openid_connect 0.6.1 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +5 -5
  2. data/.github/FUNDING.yml +3 -0
  3. data/.github/workflows/spec.yml +31 -0
  4. data/.gitignore +1 -0
  5. data/CHANGELOG.md +23 -0
  6. data/LICENSE +3 -1
  7. data/README.rdoc +10 -3
  8. data/Rakefile +6 -6
  9. data/TODOs +12 -0
  10. data/VERSION +1 -1
  11. data/lib/openid_connect/access_token/mtls.rb +9 -0
  12. data/lib/openid_connect/access_token.rb +14 -6
  13. data/lib/openid_connect/client/registrar.rb +69 -130
  14. data/lib/openid_connect/client.rb +7 -12
  15. data/lib/openid_connect/discovery/provider/config/resource.rb +5 -3
  16. data/lib/openid_connect/discovery/provider/config/response.rb +73 -78
  17. data/lib/openid_connect/discovery/provider/config.rb +5 -2
  18. data/lib/openid_connect/discovery/provider.rb +6 -2
  19. data/lib/openid_connect/discovery.rb +0 -2
  20. data/lib/openid_connect/jwtnizable.rb +6 -4
  21. data/lib/openid_connect/request_object/claimable.rb +4 -6
  22. data/lib/openid_connect/request_object.rb +6 -13
  23. data/lib/openid_connect/response_object/id_token.rb +38 -37
  24. data/lib/openid_connect/response_object/user_info/address.rb +10 -0
  25. data/lib/openid_connect/response_object/user_info.rb +64 -2
  26. data/lib/openid_connect.rb +26 -11
  27. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token.rb +5 -1
  28. data/lib/rack/oauth2/server/authorize/extension/code_and_id_token_and_token.rb +1 -1
  29. data/lib/rack/oauth2/server/authorize/extension/id_token.rb +1 -1
  30. data/lib/rack/oauth2/server/authorize/extension/id_token_and_token.rb +1 -1
  31. data/lib/rack/oauth2/server/authorize/request_with_connect_params.rb +17 -14
  32. data/lib/rack/oauth2/server/id_token_response.rb +11 -13
  33. data/openid_connect.gemspec +19 -13
  34. data/spec/helpers/crypto_spec_helper.rb +2 -2
  35. data/spec/helpers/webmock_helper.rb +14 -9
  36. data/spec/mock_response/access_token/without_token_type.json +3 -0
  37. data/spec/mock_response/discovery/config.json +3 -3
  38. data/spec/mock_response/discovery/config_with_custom_port.json +13 -0
  39. data/spec/mock_response/discovery/config_with_invalid_issuer.json +13 -0
  40. data/spec/mock_response/discovery/config_with_path.json +13 -0
  41. data/spec/mock_response/discovery/config_without_issuer.json +12 -0
  42. data/spec/mock_response/errors/unknown.json +3 -1
  43. data/spec/mock_response/public_keys/{jwk.json → jwks.json} +1 -1
  44. data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
  45. data/spec/mock_response/public_keys/private_key.pem +27 -0
  46. data/spec/openid_connect/access_token_spec.rb +11 -20
  47. data/spec/openid_connect/client/registrar_spec.rb +93 -208
  48. data/spec/openid_connect/client_spec.rb +79 -22
  49. data/spec/openid_connect/connect_object_spec.rb +1 -1
  50. data/spec/openid_connect/discovery/provider/config/response_spec.rb +76 -284
  51. data/spec/openid_connect/discovery/provider/config_spec.rb +64 -27
  52. data/spec/openid_connect/discovery/provider_spec.rb +2 -2
  53. data/spec/openid_connect/request_object_spec.rb +4 -4
  54. data/spec/openid_connect/response_object/id_token_spec.rb +94 -52
  55. data/spec/openid_connect/response_object/user_info/{open_id/address_spec.rb → address_spec.rb} +3 -3
  56. data/spec/openid_connect/response_object/{user_info/open_id_spec.rb → user_info_spec.rb} +13 -12
  57. data/spec/openid_connect_spec.rb +19 -19
  58. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_and_token_spec.rb +11 -0
  59. data/spec/rack/oauth2/server/authorize/extension/code_and_id_token_spec.rb +11 -0
  60. data/spec/rack/oauth2/server/authorize/extension/id_token_and_token_spec.rb +11 -0
  61. data/spec/rack/oauth2/server/authorize/extension/id_token_spec.rb +1 -1
  62. data/spec/rack/oauth2/server/authorize/request_with_connect_params_spec.rb +45 -0
  63. data/spec/spec_helper.rb +12 -1
  64. metadata +155 -90
  65. data/.travis.yml +0 -3
  66. data/Gemfile.lock +0 -102
  67. data/lib/openid_connect/debugger/request_filter.rb +0 -28
  68. data/lib/openid_connect/debugger.rb +0 -3
  69. data/lib/openid_connect/response_object/user_info/open_id/address.rb +0 -12
  70. data/lib/openid_connect/response_object/user_info/open_id.rb +0 -64
  71. data/lib/rack/oauth2/server/resource/error_with_connect_ext.rb +0 -14
  72. data/spec/mock_response/public_keys/x509.pem +0 -21
  73. data/spec/openid_connect/debugger/request_filter_spec.rb +0 -33
  74. data/spec/rack/oauth2/server/resource/error_with_connect_ext_spec.rb +0 -12
  75. /data/spec/mock_response/{user_info → userinfo}/openid.json +0 -0
@@ -4,311 +4,103 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
4
4
  let :instance do
5
5
  OpenIDConnect::Discovery::Provider::Config::Response.new attributes
6
6
  end
7
- let :attributes do
8
- {}
7
+ let :jwks_uri do
8
+ 'https://server.example.com/jwks.json'
9
9
  end
10
-
11
- describe '#as_json' do
12
- subject {
13
- instance.as_json
10
+ let :minimum_attributes do
11
+ {
12
+ issuer: 'https://server.example.com',
13
+ authorization_endpoint: 'https://server.example.com/authorize',
14
+ jwks_uri: jwks_uri,
15
+ response_types_supported: [
16
+ :code, :id_token, 'token id_token'
17
+ ],
18
+ subject_types_supported: [
19
+ :public, :pairwise
20
+ ],
21
+ id_token_signing_alg_values_supported: [
22
+ :RS256
23
+ ]
14
24
  }
25
+ end
26
+ let :attributes do
27
+ minimum_attributes
28
+ end
29
+ subject { instance }
15
30
 
16
- context 'when no attributes given' do
17
- it do
18
- should == {version: '3.0'}
19
- end
20
- end
21
-
22
- context 'when user_info_endpoint given' do
23
- let :attributes do
24
- {user_info_endpoint: 'https://server.example.com/user_info'}
25
- end
26
- it do
27
- should include :userinfo_endpoint
28
- end
29
- it do
30
- should_not include :user_info_endpoint
31
- end
31
+ context 'when required attributes missing' do
32
+ let :attributes do
33
+ {}
32
34
  end
35
+ it { should_not be_valid }
36
+ end
33
37
 
34
- [
35
- :user_info_signing_alg_values_supported,
36
- :user_info_encryption_alg_values_supported,
37
- :user_info_encryption_enc_values_supported
38
- ].each do |key|
39
- context "when #{key} given" do
40
- let :attributes do
41
- {key => [:x, :y]}
42
- end
43
- it do
44
- should include key.to_s.sub('user_info', 'userinfo').to_sym
45
- end
46
- it do
47
- should_not include key
48
- end
49
- end
38
+ context 'when end_session_endpoint given' do
39
+ let(:end_session_endpoint) { 'https://server.example.com/end_session' }
40
+ let :attributes do
41
+ minimum_attributes.merge(
42
+ end_session_endpoint: end_session_endpoint
43
+ )
50
44
  end
45
+ it { should be_valid }
46
+ its(:end_session_endpoint) { should == end_session_endpoint }
51
47
  end
52
48
 
53
- describe '#signing_key and #encryption_key' do
54
- subject { config }
55
- let(:config) { instance }
56
- let(:attributes) do
57
- {
58
- x509_url: x509_url,
59
- x509_encryption_url: x509_encryption_url,
60
- jwk_url: jwk_url,
61
- jwk_encryption_url: jwk_encryption_url
62
- }.delete_if do |key, value|
63
- value.nil?
64
- end
49
+ context 'when check_session_iframe given' do
50
+ let(:check_session_iframe) { 'https://server.example.com/check_session_iframe.html' }
51
+ let :attributes do
52
+ minimum_attributes.merge(
53
+ check_session_iframe: check_session_iframe
54
+ )
65
55
  end
66
- let(:x509_url) { nil }
67
- let(:x509_encryption_url) { nil }
68
- let(:jwk_url) { nil }
69
- let(:jwk_encryption_url) { nil }
70
-
71
- context 'when x509_url is given' do
72
- let(:x509_url) { 'http://provider.example.com/x509.pem' }
73
-
74
- context 'when x509_encryption_url is given' do
75
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
76
-
77
- it 'should fetch signing_key from x509_url' do
78
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
79
- config.signing_key
80
- end
81
- end
82
-
83
- it 'should fetch encryption_key from x509_encryption_url' do
84
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
85
- config.encryption_key
86
- end
87
- end
88
- end
89
-
90
- context 'when jwk_encryption_url is given' do
91
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
92
-
93
- it 'should fetch signing_key from x509_url' do
94
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
95
- config.signing_key
96
- end
97
- end
98
-
99
- it 'should fetch encryption_key from jwk_encryption_url' do
100
- mock_json :get, jwk_encryption_url, 'public_keys/jwk' do
101
- config.encryption_key
102
- end
103
- end
104
- end
105
-
106
- context 'when both x509_encryption_url and jwk_encryption_url are given' do
107
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
108
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
56
+ it { should be_valid }
57
+ its(:check_session_iframe) { should == check_session_iframe }
58
+ end
109
59
 
110
- it 'should fetch signing_key from x509_url' do
111
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
112
- config.signing_key
113
- end
114
- end
60
+ describe '#as_json' do
61
+ subject { instance.as_json }
62
+ it { should == minimum_attributes }
63
+ end
115
64
 
116
- it 'should fetch encryption_key from x509_encryption_url' do
117
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
118
- config.encryption_key
119
- end
120
- end
65
+ describe '#validate!' do
66
+ context 'when required attributes missing' do
67
+ let :attributes do
68
+ {}
121
69
  end
122
-
123
- context 'when neither x509_encryption_url nor jwk_encryption_url are given' do
124
- it 'should fetch signing_key from x509_url' do
125
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
126
- config.signing_key
127
- end
128
- end
129
-
130
- it 'should fetch encryption_key from x509_encryption_url' do
131
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
132
- config.encryption_key
133
- end
134
- end
70
+ it do
71
+ expect do
72
+ instance.validate!
73
+ end.to raise_error OpenIDConnect::ValidationFailed
135
74
  end
136
75
  end
137
76
 
138
- context 'when jwk_url is given' do
139
- let(:jwk_url) { 'http://provider.example.com/jwk.json' }
140
-
141
- context 'when x509_encryption_url is given' do
142
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
143
-
144
- it 'should fetch signing_key from jwk_url' do
145
- mock_json :get, jwk_url, 'public_keys/jwk' do
146
- config.signing_key
147
- end
148
- end
149
-
150
- it 'should fetch encryption_key from x509_encryption_url' do
151
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
152
- config.encryption_key
153
- end
154
- end
155
- end
156
-
157
- context 'when jwk_encryption_url is given' do
158
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
159
-
160
- it 'should fetch signing_key from jwk_url' do
161
- mock_json :get, jwk_url, 'public_keys/jwk' do
162
- config.signing_key
163
- end
164
- end
165
-
166
- it 'should fetch encryption_key from jwk_encryption_url' do
167
- mock_json :get, jwk_encryption_url, 'public_keys/jwk' do
168
- config.encryption_key
169
- end
170
- end
171
- end
172
-
173
- context 'when both x509_encryption_url and jwk_encryption_url are given' do
174
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
175
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
176
-
177
- it 'should fetch signing_key from jwk_url' do
178
- mock_json :get, jwk_url, 'public_keys/jwk' do
179
- config.signing_key
180
- end
181
- end
182
-
183
- it 'should fetch encryption_key from x509_encryption_url' do
184
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
185
- config.encryption_key
186
- end
187
- end
188
- end
189
-
190
- context 'when neither x509_encryption_url nor jwk_encryption_url are given' do
191
- it 'should fetch signing_key from jwk_url' do
192
- mock_json :get, jwk_url, 'public_keys/jwk' do
193
- config.signing_key
194
- end
195
- end
196
-
197
- it 'should fetch encryption_key from x509_encryption_url' do
198
- mock_json :get, jwk_url, 'public_keys/jwk' do
199
- config.encryption_key
200
- end
201
- end
77
+ context 'otherwise' do
78
+ it do
79
+ expect do
80
+ instance.validate!
81
+ end.not_to raise_error{ |e|
82
+ e.should be_a OpenIDConnect::ValidationFailed
83
+ }
202
84
  end
203
85
  end
86
+ end
204
87
 
205
- context 'when both x509_url and jwk_url are given' do
206
- let(:x509_url) { 'http://provider.example.com/cert.pem' }
207
- let(:jwk_url) { 'http://provider.example.com/jwk.json' }
208
-
209
- context 'when x509_encryption_url is given' do
210
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
211
-
212
- it 'should fetch signing_key from x509_url' do
213
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
214
- config.signing_key
215
- end
216
- end
217
-
218
- it 'should fetch encryption_key from x509_encryption_url' do
219
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
220
- config.encryption_key
221
- end
222
- end
223
- end
224
-
225
- context 'when jwk_encryption_url is given' do
226
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
227
-
228
- it 'should fetch signing_key from x509_url' do
229
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
230
- config.signing_key
231
- end
232
- end
233
-
234
- it 'should fetch encryption_key from jwk_encryption_url' do
235
- mock_json :get, jwk_encryption_url, 'public_keys/jwk' do
236
- config.encryption_key
237
- end
238
- end
239
- end
240
-
241
- context 'when both x509_encryption_url and jwk_encryption_url are given' do
242
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
243
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
244
-
245
- it 'should fetch signing_key from x509_url' do
246
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
247
- config.signing_key
248
- end
249
- end
250
-
251
- it 'should fetch encryption_key from x509_encryption_url' do
252
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
253
- config.encryption_key
254
- end
255
- end
256
- end
257
-
258
- context 'when neither x509_encryption_url nor jwk_encryption_url are given' do
259
- it 'should fetch signing_key from x509_url' do
260
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
261
- config.signing_key
262
- end
263
- end
264
-
265
- it 'should fetch encryption_key from x509_url' do
266
- mock_json :get, x509_url, 'public_keys/x509', format: :pem do
267
- config.encryption_key
268
- end
269
- end
88
+ describe '#jwks' do
89
+ it do
90
+ jwks = mock_json :get, jwks_uri, 'public_keys/jwks' do
91
+ instance.jwks
270
92
  end
93
+ jwks.should be_instance_of JSON::JWK::Set
271
94
  end
95
+ end
272
96
 
273
- context 'when neither x509_url nor jwk_url are given' do
274
- context 'when x509_encryption_url is given' do
275
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
276
- its(:signing_key) { should be_nil }
277
-
278
- it 'should fetch encryption_key from x509_encryption_url' do
279
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
280
- config.encryption_key
281
- end
282
- end
283
- end
284
-
285
- context 'when jwk_encryption_url is given' do
286
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
287
- its(:signing_key) { should be_nil }
288
-
289
- it 'should fetch encryption_key from jwk_encryption_url' do
290
- mock_json :get, jwk_encryption_url, 'public_keys/jwk' do
291
- config.encryption_key
292
- end
293
- end
294
- end
295
-
296
- context 'when both x509_encryption_url and jwk_encryption_url are given' do
297
- let(:x509_encryption_url) { 'http://provider.example.com/x509_encryption.pem' }
298
- let(:jwk_encryption_url) { 'http://provider.example.com/jwk_encryption.json' }
299
- its(:signing_key) { should be_nil }
300
-
301
- it 'should fetch encryption_key from x509_encryption_url' do
302
- mock_json :get, x509_encryption_url, 'public_keys/x509', format: :pem do
303
- config.encryption_key
304
- end
305
- end
306
- end
307
-
308
- context 'when neither x509_encryption_url nor jwk_encryption_url are given' do
309
- its(:signing_key) { should be_nil }
310
- its(:encryption_key) { should be_nil }
97
+ describe '#public_keys' do
98
+ it do
99
+ public_keys = mock_json :get, jwks_uri, 'public_keys/jwks' do
100
+ instance.public_keys
311
101
  end
102
+ public_keys.should be_instance_of Array
103
+ public_keys.first.should be_instance_of OpenSSL::PKey::RSA
312
104
  end
313
105
  end
314
- end
106
+ end
@@ -2,28 +2,47 @@ require 'spec_helper'
2
2
 
3
3
  describe OpenIDConnect::Discovery::Provider::Config do
4
4
  let(:provider) { 'https://connect-op.heroku.com' }
5
- let(:endpoint) { "https://connect-op.heroku.com/.well-known/openid-configuration" }
5
+ let(:endpoint) { 'https://connect-op.heroku.com/.well-known/openid-configuration' }
6
6
 
7
7
  describe 'discover!' do
8
8
  it 'should setup given attributes' do
9
9
  mock_json :get, endpoint, 'discovery/config' do
10
10
  config = OpenIDConnect::Discovery::Provider::Config.discover! provider
11
11
  config.should be_instance_of OpenIDConnect::Discovery::Provider::Config::Response
12
- config.version.should == '3.0'
13
12
  config.issuer.should == 'https://connect-op.heroku.com'
14
13
  config.authorization_endpoint.should == 'https://connect-op.heroku.com/authorizations/new'
15
14
  config.token_endpoint.should == 'https://connect-op.heroku.com/access_tokens'
16
- config.user_info_endpoint.should == 'https://connect-op.heroku.com/user_info'
17
- config.refresh_session_endpoint.should be_nil
18
- config.end_session_endpoint.should be_nil
19
- config.jwk_url.should be_nil
20
- config.x509_url.should == 'https://connect-op.heroku.com/cert.pem'
15
+ config.userinfo_endpoint.should == 'https://connect-op.heroku.com/userinfo'
16
+ config.jwks_uri.should == 'https://connect-op.heroku.com/jwks.json'
21
17
  config.registration_endpoint.should == 'https://connect-op.heroku.com/connect/client'
22
- config.scopes_supported.should == ["openid", "profile", "email", "address"]
23
- config.response_types_supported.should == ["code", "token", "id_token", "code token", "code id_token", "id_token token"]
18
+ config.scopes_supported.should == ['openid', 'profile', 'email', 'address']
19
+ config.response_types_supported.should == ['code', 'token', 'id_token', 'code token', 'code id_token', 'id_token token']
24
20
  config.acr_values_supported.should be_nil
25
- config.subject_types_supported.should == ["public", "pairwise"]
26
- config.claims_supported.should == ["sub", "iss", "name", "email"]
21
+ config.subject_types_supported.should == ['public', 'pairwise']
22
+ config.claims_supported.should == ['sub', 'iss', 'name', 'email']
23
+ config.id_token_signing_alg_values_supported.should == ['RS256']
24
+ end
25
+ end
26
+
27
+ context 'when OP identifier includes custom port' do
28
+ let(:provider) { 'https://connect-op.heroku.com:8080' }
29
+ let(:endpoint) { 'https://connect-op.heroku.com:8080/.well-known/openid-configuration' }
30
+
31
+ it 'should construct well-known URI with given port' do
32
+ mock_json :get, endpoint, 'discovery/config_with_custom_port' do
33
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
34
+ end
35
+ end
36
+ end
37
+
38
+ context 'when OP identifier includes path' do
39
+ let(:provider) { 'https://connect.openid4.us/abop' }
40
+ let(:endpoint) { 'https://connect.openid4.us/abop/.well-known/openid-configuration' }
41
+
42
+ it 'should construct well-known URI with given port' do
43
+ mock_json :get, endpoint, 'discovery/config_with_path' do
44
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
45
+ end
27
46
  end
28
47
  end
29
48
 
@@ -36,27 +55,45 @@ describe OpenIDConnect::Discovery::Provider::Config do
36
55
  end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
37
56
  end
38
57
  end
39
- end
40
58
 
41
- context 'when OP identifier includes custom port' do
42
- let(:provider) { 'https://connect-op.heroku.com:8080' }
43
- let(:endpoint) { "https://connect-op.heroku.com:8080/.well-known/openid-configuration" }
59
+ describe 'when response include invalid issuer' do
60
+ context 'with normal configuration' do
61
+ it do
62
+ expect do
63
+ mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
64
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
65
+ end
66
+ end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
67
+ end
68
+ end
44
69
 
45
- it 'should construct well-known URI with given port' do
46
- mock_json :get, endpoint, 'discovery/config' do
47
- OpenIDConnect::Discovery::Provider::Config.discover! provider
70
+ context 'when issuer validation is disabled.' do
71
+ before :each do
72
+ OpenIDConnect.validate_discovery_issuer = false
73
+ end
74
+
75
+ after :each do
76
+ OpenIDConnect.validate_discovery_issuer = true
77
+ end
78
+
79
+ it do
80
+ expect do
81
+ mock_json :get, endpoint, 'discovery/config_with_invalid_issuer' do
82
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
83
+ end
84
+ end.not_to raise_error
85
+ end
48
86
  end
49
87
  end
50
- end
51
88
 
52
- context 'when OP identifier includes path' do
53
- let(:provider) { 'https://connect.openid4.us/abop' }
54
- let(:endpoint) { "https://connect.openid4.us/abop/.well-known/openid-configuration" }
55
-
56
- it 'should construct well-known URI with given port' do
57
- mock_json :get, endpoint, 'discovery/config' do
58
- OpenIDConnect::Discovery::Provider::Config.discover! provider
89
+ context 'when response include no issuer' do
90
+ it do
91
+ expect do
92
+ mock_json :get, endpoint, 'discovery/config_without_issuer' do
93
+ OpenIDConnect::Discovery::Provider::Config.discover! provider
94
+ end
95
+ end.to raise_error OpenIDConnect::Discovery::DiscoveryFailed
59
96
  end
60
97
  end
61
98
  end
62
- end
99
+ end
@@ -6,7 +6,7 @@ describe OpenIDConnect::Discovery::Provider do
6
6
  let(:endpoint) { "https://#{host}/.well-known/webfinger" }
7
7
  let(:query) do
8
8
  {
9
- rel: OpenIDConnect::Discovery::REL_VALUE,
9
+ rel: OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
10
10
  resource: resource
11
11
  }
12
12
  end
@@ -51,7 +51,7 @@ describe OpenIDConnect::Discovery::Provider do
51
51
 
52
52
  context 'when Email is given' do
53
53
  let(:identifier) { "nov@#{host}" }
54
- let(:resource) { identifier }
54
+ let(:resource) { "acct:#{identifier}" }
55
55
  it_behaves_like :discover_provider
56
56
  end
57
57
 
@@ -93,15 +93,15 @@ describe OpenIDConnect::RequestObject do
93
93
 
94
94
  describe '#required?' do
95
95
  it do
96
- request_object.user_info.required?(:name).should be_true
97
- request_object.user_info.optional?(:name).should be_false
96
+ request_object.userinfo.required?(:name).should == true
97
+ request_object.userinfo.optional?(:name).should == false
98
98
  end
99
99
  end
100
100
 
101
101
  describe '#optional' do
102
102
  it do
103
- request_object.user_info.required?(:email).should be_false
104
- request_object.user_info.optional?(:email).should be_true
103
+ request_object.userinfo.required?(:email).should == false
104
+ request_object.userinfo.optional?(:email).should == true
105
105
  end
106
106
  end
107
107
  end