openid_connect 1.3.1 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 68649f62e8b9d6137d80e0e02cc0869d27c326ba2d18f8eed01bf48f97c34997
4
- data.tar.gz: 9461179696789570d9ebf4c3dc5fe3ddc285fe80ef79f00523263d04b6075f10
3
+ metadata.gz: b75de8fc4fb255bd3516e8035f72ad3c2f75f95240e6c33d4233991c363b57d5
4
+ data.tar.gz: 43264652dba072d41fde285f06cf2f0e5e173d700d8d5c92156273a249623e16
5
5
  SHA512:
6
- metadata.gz: 4582ef1cb28deaf1251271e2451f02a5350f73183a37d650077cf4fb84fa6135f6ad721c952b0d2266233879cea8362bf61f89f9028c2ab349263953d738cd70
7
- data.tar.gz: e0712701dd14a944bb003c17533b62f5f3b0504a0f2db306007ff8001b1444f003a5704604ce9c6ed3dc169fd0c6cc885817d7a974a018bb2a4fd3390baafc39
6
+ metadata.gz: 9c3a8b6351419263e11bf7ec1ba4960d2a7675545ddd486411b03d6480e39916e93a35129b668b8123ef662fd53ba6941bcdaa3115bdde36cfa9934080fa91c9
7
+ data.tar.gz: 2d3e1bdd2276370bfa60c6a4e5c3f7daf3891cdc60efb7d98130b8686d0d3c4003c6c409cfa59b2b2b7adc57df612958cd8ce36dedfe6cbd3a7b905404a4c500
@@ -0,0 +1,30 @@
1
+ name: Spec
2
+
3
+ on:
4
+ push:
5
+ pull_request:
6
+
7
+ permissions:
8
+ contents: read
9
+
10
+ jobs:
11
+ spec:
12
+ strategy:
13
+ matrix:
14
+ os: ['ubuntu-20.04']
15
+ ruby-version: ['2.6', '2.7', '3.0', '3.1']
16
+ # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
17
+ include:
18
+ - os: 'ubuntu-22.04'
19
+ ruby-version: '3.1'
20
+ runs-on: ${{ matrix.os }}
21
+
22
+ steps:
23
+ - uses: actions/checkout@v3
24
+ - name: Set up Ruby
25
+ uses: ruby/setup-ruby@v1
26
+ with:
27
+ ruby-version: ${{ matrix.ruby-version }}
28
+ bundler-cache: true
29
+ - name: Run Specs
30
+ run: bundle exec rake spec
data/README.rdoc CHANGED
@@ -2,8 +2,6 @@
2
2
 
3
3
  OpenID Connect Server & Client Library
4
4
 
5
- {<img src="https://secure.travis-ci.org/nov/openid_connect.png" />}[https://travis-ci.org/nov/openid_connect]
6
-
7
5
  == Installation
8
6
 
9
7
  gem install openid_connect
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.1
1
+ 1.4.0
@@ -87,6 +87,11 @@ module OpenIDConnect
87
87
  JSON::JWK::Set.new @jwks[:keys]
88
88
  end
89
89
 
90
+ def jwk(kid)
91
+ @jwks ||= {}
92
+ @jwks[kid] ||= JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
93
+ end
94
+
90
95
  def public_keys
91
96
  @public_keys ||= jwks.collect(&:to_key)
92
97
  end
@@ -63,11 +63,16 @@ module OpenIDConnect
63
63
  end
64
64
 
65
65
  class << self
66
- def decode(jwt_string, key)
67
- if key == :self_issued
66
+ def decode(jwt_string, key_or_config)
67
+ case key_or_config
68
+ when :self_issued
68
69
  decode_self_issued jwt_string
70
+ when OpenIDConnect::Discovery::Provider::Config::Response
71
+ jwt = JSON::JWT.decode jwt_string, :skip_verification
72
+ jwt.verify! key_or_config.jwk(jwt.kid)
73
+ new jwt
69
74
  else
70
- new JSON::JWT.decode jwt_string, key
75
+ new JSON::JWT.decode jwt_string, key_or_config
71
76
  end
72
77
  end
73
78
 
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
17
17
  s.add_runtime_dependency "activemodel"
18
18
  s.add_runtime_dependency "validate_url"
19
19
  s.add_runtime_dependency "validate_email"
20
- s.add_runtime_dependency "json-jwt", ">= 1.5.0"
20
+ s.add_runtime_dependency "json-jwt", ">= 1.15.0"
21
21
  s.add_runtime_dependency "swd", ">= 1.0.0"
22
22
  s.add_runtime_dependency "webfinger", ">= 1.0.1"
23
23
  s.add_runtime_dependency "rack-oauth2", ">= 1.6.1"
@@ -0,0 +1,8 @@
1
+ {
2
+ "keys": [{
3
+ "kty": "RSA",
4
+ "e": "AQAB",
5
+ "n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
6
+ "kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
7
+ }]
8
+ }
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
3
+ IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
4
+ wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
5
+ 86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
6
+ LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
7
+ Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
8
+ 90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
9
+ Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
10
+ dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
11
+ H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
12
+ 9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
13
+ 8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
14
+ AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
15
+ VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
16
+ MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
17
+ zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
18
+ Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
19
+ EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
20
+ hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
21
+ pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
22
+ ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
23
+ KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
24
+ JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
25
+ XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
26
+ mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
27
+ -----END RSA PRIVATE KEY-----
@@ -251,6 +251,35 @@ describe OpenIDConnect::ResponseObject::IdToken do
251
251
  its(:exp) { should == attributes[:exp].to_i }
252
252
  its(:raw_attributes) { should be_instance_of JSON::JWS }
253
253
 
254
+ context 'when IdP config is given' do
255
+ subject { klass.decode id_token.to_jwt(private_key), idp_config }
256
+ let(:jwks) do
257
+ jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
258
+ jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
259
+ end
260
+ let(:private_key) do
261
+ OpenSSL::PKey::RSA.new(
262
+ File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
263
+ ).to_jwk
264
+ end
265
+ let(:idp_config) do
266
+ OpenIDConnect::Discovery::Provider::Config::Response.new(
267
+ issuer: attributes[:issuer],
268
+ authorization_endpoint: File.join(attributes[:iss], 'authorize'),
269
+ jwks_uri: File.join(attributes[:iss], 'jwks'),
270
+ response_types_supported: ['code'],
271
+ subject_types_supported: ['public'],
272
+ id_token_signing_alg_values_supported: ['RS256']
273
+ )
274
+ end
275
+
276
+ it do
277
+ mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
278
+ should
279
+ end
280
+ end
281
+ end
282
+
254
283
  context 'when self-issued' do
255
284
  context 'when valid' do
256
285
  let(:self_issued) do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-14 00:00:00.000000000 Z
11
+ date: 2022-09-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tzinfo
@@ -86,14 +86,14 @@ dependencies:
86
86
  requirements:
87
87
  - - ">="
88
88
  - !ruby/object:Gem::Version
89
- version: 1.5.0
89
+ version: 1.15.0
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - ">="
95
95
  - !ruby/object:Gem::Version
96
- version: 1.5.0
96
+ version: 1.15.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: swd
99
99
  requirement: !ruby/object:Gem::Requirement
@@ -136,20 +136,6 @@ dependencies:
136
136
  - - ">="
137
137
  - !ruby/object:Gem::Version
138
138
  version: 1.6.1
139
- - !ruby/object:Gem::Dependency
140
- name: net-smtp
141
- requirement: !ruby/object:Gem::Requirement
142
- requirements:
143
- - - ">="
144
- - !ruby/object:Gem::Version
145
- version: '0'
146
- type: :runtime
147
- prerelease: false
148
- version_requirements: !ruby/object:Gem::Requirement
149
- requirements:
150
- - - ">="
151
- - !ruby/object:Gem::Version
152
- version: '0'
153
139
  - !ruby/object:Gem::Dependency
154
140
  name: rake
155
141
  requirement: !ruby/object:Gem::Requirement
@@ -242,9 +228,9 @@ extensions: []
242
228
  extra_rdoc_files: []
243
229
  files:
244
230
  - ".github/FUNDING.yml"
231
+ - ".github/workflows/spec.yml"
245
232
  - ".gitignore"
246
233
  - ".rspec"
247
- - ".travis.yml"
248
234
  - Gemfile
249
235
  - LICENSE
250
236
  - README.rdoc
@@ -304,6 +290,8 @@ files:
304
290
  - spec/mock_response/errors/unknown.json
305
291
  - spec/mock_response/id_token.json
306
292
  - spec/mock_response/public_keys/jwks.json
293
+ - spec/mock_response/public_keys/jwks_with_private_key.json
294
+ - spec/mock_response/public_keys/private_key.pem
307
295
  - spec/mock_response/request_object/signed.jwt
308
296
  - spec/mock_response/userinfo/openid.json
309
297
  - spec/openid_connect/access_token_spec.rb
@@ -348,7 +336,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
348
336
  - !ruby/object:Gem::Version
349
337
  version: '0'
350
338
  requirements: []
351
- rubygems_version: 3.3.7
339
+ rubygems_version: 3.2.22
352
340
  signing_key:
353
341
  specification_version: 4
354
342
  summary: OpenID Connect Server & Client Library
@@ -376,6 +364,8 @@ test_files:
376
364
  - spec/mock_response/errors/unknown.json
377
365
  - spec/mock_response/id_token.json
378
366
  - spec/mock_response/public_keys/jwks.json
367
+ - spec/mock_response/public_keys/jwks_with_private_key.json
368
+ - spec/mock_response/public_keys/private_key.pem
379
369
  - spec/mock_response/request_object/signed.jwt
380
370
  - spec/mock_response/userinfo/openid.json
381
371
  - spec/openid_connect/access_token_spec.rb
data/.travis.yml DELETED
@@ -1,8 +0,0 @@
1
- before_install:
2
- - gem install bundler
3
-
4
- rvm:
5
- - 2.6.10
6
- - 2.7.6
7
- - 3.0.4
8
- - 3.1.2