openid_connect 1.1.1 → 1.1.2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e4b55bd5c5a22957a3460d70775614157035df13
|
4
|
+
data.tar.gz: 9e0d68b1fd4e918a30c990864946ed2808ea04f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1335c76b55348cd3bfe8112396b45763c4900a759363d23ecd3abf8d11c248b051423346caa509cfb8bbf9ee403fae09ad9f739869c059ad6aeb925992d00ee0
|
7
|
+
data.tar.gz: 25cd3008448b9ada76637c71aaa8f2fd44dadf9a8097454290a299ccd22db869b0953eef53066644525db2e53d1aaa1b08db76ba4b2eaeff91f74faef86542b0
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.1.
|
1
|
+
1.1.2
|
@@ -4,6 +4,10 @@ module OpenIDConnect
|
|
4
4
|
class ResponseObject
|
5
5
|
class IdToken < ConnectObject
|
6
6
|
class InvalidToken < Exception; end
|
7
|
+
class ExpiredToken < InvalidToken; end
|
8
|
+
class InvalidIssuer < InvalidToken; end
|
9
|
+
class InvalidNonce < InvalidToken; end
|
10
|
+
class InvalidAudience < InvalidToken; end
|
7
11
|
|
8
12
|
attr_required :iss, :sub, :aud, :exp, :iat
|
9
13
|
attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash
|
@@ -20,11 +24,16 @@ module OpenIDConnect
|
|
20
24
|
end
|
21
25
|
|
22
26
|
def verify!(expected = {})
|
23
|
-
exp.to_i > Time.now.to_i
|
24
|
-
iss == expected[:issuer]
|
25
|
-
|
26
|
-
|
27
|
-
|
27
|
+
raise ExpiredToken.new('Invalid ID token: Expired token') unless exp.to_i > Time.now.to_i
|
28
|
+
raise InvalidIssuer.new('Invalid ID token: Issuer does not match') unless iss == expected[:issuer]
|
29
|
+
raise InvalidNonce.new('Invalid ID Token: Nonce does not match') unless nonce == expected[:nonce]
|
30
|
+
|
31
|
+
# aud(ience) can be a string or an array of strings
|
32
|
+
unless Array(aud).include?(expected[:audience] || expected[:client_id])
|
33
|
+
raise InvalidAudience.new('Invalid ID token: Audience does not match')
|
34
|
+
end
|
35
|
+
|
36
|
+
true
|
28
37
|
end
|
29
38
|
|
30
39
|
include JWTnizable
|
@@ -35,6 +35,17 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
|
|
35
35
|
it { should_not be_valid }
|
36
36
|
end
|
37
37
|
|
38
|
+
context 'when end_session_endpoint given' do
|
39
|
+
let(:end_session_endpoint) { 'https://server.example.com/end_session' }
|
40
|
+
let :attributes do
|
41
|
+
minimum_attributes.merge(
|
42
|
+
end_session_endpoint: end_session_endpoint
|
43
|
+
)
|
44
|
+
end
|
45
|
+
it { should be_valid }
|
46
|
+
its(:end_session_endpoint) { should == end_session_endpoint }
|
47
|
+
end
|
48
|
+
|
38
49
|
describe '#as_json' do
|
39
50
|
subject { instance.as_json }
|
40
51
|
it { should == minimum_attributes }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|