openid_connect 1.1.1 → 1.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 7c36e7ab5dfce9b786e31f11b6e3cc9524aba2bf
4
- data.tar.gz: 0f13fa597e129cb4b59ddfee7c20a4931713f10c
3
+ metadata.gz: e4b55bd5c5a22957a3460d70775614157035df13
4
+ data.tar.gz: 9e0d68b1fd4e918a30c990864946ed2808ea04f1
5
5
  SHA512:
6
- metadata.gz: 11f990477d6336c9414e6bd9495d0c7073c5abf4ed36b969ee0a7e30e71ae566eee6c722e1ffc27b52e142cbe1bda6501f54ff28754d266acdcdc01dc3870644
7
- data.tar.gz: af1bdf1a43e3f9ca23d5fd24a9c4fd17844bf15883288f9d994b3e6bb36ac1e961dc5e555d77d9cc090fc66ecaa8cbe24e8089391e1f572d244ebd2bdcc75429
6
+ metadata.gz: 1335c76b55348cd3bfe8112396b45763c4900a759363d23ecd3abf8d11c248b051423346caa509cfb8bbf9ee403fae09ad9f739869c059ad6aeb925992d00ee0
7
+ data.tar.gz: 25cd3008448b9ada76637c71aaa8f2fd44dadf9a8097454290a299ccd22db869b0953eef53066644525db2e53d1aaa1b08db76ba4b2eaeff91f74faef86542b0
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.1
1
+ 1.1.2
@@ -18,6 +18,7 @@ module OpenIDConnect
18
18
  :token_endpoint,
19
19
  :userinfo_endpoint,
20
20
  :registration_endpoint,
21
+ :end_session_endpoint,
21
22
  :service_documentation,
22
23
  :op_policy_uri,
23
24
  :op_tos_uri
@@ -4,6 +4,10 @@ module OpenIDConnect
4
4
  class ResponseObject
5
5
  class IdToken < ConnectObject
6
6
  class InvalidToken < Exception; end
7
+ class ExpiredToken < InvalidToken; end
8
+ class InvalidIssuer < InvalidToken; end
9
+ class InvalidNonce < InvalidToken; end
10
+ class InvalidAudience < InvalidToken; end
7
11
 
8
12
  attr_required :iss, :sub, :aud, :exp, :iat
9
13
  attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash
@@ -20,11 +24,16 @@ module OpenIDConnect
20
24
  end
21
25
 
22
26
  def verify!(expected = {})
23
- exp.to_i > Time.now.to_i &&
24
- iss == expected[:issuer] &&
25
- Array(aud).include?(expected[:audience] || expected[:client_id]) && # aud(ience) can be a string or an array of strings
26
- nonce == expected[:nonce] or
27
- raise InvalidToken.new('Invalid ID Token')
27
+ raise ExpiredToken.new('Invalid ID token: Expired token') unless exp.to_i > Time.now.to_i
28
+ raise InvalidIssuer.new('Invalid ID token: Issuer does not match') unless iss == expected[:issuer]
29
+ raise InvalidNonce.new('Invalid ID Token: Nonce does not match') unless nonce == expected[:nonce]
30
+
31
+ # aud(ience) can be a string or an array of strings
32
+ unless Array(aud).include?(expected[:audience] || expected[:client_id])
33
+ raise InvalidAudience.new('Invalid ID token: Audience does not match')
34
+ end
35
+
36
+ true
28
37
  end
29
38
 
30
39
  include JWTnizable
@@ -35,6 +35,17 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
35
35
  it { should_not be_valid }
36
36
  end
37
37
 
38
+ context 'when end_session_endpoint given' do
39
+ let(:end_session_endpoint) { 'https://server.example.com/end_session' }
40
+ let :attributes do
41
+ minimum_attributes.merge(
42
+ end_session_endpoint: end_session_endpoint
43
+ )
44
+ end
45
+ it { should be_valid }
46
+ its(:end_session_endpoint) { should == end_session_endpoint }
47
+ end
48
+
38
49
  describe '#as_json' do
39
50
  subject { instance.as_json }
40
51
  it { should == minimum_attributes }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: openid_connect
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-27 00:00:00.000000000 Z
11
+ date: 2017-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json