openid_connect 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +30 -0
- data/README.rdoc +0 -2
- data/VERSION +1 -1
- data/lib/openid_connect/discovery/provider/config/response.rb +5 -0
- data/lib/openid_connect/response_object/id_token.rb +8 -3
- data/openid_connect.gemspec +8 -1
- data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
- data/spec/mock_response/public_keys/private_key.pem +27 -0
- data/spec/openid_connect/response_object/id_token_spec.rb +29 -0
- metadata +28 -9
- data/.travis.yml +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b75de8fc4fb255bd3516e8035f72ad3c2f75f95240e6c33d4233991c363b57d5
|
|
4
|
+
data.tar.gz: 43264652dba072d41fde285f06cf2f0e5e173d700d8d5c92156273a249623e16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c3a8b6351419263e11bf7ec1ba4960d2a7675545ddd486411b03d6480e39916e93a35129b668b8123ef662fd53ba6941bcdaa3115bdde36cfa9934080fa91c9
|
|
7
|
+
data.tar.gz: 2d3e1bdd2276370bfa60c6a4e5c3f7daf3891cdc60efb7d98130b8686d0d3c4003c6c409cfa59b2b2b7adc57df612958cd8ce36dedfe6cbd3a7b905404a4c500
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: Spec
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
pull_request:
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: read
|
|
9
|
+
|
|
10
|
+
jobs:
|
|
11
|
+
spec:
|
|
12
|
+
strategy:
|
|
13
|
+
matrix:
|
|
14
|
+
os: ['ubuntu-20.04']
|
|
15
|
+
ruby-version: ['2.6', '2.7', '3.0', '3.1']
|
|
16
|
+
# ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
|
|
17
|
+
include:
|
|
18
|
+
- os: 'ubuntu-22.04'
|
|
19
|
+
ruby-version: '3.1'
|
|
20
|
+
runs-on: ${{ matrix.os }}
|
|
21
|
+
|
|
22
|
+
steps:
|
|
23
|
+
- uses: actions/checkout@v3
|
|
24
|
+
- name: Set up Ruby
|
|
25
|
+
uses: ruby/setup-ruby@v1
|
|
26
|
+
with:
|
|
27
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
28
|
+
bundler-cache: true
|
|
29
|
+
- name: Run Specs
|
|
30
|
+
run: bundle exec rake spec
|
data/README.rdoc
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.0
|
|
@@ -63,11 +63,16 @@ module OpenIDConnect
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
class << self
|
|
66
|
-
def decode(jwt_string,
|
|
67
|
-
|
|
66
|
+
def decode(jwt_string, key_or_config)
|
|
67
|
+
case key_or_config
|
|
68
|
+
when :self_issued
|
|
68
69
|
decode_self_issued jwt_string
|
|
70
|
+
when OpenIDConnect::Discovery::Provider::Config::Response
|
|
71
|
+
jwt = JSON::JWT.decode jwt_string, :skip_verification
|
|
72
|
+
jwt.verify! key_or_config.jwk(jwt.kid)
|
|
73
|
+
new jwt
|
|
69
74
|
else
|
|
70
|
-
new JSON::JWT.decode jwt_string,
|
|
75
|
+
new JSON::JWT.decode jwt_string, key_or_config
|
|
71
76
|
end
|
|
72
77
|
end
|
|
73
78
|
|
data/openid_connect.gemspec
CHANGED
|
@@ -17,13 +17,20 @@ Gem::Specification.new do |s|
|
|
|
17
17
|
s.add_runtime_dependency "activemodel"
|
|
18
18
|
s.add_runtime_dependency "validate_url"
|
|
19
19
|
s.add_runtime_dependency "validate_email"
|
|
20
|
-
s.add_runtime_dependency "json-jwt", ">= 1.
|
|
20
|
+
s.add_runtime_dependency "json-jwt", ">= 1.15.0"
|
|
21
21
|
s.add_runtime_dependency "swd", ">= 1.0.0"
|
|
22
22
|
s.add_runtime_dependency "webfinger", ">= 1.0.1"
|
|
23
23
|
s.add_runtime_dependency "rack-oauth2", ">= 1.6.1"
|
|
24
|
+
if Gem.ruby_version >= Gem::Version.create(3.1)
|
|
25
|
+
# TODO:
|
|
26
|
+
# remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
|
|
27
|
+
# ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
|
|
28
|
+
s.add_runtime_dependency "net-smtp"
|
|
29
|
+
end
|
|
24
30
|
s.add_development_dependency "rake"
|
|
25
31
|
s.add_development_dependency "rspec"
|
|
26
32
|
s.add_development_dependency "rspec-its"
|
|
27
33
|
s.add_development_dependency "webmock"
|
|
28
34
|
s.add_development_dependency "simplecov"
|
|
35
|
+
s.add_development_dependency "rexml"
|
|
29
36
|
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
{
|
|
2
|
+
"keys": [{
|
|
3
|
+
"kty": "RSA",
|
|
4
|
+
"e": "AQAB",
|
|
5
|
+
"n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
|
|
6
|
+
"kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
|
|
7
|
+
}]
|
|
8
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
|
|
3
|
+
IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
|
|
4
|
+
wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
|
|
5
|
+
86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
|
|
6
|
+
LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
|
|
7
|
+
Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
|
|
8
|
+
90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
|
|
9
|
+
Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
|
|
10
|
+
dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
|
|
11
|
+
H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
|
|
12
|
+
9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
|
|
13
|
+
8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
|
|
14
|
+
AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
|
|
15
|
+
VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
|
|
16
|
+
MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
|
|
17
|
+
zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
|
|
18
|
+
Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
|
|
19
|
+
EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
|
|
20
|
+
hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
|
|
21
|
+
pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
|
|
22
|
+
ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
|
|
23
|
+
KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
|
|
24
|
+
JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
|
|
25
|
+
XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
|
|
26
|
+
mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
|
|
27
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -251,6 +251,35 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
251
251
|
its(:exp) { should == attributes[:exp].to_i }
|
|
252
252
|
its(:raw_attributes) { should be_instance_of JSON::JWS }
|
|
253
253
|
|
|
254
|
+
context 'when IdP config is given' do
|
|
255
|
+
subject { klass.decode id_token.to_jwt(private_key), idp_config }
|
|
256
|
+
let(:jwks) do
|
|
257
|
+
jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
|
|
258
|
+
jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
|
|
259
|
+
end
|
|
260
|
+
let(:private_key) do
|
|
261
|
+
OpenSSL::PKey::RSA.new(
|
|
262
|
+
File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
|
|
263
|
+
).to_jwk
|
|
264
|
+
end
|
|
265
|
+
let(:idp_config) do
|
|
266
|
+
OpenIDConnect::Discovery::Provider::Config::Response.new(
|
|
267
|
+
issuer: attributes[:issuer],
|
|
268
|
+
authorization_endpoint: File.join(attributes[:iss], 'authorize'),
|
|
269
|
+
jwks_uri: File.join(attributes[:iss], 'jwks'),
|
|
270
|
+
response_types_supported: ['code'],
|
|
271
|
+
subject_types_supported: ['public'],
|
|
272
|
+
id_token_signing_alg_values_supported: ['RS256']
|
|
273
|
+
)
|
|
274
|
+
end
|
|
275
|
+
|
|
276
|
+
it do
|
|
277
|
+
mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
|
|
278
|
+
should
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
end
|
|
282
|
+
|
|
254
283
|
context 'when self-issued' do
|
|
255
284
|
context 'when valid' do
|
|
256
285
|
let(:self_issued) do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tzinfo
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.
|
|
89
|
+
version: 1.15.0
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.
|
|
96
|
+
version: 1.15.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: swd
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +206,20 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
+
- !ruby/object:Gem::Dependency
|
|
210
|
+
name: rexml
|
|
211
|
+
requirement: !ruby/object:Gem::Requirement
|
|
212
|
+
requirements:
|
|
213
|
+
- - ">="
|
|
214
|
+
- !ruby/object:Gem::Version
|
|
215
|
+
version: '0'
|
|
216
|
+
type: :development
|
|
217
|
+
prerelease: false
|
|
218
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
219
|
+
requirements:
|
|
220
|
+
- - ">="
|
|
221
|
+
- !ruby/object:Gem::Version
|
|
222
|
+
version: '0'
|
|
209
223
|
description: OpenID Connect Server & Client Library
|
|
210
224
|
email:
|
|
211
225
|
- nov@matake.jp
|
|
@@ -213,9 +227,10 @@ executables: []
|
|
|
213
227
|
extensions: []
|
|
214
228
|
extra_rdoc_files: []
|
|
215
229
|
files:
|
|
230
|
+
- ".github/FUNDING.yml"
|
|
231
|
+
- ".github/workflows/spec.yml"
|
|
216
232
|
- ".gitignore"
|
|
217
233
|
- ".rspec"
|
|
218
|
-
- ".travis.yml"
|
|
219
234
|
- Gemfile
|
|
220
235
|
- LICENSE
|
|
221
236
|
- README.rdoc
|
|
@@ -275,6 +290,8 @@ files:
|
|
|
275
290
|
- spec/mock_response/errors/unknown.json
|
|
276
291
|
- spec/mock_response/id_token.json
|
|
277
292
|
- spec/mock_response/public_keys/jwks.json
|
|
293
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
294
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
278
295
|
- spec/mock_response/request_object/signed.jwt
|
|
279
296
|
- spec/mock_response/userinfo/openid.json
|
|
280
297
|
- spec/openid_connect/access_token_spec.rb
|
|
@@ -304,7 +321,7 @@ homepage: https://github.com/nov/openid_connect
|
|
|
304
321
|
licenses:
|
|
305
322
|
- MIT
|
|
306
323
|
metadata: {}
|
|
307
|
-
post_install_message:
|
|
324
|
+
post_install_message:
|
|
308
325
|
rdoc_options: []
|
|
309
326
|
require_paths:
|
|
310
327
|
- lib
|
|
@@ -319,8 +336,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
336
|
- !ruby/object:Gem::Version
|
|
320
337
|
version: '0'
|
|
321
338
|
requirements: []
|
|
322
|
-
rubygems_version: 3.
|
|
323
|
-
signing_key:
|
|
339
|
+
rubygems_version: 3.2.22
|
|
340
|
+
signing_key:
|
|
324
341
|
specification_version: 4
|
|
325
342
|
summary: OpenID Connect Server & Client Library
|
|
326
343
|
test_files:
|
|
@@ -347,6 +364,8 @@ test_files:
|
|
|
347
364
|
- spec/mock_response/errors/unknown.json
|
|
348
365
|
- spec/mock_response/id_token.json
|
|
349
366
|
- spec/mock_response/public_keys/jwks.json
|
|
367
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
368
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
350
369
|
- spec/mock_response/request_object/signed.jwt
|
|
351
370
|
- spec/mock_response/userinfo/openid.json
|
|
352
371
|
- spec/openid_connect/access_token_spec.rb
|