openid_connect 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +30 -0
- data/README.rdoc +0 -2
- data/VERSION +1 -1
- data/lib/openid_connect/discovery/provider/config/response.rb +5 -0
- data/lib/openid_connect/response_object/id_token.rb +8 -3
- data/openid_connect.gemspec +8 -1
- data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
- data/spec/mock_response/public_keys/private_key.pem +27 -0
- data/spec/openid_connect/response_object/id_token_spec.rb +29 -0
- metadata +28 -9
- data/.travis.yml +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b75de8fc4fb255bd3516e8035f72ad3c2f75f95240e6c33d4233991c363b57d5
|
|
4
|
+
data.tar.gz: 43264652dba072d41fde285f06cf2f0e5e173d700d8d5c92156273a249623e16
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c3a8b6351419263e11bf7ec1ba4960d2a7675545ddd486411b03d6480e39916e93a35129b668b8123ef662fd53ba6941bcdaa3115bdde36cfa9934080fa91c9
|
|
7
|
+
data.tar.gz: 2d3e1bdd2276370bfa60c6a4e5c3f7daf3891cdc60efb7d98130b8686d0d3c4003c6c409cfa59b2b2b7adc57df612958cd8ce36dedfe6cbd3a7b905404a4c500
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
name: Spec
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
pull_request:
|
|
6
|
+
|
|
7
|
+
permissions:
|
|
8
|
+
contents: read
|
|
9
|
+
|
|
10
|
+
jobs:
|
|
11
|
+
spec:
|
|
12
|
+
strategy:
|
|
13
|
+
matrix:
|
|
14
|
+
os: ['ubuntu-20.04']
|
|
15
|
+
ruby-version: ['2.6', '2.7', '3.0', '3.1']
|
|
16
|
+
# ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
|
|
17
|
+
include:
|
|
18
|
+
- os: 'ubuntu-22.04'
|
|
19
|
+
ruby-version: '3.1'
|
|
20
|
+
runs-on: ${{ matrix.os }}
|
|
21
|
+
|
|
22
|
+
steps:
|
|
23
|
+
- uses: actions/checkout@v3
|
|
24
|
+
- name: Set up Ruby
|
|
25
|
+
uses: ruby/setup-ruby@v1
|
|
26
|
+
with:
|
|
27
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
28
|
+
bundler-cache: true
|
|
29
|
+
- name: Run Specs
|
|
30
|
+
run: bundle exec rake spec
|
data/README.rdoc
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.0
|
|
@@ -63,11 +63,16 @@ module OpenIDConnect
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
class << self
|
|
66
|
-
def decode(jwt_string,
|
|
67
|
-
|
|
66
|
+
def decode(jwt_string, key_or_config)
|
|
67
|
+
case key_or_config
|
|
68
|
+
when :self_issued
|
|
68
69
|
decode_self_issued jwt_string
|
|
70
|
+
when OpenIDConnect::Discovery::Provider::Config::Response
|
|
71
|
+
jwt = JSON::JWT.decode jwt_string, :skip_verification
|
|
72
|
+
jwt.verify! key_or_config.jwk(jwt.kid)
|
|
73
|
+
new jwt
|
|
69
74
|
else
|
|
70
|
-
new JSON::JWT.decode jwt_string,
|
|
75
|
+
new JSON::JWT.decode jwt_string, key_or_config
|
|
71
76
|
end
|
|
72
77
|
end
|
|
73
78
|
|
data/openid_connect.gemspec
CHANGED
|
@@ -17,13 +17,20 @@ Gem::Specification.new do |s|
|
|
|
17
17
|
s.add_runtime_dependency "activemodel"
|
|
18
18
|
s.add_runtime_dependency "validate_url"
|
|
19
19
|
s.add_runtime_dependency "validate_email"
|
|
20
|
-
s.add_runtime_dependency "json-jwt", ">= 1.
|
|
20
|
+
s.add_runtime_dependency "json-jwt", ">= 1.15.0"
|
|
21
21
|
s.add_runtime_dependency "swd", ">= 1.0.0"
|
|
22
22
|
s.add_runtime_dependency "webfinger", ">= 1.0.1"
|
|
23
23
|
s.add_runtime_dependency "rack-oauth2", ">= 1.6.1"
|
|
24
|
+
if Gem.ruby_version >= Gem::Version.create(3.1)
|
|
25
|
+
# TODO:
|
|
26
|
+
# remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
|
|
27
|
+
# ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
|
|
28
|
+
s.add_runtime_dependency "net-smtp"
|
|
29
|
+
end
|
|
24
30
|
s.add_development_dependency "rake"
|
|
25
31
|
s.add_development_dependency "rspec"
|
|
26
32
|
s.add_development_dependency "rspec-its"
|
|
27
33
|
s.add_development_dependency "webmock"
|
|
28
34
|
s.add_development_dependency "simplecov"
|
|
35
|
+
s.add_development_dependency "rexml"
|
|
29
36
|
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
{
|
|
2
|
+
"keys": [{
|
|
3
|
+
"kty": "RSA",
|
|
4
|
+
"e": "AQAB",
|
|
5
|
+
"n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
|
|
6
|
+
"kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
|
|
7
|
+
}]
|
|
8
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
|
|
3
|
+
IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
|
|
4
|
+
wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
|
|
5
|
+
86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
|
|
6
|
+
LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
|
|
7
|
+
Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
|
|
8
|
+
90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
|
|
9
|
+
Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
|
|
10
|
+
dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
|
|
11
|
+
H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
|
|
12
|
+
9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
|
|
13
|
+
8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
|
|
14
|
+
AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
|
|
15
|
+
VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
|
|
16
|
+
MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
|
|
17
|
+
zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
|
|
18
|
+
Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
|
|
19
|
+
EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
|
|
20
|
+
hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
|
|
21
|
+
pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
|
|
22
|
+
ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
|
|
23
|
+
KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
|
|
24
|
+
JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
|
|
25
|
+
XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
|
|
26
|
+
mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
|
|
27
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -251,6 +251,35 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
251
251
|
its(:exp) { should == attributes[:exp].to_i }
|
|
252
252
|
its(:raw_attributes) { should be_instance_of JSON::JWS }
|
|
253
253
|
|
|
254
|
+
context 'when IdP config is given' do
|
|
255
|
+
subject { klass.decode id_token.to_jwt(private_key), idp_config }
|
|
256
|
+
let(:jwks) do
|
|
257
|
+
jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
|
|
258
|
+
jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
|
|
259
|
+
end
|
|
260
|
+
let(:private_key) do
|
|
261
|
+
OpenSSL::PKey::RSA.new(
|
|
262
|
+
File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
|
|
263
|
+
).to_jwk
|
|
264
|
+
end
|
|
265
|
+
let(:idp_config) do
|
|
266
|
+
OpenIDConnect::Discovery::Provider::Config::Response.new(
|
|
267
|
+
issuer: attributes[:issuer],
|
|
268
|
+
authorization_endpoint: File.join(attributes[:iss], 'authorize'),
|
|
269
|
+
jwks_uri: File.join(attributes[:iss], 'jwks'),
|
|
270
|
+
response_types_supported: ['code'],
|
|
271
|
+
subject_types_supported: ['public'],
|
|
272
|
+
id_token_signing_alg_values_supported: ['RS256']
|
|
273
|
+
)
|
|
274
|
+
end
|
|
275
|
+
|
|
276
|
+
it do
|
|
277
|
+
mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
|
|
278
|
+
should
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
end
|
|
282
|
+
|
|
254
283
|
context 'when self-issued' do
|
|
255
284
|
context 'when valid' do
|
|
256
285
|
let(:self_issued) do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tzinfo
|
|
@@ -86,14 +86,14 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.
|
|
89
|
+
version: 1.15.0
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.
|
|
96
|
+
version: 1.15.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: swd
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +206,20 @@ dependencies:
|
|
|
206
206
|
- - ">="
|
|
207
207
|
- !ruby/object:Gem::Version
|
|
208
208
|
version: '0'
|
|
209
|
+
- !ruby/object:Gem::Dependency
|
|
210
|
+
name: rexml
|
|
211
|
+
requirement: !ruby/object:Gem::Requirement
|
|
212
|
+
requirements:
|
|
213
|
+
- - ">="
|
|
214
|
+
- !ruby/object:Gem::Version
|
|
215
|
+
version: '0'
|
|
216
|
+
type: :development
|
|
217
|
+
prerelease: false
|
|
218
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
219
|
+
requirements:
|
|
220
|
+
- - ">="
|
|
221
|
+
- !ruby/object:Gem::Version
|
|
222
|
+
version: '0'
|
|
209
223
|
description: OpenID Connect Server & Client Library
|
|
210
224
|
email:
|
|
211
225
|
- nov@matake.jp
|
|
@@ -213,9 +227,10 @@ executables: []
|
|
|
213
227
|
extensions: []
|
|
214
228
|
extra_rdoc_files: []
|
|
215
229
|
files:
|
|
230
|
+
- ".github/FUNDING.yml"
|
|
231
|
+
- ".github/workflows/spec.yml"
|
|
216
232
|
- ".gitignore"
|
|
217
233
|
- ".rspec"
|
|
218
|
-
- ".travis.yml"
|
|
219
234
|
- Gemfile
|
|
220
235
|
- LICENSE
|
|
221
236
|
- README.rdoc
|
|
@@ -275,6 +290,8 @@ files:
|
|
|
275
290
|
- spec/mock_response/errors/unknown.json
|
|
276
291
|
- spec/mock_response/id_token.json
|
|
277
292
|
- spec/mock_response/public_keys/jwks.json
|
|
293
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
294
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
278
295
|
- spec/mock_response/request_object/signed.jwt
|
|
279
296
|
- spec/mock_response/userinfo/openid.json
|
|
280
297
|
- spec/openid_connect/access_token_spec.rb
|
|
@@ -304,7 +321,7 @@ homepage: https://github.com/nov/openid_connect
|
|
|
304
321
|
licenses:
|
|
305
322
|
- MIT
|
|
306
323
|
metadata: {}
|
|
307
|
-
post_install_message:
|
|
324
|
+
post_install_message:
|
|
308
325
|
rdoc_options: []
|
|
309
326
|
require_paths:
|
|
310
327
|
- lib
|
|
@@ -319,8 +336,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
336
|
- !ruby/object:Gem::Version
|
|
320
337
|
version: '0'
|
|
321
338
|
requirements: []
|
|
322
|
-
rubygems_version: 3.
|
|
323
|
-
signing_key:
|
|
339
|
+
rubygems_version: 3.2.22
|
|
340
|
+
signing_key:
|
|
324
341
|
specification_version: 4
|
|
325
342
|
summary: OpenID Connect Server & Client Library
|
|
326
343
|
test_files:
|
|
@@ -347,6 +364,8 @@ test_files:
|
|
|
347
364
|
- spec/mock_response/errors/unknown.json
|
|
348
365
|
- spec/mock_response/id_token.json
|
|
349
366
|
- spec/mock_response/public_keys/jwks.json
|
|
367
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
368
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
350
369
|
- spec/mock_response/request_object/signed.jwt
|
|
351
370
|
- spec/mock_response/userinfo/openid.json
|
|
352
371
|
- spec/openid_connect/access_token_spec.rb
|