openid_connect 0.6.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +5 -5
  2. data/.github/FUNDING.yml +3 -0
  3. data/.github/workflows/spec.yml +31 -0
  4. data/.gitignore +1 -0
  5. data/CHANGELOG.md +23 -0
  6. data/LICENSE +3 -1
  7. data/README.rdoc +10 -3
  8. data/Rakefile +6 -6
  9. data/TODOs +12 -0
  10. data/VERSION +1 -1
  11. data/lib/openid_connect/access_token/mtls.rb +9 -0
  12. data/lib/openid_connect/access_token.rb +14 -6
  13. data/lib/openid_connect/client/registrar.rb +69 -130
  14. data/lib/openid_connect/client.rb +7 -12
  15. data/lib/openid_connect/discovery/provider/config/resource.rb +5 -3
  16. data/lib/openid_connect/discovery/provider/config/response.rb +73 -78
  17. data/lib/openid_connect/discovery/provider/config.rb +5 -2
  18. data/lib/openid_connect/discovery/provider.rb +6 -2
  19. data/lib/openid_connect/discovery.rb +0 -2
  20. data/lib/openid_connect/jwtnizable.rb +6 -4
  21. data/lib/openid_connect/request_object/claimable.rb +4 -6
  22. data/lib/openid_connect/request_object.rb +6 -13
  23. data/lib/openid_connect/response_object/id_token.rb +38 -37
  24. data/lib/openid_connect/response_object/user_info/address.rb +10 -0
  25. data/lib/openid_connect/response_object/user_info.rb +64 -2
  26. data/lib/openid_connect.rb +26 -11
  27. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb +5 -1
  28. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb +1 -1
  29. data/lib/rack/oauth2/server/authorize/extension/id_token.rb +1 -1
  30. data/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb +1 -1
  31. data/lib/rack/oauth2/server/authorize/request_with_connect_params.rb +17 -14
  32. data/lib/rack/oauth2/server/id_token_response.rb +11 -13
  33. data/openid_connect.gemspec +19 -13
  34. data/spec/helpers/crypto_spec_helper.rb +2 -2
  35. data/spec/helpers/webmock_helper.rb +14 -9
  36. data/spec/mock_response/access_token/without_token_type.json +3 -0
  37. data/spec/mock_response/discovery/config.json +3 -3
  38. data/spec/mock_response/discovery/config_with_custom_port.json +13 -0
  39. data/spec/mock_response/discovery/config_with_invalid_issuer.json +13 -0
  40. data/spec/mock_response/discovery/config_with_path.json +13 -0
  41. data/spec/mock_response/discovery/config_without_issuer.json +12 -0
  42. data/spec/mock_response/errors/unknown.json +3 -1
  43. data/spec/mock_response/public_keys/{jwk.json → jwks.json} +1 -1
  44. data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
  45. data/spec/mock_response/public_keys/private_key.pem +27 -0
  46. data/spec/openid_connect/access_token_spec.rb +11 -20
  47. data/spec/openid_connect/client/registrar_spec.rb +93 -208
  48. data/spec/openid_connect/client_spec.rb +79 -22
  49. data/spec/openid_connect/connect_object_spec.rb +1 -1
  50. data/spec/openid_connect/discovery/provider/config/response_spec.rb +76 -284
  51. data/spec/openid_connect/discovery/provider/config_spec.rb +64 -27
  52. data/spec/openid_connect/discovery/provider_spec.rb +2 -2
  53. data/spec/openid_connect/request_object_spec.rb +4 -4
  54. data/spec/openid_connect/response_object/id_token_spec.rb +94 -52
  55. data/spec/openid_connect/response_object/user_info/{open_id/address_spec.rb → address_spec.rb} +3 -3
  56. data/spec/openid_connect/response_object/{user_info/open_id_spec.rb → user_info_spec.rb} +13 -12
  57. data/spec/openid_connect_spec.rb +19 -19
  58. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +11 -0
  59. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +11 -0
  60. data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +11 -0
  61. data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +1 -1
  62. data/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb +45 -0
  63. data/spec/spec_helper.rb +12 -1
  64. metadata +155 -90
  65. data/.travis.yml +0 -3
  66. data/Gemfile.lock +0 -102
  67. data/lib/openid_connect/debugger/request_filter.rb +0 -28
  68. data/lib/openid_connect/debugger.rb +0 -3
  69. data/lib/openid_connect/response_object/user_info/open_id/address.rb +0 -12
  70. data/lib/openid_connect/response_object/user_info/open_id.rb +0 -64
  71. data/lib/rack/oauth2/server/resource/error_with_connect_ext.rb +0 -14
  72. data/spec/mock_response/public_keys/x509.pem +0 -21
  73. data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33
  74. data/spec/rack/oauth2/server/resource/error_with_connect_ext_spec.rb +0 -12
  75. /data/spec/mock_response/{user_info → userinfo}/openid.json +0 -0
@@ -1,23 +1,26 @@
1
1
  class Rack::OAuth2::Server::Authorize
2
2
  module RequestWithConnectParams
3
- CONNECT_EXT_PARAMS = [:nonce, :display, :prompt, :request, :request_uri, :id_token]
3
+ CONNECT_EXT_PARAMS = [
4
+ :nonce, :display, :prompt, :max_age, :ui_locales, :claims_locales,
5
+ :id_token_hint, :login_hint, :acr_values, :claims, :request, :request_uri
6
+ ]
4
7
 
5
- def self.included(klass)
8
+ def self.prepended(klass)
6
9
  klass.send :attr_optional, *CONNECT_EXT_PARAMS
7
- klass.class_eval do
8
- def initialize_with_connect_params(env)
9
- initialize_without_connect_params env
10
- CONNECT_EXT_PARAMS.each do |attribute|
11
- self.send :"#{attribute}=", params[attribute.to_s]
12
- end
13
- end
14
- alias_method_chain :initialize, :connect_params
10
+ end
15
11
 
16
- def openid_connect_request?
17
- scope.include?('openid')
18
- end
12
+ def initialize(env)
13
+ super
14
+ CONNECT_EXT_PARAMS.each do |attribute|
15
+ self.send :"#{attribute}=", params[attribute.to_s]
19
16
  end
17
+ self.prompt = Array(prompt.to_s.split(' '))
18
+ self.max_age = max_age.try(:to_i)
19
+ end
20
+
21
+ def openid_connect_request?
22
+ scope.include?('openid')
20
23
  end
21
24
  end
22
- Request.send :include, RequestWithConnectParams
25
+ Request.send :prepend, RequestWithConnectParams
23
26
  end
@@ -1,22 +1,20 @@
1
1
  module Rack::OAuth2::Server
2
2
  module IdTokenResponse
3
- def self.included(klass)
3
+ def self.prepended(klass)
4
4
  klass.send :attr_optional, :id_token
5
- klass.class_eval do
6
- def protocol_params_location
7
- :fragment
8
- end
5
+ end
6
+
7
+ def protocol_params_location
8
+ :fragment
9
+ end
9
10
 
10
- def protocol_params_with_id_token
11
- protocol_params_without_id_token.merge(
12
- id_token: id_token
13
- )
14
- end
15
- alias_method_chain :protocol_params, :id_token
16
- end
11
+ def protocol_params
12
+ super.merge(
13
+ id_token: id_token
14
+ )
17
15
  end
18
16
  end
19
- Token::Response.send :include, IdTokenResponse
17
+ Token::Response.send :prepend, IdTokenResponse
20
18
  end
21
19
 
22
20
  require 'rack/oauth2/server/authorize/extension/code_and_id_token'
@@ -6,22 +6,28 @@ Gem::Specification.new do |s|
6
6
  s.homepage = "https://github.com/nov/openid_connect"
7
7
  s.summary = %q{OpenID Connect Server & Client Library}
8
8
  s.description = %q{OpenID Connect Server & Client Library}
9
+ s.license = 'MIT'
10
+
9
11
  s.files = `git ls-files`.split("\n")
10
12
  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
11
13
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
12
14
  s.require_paths = ["lib"]
13
- s.add_runtime_dependency "json", ">= 1.4.3"
14
15
  s.add_runtime_dependency "tzinfo"
15
- s.add_runtime_dependency "attr_required", ">= 0.0.5"
16
- s.add_runtime_dependency "activemodel", ">= 3"
16
+ s.add_runtime_dependency "attr_required", ">= 1.0.0"
17
+ s.add_runtime_dependency "activemodel"
17
18
  s.add_runtime_dependency "validate_url"
18
- s.add_runtime_dependency "validate_email"
19
- s.add_runtime_dependency "json-jwt", ">= 0.3.3"
20
- s.add_runtime_dependency "swd", ">= 0.1.2"
21
- s.add_runtime_dependency "webfinger", ">= 0.0.2"
22
- s.add_runtime_dependency "rack-oauth2", ">= 1.0.0"
23
- s.add_development_dependency "rake", ">= 0.8"
24
- s.add_development_dependency "rspec", ">= 2"
25
- s.add_development_dependency "webmock", ">= 1.6.2"
26
- s.add_development_dependency "cover_me", ">= 1.2.0"
27
- end
19
+ s.add_runtime_dependency "email_validator"
20
+ s.add_runtime_dependency "mail"
21
+ s.add_runtime_dependency 'faraday', '~> 2.0'
22
+ s.add_runtime_dependency 'faraday-follow_redirects'
23
+ s.add_runtime_dependency "json-jwt", ">= 1.16"
24
+ s.add_runtime_dependency "swd", "~> 2.0"
25
+ s.add_runtime_dependency "webfinger", "~> 2.0"
26
+ s.add_runtime_dependency "rack-oauth2", "~> 2.2"
27
+ s.add_development_dependency "rake"
28
+ s.add_development_dependency "rspec"
29
+ s.add_development_dependency "rspec-its"
30
+ s.add_development_dependency "webmock"
31
+ s.add_development_dependency "simplecov"
32
+ s.add_development_dependency "rexml"
33
+ end
@@ -8,11 +8,11 @@ module CryptoSpecHelper
8
8
  end
9
9
 
10
10
  def private_key
11
- @private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher::Cipher.new('DES-EDE3-CBC'), 'pass-phrase'), 'pass-phrase'
11
+ @private_key ||= OpenSSL::PKey::RSA.new rsa_key.export(OpenSSL::Cipher.new('DES-EDE3-CBC'), 'pass-phrase'), 'pass-phrase'
12
12
  end
13
13
 
14
14
  def ec_key
15
- @ec_key ||= OpenSSL::PKey::EC.new('secp256k1').generate_key
15
+ @ec_key ||= OpenSSL::PKey::EC.new('prime256v1').generate_key
16
16
  end
17
17
 
18
18
  def ec_public_key
@@ -7,23 +7,22 @@ module WebMockHelper
7
7
  ).to_return(
8
8
  response_for(response_file, options)
9
9
  )
10
- yield
10
+ result = yield
11
11
  a_request(method, endpoint).with(
12
12
  request_for(method, options)
13
13
  ).should have_been_made.once
14
+ result
14
15
  end
15
16
 
16
17
  private
17
18
 
18
19
  def request_for(method, options = {})
19
20
  request = {}
20
- if options[:params]
21
- case method
22
- when :post, :put
23
- request[:body] = options[:params]
24
- else
25
- request[:query] = options[:params]
26
- end
21
+ case method
22
+ when :post, :put
23
+ request[:body] = options[:params]
24
+ else
25
+ request[:query] = options[:params]
27
26
  end
28
27
  if options[:request_header]
29
28
  request[:headers] = options[:request_header]
@@ -33,7 +32,13 @@ module WebMockHelper
33
32
 
34
33
  def response_for(response_file, options = {})
35
34
  response = {}
36
- response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
35
+ format = options[:format] || :json
36
+ if format == :json
37
+ response[:headers] = {
38
+ 'Content-Type': 'application/json'
39
+ }
40
+ end
41
+ response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
37
42
  if options[:status]
38
43
  response[:status] = options[:status]
39
44
  end
@@ -0,0 +1,3 @@
1
+ {
2
+ "access_token":"access_token"
3
+ }
@@ -1,13 +1,13 @@
1
1
  {
2
- "version": "3.0",
3
2
  "issuer": "https://connect-op.heroku.com",
4
3
  "authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
5
4
  "token_endpoint": "https://connect-op.heroku.com/access_tokens",
6
- "userinfo_endpoint": "https://connect-op.heroku.com/user_info",
5
+ "userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
7
6
  "registration_endpoint": "https://connect-op.heroku.com/connect/client",
8
7
  "scopes_supported": ["openid", "profile", "email", "address"],
9
8
  "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
10
9
  "subject_types_supported": ["public", "pairwise"],
11
10
  "claims_supported": ["sub", "iss", "name", "email"],
12
- "x509_url": "https://connect-op.heroku.com/cert.pem"
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
13
  }
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://connect-op.heroku.com:8080",
3
+ "authorization_endpoint": "https://connect-op.heroku.com:8080/authorizations/new",
4
+ "token_endpoint": "https://connect-op.heroku.com:8080/access_tokens",
5
+ "userinfo_endpoint": "https://connect-op.heroku.com:8080/userinfo",
6
+ "registration_endpoint": "https://connect-op.heroku.com:8080/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://attacker.example.com",
3
+ "authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
4
+ "token_endpoint": "https://connect-op.heroku.com/access_tokens",
5
+ "userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
6
+ "registration_endpoint": "https://connect-op.heroku.com/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,13 @@
1
+ {
2
+ "issuer": "https://connect.openid4.us/abop",
3
+ "authorization_endpoint": "https://connect.openid4.us/abop/authorizations/new",
4
+ "token_endpoint": "https://connect.openid4.us/abop/access_tokens",
5
+ "userinfo_endpoint": "https://connect.openid4.us/abop/userinfo",
6
+ "registration_endpoint": "https://connect.openid4.us/abop/connect/client",
7
+ "scopes_supported": ["openid", "profile", "email", "address"],
8
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
9
+ "subject_types_supported": ["public", "pairwise"],
10
+ "claims_supported": ["sub", "iss", "name", "email"],
11
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
12
+ "id_token_signing_alg_values_supported": ["RS256"]
13
+ }
@@ -0,0 +1,12 @@
1
+ {
2
+ "authorization_endpoint": "https://connect-op.heroku.com/authorizations/new",
3
+ "token_endpoint": "https://connect-op.heroku.com/access_tokens",
4
+ "userinfo_endpoint": "https://connect-op.heroku.com/userinfo",
5
+ "registration_endpoint": "https://connect-op.heroku.com/connect/client",
6
+ "scopes_supported": ["openid", "profile", "email", "address"],
7
+ "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token"],
8
+ "subject_types_supported": ["public", "pairwise"],
9
+ "claims_supported": ["sub", "iss", "name", "email"],
10
+ "jwks_uri": "https://connect-op.heroku.com/jwks.json",
11
+ "id_token_signing_alg_values_supported": ["RS256"]
12
+ }
@@ -1 +1,3 @@
1
- Fuckin Unknown Error
1
+ {
2
+ "unknown": "unknown"
3
+ }
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "keys": [{
3
- "alg": "RSA",
3
+ "kty": "RSA",
4
4
  "e": "AQAB",
5
5
  "n": "u4liYNFzgsRr1ERdUY7CY6r4nefi3RzIhK5fdPgdZSMEEflACWAuJu21_TcDpbZ1-6Kbq7zShFsVTAnBkWdO7EP1Rsn11fZpi9m_zEq_uRY-4RpNwp3S9xSdoQ4F3-js1EMaDQ6km0-c0gvr_TyhFqDj_6w_Bb0vFptfGXwfKewPPnhsi7GJ62ihZ32PzxOvEIYcaoXr9xaeudYD3BzWSDmjKGA7PMaEuBhScdUAoibCmsKB-yAGsz2amHnUhcl4B_EBs6wk65Y7ge0ZQJUOGPdUQL49VuALKmr7cMhHKh5KuQmPAi_20K2uZL_EFDaObDWZrclx98s0DmfTRKINtw"
6
6
  }]
@@ -0,0 +1,8 @@
1
+ {
2
+ "keys": [{
3
+ "kty": "RSA",
4
+ "e": "AQAB",
5
+ "n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
6
+ "kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
7
+ }]
8
+ }
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
3
+ IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
4
+ wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
5
+ 86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
6
+ LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
7
+ Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
8
+ 90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
9
+ Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
10
+ dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
11
+ H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
12
+ 9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
13
+ 8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
14
+ AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
15
+ VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
16
+ MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
17
+ zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
18
+ Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
19
+ EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
20
+ hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
21
+ pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
22
+ ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
23
+ KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
24
+ JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
25
+ XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
26
+ mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
27
+ -----END RSA PRIVATE KEY-----
@@ -53,9 +53,7 @@ describe OpenIDConnect::AccessToken do
53
53
  shared_examples_for :access_token_error_handling do
54
54
  context 'when bad_request' do
55
55
  it 'should raise OpenIDConnect::Forbidden' do
56
- mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400, params: {
57
- schema: 'openid'
58
- } do
56
+ mock_json :get, endpoint, 'errors/invalid_request', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 400 do
59
57
  expect { request }.to raise_error OpenIDConnect::BadRequest
60
58
  end
61
59
  end
@@ -63,9 +61,7 @@ describe OpenIDConnect::AccessToken do
63
61
 
64
62
  context 'when unauthorized' do
65
63
  it 'should raise OpenIDConnect::Unauthorized' do
66
- mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401, params: {
67
- schema: 'openid'
68
- } do
64
+ mock_json :get, endpoint, 'errors/invalid_access_token', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 401 do
69
65
  expect { request }.to raise_error OpenIDConnect::Unauthorized
70
66
  end
71
67
  end
@@ -73,9 +69,7 @@ describe OpenIDConnect::AccessToken do
73
69
 
74
70
  context 'when forbidden' do
75
71
  it 'should raise OpenIDConnect::Forbidden' do
76
- mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403, params: {
77
- schema: 'openid'
78
- } do
72
+ mock_json :get, endpoint, 'errors/insufficient_scope', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 403 do
79
73
  expect { request }.to raise_error OpenIDConnect::Forbidden
80
74
  end
81
75
  end
@@ -83,27 +77,24 @@ describe OpenIDConnect::AccessToken do
83
77
 
84
78
  context 'when unknown' do
85
79
  it 'should raise OpenIDConnect::HttpError' do
86
- mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500, params: {
87
- schema: 'openid'
88
- } do
80
+ mock_json :get, endpoint, 'errors/unknown', :HTTP_AUTHORIZATION => 'Bearer access_token', status: 500 do
89
81
  expect { request }.to raise_error OpenIDConnect::HttpError
90
82
  end
91
83
  end
92
84
  end
93
85
  end
94
86
 
95
- describe '#user_info!' do
96
- it 'should return OpenIDConnect::ResponseObject::UserInfo::OpenID' do
97
- mock_json :get, client.user_info_uri, 'user_info/openid', :HTTP_AUTHORIZATION => 'Bearer access_token', params: {
98
- schema: 'openid'
99
- } do
100
- access_token.user_info!.should be_a OpenIDConnect::ResponseObject::UserInfo::OpenID
87
+ describe '#userinfo!' do
88
+ it do
89
+ userinfo = mock_json :get, client.userinfo_uri, 'userinfo/openid', :HTTP_AUTHORIZATION => 'Bearer access_token' do
90
+ access_token.userinfo!
101
91
  end
92
+ userinfo.should be_instance_of OpenIDConnect::ResponseObject::UserInfo
102
93
  end
103
94
 
104
95
  describe 'error handling' do
105
- let(:endpoint) { client.user_info_uri }
106
- let(:request) { access_token.user_info! }
96
+ let(:endpoint) { client.userinfo_uri }
97
+ let(:request) { access_token.userinfo! }
107
98
  it_behaves_like :access_token_error_handling
108
99
  end
109
100
  end