openid_connect 1.3.1 → 1.4.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 68649f62e8b9d6137d80e0e02cc0869d27c326ba2d18f8eed01bf48f97c34997
4
- data.tar.gz: 9461179696789570d9ebf4c3dc5fe3ddc285fe80ef79f00523263d04b6075f10
3
+ metadata.gz: fc2fbaf7f12786bfb4695776c65b78a58a7730730382b138a8b53b6149939989
4
+ data.tar.gz: 54d98cef9172883b53426b457ab41cb743d078ae9ed20eb8b374628802cebf1d
5
5
  SHA512:
6
- metadata.gz: 4582ef1cb28deaf1251271e2451f02a5350f73183a37d650077cf4fb84fa6135f6ad721c952b0d2266233879cea8362bf61f89f9028c2ab349263953d738cd70
7
- data.tar.gz: e0712701dd14a944bb003c17533b62f5f3b0504a0f2db306007ff8001b1444f003a5704604ce9c6ed3dc169fd0c6cc885817d7a974a018bb2a4fd3390baafc39
6
+ metadata.gz: f3bc8fec5821911fbf334a27c9bc2d49dd7871cd5379a9ff91b7a5d1f05b017cece154744b4eb6283b3eea64dbf2cd6cb2fc61fe66a1f75c4dbf21aa97180646
7
+ data.tar.gz: '09845c6ec9f7d8a198333d49eab6511f25fccd7d31a6ea7f59456700f44eab420ae4dbe2d96d28e541f7cd7b5f9bf0c5976ee19a85b7397904c3debd45db01e9'
@@ -0,0 +1,32 @@
1
+ name: Spec
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - master
7
+ pull_request:
8
+
9
+ permissions:
10
+ contents: read
11
+
12
+ jobs:
13
+ spec:
14
+ strategy:
15
+ matrix:
16
+ os: ['ubuntu-20.04']
17
+ ruby-version: ['2.6', '2.7', '3.0', '3.1']
18
+ # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
19
+ include:
20
+ - os: 'ubuntu-22.04'
21
+ ruby-version: '3.1'
22
+ runs-on: ${{ matrix.os }}
23
+
24
+ steps:
25
+ - uses: actions/checkout@v3
26
+ - name: Set up Ruby
27
+ uses: ruby/setup-ruby@v1
28
+ with:
29
+ ruby-version: ${{ matrix.ruby-version }}
30
+ bundler-cache: true
31
+ - name: Run Specs
32
+ run: bundle exec rake spec
data/README.rdoc CHANGED
@@ -2,8 +2,6 @@
2
2
 
3
3
  OpenID Connect Server & Client Library
4
4
 
5
- {<img src="https://secure.travis-ci.org/nov/openid_connect.png" />}[https://travis-ci.org/nov/openid_connect]
6
-
7
5
  == Installation
8
6
 
9
7
  gem install openid_connect
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.1
1
+ 1.4.2
@@ -87,6 +87,11 @@ module OpenIDConnect
87
87
  JSON::JWK::Set.new @jwks[:keys]
88
88
  end
89
89
 
90
+ def jwk(kid)
91
+ @jwks ||= {}
92
+ @jwks[kid] ||= JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
93
+ end
94
+
90
95
  def public_keys
91
96
  @public_keys ||= jwks.collect(&:to_key)
92
97
  end
@@ -63,11 +63,16 @@ module OpenIDConnect
63
63
  end
64
64
 
65
65
  class << self
66
- def decode(jwt_string, key)
67
- if key == :self_issued
66
+ def decode(jwt_string, key_or_config)
67
+ case key_or_config
68
+ when :self_issued
68
69
  decode_self_issued jwt_string
70
+ when OpenIDConnect::Discovery::Provider::Config::Response
71
+ jwt = JSON::JWT.decode jwt_string, :skip_verification
72
+ jwt.verify! key_or_config.jwk(jwt.kid)
73
+ new jwt
69
74
  else
70
- new JSON::JWT.decode jwt_string, key
75
+ new JSON::JWT.decode jwt_string, key_or_config
71
76
  end
72
77
  end
73
78
 
@@ -17,10 +17,10 @@ Gem::Specification.new do |s|
17
17
  s.add_runtime_dependency "activemodel"
18
18
  s.add_runtime_dependency "validate_url"
19
19
  s.add_runtime_dependency "validate_email"
20
- s.add_runtime_dependency "json-jwt", ">= 1.5.0"
21
- s.add_runtime_dependency "swd", ">= 1.0.0"
22
- s.add_runtime_dependency "webfinger", ">= 1.0.1"
23
- s.add_runtime_dependency "rack-oauth2", ">= 1.6.1"
20
+ s.add_runtime_dependency "json-jwt", ">= 1.15.0"
21
+ s.add_runtime_dependency "swd", "~> 1.3"
22
+ s.add_runtime_dependency "webfinger", "~> 1.2"
23
+ s.add_runtime_dependency "rack-oauth2", "~> 1.21"
24
24
  if Gem.ruby_version >= Gem::Version.create(3.1)
25
25
  # TODO:
26
26
  # remove "net-smtp" dependency after mail gem 2.8+ (which supports ruby 3.1+) released.
@@ -0,0 +1,8 @@
1
+ {
2
+ "keys": [{
3
+ "kty": "RSA",
4
+ "e": "AQAB",
5
+ "n": "vWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNpIlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676wpLDzMkaU7bYLJxGjZlpHU-UJVIm5KX9-NfMyGbFUOuw4AY-OWp8GxrqwAF4U6bJ86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg_o3Px5QASxvDCawMeLR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJGJf-t9hEcJPmrI6q9zl6WArUueQHS-XUQWq5ptw",
6
+ "kid": "DCmKamGtkGAWz-uujePOp-UeATAeT4fi3KouR78r44I"
7
+ }]
8
+ }
@@ -0,0 +1,27 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIEpAIBAAKCAQEAvWr1S4T0jBnYU9PIpUYxT48Ca8HK8aitbmqbTM3t3Zzl1GNp
3
+ IlyePnwXSL6SgNcVbeRhTfvXZUzH4pP8HzPJdpUHnAeYyCzjz9UNykdFCp2YW676
4
+ wpLDzMkaU7bYLJxGjZlpHU+UJVIm5KX9+NfMyGbFUOuw4AY+OWp8GxrqwAF4U6bJ
5
+ 86TpO24wMxmgm0Vl72aRMGVJkRz66YLYOPNVjXjOI4bUuxg/o3Px5QASxvDCawMe
6
+ LR3pLCoQcLAZn6WZx7nX3Wu6QzcY0QCqhqUAeY49QRT83Jdg7WUsNa2Rbegi3jJG
7
+ Jf+t9hEcJPmrI6q9zl6WArUueQHS+XUQWq5ptwIDAQABAoIBAHvDWBUJAVRNSsiy
8
+ 90XuECggk/9ed0Dg6rjblS9g2kvTyWO1tKsMAyVmpTwVsNnYLxtHfsCajcmVmoEU
9
+ Gkc06iy+AWPUnuIkWpGgbss9OAJQqI03Toc1qBO1TqtmK+cyEPNSSpkpNu4PuHPr
10
+ dX9TWW2ToNdXuJEX4y5WwlJfiwT6kPdK86IKpPCql1+X/N2nKbn+5OWHTDuW3jLF
11
+ H4UoJlUU77VgPedQLF9xr9NXGZbgYdTtsg3GU3k7/xhcetNq22Dtr8vYnX8LcIsZ
12
+ 9VW+KBRGOwgXTMLuj25VxkFUsJejEoq5+WyHTsSsa4w8Fxyc50GPfZJKh8J2jHiG
13
+ 8weJUNECgYEA5CoQmUz+8saVg1IwnEgZBSMF1rthMgvuDPhD8PJNaugUCyo9tg0O
14
+ AXo9EMOUHmr2vCN8h2MZZuuW0D5np/Z9T102N99mJU6tVMSabBPDUTfxThq4xY48
15
+ VZvS6EOzSomeEbrIDciJghqJIvPxEoqLXY3Zg7kDef7YiqybhZFdlS8CgYEA1IbH
16
+ MHKfcL+LAo88y4tgOe6Wn8FRG1K7MHvdR+KErgxBg63I9zmolPsyznjNVKpB9syt
17
+ zqkDxBg/jTIctgeziMQNSODQoqRKcgEDePwcu+wBvuV+LJFJoIWFrvIPyZ5yKzeb
18
+ Vm1lRMgQfoeAQE4nVYAJG+oTTsFTdEtrHkOW4fkCgYEAsNHcnUFrTvARDH1UiLjj
19
+ EvUKYFhEwck3CbwYwxC0aIZEikaJHp3NXd3Cl0xKbKxOXI1Pw4hMNlObQ/Uo1aUT
20
+ hb7h9rjda0omz8uxNNK4CihFjFbvHMLXBS1GbJOSzdAKvQi4Yt4nmrk/z+Omzsyp
21
+ pq34hLmL9S5H2Ghd+kwmbycCgYBiC1N1PEvl3depdJ8dX80irLj8NljOfBozQdFR
22
+ ymRfTvQiZVfjBcyJ/mDv87b2Kh2IV+CPCFXebzlSUB4CtAbVP2zJhD176sMVWPZb
23
+ KCOxZi1f/ct5kAUhcre7f5xc7SXKXjrhYlJnqsxBMw2tnOB0hz6sjA4gNPvlGK3w
24
+ JkpDMQKBgQCgPoqSjmbroWC9oq5iDwRtx6f6fJG7CE91ZFJulunQj6YWOC3zNHEa
25
+ XvPPGM8fZpJS4e8LiPClkk8nsOoC50neEVGZeEuhdP6m6WNPN3SlP7bXozHOJTh0
26
+ mHrk2bUHFlQn8f5KWfLQbdyKBzs7WqCRTOR/gIbfxBlUOs0BN37xhw==
27
+ -----END RSA PRIVATE KEY-----
@@ -251,6 +251,54 @@ describe OpenIDConnect::ResponseObject::IdToken do
251
251
  its(:exp) { should == attributes[:exp].to_i }
252
252
  its(:raw_attributes) { should be_instance_of JSON::JWS }
253
253
 
254
+ context 'when IdP config is given' do
255
+ subject { klass.decode id_token.to_jwt(private_key), idp_config }
256
+ let(:jwks) do
257
+ jwk_str = File.read(File.join(__dir__, '../../mock_response/public_keys/jwks_with_private_key.json'))
258
+ jwk = JSON::JWK::Set.new JSON.parse(jwk_str)
259
+ end
260
+ let(:idp_config) do
261
+ OpenIDConnect::Discovery::Provider::Config::Response.new(
262
+ issuer: attributes[:issuer],
263
+ authorization_endpoint: File.join(attributes[:iss], 'authorize'),
264
+ jwks_uri: File.join(attributes[:iss], 'jwks'),
265
+ response_types_supported: ['code'],
266
+ subject_types_supported: ['public'],
267
+ id_token_signing_alg_values_supported: ['RS256']
268
+ )
269
+ end
270
+
271
+ context 'when id_token has kid' do
272
+ let(:private_key) do
273
+ OpenSSL::PKey::RSA.new(
274
+ File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
275
+ ).to_jwk
276
+ end
277
+
278
+ it do
279
+ mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
280
+ should be_a klass
281
+ end
282
+ end
283
+ end
284
+
285
+ context 'otherwise' do
286
+ let(:private_key) do
287
+ OpenSSL::PKey::RSA.new(
288
+ File.read(File.join(__dir__, '../../mock_response/public_keys/private_key.pem'))
289
+ )
290
+ end
291
+
292
+ it do
293
+ mock_json :get, idp_config.jwks_uri, 'public_keys/jwks_with_private_key' do
294
+ expect do
295
+ should
296
+ end.to raise_error JSON::JWK::Set::KidNotFound
297
+ end
298
+ end
299
+ end
300
+ end
301
+
254
302
  context 'when self-issued' do
255
303
  context 'when valid' do
256
304
  let(:self_issued) do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.1
4
+ version: 1.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-14 00:00:00.000000000 Z
11
+ date: 2022-10-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: tzinfo
@@ -86,56 +86,56 @@ dependencies:
86
86
  requirements:
87
87
  - - ">="
88
88
  - !ruby/object:Gem::Version
89
- version: 1.5.0
89
+ version: 1.15.0
90
90
  type: :runtime
91
91
  prerelease: false
92
92
  version_requirements: !ruby/object:Gem::Requirement
93
93
  requirements:
94
94
  - - ">="
95
95
  - !ruby/object:Gem::Version
96
- version: 1.5.0
96
+ version: 1.15.0
97
97
  - !ruby/object:Gem::Dependency
98
98
  name: swd
99
99
  requirement: !ruby/object:Gem::Requirement
100
100
  requirements:
101
- - - ">="
101
+ - - "~>"
102
102
  - !ruby/object:Gem::Version
103
- version: 1.0.0
103
+ version: '1.3'
104
104
  type: :runtime
105
105
  prerelease: false
106
106
  version_requirements: !ruby/object:Gem::Requirement
107
107
  requirements:
108
- - - ">="
108
+ - - "~>"
109
109
  - !ruby/object:Gem::Version
110
- version: 1.0.0
110
+ version: '1.3'
111
111
  - !ruby/object:Gem::Dependency
112
112
  name: webfinger
113
113
  requirement: !ruby/object:Gem::Requirement
114
114
  requirements:
115
- - - ">="
115
+ - - "~>"
116
116
  - !ruby/object:Gem::Version
117
- version: 1.0.1
117
+ version: '1.2'
118
118
  type: :runtime
119
119
  prerelease: false
120
120
  version_requirements: !ruby/object:Gem::Requirement
121
121
  requirements:
122
- - - ">="
122
+ - - "~>"
123
123
  - !ruby/object:Gem::Version
124
- version: 1.0.1
124
+ version: '1.2'
125
125
  - !ruby/object:Gem::Dependency
126
126
  name: rack-oauth2
127
127
  requirement: !ruby/object:Gem::Requirement
128
128
  requirements:
129
- - - ">="
129
+ - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 1.6.1
131
+ version: '1.21'
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
- - - ">="
136
+ - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 1.6.1
138
+ version: '1.21'
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: net-smtp
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -242,9 +242,9 @@ extensions: []
242
242
  extra_rdoc_files: []
243
243
  files:
244
244
  - ".github/FUNDING.yml"
245
+ - ".github/workflows/spec.yml"
245
246
  - ".gitignore"
246
247
  - ".rspec"
247
- - ".travis.yml"
248
248
  - Gemfile
249
249
  - LICENSE
250
250
  - README.rdoc
@@ -304,6 +304,8 @@ files:
304
304
  - spec/mock_response/errors/unknown.json
305
305
  - spec/mock_response/id_token.json
306
306
  - spec/mock_response/public_keys/jwks.json
307
+ - spec/mock_response/public_keys/jwks_with_private_key.json
308
+ - spec/mock_response/public_keys/private_key.pem
307
309
  - spec/mock_response/request_object/signed.jwt
308
310
  - spec/mock_response/userinfo/openid.json
309
311
  - spec/openid_connect/access_token_spec.rb
@@ -376,6 +378,8 @@ test_files:
376
378
  - spec/mock_response/errors/unknown.json
377
379
  - spec/mock_response/id_token.json
378
380
  - spec/mock_response/public_keys/jwks.json
381
+ - spec/mock_response/public_keys/jwks_with_private_key.json
382
+ - spec/mock_response/public_keys/private_key.pem
379
383
  - spec/mock_response/request_object/signed.jwt
380
384
  - spec/mock_response/userinfo/openid.json
381
385
  - spec/openid_connect/access_token_spec.rb
data/.travis.yml DELETED
@@ -1,8 +0,0 @@
1
- before_install:
2
- - gem install bundler
3
-
4
- rvm:
5
- - 2.6.10
6
- - 2.7.6
7
- - 3.0.4
8
- - 3.1.2