openid_connect 1.1.6 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +4 -3
- data/VERSION +1 -1
- data/lib/openid_connect/client/registrar.rb +4 -4
- data/lib/openid_connect/discovery/provider/config/resource.rb +4 -2
- data/lib/openid_connect/discovery/provider/config/response.rb +6 -6
- data/lib/openid_connect/request_object.rb +2 -0
- data/lib/openid_connect/response_object/id_token.rb +5 -2
- data/lib/openid_connect/response_object/user_info.rb +1 -0
- data/lib/openid_connect.rb +6 -1
- data/spec/openid_connect/response_object/id_token_spec.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 42a846a8e97f83ba3b339e6d2dab2e1255b75afba843f5d83ee78fc03d554edc
|
|
4
|
+
data.tar.gz: b004368bea628de55949f51af0f82bcff0981d9e8fe3becc94a753915d564df2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c2cf62923d2b4262fbc276741f26ae80868b1d108d25ef8e52dbefb59df7005c4bf146cd9a31fbf7740a495adddb9c0ff47424a4306b3085929a4b33553fc659
|
|
7
|
+
data.tar.gz: 463aacad1ffe293e9a799fdbe367b32fca9f094409956701d396dda562e9b0faa0a54a0b4804768a34fc8685e0b93a2d44fb6033ceaa8512250d735a2f221ef3
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.3.0
|
|
@@ -50,12 +50,12 @@ module OpenIDConnect
|
|
|
50
50
|
]
|
|
51
51
|
attr_required :endpoint
|
|
52
52
|
attr_optional :initial_access_token
|
|
53
|
-
attr_required
|
|
54
|
-
attr_optional
|
|
53
|
+
attr_required(*required_metadata_attributes)
|
|
54
|
+
attr_optional(*(metadata_attributes - required_metadata_attributes))
|
|
55
55
|
|
|
56
|
-
validates
|
|
56
|
+
validates(*required_attributes, presence: true)
|
|
57
57
|
validates :sector_identifier_uri, presence: {if: :sector_identifier_required?}
|
|
58
|
-
validates
|
|
58
|
+
validates(*singular_uri_attributes, url: true, allow_nil: true)
|
|
59
59
|
validate :validate_plural_uri_attributes
|
|
60
60
|
validate :validate_contacts
|
|
61
61
|
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require "openssl"
|
|
2
|
+
|
|
1
3
|
module OpenIDConnect
|
|
2
4
|
module Discovery
|
|
3
5
|
module Provider
|
|
@@ -27,8 +29,8 @@ module OpenIDConnect
|
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def cache_key
|
|
30
|
-
|
|
31
|
-
"swd:resource:opneid-conf:#{
|
|
32
|
+
sha256 = OpenSSL::Digest::SHA256.hexdigest host
|
|
33
|
+
"swd:resource:opneid-conf:#{sha256}"
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -25,12 +25,12 @@ module OpenIDConnect
|
|
|
25
25
|
:op_tos_uri
|
|
26
26
|
]
|
|
27
27
|
}
|
|
28
|
-
attr_required
|
|
28
|
+
attr_required(*(uri_attributes[:required] + [
|
|
29
29
|
:response_types_supported,
|
|
30
30
|
:subject_types_supported,
|
|
31
31
|
:id_token_signing_alg_values_supported
|
|
32
|
-
])
|
|
33
|
-
attr_optional
|
|
32
|
+
]))
|
|
33
|
+
attr_optional(*(uri_attributes[:optional] + [
|
|
34
34
|
:scopes_supported,
|
|
35
35
|
:response_modes_supported,
|
|
36
36
|
:grant_types_supported,
|
|
@@ -54,10 +54,10 @@ module OpenIDConnect
|
|
|
54
54
|
:request_parameter_supported,
|
|
55
55
|
:request_uri_parameter_supported,
|
|
56
56
|
:require_request_uri_registration
|
|
57
|
-
])
|
|
57
|
+
]))
|
|
58
58
|
|
|
59
|
-
validates
|
|
60
|
-
validates
|
|
59
|
+
validates(*required_attributes, presence: true)
|
|
60
|
+
validates(*uri_attributes.values.flatten, url: true, allow_nil: true)
|
|
61
61
|
validates :issuer, with: :validate_issuer_matching
|
|
62
62
|
|
|
63
63
|
def initialize(hash)
|
|
@@ -5,10 +5,12 @@ module OpenIDConnect
|
|
|
5
5
|
attr_optional :client_id, :response_type, :redirect_uri, :scope, :state, :nonce, :display, :prompt, :userinfo, :id_token
|
|
6
6
|
validate :require_at_least_one_attributes
|
|
7
7
|
|
|
8
|
+
undef :id_token=
|
|
8
9
|
def id_token=(attributes = {})
|
|
9
10
|
@id_token = IdToken.new(attributes) if attributes.present?
|
|
10
11
|
end
|
|
11
12
|
|
|
13
|
+
undef :userinfo=
|
|
12
14
|
def userinfo=(attributes = {})
|
|
13
15
|
@userinfo = UserInfo.new(attributes) if attributes.present?
|
|
14
16
|
end
|
|
@@ -8,8 +8,8 @@ module OpenIDConnect
|
|
|
8
8
|
class InvalidAudience < InvalidToken; end
|
|
9
9
|
|
|
10
10
|
attr_required :iss, :sub, :aud, :exp, :iat
|
|
11
|
-
attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :
|
|
12
|
-
attr_accessor :access_token, :code
|
|
11
|
+
attr_optional :acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :s_hash
|
|
12
|
+
attr_accessor :access_token, :code, :state
|
|
13
13
|
alias_method :subject, :sub
|
|
14
14
|
alias_method :subject=, :sub=
|
|
15
15
|
|
|
@@ -49,6 +49,9 @@ module OpenIDConnect
|
|
|
49
49
|
if code
|
|
50
50
|
self.c_hash = left_half_hash_of code, hash_length
|
|
51
51
|
end
|
|
52
|
+
if state
|
|
53
|
+
self.s_hash = left_half_hash_of state, hash_length
|
|
54
|
+
end
|
|
52
55
|
super
|
|
53
56
|
end
|
|
54
57
|
|
data/lib/openid_connect.rb
CHANGED
|
@@ -67,13 +67,18 @@ module OpenIDConnect
|
|
|
67
67
|
_http_client_ = HTTPClient.new(
|
|
68
68
|
agent_name: "OpenIDConnect (#{VERSION})"
|
|
69
69
|
)
|
|
70
|
+
|
|
71
|
+
# NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
|
|
72
|
+
_http_client_.ssl_config.clear_cert_store
|
|
73
|
+
_http_client_.ssl_config.cert_store.set_default_paths
|
|
74
|
+
|
|
70
75
|
_http_client_.request_filter << Debugger::RequestFilter.new if debugging?
|
|
71
76
|
http_config.try(:call, _http_client_)
|
|
72
77
|
_http_client_
|
|
73
78
|
end
|
|
74
79
|
def self.http_config(&block)
|
|
75
80
|
@sub_protocols.each do |klass|
|
|
76
|
-
klass.http_config
|
|
81
|
+
klass.http_config(&block) unless klass.http_config
|
|
77
82
|
end
|
|
78
83
|
@@http_config ||= block
|
|
79
84
|
end
|
|
@@ -19,7 +19,7 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
19
19
|
describe 'attributes' do
|
|
20
20
|
subject { klass }
|
|
21
21
|
its(:required_attributes) { should == [:iss, :sub, :aud, :exp, :iat] }
|
|
22
|
-
its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :
|
|
22
|
+
its(:optional_attributes) { should == [:acr, :amr, :azp, :jti, :sid, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash, :s_hash] }
|
|
23
23
|
|
|
24
24
|
describe 'auth_time' do
|
|
25
25
|
subject { id_token.auth_time }
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tzinfo
|
|
@@ -319,8 +319,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
319
|
- !ruby/object:Gem::Version
|
|
320
320
|
version: '0'
|
|
321
321
|
requirements: []
|
|
322
|
-
|
|
323
|
-
rubygems_version: 2.7.3
|
|
322
|
+
rubygems_version: 3.1.4
|
|
324
323
|
signing_key:
|
|
325
324
|
specification_version: 4
|
|
326
325
|
summary: OpenID Connect Server & Client Library
|