openid_connect 0.6.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +5 -5
  2. data/.github/FUNDING.yml +3 -0
  3. data/.github/workflows/spec.yml +31 -0
  4. data/.gitignore +1 -0
  5. data/CHANGELOG.md +23 -0
  6. data/LICENSE +3 -1
  7. data/README.rdoc +10 -3
  8. data/Rakefile +6 -6
  9. data/TODOs +12 -0
  10. data/VERSION +1 -1
  11. data/lib/openid_connect/access_token/mtls.rb +9 -0
  12. data/lib/openid_connect/access_token.rb +14 -6
  13. data/lib/openid_connect/client/registrar.rb +69 -130
  14. data/lib/openid_connect/client.rb +7 -12
  15. data/lib/openid_connect/discovery/provider/config/resource.rb +5 -3
  16. data/lib/openid_connect/discovery/provider/config/response.rb +73 -78
  17. data/lib/openid_connect/discovery/provider/config.rb +5 -2
  18. data/lib/openid_connect/discovery/provider.rb +6 -2
  19. data/lib/openid_connect/discovery.rb +0 -2
  20. data/lib/openid_connect/jwtnizable.rb +6 -4
  21. data/lib/openid_connect/request_object/claimable.rb +4 -6
  22. data/lib/openid_connect/request_object.rb +6 -13
  23. data/lib/openid_connect/response_object/id_token.rb +38 -37
  24. data/lib/openid_connect/response_object/user_info/address.rb +10 -0
  25. data/lib/openid_connect/response_object/user_info.rb +64 -2
  26. data/lib/openid_connect.rb +26 -11
  27. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb +5 -1
  28. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb +1 -1
  29. data/lib/rack/oauth2/server/authorize/extension/id_token.rb +1 -1
  30. data/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb +1 -1
  31. data/lib/rack/oauth2/server/authorize/request_with_connect_params.rb +17 -14
  32. data/lib/rack/oauth2/server/id_token_response.rb +11 -13
  33. data/openid_connect.gemspec +19 -13
  34. data/spec/helpers/crypto_spec_helper.rb +2 -2
  35. data/spec/helpers/webmock_helper.rb +14 -9
  36. data/spec/mock_response/access_token/without_token_type.json +3 -0
  37. data/spec/mock_response/discovery/config.json +3 -3
  38. data/spec/mock_response/discovery/config_with_custom_port.json +13 -0
  39. data/spec/mock_response/discovery/config_with_invalid_issuer.json +13 -0
  40. data/spec/mock_response/discovery/config_with_path.json +13 -0
  41. data/spec/mock_response/discovery/config_without_issuer.json +12 -0
  42. data/spec/mock_response/errors/unknown.json +3 -1
  43. data/spec/mock_response/public_keys/{jwk.json → jwks.json} +1 -1
  44. data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
  45. data/spec/mock_response/public_keys/private_key.pem +27 -0
  46. data/spec/openid_connect/access_token_spec.rb +11 -20
  47. data/spec/openid_connect/client/registrar_spec.rb +93 -208
  48. data/spec/openid_connect/client_spec.rb +79 -22
  49. data/spec/openid_connect/connect_object_spec.rb +1 -1
  50. data/spec/openid_connect/discovery/provider/config/response_spec.rb +76 -284
  51. data/spec/openid_connect/discovery/provider/config_spec.rb +64 -27
  52. data/spec/openid_connect/discovery/provider_spec.rb +2 -2
  53. data/spec/openid_connect/request_object_spec.rb +4 -4
  54. data/spec/openid_connect/response_object/id_token_spec.rb +94 -52
  55. data/spec/openid_connect/response_object/user_info/{open_id/address_spec.rb → address_spec.rb} +3 -3
  56. data/spec/openid_connect/response_object/{user_info/open_id_spec.rb → user_info_spec.rb} +13 -12
  57. data/spec/openid_connect_spec.rb +19 -19
  58. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +11 -0
  59. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +11 -0
  60. data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +11 -0
  61. data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +1 -1
  62. data/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb +45 -0
  63. data/spec/spec_helper.rb +12 -1
  64. metadata +155 -90
  65. data/.travis.yml +0 -3
  66. data/Gemfile.lock +0 -102
  67. data/lib/openid_connect/debugger/request_filter.rb +0 -28
  68. data/lib/openid_connect/debugger.rb +0 -3
  69. data/lib/openid_connect/response_object/user_info/open_id/address.rb +0 -12
  70. data/lib/openid_connect/response_object/user_info/open_id.rb +0 -64
  71. data/lib/rack/oauth2/server/resource/error_with_connect_ext.rb +0 -14
  72. data/spec/mock_response/public_keys/x509.pem +0 -21
  73. data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33
  74. data/spec/rack/oauth2/server/resource/error_with_connect_ext_spec.rb +0 -12
  75. /data/spec/mock_response/{user_info → userinfo}/openid.json +0 -0
@@ -5,140 +5,101 @@ describe OpenIDConnect::Client::Registrar do
5
5
  let(:attributes) { minimum_attributes }
6
6
  let(:minimum_attributes) do
7
7
  {
8
- operation: :client_register
8
+ redirect_uris: ['https://client.example.com/callback']
9
9
  }
10
10
  end
11
11
  let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint, attributes) }
12
12
  let(:endpoint) { 'https://server.example.com/clients' }
13
13
 
14
14
  context 'when endpoint given' do
15
- context 'when attributes given' do
16
- context 'when operation=client_register' do
17
- let(:attributes) do
18
- minimum_attributes
19
- end
20
- it { should be_valid }
21
- end
22
-
23
- context 'when operation=client_update' do
24
- context 'when client_id given' do
25
- let(:attributes) do
26
- {
27
- operation: :client_update,
28
- client_id: 'client.example.com'
29
- }
30
- end
31
- it { should be_valid }
32
- end
33
-
34
- context 'otherwise' do
35
- let(:attributes) do
36
- {
37
- operation: :client_update
38
- }
39
- end
40
- it { should_not be_valid }
41
- end
42
- end
43
-
44
- context 'otherwise' do
45
- let(:attributes) do
46
- {
47
- operation: :invalid_operation
48
- }
49
- end
50
- it { should_not be_valid }
15
+ context 'when required attributes given' do
16
+ let(:attributes) do
17
+ minimum_attributes
51
18
  end
19
+ it { should be_valid }
52
20
  end
53
21
 
54
22
  context 'otherwise' do
55
23
  let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
56
- it do
57
- expect do
58
- instance
59
- end.not_to raise_error
60
- end
61
24
  it { should_not be_valid }
62
25
  end
63
26
  end
64
27
 
65
28
  context 'otherwise' do
66
- let(:instance) { OpenIDConnect::Client::Registrar.new(endpoint) }
67
29
  let(:endpoint) { '' }
30
+ it { should_not be_valid }
31
+ end
68
32
 
69
- it do
70
- expect do
71
- instance
72
- end.to raise_error AttrRequired::AttrMissing
33
+ describe '#initialize' do
34
+ it 'creates attribute writers for all attributes' do
35
+ described_class.metadata_attributes.each do |attr|
36
+ expect(subject).to respond_to("#{attr}=")
37
+ end
73
38
  end
74
39
  end
75
40
 
76
41
  describe '#sector_identifier' do
77
- context 'when sector_identifier_url given' do
42
+ context 'when sector_identifier_uri given' do
78
43
  let(:attributes) do
79
44
  minimum_attributes.merge(
80
- sector_identifier_url: 'https://client.example.com/sector_identifier.json'
45
+ sector_identifier_uri: 'https://client2.example.com/sector_identifier.json'
81
46
  )
82
47
  end
83
- its(:sector_identifier) { should == 'client.example.com' }
84
-
85
- context 'when sector_identifier_url is invalid URI' do
86
- let(:attributes) do
87
- minimum_attributes.merge(
88
- sector_identifier_url: ':invalid'
89
- )
90
- end
91
- its(:sector_identifier) { should be_nil }
92
- end
48
+ its(:sector_identifier) { should == 'client2.example.com' }
93
49
 
94
- context 'when redirect_uris given' do
50
+ context 'when sector_identifier_uri is invalid URI' do
95
51
  let(:attributes) do
96
52
  minimum_attributes.merge(
97
- sector_identifier_url: 'https://client.example.com/sector_identifier.json',
98
- redirect_uris: 'https://client2.example.com/callback'
53
+ sector_identifier_uri: 'invalid'
99
54
  )
100
55
  end
101
- its(:sector_identifier) { should == 'client.example.com' }
56
+ it { should_not be_valid }
102
57
  end
103
58
  end
104
59
 
105
60
  context 'otherwise' do
106
- context 'when redirect_uris given' do
107
- context 'when single host' do
108
- let(:attributes) do
109
- minimum_attributes.merge(
110
- redirect_uris: [
111
- 'https://client.example.com/callback/op1',
112
- 'https://client.example.com/callback/op2'
113
- ].join(' ')
114
- )
115
- end
116
- its(:sector_identifier) { should == 'client.example.com' }
61
+ let(:attributes) do
62
+ minimum_attributes.merge(
63
+ redirect_uris: redirect_uris
64
+ )
65
+ end
66
+
67
+ context 'when redirect_uris includes only one host' do
68
+ let(:redirect_uris) do
69
+ [
70
+ 'https://client.example.com/callback/op1',
71
+ 'https://client.example.com/callback/op2'
72
+ ]
117
73
  end
74
+ its(:sector_identifier) { should == 'client.example.com' }
75
+ end
118
76
 
119
- context 'when multi host' do
120
- let(:attributes) do
121
- minimum_attributes.merge(
122
- redirect_uris: [
123
- 'https://client1.example.com/callback',
124
- 'https://client2.example.com/callback'
125
- ].join(' ')
126
- )
127
- end
128
- its(:sector_identifier) { should be_nil }
77
+ context 'when redirect_uris includes multiple hosts' do
78
+ let(:redirect_uris) do
79
+ [
80
+ 'https://client1.example.com/callback',
81
+ 'https://client2.example.com/callback'
82
+ ]
129
83
  end
84
+ its(:sector_identifier) { should be_nil }
130
85
 
131
- context 'when invalid URI' do
86
+ context 'when subject_type=pairwise' do
132
87
  let(:attributes) do
133
88
  minimum_attributes.merge(
134
- redirect_uris: ':invalid'
89
+ redirect_uris: redirect_uris,
90
+ subject_type: :pairwise
135
91
  )
136
92
  end
137
- its(:sector_identifier) { should be_nil }
93
+ it { should_not be_valid }
138
94
  end
139
95
  end
140
96
 
141
- context 'otherwise' do
97
+ context 'when redirect_uris includes invalid URL' do
98
+ let(:redirect_uris) do
99
+ [
100
+ 'invalid'
101
+ ]
102
+ end
142
103
  its(:sector_identifier) { should be_nil }
143
104
  end
144
105
  end
@@ -146,7 +107,7 @@ describe OpenIDConnect::Client::Registrar do
146
107
 
147
108
  describe '#redirect_uris' do
148
109
  let(:base_url) { 'http://client.example.com/callback' }
149
- let(:attributes) { minimum_attributes.merge(redirect_uris: redirect_uri) }
110
+ let(:attributes) { minimum_attributes.merge(redirect_uris: [redirect_uri]) }
150
111
 
151
112
  context 'when query included' do
152
113
  let(:redirect_uri) { [base_url, '?foo=bar'].join }
@@ -156,41 +117,41 @@ describe OpenIDConnect::Client::Registrar do
156
117
 
157
118
  context 'when fragment included' do
158
119
  let(:redirect_uri) { [base_url, '#foo=bar'].join }
159
- it { should_not be_valid }
120
+ it { should be_valid }
160
121
  end
161
122
  end
162
123
 
163
124
  describe '#contacts' do
164
125
  context 'when contacts given' do
126
+ let(:attributes) do
127
+ minimum_attributes.merge(
128
+ contacts: contacts
129
+ )
130
+ end
131
+
165
132
  context 'when invalid email included' do
166
- let(:attributes) do
167
- minimum_attributes.merge(
168
- contacts: [
169
- ':invalid',
170
- 'nov@matake.jp'
171
- ].join(' ')
172
- )
133
+ let(:contacts) do
134
+ [
135
+ 'invalid',
136
+ 'nov@matake.jp'
137
+ ]
173
138
  end
174
139
  it { should_not be_valid }
175
140
  end
176
141
 
177
142
  context 'when localhost address included' do
178
- let(:attributes) do
179
- minimum_attributes.merge(
180
- contacts: [
181
- 'nov@localhost',
182
- 'nov@matake.jp'
183
- ].join(' ')
184
- )
143
+ let(:contacts) do
144
+ [
145
+ 'nov@localhost',
146
+ 'nov@matake.jp'
147
+ ]
185
148
  end
186
149
  it { should_not be_valid }
187
150
  end
188
151
 
189
152
  context 'otherwise' do
190
- let(:attributes) do
191
- minimum_attributes.merge(
192
- contacts: 'nov@matake.jp'
193
- )
153
+ let(:contacts) do
154
+ ['nov@matake.jp']
194
155
  end
195
156
  it { should be_valid }
196
157
  end
@@ -199,27 +160,16 @@ describe OpenIDConnect::Client::Registrar do
199
160
 
200
161
  describe '#as_json' do
201
162
  context 'when valid' do
202
- let(:attributes) do
203
- minimum_attributes.merge(
204
- redirect_uris: [
205
- 'https://client1.example.com/callback',
206
- 'https://client2.example.com/callback'
207
- ].join(' ')
208
- )
209
- end
210
163
  its(:as_json) do
211
- should == {
212
- operation: 'client_register',
213
- redirect_uris: 'https://client1.example.com/callback https://client2.example.com/callback'
214
- }
164
+ should == minimum_attributes
215
165
  end
216
166
  end
217
167
 
218
168
  context 'otherwise' do
219
169
  let(:attributes) do
220
- {
221
- operation: :client_update
222
- }
170
+ minimum_attributes.merge(
171
+ sector_identifier_uri: 'invalid'
172
+ )
223
173
  end
224
174
  it do
225
175
  expect do
@@ -230,27 +180,19 @@ describe OpenIDConnect::Client::Registrar do
230
180
  end
231
181
 
232
182
  describe '#register!' do
233
- let(:attributes) do
234
- {}
235
- end
236
-
237
183
  it 'should return OpenIDConnect::Client' do
238
- mock_json :post, endpoint, 'client/registered', params: {
239
- operation: 'client_register'
240
- } do
241
- client = instance.register!
242
- client.should be_instance_of OpenIDConnect::Client
243
- client.identifier.should == 'client.example.com'
244
- client.secret.should == 'client_secret'
245
- client.expires_in.should == 3600
184
+ client = mock_json :post, endpoint, 'client/registered', params: minimum_attributes do
185
+ instance.register!
246
186
  end
187
+ client.should be_instance_of OpenIDConnect::Client
188
+ client.identifier.should == 'client.example.com'
189
+ client.secret.should == 'client_secret'
190
+ client.expires_in.should == 3600
247
191
  end
248
192
 
249
193
  context 'when failed' do
250
194
  it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
251
- mock_json :post, endpoint, 'errors/unknown', params: {
252
- operation: 'client_register'
253
- }, status: 400 do
195
+ mock_json :post, endpoint, 'errors/unknown', params: minimum_attributes, status: 400 do
254
196
  expect do
255
197
  instance.register!
256
198
  end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
@@ -259,81 +201,24 @@ describe OpenIDConnect::Client::Registrar do
259
201
  end
260
202
  end
261
203
 
262
- describe '#update!' do
263
- let(:attributes) do
264
- {
265
- client_id: 'client.example.com',
266
- client_secret: 'client_secret'
267
- }
268
- end
269
-
270
- it 'should return OpenIDConnect::Client' do
271
- mock_json :post, endpoint, 'client/updated', params: {
272
- operation: 'client_update',
273
- client_id: 'client.example.com',
274
- client_secret: 'client_secret',
275
- client_name: 'New Name'
276
- } do
277
- instance.client_name = 'New Name'
278
- client = instance.update!
279
- client.should be_instance_of OpenIDConnect::Client
280
- client.identifier.should == 'client.example.com'
281
- end
282
- end
283
-
284
- context 'when failed' do
285
- it 'should raise OpenIDConnect::Client::Registrar::RegistrationFailed' do
286
- mock_json :post, endpoint, 'errors/unknown', params: {
287
- operation: 'client_update',
288
- client_id: 'client.example.com',
289
- client_secret: 'client_secret'
290
- }, status: 400 do
291
- expect do
292
- instance.update!
293
- end.to raise_error OpenIDConnect::Client::Registrar::RegistrationFailed
294
- end
295
- end
296
- end
297
- end
298
-
299
- describe '#rotate_secret!' do
300
- let(:attributes) do
301
- {
302
- client_id: 'client.example.com',
303
- client_secret: 'client_secret'
304
- }
305
- end
306
-
307
- it 'should return OpenIDConnect::Client' do
308
- mock_json :post, endpoint, 'client/rotated', params: {
309
- operation: 'rotate_secret',
310
- client_id: 'client.example.com',
311
- client_secret: 'client_secret'
312
- } do
313
- client = instance.rotate_secret!
314
- client.should be_instance_of OpenIDConnect::Client
315
- client.identifier.should == 'client.example.com'
316
- client.secret.should == 'new_client_secret'
317
- client.expires_in.should == 3600
318
- end
319
- end
320
- end
321
-
322
204
  describe '#validate!' do
323
205
  context 'when valid' do
324
206
  it do
325
207
  expect do
326
208
  instance.validate!
327
- end.not_to raise_error OpenIDConnect::ValidationFailed
209
+ end.not_to raise_error { |e|
210
+ e.should be_a OpenIDConnect::ValidationFailed
211
+ }
328
212
  end
329
213
  end
330
214
 
331
215
  context 'otherwise' do
332
216
  let(:attributes) do
333
- {
334
- operation: :client_update
335
- }
217
+ minimum_attributes.merge(
218
+ sector_identifier_uri: 'invalid'
219
+ )
336
220
  end
221
+
337
222
  it do
338
223
  expect do
339
224
  instance.validate!
@@ -345,15 +230,15 @@ describe OpenIDConnect::Client::Registrar do
345
230
  describe 'http_client' do
346
231
  subject { instance.send(:http_client) }
347
232
 
348
- context 'when access_token given' do
233
+ context 'when initial_access_token given' do
349
234
  let(:attributes) do
350
235
  minimum_attributes.merge(
351
- access_token: access_token
236
+ initial_access_token: initial_access_token
352
237
  )
353
238
  end
354
239
 
355
240
  context 'when Rack::OAuth2::AccessToken::Bearer given' do
356
- let(:access_token) do
241
+ let(:initial_access_token) do
357
242
  Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
358
243
  end
359
244
  it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
@@ -361,14 +246,14 @@ describe OpenIDConnect::Client::Registrar do
361
246
  end
362
247
 
363
248
  context 'otherwise' do
364
- let(:access_token) { 'access_token' }
249
+ let(:initial_access_token) { 'access_token' }
365
250
  it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
366
251
  its(:access_token) { should == 'access_token' }
367
252
  end
368
253
  end
369
254
 
370
255
  context 'otherwise' do
371
- it { should be_instance_of HTTPClient }
256
+ it { should be_instance_of Faraday::Connection }
372
257
  end
373
258
  end
374
- end
259
+ end
@@ -19,11 +19,11 @@ describe OpenIDConnect::Client do
19
19
  end
20
20
  its(:authorization_uri) { should include 'https://server.example.com/oauth2/authorize' }
21
21
  its(:authorization_uri) { should include 'scope=openid' }
22
- its(:user_info_uri) { should == 'https://server.example.com/user_info' }
22
+ its(:userinfo_uri) { should == 'https://server.example.com/userinfo' }
23
23
  end
24
24
 
25
25
  context 'otherwise' do
26
- [:authorization_uri, :user_info_uri].each do |endpoint|
26
+ [:authorization_uri, :userinfo_uri].each do |endpoint|
27
27
  describe endpoint do
28
28
  it do
29
29
  expect { client.send endpoint }.to raise_error 'No Host Info'
@@ -34,16 +34,53 @@ describe OpenIDConnect::Client do
34
34
  end
35
35
 
36
36
  describe '#authorization_uri' do
37
- describe 'scope' do
37
+ let(:scope) { nil }
38
+ let(:prompt) { nil }
39
+ let(:response_type) { nil }
40
+ let(:query) do
41
+ params = {
42
+ scope: scope,
43
+ prompt: prompt,
44
+ response_type: response_type
45
+ }.reject do |k,v|
46
+ v.blank?
47
+ end
48
+ query = URI.parse(client.authorization_uri params).query
49
+ Rack::Utils.parse_query(query).with_indifferent_access
50
+ end
51
+ let :attributes do
52
+ required_attributes.merge(
53
+ host: 'server.example.com'
54
+ )
55
+ end
56
+
57
+ describe 'response_type' do
38
58
  subject do
39
- query = URI.parse(client.authorization_uri scope: scope).query
40
- Rack::Utils.parse_query(query).with_indifferent_access[:scope]
59
+ query[:response_type]
41
60
  end
42
- let(:scope) { nil }
43
- let :attributes do
44
- required_attributes.merge(
45
- host: 'server.example.com'
46
- )
61
+
62
+ it { should == 'code' }
63
+
64
+ context 'when response_type is given' do
65
+ context 'when array given' do
66
+ let(:response_type) { [:code, :token] }
67
+ it { should == 'code token' }
68
+ end
69
+
70
+ context 'when scalar given' do
71
+ let(:response_type) { :token }
72
+ it { should == 'token' }
73
+ end
74
+ end
75
+
76
+ context 'as default' do
77
+ it { should == 'code' }
78
+ end
79
+ end
80
+
81
+ describe 'scope' do
82
+ subject do
83
+ query[:scope]
47
84
  end
48
85
 
49
86
  context 'when scope is given' do
@@ -58,10 +95,31 @@ describe OpenIDConnect::Client do
58
95
  end
59
96
  end
60
97
 
61
- context 'otherwise' do
98
+ context 'as default' do
62
99
  it { should == 'openid' }
63
100
  end
64
101
  end
102
+
103
+ describe 'prompt' do
104
+ subject do
105
+ query[:prompt]
106
+ end
107
+
108
+ context 'when prompt is a scalar value' do
109
+ let(:prompt) { :login }
110
+ it { should == 'login' }
111
+ end
112
+
113
+ context 'when prompt is a space-delimited string' do
114
+ let(:prompt) { 'login consent' }
115
+ it { should == 'login consent' }
116
+ end
117
+
118
+ context 'when prompt is an array' do
119
+ let(:prompt) { [:login, :consent] }
120
+ it { should == 'login consent' }
121
+ end
122
+ end
65
123
  end
66
124
 
67
125
  describe '#access_token!' do
@@ -104,22 +162,21 @@ describe OpenIDConnect::Client do
104
162
  end
105
163
  end
106
164
 
107
- context 'when invalid JSON is returned' do
108
- it 'should raise OpenIDConnect::Exception' do
109
- mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
110
- expect do
111
- access_token
112
- end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
113
- end
114
- end
115
- end
116
-
117
165
  context 'otherwise' do
118
166
  it 'should raise Unexpected Token Type exception' do
119
167
  mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do
120
168
  expect { access_token }.to raise_error OpenIDConnect::Exception, 'Unexpected Token Type: mac'
121
169
  end
122
170
  end
171
+
172
+ context 'when token_type is forced' do
173
+ before { client.force_token_type! :bearer }
174
+ it 'should use forced token_type' do
175
+ mock_json :post, client.token_endpoint, 'access_token/without_token_type', request_header: header_params, params: protocol_params do
176
+ access_token.should be_a OpenIDConnect::AccessToken
177
+ end
178
+ end
179
+ end
123
180
  end
124
181
  end
125
- end
182
+ end
@@ -71,7 +71,7 @@ describe OpenIDConnect::ConnectObject do
71
71
  describe '#validate!' do
72
72
  context 'when valid' do
73
73
  subject { instance.validate! }
74
- it { should be_true }
74
+ it { should == true }
75
75
  end
76
76
 
77
77
  context 'otherwise' do