openid_connect 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7c36e7ab5dfce9b786e31f11b6e3cc9524aba2bf
-  data.tar.gz: 0f13fa597e129cb4b59ddfee7c20a4931713f10c
+  metadata.gz: e4b55bd5c5a22957a3460d70775614157035df13
+  data.tar.gz: 9e0d68b1fd4e918a30c990864946ed2808ea04f1
 SHA512:
-  metadata.gz: 11f990477d6336c9414e6bd9495d0c7073c5abf4ed36b969ee0a7e30e71ae566eee6c722e1ffc27b52e142cbe1bda6501f54ff28754d266acdcdc01dc3870644
-  data.tar.gz: af1bdf1a43e3f9ca23d5fd24a9c4fd17844bf15883288f9d994b3e6bb36ac1e961dc5e555d77d9cc090fc66ecaa8cbe24e8089391e1f572d244ebd2bdcc75429
+  metadata.gz: 1335c76b55348cd3bfe8112396b45763c4900a759363d23ecd3abf8d11c248b051423346caa509cfb8bbf9ee403fae09ad9f739869c059ad6aeb925992d00ee0
+  data.tar.gz: 25cd3008448b9ada76637c71aaa8f2fd44dadf9a8097454290a299ccd22db869b0953eef53066644525db2e53d1aaa1b08db76ba4b2eaeff91f74faef86542b0

data/VERSION

@@ -1 +1 @@
-1.1.1
+1.1.2

data/lib/openid_connect/discovery/provider/config/response.rb

@@ -18,6 +18,7 @@ module OpenIDConnect
               :token_endpoint,
               :userinfo_endpoint,
               :registration_endpoint,
+              :end_session_endpoint,
               :service_documentation,
               :op_policy_uri,
               :op_tos_uri

data/lib/openid_connect/response_object/id_token.rb

@@ -4,6 +4,10 @@ module OpenIDConnect
   class ResponseObject
     class IdToken < ConnectObject
       class InvalidToken < Exception; end
+      class ExpiredToken < InvalidToken; end
+      class InvalidIssuer < InvalidToken; end
+      class InvalidNonce < InvalidToken; end
+      class InvalidAudience < InvalidToken; end
 
       attr_required :iss, :sub, :aud, :exp, :iat
       attr_optional :acr, :auth_time, :nonce, :sub_jwk, :at_hash, :c_hash
@@ -20,11 +24,16 @@ module OpenIDConnect
       end
 
       def verify!(expected = {})
-        exp.to_i > Time.now.to_i &&
-        iss == expected[:issuer] &&
-        Array(aud).include?(expected[:audience] || expected[:client_id]) && # aud(ience) can be a string or an array of strings
-        nonce == expected[:nonce] or
-        raise InvalidToken.new('Invalid ID Token')
+        raise ExpiredToken.new('Invalid ID token: Expired token') unless exp.to_i > Time.now.to_i
+        raise InvalidIssuer.new('Invalid ID token: Issuer does not match') unless iss == expected[:issuer]
+        raise InvalidNonce.new('Invalid ID Token: Nonce does not match') unless nonce == expected[:nonce]
+
+        # aud(ience) can be a string or an array of strings
+        unless Array(aud).include?(expected[:audience] || expected[:client_id])
+          raise InvalidAudience.new('Invalid ID token: Audience does not match')
+        end
+
+        true
       end
 
       include JWTnizable

data/spec/openid_connect/discovery/provider/config/response_spec.rb

@@ -35,6 +35,17 @@ describe OpenIDConnect::Discovery::Provider::Config::Response do
     it { should_not be_valid }
   end
 
+  context 'when end_session_endpoint given' do
+    let(:end_session_endpoint) { 'https://server.example.com/end_session' }
+    let :attributes do
+      minimum_attributes.merge(
+        end_session_endpoint: end_session_endpoint
+      )
+    end
+    it { should be_valid }
+    its(:end_session_endpoint) { should == end_session_endpoint }
+  end
+
   describe '#as_json' do
     subject { instance.as_json }
     it { should == minimum_attributes }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-27 00:00:00.000000000 Z
+date: 2017-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json