openid_connect 1.3.0 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +32 -0
- data/README.rdoc +0 -2
- data/VERSION +1 -1
- data/lib/openid_connect/discovery/provider/config/response.rb +5 -0
- data/lib/openid_connect/response_object/id_token.rb +8 -3
- data/openid_connect.gemspec +11 -4
- data/spec/mock_response/public_keys/jwks_with_private_key.json +8 -0
- data/spec/mock_response/public_keys/private_key.pem +27 -0
- data/spec/openid_connect/response_object/id_token_spec.rb +48 -0
- metadata +52 -19
- data/.travis.yml +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fc2fbaf7f12786bfb4695776c65b78a58a7730730382b138a8b53b6149939989
|
|
4
|
+
data.tar.gz: 54d98cef9172883b53426b457ab41cb743d078ae9ed20eb8b374628802cebf1d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f3bc8fec5821911fbf334a27c9bc2d49dd7871cd5379a9ff91b7a5d1f05b017cece154744b4eb6283b3eea64dbf2cd6cb2fc61fe66a1f75c4dbf21aa97180646
|
|
7
|
+
data.tar.gz: '09845c6ec9f7d8a198333d49eab6511f25fccd7d31a6ea7f59456700f44eab420ae4dbe2d96d28e541f7cd7b5f9bf0c5976ee19a85b7397904c3debd45db01e9'
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
name: Spec
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
branches:
|
|
6
|
+
- master
|
|
7
|
+
pull_request:
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: read
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
spec:
|
|
14
|
+
strategy:
|
|
15
|
+
matrix:
|
|
16
|
+
os: ['ubuntu-20.04']
|
|
17
|
+
ruby-version: ['2.6', '2.7', '3.0', '3.1']
|
|
18
|
+
# ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
|
|
19
|
+
include:
|
|
20
|
+
- os: 'ubuntu-22.04'
|
|
21
|
+
ruby-version: '3.1'
|
|
22
|
+
runs-on: ${{ matrix.os }}
|
|
23
|
+
|
|
24
|
+
steps:
|
|
25
|
+
- uses: actions/checkout@v3
|
|
26
|
+
- name: Set up Ruby
|
|
27
|
+
uses: ruby/setup-ruby@v1
|
|
28
|
+
with:
|
|
29
|
+
ruby-version: ${{ matrix.ruby-version }}
|
|
30
|
+
bundler-cache: true
|
|
31
|
+
- name: Run Specs
|
|
32
|
+
run: bundle exec rake spec
|
data/README.rdoc
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.2
|
|
@@ -63,11 +63,16 @@ module OpenIDConnect
|
|
|
63
63
|
end
|
|
64
64
|
|
|
65
65
|
class << self
|
|
66
|
-
def decode(jwt_string,
|
|
67
|
-
|
|
66
|
+
def decode(jwt_string, key_or_config)
|
|
67
|
+
case key_or_config
|
|
68
|
+
when :self_issued
|
|
68
69
|
decode_self_issued jwt_string
|
|
70
|
+
when OpenIDConnect::Discovery::Provider::Config::Response
|
|
71
|
+
jwt = JSON::JWT.decode jwt_string, :skip_verification
|
|
72
|
+
jwt.verify! key_or_config.jwk(jwt.kid)
|
|
73
|
+
new jwt
|
|
69
74
|
else
|
|
70
|
-
new JSON::JWT.decode jwt_string,
|
|
75
|
+
new JSON::JWT.decode jwt_string, key_or_config
|
|
71
76
|
end
|
|
72
77
|
end
|
|
73
78
|
|
data/openid_connect.gemspec
CHANGED
|
@@ -17,13 +17,20 @@ Gem::Specification.new do |s|
|
|
|
17
17
|
s.add_runtime_dependency "activemodel"
|
|
18
18
|
s.add_runtime_dependency "validate_url"
|
|
19
19
|
s.add_runtime_dependency "validate_email"
|
|
20
|
-
s.add_runtime_dependency "json-jwt", ">= 1.
|
|
21
|
-
s.add_runtime_dependency "swd", "
|
|
22
|
-
s.add_runtime_dependency "webfinger", "
|
|
23
|
-
s.add_runtime_dependency "rack-oauth2", "
|
|
20
|
+
s.add_runtime_dependency "json-jwt", ">= 1.15.0"
|
|
21
|
+
s.add_runtime_dependency "swd", "~> 1.3"
|
|
22
|
+
s.add_runtime_dependency "webfinger", "~> 1.2"
|
|
23
|
+
s.add_runtime_dependency "rack-oauth2", "~> 1.21"
|
|
24
|
+
if Gem.ruby_version >= Gem::Version.create(3.1)
|
|
25
|
+
# TODO:
|
|
26
|
+
# remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
|
|
27
|
+
# ref.) https://rubygems.org/gems/mailhttps://github.com/mikel/mail
|
|
28
|
+
s.add_runtime_dependency "net-smtp"
|
|
29
|
+
end
|
|
24
30
|
s.add_development_dependency "rake"
|
|
25
31
|
s.add_development_dependency "rspec"
|
|
26
32
|
s.add_development_dependency "rspec-its"
|
|
27
33
|
s.add_development_dependency "webmock"
|
|
28
34
|
s.add_development_dependency "simplecov"
|
|
35
|
+
s.add_development_dependency "rexml"
|
|
29
36
|
end
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
{
|
|
2
|
+
"keys": [{
|
|
3
|
+
"kty": "RSA",
|
|
4
|
+
"e": "AQAB",
|
|
5
|
+
"n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
|
|
6
|
+
"kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
|
|
7
|
+
}]
|
|
8
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
|
2
|
+
MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
|
|
3
|
+
IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
|
|
4
|
+
wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
|
|
5
|
+
86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
|
|
6
|
+
LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
|
|
7
|
+
Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
|
|
8
|
+
90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
|
|
9
|
+
Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
|
|
10
|
+
dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
|
|
11
|
+
H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
|
|
12
|
+
9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
|
|
13
|
+
8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
|
|
14
|
+
AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
|
|
15
|
+
VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
|
|
16
|
+
MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
|
|
17
|
+
zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
|
|
18
|
+
Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
|
|
19
|
+
EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
|
|
20
|
+
hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
|
|
21
|
+
pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
|
|
22
|
+
ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
|
|
23
|
+
KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
|
|
24
|
+
JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
|
|
25
|
+
XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
|
|
26
|
+
mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
|
|
27
|
+
-----END RSA PRIVATE KEY-----
|
|
@@ -251,6 +251,54 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
|
251
251
|
its(:exp) { should == attributes[:exp].to_i }
|
|
252
252
|
its(:raw_attributes) { should be_instance_of JSON::JWS }
|
|
253
253
|
|
|
254
|
+
context 'when IdP config is given' do
|
|
255
|
+
subject { klass.decode id_token.to_jwt(private_key), idp_config }
|
|
256
|
+
let(:jwks) do
|
|
257
|
+
jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
|
|
258
|
+
jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
|
|
259
|
+
end
|
|
260
|
+
let(:idp_config) do
|
|
261
|
+
OpenIDConnect::Discovery::Provider::Config::Response.new(
|
|
262
|
+
issuer: attributes[:issuer],
|
|
263
|
+
authorization_endpoint: File.join(attributes[:iss], 'authorize'),
|
|
264
|
+
jwks_uri: File.join(attributes[:iss], 'jwks'),
|
|
265
|
+
response_types_supported: ['code'],
|
|
266
|
+
subject_types_supported: ['public'],
|
|
267
|
+
id_token_signing_alg_values_supported: ['RS256']
|
|
268
|
+
)
|
|
269
|
+
end
|
|
270
|
+
|
|
271
|
+
context 'when id_token has kid' do
|
|
272
|
+
let(:private_key) do
|
|
273
|
+
OpenSSL::PKey::RSA.new(
|
|
274
|
+
File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
|
|
275
|
+
).to_jwk
|
|
276
|
+
end
|
|
277
|
+
|
|
278
|
+
it do
|
|
279
|
+
mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
|
|
280
|
+
should be_a klass
|
|
281
|
+
end
|
|
282
|
+
end
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
context 'otherwise' do
|
|
286
|
+
let(:private_key) do
|
|
287
|
+
OpenSSL::PKey::RSA.new(
|
|
288
|
+
File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
|
|
289
|
+
)
|
|
290
|
+
end
|
|
291
|
+
|
|
292
|
+
it do
|
|
293
|
+
mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
|
|
294
|
+
expect do
|
|
295
|
+
should
|
|
296
|
+
end.to raise_error JSON::JWK::Set::KidNotFound
|
|
297
|
+
end
|
|
298
|
+
end
|
|
299
|
+
end
|
|
300
|
+
end
|
|
301
|
+
|
|
254
302
|
context 'when self-issued' do
|
|
255
303
|
context 'when valid' do
|
|
256
304
|
let(:self_issued) do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: openid_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-10-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: tzinfo
|
|
@@ -86,56 +86,70 @@ dependencies:
|
|
|
86
86
|
requirements:
|
|
87
87
|
- - ">="
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: 1.
|
|
89
|
+
version: 1.15.0
|
|
90
90
|
type: :runtime
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - ">="
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: 1.
|
|
96
|
+
version: 1.15.0
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: swd
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- - "
|
|
101
|
+
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: 1.
|
|
103
|
+
version: '1.3'
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - "
|
|
108
|
+
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: 1.
|
|
110
|
+
version: '1.3'
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: webfinger
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
114
114
|
requirements:
|
|
115
|
-
- - "
|
|
115
|
+
- - "~>"
|
|
116
116
|
- !ruby/object:Gem::Version
|
|
117
|
-
version: 1.
|
|
117
|
+
version: '1.2'
|
|
118
118
|
type: :runtime
|
|
119
119
|
prerelease: false
|
|
120
120
|
version_requirements: !ruby/object:Gem::Requirement
|
|
121
121
|
requirements:
|
|
122
|
-
- - "
|
|
122
|
+
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
|
-
version: 1.
|
|
124
|
+
version: '1.2'
|
|
125
125
|
- !ruby/object:Gem::Dependency
|
|
126
126
|
name: rack-oauth2
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: '1.21'
|
|
132
|
+
type: :runtime
|
|
133
|
+
prerelease: false
|
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
+
requirements:
|
|
136
|
+
- - "~>"
|
|
137
|
+
- !ruby/object:Gem::Version
|
|
138
|
+
version: '1.21'
|
|
139
|
+
- !ruby/object:Gem::Dependency
|
|
140
|
+
name: net-smtp
|
|
127
141
|
requirement: !ruby/object:Gem::Requirement
|
|
128
142
|
requirements:
|
|
129
143
|
- - ">="
|
|
130
144
|
- !ruby/object:Gem::Version
|
|
131
|
-
version:
|
|
145
|
+
version: '0'
|
|
132
146
|
type: :runtime
|
|
133
147
|
prerelease: false
|
|
134
148
|
version_requirements: !ruby/object:Gem::Requirement
|
|
135
149
|
requirements:
|
|
136
150
|
- - ">="
|
|
137
151
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
152
|
+
version: '0'
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: rake
|
|
141
155
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -206,6 +220,20 @@ dependencies:
|
|
|
206
220
|
- - ">="
|
|
207
221
|
- !ruby/object:Gem::Version
|
|
208
222
|
version: '0'
|
|
223
|
+
- !ruby/object:Gem::Dependency
|
|
224
|
+
name: rexml
|
|
225
|
+
requirement: !ruby/object:Gem::Requirement
|
|
226
|
+
requirements:
|
|
227
|
+
- - ">="
|
|
228
|
+
- !ruby/object:Gem::Version
|
|
229
|
+
version: '0'
|
|
230
|
+
type: :development
|
|
231
|
+
prerelease: false
|
|
232
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
233
|
+
requirements:
|
|
234
|
+
- - ">="
|
|
235
|
+
- !ruby/object:Gem::Version
|
|
236
|
+
version: '0'
|
|
209
237
|
description: OpenID Connect Server & Client Library
|
|
210
238
|
email:
|
|
211
239
|
- nov@matake.jp
|
|
@@ -213,9 +241,10 @@ executables: []
|
|
|
213
241
|
extensions: []
|
|
214
242
|
extra_rdoc_files: []
|
|
215
243
|
files:
|
|
244
|
+
- ".github/FUNDING.yml"
|
|
245
|
+
- ".github/workflows/spec.yml"
|
|
216
246
|
- ".gitignore"
|
|
217
247
|
- ".rspec"
|
|
218
|
-
- ".travis.yml"
|
|
219
248
|
- Gemfile
|
|
220
249
|
- LICENSE
|
|
221
250
|
- README.rdoc
|
|
@@ -275,6 +304,8 @@ files:
|
|
|
275
304
|
- spec/mock_response/errors/unknown.json
|
|
276
305
|
- spec/mock_response/id_token.json
|
|
277
306
|
- spec/mock_response/public_keys/jwks.json
|
|
307
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
308
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
278
309
|
- spec/mock_response/request_object/signed.jwt
|
|
279
310
|
- spec/mock_response/userinfo/openid.json
|
|
280
311
|
- spec/openid_connect/access_token_spec.rb
|
|
@@ -304,7 +335,7 @@ homepage: https://github.com/nov/openid_connect
|
|
|
304
335
|
licenses:
|
|
305
336
|
- MIT
|
|
306
337
|
metadata: {}
|
|
307
|
-
post_install_message:
|
|
338
|
+
post_install_message:
|
|
308
339
|
rdoc_options: []
|
|
309
340
|
require_paths:
|
|
310
341
|
- lib
|
|
@@ -319,8 +350,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
350
|
- !ruby/object:Gem::Version
|
|
320
351
|
version: '0'
|
|
321
352
|
requirements: []
|
|
322
|
-
rubygems_version: 3.
|
|
323
|
-
signing_key:
|
|
353
|
+
rubygems_version: 3.3.7
|
|
354
|
+
signing_key:
|
|
324
355
|
specification_version: 4
|
|
325
356
|
summary: OpenID Connect Server & Client Library
|
|
326
357
|
test_files:
|
|
@@ -347,6 +378,8 @@ test_files:
|
|
|
347
378
|
- spec/mock_response/errors/unknown.json
|
|
348
379
|
- spec/mock_response/id_token.json
|
|
349
380
|
- spec/mock_response/public_keys/jwks.json
|
|
381
|
+
- spec/mock_response/public_keys/jwks_with_private_key.json
|
|
382
|
+
- spec/mock_response/public_keys/private_key.pem
|
|
350
383
|
- spec/mock_response/request_object/signed.jwt
|
|
351
384
|
- spec/mock_response/userinfo/openid.json
|
|
352
385
|
- spec/openid_connect/access_token_spec.rb
|