openid_connect 1.1.1 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e4b55bd5c5a22957a3460d70775614157035df13
|
4
|
+
data.tar.gz: 9e0d68b1fd4e918a30c990864946ed2808ea04f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1335c76b55348cd3bfe8112396b45763c4900a759363d23ecd3abf8d11c248b051423346caa509cfb8bbf9ee403fae09ad9f739869c059ad6aeb925992d00ee0
|
7
|
+
data.tar.gz: 25cd3008448b9ada76637c71aaa8f2fd44dadf9a8097454290a299ccd22db869b0953eef53066644525db2e53d1aaa1b08db76ba4b2eaeff91f74faef86542b0
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.2
|
@@ -4,6 +4,10 @@ module OpenIDConnect
|
|
4
4
|
class ResponseObject
|
5
5
|
class IdToken < ConnectObject
|
6
6
|
class InvalidToken < Exception; end
|
7
|
+
class ExpiredToken < InvalidToken; end
|
8
|
+
class InvalidIssuer < InvalidToken; end
|
9
|
+
class InvalidNonce < InvalidToken; end
|
10
|
+
class InvalidAudience < InvalidToken; end
|
7
11
|
|
8
12
|
attr_required :iss, :sub, :aud, :exp, :iat
|
9
13
|
attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash
|
@@ -20,11 +24,16 @@ module OpenIDConnect
|
|
20
24
|
end
|
21
25
|
|
22
26
|
def verify!(expected = {})
|
23
|
-
exp.to_i > Time.now.to_i
|
24
|
-
iss == expected[:issuer]
|
25
|
-
|
26
|
-
|
27
|
-
|
27
|
+
raise ExpiredToken.new('Invalid ID token: Expired token') unless exp.to_i > Time.now.to_i
|
28
|
+
raise InvalidIssuer.new('Invalid ID token: Issuer does not match') unless iss == expected[:issuer]
|
29
|
+
raise InvalidNonce.new('Invalid ID Token: Nonce does not match') unless nonce == expected[:nonce]
|
30
|
+
|
31
|
+
# aud(ience) can be a string or an array of strings
|
32
|
+
unless Array(aud).include?(expected[:audience] || expected[:client_id])
|
33
|
+
raise InvalidAudience.new('Invalid ID token: Audience does not match')
|
34
|
+
end
|
35
|
+
|
36
|
+
true
|
28
37
|
end
|
29
38
|
|
30
39
|
include JWTnizable
|
@@ -35,6 +35,17 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
|
|
35
35
|
it { should_not be_valid }
|
36
36
|
end
|
37
37
|
|
38
|
+
context 'when end_session_endpoint given' do
|
39
|
+
let(:end_session_endpoint) { 'https://server.example.com/end_session' }
|
40
|
+
let :attributes do
|
41
|
+
minimum_attributes.merge(
|
42
|
+
end_session_endpoint: end_session_endpoint
|
43
|
+
)
|
44
|
+
end
|
45
|
+
it { should be_valid }
|
46
|
+
its(:end_session_endpoint) { should == end_session_endpoint }
|
47
|
+
end
|
48
|
+
|
38
49
|
describe '#as_json' do
|
39
50
|
subject { instance.as_json }
|
40
51
|
it { should == minimum_attributes }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|