openid_connect 1.3.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 42a846a8e97f83ba3b339e6d2dab2e1255b75afba843f5d83ee78fc03d554edc
-  data.tar.gz: b004368bea628de55949f51af0f82bcff0981d9e8fe3becc94a753915d564df2
+  metadata.gz: 2b5a083aca9fb04e50e7ff4fb18d26d221daac9bf22ec1cfcc136007160a03db
+  data.tar.gz: 1eb0f4f04691552f0b276d284bb91f47d393c0afdc8e7473c57446c4e89c6cc1
 SHA512:
-  metadata.gz: c2cf62923d2b4262fbc276741f26ae80868b1d108d25ef8e52dbefb59df7005c4bf146cd9a31fbf7740a495adddb9c0ff47424a4306b3085929a4b33553fc659
-  data.tar.gz: 463aacad1ffe293e9a799fdbe367b32fca9f094409956701d396dda562e9b0faa0a54a0b4804768a34fc8685e0b93a2d44fb6033ceaa8512250d735a2f221ef3
+  metadata.gz: 3469b7247c8337d0f3bc5adddc3ebc117676814fba726ba95d59fb50279ae7f8a91e3856962ab794e44bc3d8a0ccbb9adf07966bc4ff50139c74e08c783e5e1f
+  data.tar.gz: 5670dcd68a4b196ebb167c2eb313360d407ae30a77914da20f376f4cddef1b009642fc5aeee5eddbd971b03e7baee939076a7ed343a9e63906e309b261bda8be

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: nov

data/.github/workflows/spec.yml

@@ -0,0 +1,32 @@
+name: Spec
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  spec:
+    strategy:
+      matrix:
+        os: ['ubuntu-20.04']
+        ruby-version: ['2.6', '2.7', '3.0', '3.1']
+        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        include:
+        - os: 'ubuntu-22.04'
+          ruby-version: '3.1'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run Specs
+      run: bundle exec rake spec

data/CHANGELOG.md

@@ -0,0 +1,17 @@
+## [Unreleased]
+
+## [2.1.0] - 2022-10-10
+
+### Changed
+
+- mTLS access token by @nov in https://github.com/nov/openid_connect/pull/76
+
+## [2.0.0] - 2022-10-09
+
+### Added
+
+- start recording CHANGELOG
+
+### Changed
+
+- replace httpclient with faraday v2 by @nov in https://github.com/nov/openid_connect/pull/75

data/README.rdoc

@@ -2,8 +2,6 @@
 
 OpenID Connect Server & Client Library
 
-{<img src="https://secure.travis-ci.org/nov/openid_connect.png" />}[http://travis-ci.org/nov/openid_connect]
-
 == Installation
 
   gem install openid_connect

data/VERSION

@@ -1 +1 @@
-1.3.0
+2.2.0

data/lib/openid_connect/access_token/mtls.rb

@@ -0,0 +1,9 @@
+module OpenIDConnect
+  class AccessToken::MTLS < AccessToken
+    def initialize(attributes = {})
+      super
+      http_client.ssl.client_key  = attributes[:private_key] || client.private_key
+      http_client.ssl.client_cert = attributes[:certificate] || client.certificate
+    end
+  end
+end

data/lib/openid_connect/access_token.rb

@@ -15,13 +15,20 @@ module OpenIDConnect
       ResponseObject::UserInfo.new hash
     end
 
+    def to_mtls(attributes = {})
+      (required_attributes + optional_attributes).each do |key|
+        attributes[key] = self.send(key)
+      end
+      MTLS.new attributes
+    end
+
     private
 
     def resource_request
       res = yield
       case res.status
       when 200
-        JSON.parse(res.body).with_indifferent_access
+        res.body.with_indifferent_access
       when 400
         raise BadRequest.new('API Access Faild', res)
       when 401
@@ -33,4 +40,6 @@ module OpenIDConnect
       end
     end
   end
-end
+end
+
+require 'openid_connect/access_token/mtls'

data/lib/openid_connect/client/registrar.rb

@@ -170,7 +170,7 @@ module OpenIDConnect
       end
 
       def handle_success_response(response)
-        credentials = JSON.parse(response.body).with_indifferent_access
+        credentials = response.body.with_indifferent_access
         Client.new(
           identifier: credentials[:client_id],
           secret:     credentials[:client_secret],

data/lib/openid_connect/client.rb

@@ -26,7 +26,7 @@ module OpenIDConnect
     end
 
     def handle_success_response(response)
-      token_hash = JSON.parse(response.body).with_indifferent_access
+      token_hash = response.body.with_indifferent_access
       token_type = (@forced_token_type || token_hash[:token_type]).try(:downcase)
       case token_type
       when 'bearer'
@@ -34,8 +34,6 @@ module OpenIDConnect
       else
         raise Exception.new("Unexpected Token Type: #{token_type}")
       end
-    rescue JSON::ParserError
-      raise Exception.new("Unknown Token Type")
     end
   end
 end

data/lib/openid_connect/discovery/provider/config/response.rb

@@ -81,12 +81,15 @@ module OpenIDConnect
           end
 
           def jwks
-            @jwks ||= JSON.parse(
-              OpenIDConnect.http_client.get_content(jwks_uri)
-            ).with_indifferent_access
+            @jwks ||= OpenIDConnect.http_client.get(jwks_uri).body.with_indifferent_access
             JSON::JWK::Set.new @jwks[:keys]
           end
 
+          def jwk(kid)
+            @jwks ||= {}
+            @jwks[kid] ||= JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
+          end
+
           def public_keys
             @public_keys ||= jwks.collect(&:to_key)
           end

data/lib/openid_connect/request_object.rb

@@ -25,7 +25,7 @@ module OpenIDConnect
       end
 
       def fetch(request_uri, key = nil)
-        jwt_string = OpenIDConnect.http_client.get_content(request_uri)
+        jwt_string = OpenIDConnect.http_client.get(request_uri).body
         decode jwt_string, key
       end
     end

data/lib/openid_connect/response_object/id_token.rb

@@ -63,11 +63,16 @@ module OpenIDConnect
       end
 
       class << self
-        def decode(jwt_string, key)
-          if key == :self_issued
+        def decode(jwt_string, key_or_config)
+          case key_or_config
+          when :self_issued
             decode_self_issued jwt_string
+          when OpenIDConnect::Discovery::Provider::Config::Response
+            jwt = JSON::JWT.decode jwt_string, :skip_verification
+            jwt.verify! key_or_config.jwk(jwt.kid)
+            new jwt
           else
-            new JSON::JWT.decode jwt_string, key
+            new JSON::JWT.decode jwt_string, key_or_config
           end
         end
 

data/lib/openid_connect.rb

@@ -1,5 +1,7 @@
 require 'json'
 require 'logger'
+require 'faraday'
+require 'faraday/follow_redirects'
 require 'swd'
 require 'webfinger'
 require 'active_model'
@@ -64,17 +66,14 @@ module OpenIDConnect
   self.debugging = false
 
   def self.http_client
-    _http_client_ = HTTPClient.new(
-      agent_name: "OpenIDConnect (#{VERSION})"
-    )
-
-    # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
-    _http_client_.ssl_config.clear_cert_store
-    _http_client_.ssl_config.cert_store.set_default_paths
-
-    _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
-    http_config.try(:call, _http_client_)
-    _http_client_
+    Faraday.new(headers: {user_agent: "OpenIDConnect (#{VERSION})"}) do |faraday|
+      faraday.request :url_encoded
+      faraday.request :json
+      faraday.response :json
+      faraday.response :logger, OpenIDConnect.logger, {bodies: true} if debugging?
+      faraday.adapter Faraday.default_adapter
+      http_config&.call(faraday)
+    end
   end
   def self.http_config(&block)
     @sub_protocols.each do |klass|
@@ -100,4 +99,3 @@ require 'openid_connect/access_token'
 require 'openid_connect/jwtnizable'
 require 'openid_connect/connect_object'
 require 'openid_connect/discovery'
-require 'openid_connect/debugger'

data/openid_connect.gemspec

@@ -17,13 +17,22 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 1.5.0"
-  s.add_runtime_dependency "swd", ">= 1.0.0"
-  s.add_runtime_dependency "webfinger", ">= 1.0.1"
-  s.add_runtime_dependency "rack-oauth2", ">= 1.6.1"
+  s.add_runtime_dependency 'faraday', '~> 2.0'
+  s.add_runtime_dependency 'faraday-follow_redirects'
+  s.add_runtime_dependency "json-jwt", ">= 1.16"
+  s.add_runtime_dependency "swd", "~> 2.0"
+  s.add_runtime_dependency "webfinger", "~> 2.0"
+  s.add_runtime_dependency "rack-oauth2", "~> 2.2"
+  if Gem.ruby_version >= Gem::Version.create(3.1)
+    # TODO:
+    #  remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
+    #  ref.) https://rubygems.org/gems/mail
+    s.add_runtime_dependency "net-smtp"
+  end
   s.add_development_dependency "rake"
   s.add_development_dependency "rspec"
   s.add_development_dependency "rspec-its"
   s.add_development_dependency "webmock"
   s.add_development_dependency "simplecov"
+  s.add_development_dependency "rexml"
 end

data/spec/helpers/webmock_helper.rb

@@ -32,7 +32,13 @@ module WebMockHelper
 
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{options[:format] || :json}"))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

data/spec/mock_response/errors/unknown.json

@@ -1 +1,3 @@
-Fuckin Unknown Error
+{
+  "unknown": "unknown"
+}

data/spec/mock_response/public_keys/jwks_with_private_key.json

@@ -0,0 +1,8 @@
+{
+  "keys": [{
+    "kty": "RSA",
+    "e": "AQAB",
+    "n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
+    "kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
+  }]
+}

data/spec/mock_response/public_keys/private_key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
+IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
+wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
+86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
+LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
+Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
+90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
+Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
+dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
+H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
+9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
+8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
+AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
+VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
+MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
+zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
+Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
+EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
+hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
+pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
+ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
+KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
+JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
+XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
+mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
+-----END RSA PRIVATE KEY-----

data/spec/openid_connect/client/registrar_spec.rb

@@ -253,7 +253,7 @@ describe OpenIDConnect::Client::Registrar do
     end
 
     context 'otherwise' do
-      it { should be_instance_of HTTPClient }
+      it { should be_instance_of Faraday::Connection }
     end
   end
 end

data/spec/openid_connect/client_spec.rb

@@ -162,16 +162,6 @@ describe OpenIDConnect::Client do
       end
     end
 
-    context 'when invalid JSON is returned' do
-      it 'should raise OpenIDConnect::Exception' do
-        mock_json :post, client.token_endpoint, 'access_token/invalid_json', request_header: header_params, params: protocol_params do
-          expect do
-            access_token
-          end.to raise_error OpenIDConnect::Exception, 'Unknown Token Type'
-        end
-      end
-    end
-
     context 'otherwise' do
       it 'should raise Unexpected Token Type exception' do
         mock_json :post, client.token_endpoint, 'access_token/mac', request_header: header_params, params: protocol_params do

data/spec/openid_connect/response_object/id_token_spec.rb

@@ -251,6 +251,54 @@ describe OpenIDConnect::ResponseObject::IdToken do
     its(:exp) { should == attributes[:exp].to_i }
     its(:raw_attributes) { should be_instance_of JSON::JWS }
 
+    context 'when IdP config is given' do
+      subject { klass.decode id_token.to_jwt(private_key), idp_config }
+      let(:jwks) do
+        jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
+        jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
+      end
+      let(:idp_config) do
+        OpenIDConnect::Discovery::Provider::Config::Response.new(
+          issuer: attributes[:issuer],
+          authorization_endpoint: File.join(attributes[:iss], 'authorize'),
+          jwks_uri: File.join(attributes[:iss], 'jwks'),
+          response_types_supported: ['code'],
+          subject_types_supported: ['public'],
+          id_token_signing_alg_values_supported: ['RS256']
+        )
+      end
+
+      context 'when id_token has kid' do
+        let(:private_key) do
+          OpenSSL::PKey::RSA.new(
+            File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
+          ).to_jwk
+        end
+
+        it do
+          mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
+            should be_a klass
+          end
+        end
+      end
+
+      context 'otherwise' do
+        let(:private_key) do
+          OpenSSL::PKey::RSA.new(
+            File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
+          )
+        end
+
+        it do
+          mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
+            expect do
+              should
+            end.to raise_error JSON::JWK::Set::KidNotFound
+          end
+        end
+      end
+    end
+
     context 'when self-issued' do
       context 'when valid' do
         let(:self_issued) do

data/spec/openid_connect_spec.rb

@@ -46,12 +46,12 @@ describe OpenIDConnect do
     context 'with http_config' do
       before do
         OpenIDConnect.http_config do |config|
-          config.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          config.ssl.verify = false
         end
       end
       it 'should configure OpenIDConnect, SWD and Rack::OAuth2\'s http_client' do
         [OpenIDConnect, SWD, WebFinger, Rack::OAuth2].each do |klass|
-          klass.http_client.ssl_config.verify_mode.should == OpenSSL::SSL::VERIFY_NONE
+          klass.http_client.ssl.verify.should be_falsy
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 2.2.0
 platform: ruby
 authors:
 - nov matake
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-01 00:00:00.000000000 Z
+date: 2022-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: tzinfo
@@ -81,61 +81,103 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: json-jwt
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.5.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: swd
+  name: json-jwt
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.16'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: swd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: webfinger
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.1
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rack-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: net-smtp
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.6.1
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -206,6 +248,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: OpenID Connect Server & Client Library
 email:
 - nov@matake.jp
@@ -213,9 +269,11 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/workflows/spec.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.rdoc
@@ -224,11 +282,10 @@ files:
 - VERSION
 - lib/openid_connect.rb
 - lib/openid_connect/access_token.rb
+- lib/openid_connect/access_token/mtls.rb
 - lib/openid_connect/client.rb
 - lib/openid_connect/client/registrar.rb
 - lib/openid_connect/connect_object.rb
-- lib/openid_connect/debugger.rb
-- lib/openid_connect/debugger/request_filter.rb
 - lib/openid_connect/discovery.rb
 - lib/openid_connect/discovery/provider.rb
 - lib/openid_connect/discovery/provider/config.rb
@@ -275,13 +332,14 @@ files:
 - spec/mock_response/errors/unknown.json
 - spec/mock_response/id_token.json
 - spec/mock_response/public_keys/jwks.json
+- spec/mock_response/public_keys/jwks_with_private_key.json
+- spec/mock_response/public_keys/private_key.pem
 - spec/mock_response/request_object/signed.jwt
 - spec/mock_response/userinfo/openid.json
 - spec/openid_connect/access_token_spec.rb
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb
@@ -304,7 +362,7 @@ homepage: https://github.com/nov/openid_connect
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -319,8 +377,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
 summary: OpenID Connect Server & Client Library
 test_files:
@@ -347,13 +405,14 @@ test_files:
 - spec/mock_response/errors/unknown.json
 - spec/mock_response/id_token.json
 - spec/mock_response/public_keys/jwks.json
+- spec/mock_response/public_keys/jwks_with_private_key.json
+- spec/mock_response/public_keys/private_key.pem
 - spec/mock_response/request_object/signed.jwt
 - spec/mock_response/userinfo/openid.json
 - spec/openid_connect/access_token_spec.rb
 - spec/openid_connect/client/registrar_spec.rb
 - spec/openid_connect/client_spec.rb
 - spec/openid_connect/connect_object_spec.rb
-- spec/openid_connect/debugger/request_filter_spec.rb
 - spec/openid_connect/discovery/provider/config/resource_spec.rb
 - spec/openid_connect/discovery/provider/config/response_spec.rb
 - spec/openid_connect/discovery/provider/config_spec.rb

data/.travis.yml

@@ -1,8 +0,0 @@
-before_install:
-  - gem install bundler
-
-rvm:
-  - 2.5.8
-  - 2.6.6
-  - 2.7.2
-  - 3.0.0

data/lib/openid_connect/debugger/request_filter.rb

@@ -1,28 +0,0 @@
-module OpenIDConnect
-  module Debugger
-    class RequestFilter
-      # Callback called in HTTPClient (before sending a request)
-      # request:: HTTP::Message
-      def filter_request(request)
-        started = "======= [OpenIDConnect] HTTP REQUEST STARTED ======="
-        log started, request.dump
-      end
-
-      # Callback called in HTTPClient (after received a response)
-      # request::  HTTP::Message
-      # response:: HTTP::Message
-      def filter_response(request, response)
-        finished = "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-        log '-' * 50, response.dump, finished
-      end
-
-      private
-
-      def log(*outputs)
-        outputs.each do |output|
-          OpenIDConnect.logger.info output
-        end
-      end
-    end
-  end
-end

data/lib/openid_connect/debugger.rb

@@ -1,3 +0,0 @@
-Dir[File.dirname(__FILE__) + '/debugger/*.rb'].each do |file|
-  require file
-end

data/spec/openid_connect/debugger/request_filter_spec.rb

@@ -1,33 +0,0 @@
-require 'spec_helper'
-
-describe OpenIDConnect::Debugger::RequestFilter do
-  let(:resource_endpoint) { 'https://example.com/resources' }
-  let(:request) { HTTP::Message.new_request(:get, URI.parse(resource_endpoint)) }
-  let(:response) { HTTP::Message.new_response({hello: 'world'}.to_json) }
-  let(:request_filter) { OpenIDConnect::Debugger::RequestFilter.new }
-
-  describe '#filter_request' do
-    it 'should log request' do
-      [
-        "======= [OpenIDConnect] HTTP REQUEST STARTED =======",
-        request.dump
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_request(request)
-    end
-  end
-
-  describe '#filter_response' do
-    it 'should log response' do
-      [
-        "--------------------------------------------------",
-        response.dump,
-        "======= [OpenIDConnect] HTTP REQUEST FINISHED ======="
-      ].each do |output|
-        expect(OpenIDConnect.logger).to receive(:info).with output
-      end
-      request_filter.filter_response(request, response)
-    end
-  end
-end