openid_connect 1.1.6 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +4 -3
- data/VERSION +1 -1
- data/lib/openid_connect/client/registrar.rb +4 -4
- data/lib/openid_connect/discovery/provider/config/resource.rb +4 -2
- data/lib/openid_connect/discovery/provider/config/response.rb +6 -6
- data/lib/openid_connect/request_object.rb +2 -0
- data/lib/openid_connect/response_object/id_token.rb +5 -2
- data/lib/openid_connect/response_object/user_info.rb +1 -0
- data/lib/openid_connect.rb +6 -1
- data/spec/openid_connect/response_object/id_token_spec.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 42a846a8e97f83ba3b339e6d2dab2e1255b75afba843f5d83ee78fc03d554edc
|
|
4
|
+
data.tar.gz: b004368bea628de55949f51af0f82bcff0981d9e8fe3becc94a753915d564df2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2cf62923d2b4262fbc276741f26ae80868b1d108d25ef8e52dbefb59df7005c4bf146cd9a31fbf7740a495adddb9c0ff47424a4306b3085929a4b33553fc659
|
|
7
|
+
data.tar.gz: 463aacad1ffe293e9a799fdbe367b32fca9f094409956701d396dda562e9b0faa0a54a0b4804768a34fc8685e0b93a2d44fb6033ceaa8512250d735a2f221ef3
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.3.0
|
|
@@ -50,12 +50,12 @@ module OpenIDConnect
|
|
|
50
50
|
]
|
|
51
51
|
attr_required :endpoint
|
|
52
52
|
attr_optional :initial_access_token
|
|
53
|
-
attr_required
|
|
54
|
-
attr_optional
|
|
53
|
+
attr_required(*required_metadata_attributes)
|
|
54
|
+
attr_optional(*(metadata_attributes - required_metadata_attributes))
|
|
55
55
|
|
|
56
|
-
validates
|
|
56
|
+
validates(*required_attributes, presence: true)
|
|
57
57
|
validates :sector_identifier_uri, presence: {if: :sector_identifier_required?}
|
|
58
|
-
validates
|
|
58
|
+
validates(*singular_uri_attributes, url: true, allow_nil: true)
|
|
59
59
|
validate :validate_plural_uri_attributes
|
|
60
60
|
validate :validate_contacts
|
|
61
61
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require "openssl"
|
|
2
|
+
|
|
1
3
|
module OpenIDConnect
|
|
2
4
|
module Discovery
|
|
3
5
|
module Provider
|
|
@@ -27,8 +29,8 @@ module OpenIDConnect
|
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def cache_key
|
|
30
|
-
|
|
31
|
-
"swd:resource:opneid-conf:#{
|
|
32
|
+
sha256 = OpenSSL::Digest::SHA256.hexdigest host
|
|
33
|
+
"swd:resource:opneid-conf:#{sha256}"
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -25,12 +25,12 @@ module OpenIDConnect
|
|
|
25
25
|
:op_tos_uri
|
|
26
26
|
]
|
|
27
27
|
}
|
|
28
|
-
attr_required
|
|
28
|
+
attr_required(*(uri_attributes[:required] + [
|
|
29
29
|
:response_types_supported,
|
|
30
30
|
:subject_types_supported,
|
|
31
31
|
:id_token_signing_alg_values_supported
|
|
32
|
-
])
|
|
33
|
-
attr_optional
|
|
32
|
+
]))
|
|
33
|
+
attr_optional(*(uri_attributes[:optional] + [
|
|
34
34
|
:scopes_supported,
|
|
35
35
|
:response_modes_supported,
|
|
36
36
|
:grant_types_supported,
|
|
@@ -54,10 +54,10 @@ module OpenIDConnect
|
|
|
54
54
|
:request_parameter_supported,
|
|
55
55
|
:request_uri_parameter_supported,
|
|
56
56
|
:require_request_uri_registration
|
|
57
|
-
])
|
|
57
|
+
]))
|
|
58
58
|
|
|
59
|
-
validates
|
|
60
|
-
validates
|
|
59
|
+
validates(*required_attributes, presence: true)
|
|
60
|
+
validates(*uri_attributes.values.flatten, url: true, allow_nil: true)
|
|
61
61
|
validates :issuer, with: :validate_issuer_matching
|
|
62
62
|
|
|
63
63
|
def initialize(hash)
|
|
@@ -5,10 +5,12 @@ module OpenIDConnect
|
|
|
5
5
|
attr_optional :client_id, :response_type, :redirect_uri, :scope, :state, :nonce, :display, :prompt, :userinfo, :id_token
|
|
6
6
|
validate :require_at_least_one_attributes
|
|
7
7
|
|
|
8
|
+
undef :id_token=
|
|
8
9
|
def id_token=(attributes = {})
|
|
9
10
|
@id_token = IdToken.new(attributes) if attributes.present?
|
|
10
11
|
end
|
|
11
12
|
|
|
13
|
+
undef :userinfo=
|
|
12
14
|
def userinfo=(attributes = {})
|
|
13
15
|
@userinfo = UserInfo.new(attributes) if attributes.present?
|
|
14
16
|
end
|
|
@@ -8,8 +8,8 @@ module OpenIDConnect
|
|
|
8
8
|
class InvalidAudience < InvalidToken; end
|
|
9
9
|
|
|
10
10
|
attr_required :iss, :sub, :aud, :exp, :iat
|
|
11
|
-
attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :
|
|
12
|
-
attr_accessor :access_token, :code
|
|
11
|
+
attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :s_hash
|
|
12
|
+
attr_accessor :access_token, :code, :state
|
|
13
13
|
alias_method :subject, :sub
|
|
14
14
|
alias_method :subject=, :sub=
|
|
15
15
|
|
|
@@ -49,6 +49,9 @@ module OpenIDConnect
|
|
|
49
49
|
if code
|
|
50
50
|
self.c_hash = left_half_hash_of code, hash_length
|
|
51
51
|
end
|
|
52
|
+
if state
|
|
53
|
+
self.s_hash = left_half_hash_of state, hash_length
|
|
54
|
+
end
|
|
52
55
|
super
|
|
53
56
|
end
|
|
54
57
|
|
data/lib/openid_connect.rb
CHANGED
|
@@ -67,13 +67,18 @@ module OpenIDConnect
|
|
|
67
67
|
_http_client_ = HTTPClient.new(
|
|
68
68
|
agent_name: "OpenIDConnect (#{VERSION})"
|
|
69
69
|
)
|
|
70
|
+
|
|
71
|
+
# NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
|
|
72
|
+
_http_client_.ssl_config.clear_cert_store
|
|
73
|
+
_http_client_.ssl_config.cert_store.set_default_paths
|
|
74
|
+
|
|
70
75
|
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
|
71
76
|
http_config.try(:call, _http_client_)
|
|
72
77
|
_http_client_
|
|
73
78
|
end
|
|
74
79
|
def self.http_config(&block)
|
|
75
80
|
@sub_protocols.each do |klass|
|
|
76
|
-
klass.http_config
|
|
81
|
+
klass.http_config(&block) unless klass.http_config
|
|
77
82
|
end
|
|
78
83
|
@@http_config ||= block
|
|
79
84
|
end
|
|
@@ -19,7 +19,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
19
19
|
describe 'attributes' do
|
|
20
20
|
subject { klass }
|
|
21
21
|
its(:required_attributes) { should == [:iss, :sub, :aud, :exp, :iat] }
|
|
22
|
-
its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :
|
|
22
|
+
its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :s_hash] }
|
|
23
23
|
|
|
24
24
|
describe 'auth_time' do
|
|
25
25
|
subject { id_token.auth_time }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tzinfo
|
|
@@ -319,8 +319,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
319
|
- !ruby/object:Gem::Version
|
|
320
320
|
version: '0'
|
|
321
321
|
requirements: []
|
|
322
|
-
|
|
323
|
-
rubygems_version: 2.7.3
|
|
322
|
+
rubygems_version: 3.1.4
|
|
324
323
|
signing_key:
|
|
325
324
|
specification_version: 4
|
|
326
325
|
summary: OpenID Connect Server & Client Library
|