openid_connect 0.0.2 → 0.0.3

data/Gemfile.lock

@@ -1,11 +1,12 @@
 PATH
   remote: .
   specs:
-    openid_connect (0.0.1)
-      activemodel
-      attr_required
-      jwt
-      rack-oauth2 (>= 0.9.0)
+    openid_connect (0.0.2)
+      activemodel (>= 3)
+      attr_required (>= 0.0.3)
+      json (>= 1.4.3)
+      jwt (>= 0.1.3)
+      rack-oauth2 (>= 0.9)
       tzinfo
       validate_email
       validate_url
@@ -33,7 +34,7 @@ GEM
     mime-types (1.16)
     polyglot (0.3.2)
     rack (1.3.2)
-    rack-oauth2 (0.9.0)
+    rack-oauth2 (0.9.1)
       activesupport (>= 2.3)
       attr_required (>= 0.0.3)
       httpclient (>= 2.2.0.2)

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 nov matake
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,31 @@
+= OpenIDConnect
+
+OpenID Connect Server & Client Library
+
+== Installation
+
+  gem install openid_connect
+
+== Resources
+
+* View Source on GitHub (http://github.com/nov/openid_connect)
+* Report Issues on GitHub (http://github.com/nov/openid_connect/issues)
+
+== Examples
+
+* Running on Heroku (https://openid-connect.herokuapp.com)
+* Source on GitHub (https://github.com/nov/openid_connect_sample)
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2011 nov matake. See LICENSE for details.

data/VERSION

@@ -1 +1 @@
-0.0.2
+0.0.3

data/lib/openid_connect.rb

@@ -1,5 +1,8 @@
+require 'json'
 require 'rack/oauth2'
 require 'rack/oauth2/server/authorize/extension/id_token'
 require 'rack/oauth2/server/authorize/extension/id_token_and_token'
 
+require 'openid_connect/client'
+require 'openid_connect/access_token'
 require 'openid_connect/response_object'

data/lib/openid_connect/access_token.rb

@@ -0,0 +1,38 @@
+module OpenIDConnect
+  class AccessToken < Rack::OAuth2::AccessToken::Bearer
+    attr_required :client
+
+    def user_info!(scheme = :openid)
+      klass = case scheme
+      when :openid
+        UserInfo::OpenID
+      else
+        raise "Unknown Scheme: #{scheme}"
+      end
+      klass.new resource_request do
+        get absolute_uri_for(user_info_endpoint)
+      end
+    end
+
+    def id_token!
+      IdToken.new resource_request do
+        get absolute_uri_for(introspection_endpoint)
+      end
+    end
+
+    private
+
+    def resource_request
+      access_token_requied!
+      res = yield
+      case res.status
+      when 200
+        JSON.parse(res.body).with_indifferent_access
+      when 401
+        raise OpenIDConnect::Unauthorized.new('Access Token Invalid or Expired')
+      else
+        raise OpenIDConnect::BadRequest.new('API Access Faild')
+      end
+    end
+  end
+end

data/lib/openid_connect/client.rb

@@ -0,0 +1,36 @@
+module OpenIDConnect
+  class Client < Rack::OAuth2::Client
+    attr_optional :introspection_endpoint, :user_info_endpoint
+
+    def initialize(attributes = {})
+      super
+      @user_info_endpoint     ||= '/user_info'
+      @introspection_endpoint ||= '/id_tokens'
+    end
+
+    def authorization_uri(params = {})
+      params[:response_type] ||= :token
+      params[:scope] = setup_required_scope params[:scope]
+      Rack::OAuth2::Util.redirect_uri absolute_uri_for(authorization_endpoint), :query, params.merge(
+        :client_id => self.identifier,
+        :redirect_uri => self.redirect_uri
+      )
+    end
+
+    def access_token!
+      token = super
+      AccessToken.new token.token_response.merge(:client => self)
+    end
+
+    private
+
+    def setup_required_scope(scopes)
+      scopes = Array(scopes).join(' ').split(' ')
+      if scopes.include?('openid')
+        scopes
+      else
+        (scopes << 'openid')
+      end.join(' ')
+    end
+  end
+end

data/lib/openid_connect/exception.rb

@@ -0,0 +1,30 @@
+module OpenIDConnect
+  class Exception < StandardError; end
+
+  class HttpError < Exception
+    attr_accessor :status, :response
+    def initialize(status, message, response = nil)
+      @status = status
+      @message = message
+      @response = response
+    end
+  end
+
+  class BadRequest < HttpError
+    def initialize(message, response = nil)
+      super 400, message, response
+    end
+  end
+
+  class Unauthorized < HttpError
+    def initialize(message, response = nil)
+      super 401, message, response
+    end
+  end
+
+  class Forbidden < HttpError
+    def initialize(message, response = nil)
+      super 403, message, response
+    end
+  end
+end

data/openid_connect.gemspec

@@ -10,13 +10,14 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-  s.add_runtime_dependency "activemodel"
+  s.add_runtime_dependency "activemodel", ">= 3"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
   s.add_runtime_dependency "tzinfo"
-  s.add_runtime_dependency "jwt"
-  s.add_runtime_dependency "attr_required"
-  s.add_runtime_dependency "rack-oauth2", ">= 0.9.0"
+  s.add_runtime_dependency "jwt", ">= 0.1.3"
+  s.add_runtime_dependency "json", ">= 1.4.3"
+  s.add_runtime_dependency "attr_required", ">= 0.0.3"
+  s.add_runtime_dependency "rack-oauth2", ">= 0.9"
   s.add_development_dependency "rake", ">= 0.8"
   s.add_development_dependency "rcov", ">= 0.9"
   s.add_development_dependency "rspec", ">= 2"

metadata

@@ -2,7 +2,7 @@
 name: openid_connect
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors: 
 - nov matake
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-13 00:00:00 Z
+date: 2011-08-15 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: activemodel
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: "0"
+        version: "3"
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -64,64 +64,75 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: "0"
+        version: 0.1.3
   type: :runtime
   version_requirements: *id005
 - !ruby/object:Gem::Dependency 
-  name: attr_required
+  name: json
   prerelease: false
   requirement: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: "0"
+        version: 1.4.3
   type: :runtime
   version_requirements: *id006
 - !ruby/object:Gem::Dependency 
-  name: rack-oauth2
+  name: attr_required
   prerelease: false
   requirement: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 0.9.0
+        version: 0.0.3
   type: :runtime
   version_requirements: *id007
 - !ruby/object:Gem::Dependency 
-  name: rake
+  name: rack-oauth2
   prerelease: false
   requirement: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0.9"
+  type: :runtime
+  version_requirements: *id008
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
         version: "0.8"
   type: :development
-  version_requirements: *id008
+  version_requirements: *id009
 - !ruby/object:Gem::Dependency 
   name: rcov
   prerelease: false
-  requirement: &id009 !ruby/object:Gem::Requirement 
+  requirement: &id010 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
         version: "0.9"
   type: :development
-  version_requirements: *id009
+  version_requirements: *id010
 - !ruby/object:Gem::Dependency 
   name: rspec
   prerelease: false
-  requirement: &id010 !ruby/object:Gem::Requirement 
+  requirement: &id011 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
         version: "2"
   type: :development
-  version_requirements: *id010
+  version_requirements: *id011
 description: OpenID Connect Server & Client Library
 email: 
 - nov@matake.jp
@@ -135,9 +146,14 @@ files:
 - .gitignore
 - Gemfile
 - Gemfile.lock
+- LICENSE
+- README.rdoc
 - Rakefile
 - VERSION
 - lib/openid_connect.rb
+- lib/openid_connect/access_token.rb
+- lib/openid_connect/client.rb
+- lib/openid_connect/exception.rb
 - lib/openid_connect/response_object.rb
 - lib/openid_connect/response_object/id_token.rb
 - lib/openid_connect/response_object/user_info.rb