/access_tokens",
|
4
|
+
"userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
|
5
|
+
"registration_endpoint": "https://connect-op.heroku.com/connect/client",
|
6
|
+
"scopes_supported": ["openid", "profile", "email", "address"],
|
7
|
+
"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
|
8
|
+
"subject_types_supported": ["public", "pairwise"],
|
9
|
+
"claims_supported": ["sub", "iss", "name", "email"],
|
10
|
+
"jwks_uri": "https://connect-op.heroku.com/jwks.json",
|
11
|
+
"id_token_signing_alg_values_supported": ["RS256"]
|
12
|
+
}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
{
|
2
2
|
"keys": [{
|
3
|
-
"
|
3
|
+
"kty": "RSA",
|
4
4
|
"e": "AQAB",
|
5
5
|
"n": "u4liYNFzgsRr1ERdUY7CY6r4nefi3RzIhK5fdPgdZSMEEflACWAuJu21_TcDpbZ1-6Kbq7zShFsVTAnBkWdO7EP1Rsn11fZpi9m_zEq_uRY-4RpNwp3S9xSdoQ4F3-js1EMaDQ6km0-c0gvr_TyhFqDj_6w_Bb0vFptfGXwfKewPPnhsi7GJ62ihZ32PzxOvEIYcaoXr9xaeudYD3BzWSDmjKGA7PMaEuBhScdUAoibCmsKB-yAGsz2amHnUhcl4B_EBs6wk65Y7ge0ZQJUOGPdUQL49VuALKmr7cMhHKh5KuQmPAi_20K2uZL_EFDaObDWZrclx98s0DmfTRKINtw"
|
6
6
|
}]
|
@@ -0,0 +1,8 @@
|
|
1
|
+
{
|
2
|
+
"keys": [{
|
3
|
+
"kty": "RSA",
|
4
|
+
"e": "AQAB",
|
5
|
+
"n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
|
6
|
+
"kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
|
7
|
+
}]
|
8
|
+
}
|
@@ -0,0 +1,27 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
|
3
|
+
IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
|
4
|
+
wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
|
5
|
+
86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
|
6
|
+
LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
|
7
|
+
Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
|
8
|
+
90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
|
9
|
+
Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
|
10
|
+
dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
|
11
|
+
H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
|
12
|
+
9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
|
13
|
+
8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
|
14
|
+
AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
|
15
|
+
VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
|
16
|
+
MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
|
17
|
+
zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
|
18
|
+
Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
|
19
|
+
EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
|
20
|
+
hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
|
21
|
+
pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
|
22
|
+
ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
|
23
|
+
KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
|
24
|
+
JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
|
25
|
+
XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
|
26
|
+
mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
|
27
|
+
-----END RSA PRIVATE KEY-----
|
@@ -53,9 +53,7 @@ describe OpenIDConnect::AccessToken do
|
|
53
53
|
shared_examples_for :access_token_error_handling do
|
54
54
|
context 'when bad_request' do
|
55
55
|
it 'should raise OpenIDConnect::Forbidden' do
|
56
|
-
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400
|
57
|
-
schema: 'openid'
|
58
|
-
} do
|
56
|
+
mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400 do
|
59
57
|
expect { request }.to raise_error OpenIDConnect::BadRequest
|
60
58
|
end
|
61
59
|
end
|
@@ -63,9 +61,7 @@ describe OpenIDConnect::AccessToken do
|
|
63
61
|
|
64
62
|
context 'when unauthorized' do
|
65
63
|
it 'should raise OpenIDConnect::Unauthorized' do
|
66
|
-
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401
|
67
|
-
schema: 'openid'
|
68
|
-
} do
|
64
|
+
mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401 do
|
69
65
|
expect { request }.to raise_error OpenIDConnect::Unauthorized
|
70
66
|
end
|
71
67
|
end
|
@@ -73,9 +69,7 @@ describe OpenIDConnect::AccessToken do
|
|
73
69
|
|
74
70
|
context 'when forbidden' do
|
75
71
|
it 'should raise OpenIDConnect::Forbidden' do
|
76
|
-
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403
|
77
|
-
schema: 'openid'
|
78
|
-
} do
|
72
|
+
mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403 do
|
79
73
|
expect { request }.to raise_error OpenIDConnect::Forbidden
|
80
74
|
end
|
81
75
|
end
|
@@ -83,27 +77,24 @@ describe OpenIDConnect::AccessToken do
|
|
83
77
|
|
84
78
|
context 'when unknown' do
|
85
79
|
it 'should raise OpenIDConnect::HttpError' do
|
86
|
-
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500
|
87
|
-
schema: 'openid'
|
88
|
-
} do
|
80
|
+
mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500 do
|
89
81
|
expect { request }.to raise_error OpenIDConnect::HttpError
|
90
82
|
end
|
91
83
|
end
|
92
84
|
end
|
93
85
|
end
|
94
86
|
|
95
|
-
describe '#
|
96
|
-
it
|
97
|
-
mock_json :get, client.
|
98
|
-
|
99
|
-
} do
|
100
|
-
access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
|
87
|
+
describe '#userinfo!' do
|
88
|
+
it do
|
89
|
+
userinfo = mock_json :get, client.userinfo_uri, 'userinfo/openid', :HTTP_AUTHORIZATION => 'Bearer access_token' do
|
90
|
+
access_token.userinfo!
|
101
91
|
end
|
92
|
+
userinfo.should be_instance_of OpenIDConnect::ResponseObject::UserInfo
|
102
93
|
end
|
103
94
|
|
104
95
|
describe 'error handling' do
|
105
|
-
let(:endpoint) { client.
|
106
|
-
let(:request) { access_token.
|
96
|
+
let(:endpoint) { client.userinfo_uri }
|
97
|
+
let(:request) { access_token.userinfo! }
|
107
98
|
it_behaves_like :access_token_error_handling
|
108
99
|
end
|
109
100
|
end
|