RubyGems - openid_connect_client - Versions diffs - 0.1.1 - Mend

openid_connect_client 0.1.1

Files changed (16) hide show

checksums.yaml +7 -0
data/.gitignore +9 -0
data/.rspec +2 -0
data/.travis.yml +4 -0
data/CODE_OF_CONDUCT.md +49 -0
data/Gemfile +4 -0
data/LICENSE.txt +25 -0
data/README.md +32 -0
data/Rakefile +6 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/example.rb +63 -0
data/lib/openid_connect_client/version.rb +3 -0
data/lib/openid_connect_client.rb +685 -0
data/openid_connect_client.gemspec +27 -0
metadata +116 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 6e1880db733cf2f8d0daa8a44f973113eb7094c9
+  data.tar.gz: da7152755f9b914d25c7e0afab78adffd30801b0
+SHA512:
+  metadata.gz: f7506f7123ffcbf9017dba62c5eb43d002ce99d8c77d0006f97d2ed91268b26b2749525bc2cb9ca1d0888e5f7e30754c0caf528e2cba29aaf8708f2588d2865c
+  data.tar.gz: 2988f54c6c221b8549b2592c9e9e87f15e1d84a220b5eb1c06351b446e79324a02ab5745fa2ed2283f450f8059e68d4abd786926be387a7e168d6897bef95e92

data/.gitignore ADDED Viewed

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ --format documentation
2	+ --color

data/.travis.yml ADDED Viewed

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.3
+before_install: gem install bundler -v 1.11.2

data/CODE_OF_CONDUCT.md ADDED Viewed

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+Examples of unacceptable behavior by participants include:
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at zeta@widcket.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in openid_connect_client.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,25 @@
+The MIT License (MIT)
+Copyright (c) 2016 Rita Zerrizuela
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+------
+OpenID-Connect-PHP License
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    [http://www.apache.org/licenses/LICENSE-2.0]
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,32 @@
+# openid-connect-ruby
+A literal, not so idiomatic ruby port of Michael Jett's excellent [OpenID Connect](https://github.com/jumbojett/OpenID-Connect-PHP) library for PHP.
+## Requirements
+- Curb
+## Usage
+See `example.rb`
+```
+oidc = OpenIDConnectClient.new('https://provider.com/openid', 'CLIENT_ID', 'SECRET')
+oidc.redirect_url = "http://yourweb.com/callback"
+oidc.scopes = "openid email profile address phone"
+oidc.authorize()
+session[:state] = oidc.state
+redirect_to(oidc.auth_endpoint)
+```
+### On the callback
+```
+oidc = OpenIDConnectClient.new('https://provider.com/openid', 'CLIENT_ID', 'SECRET')
+oidc.redirect_url = "http://yourweb.com/callback"
+oidc.scopes = "openid email profile address phone"
+oidc.authenticate()
+email = oidc.get('email')
+given_name = oidc.get('given_name')
+address = oidc.get('address')
+```

data/Rakefile ADDED Viewed

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "openid_connect_client"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED Viewed

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+bundle install
+# Do any other automated setup that you need to do here

data/example.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require 'nyny'
+require 'erb'
+require 'openid_connect_client'
+TEMPLATE = DATA.read.freeze
+class App < NYNY::App
+    use Rack::Session::Cookie, :secret => 'your_secret'
+    get '/' do
+        oidc = get_client()
+        oidc.authorize()
+        session[:state] = oidc.state
+        redirect_to(oidc.auth_endpoint)
+    end
+    get '/callback' do
+        oidc = get_client(params)
+        oidc.authenticate()
+        email = oidc.get('email')
+        given_name = oidc.get('given_name')
+        address = oidc.get('address')
+        ERB.new(TEMPLATE).result(binding)
+    end
+    helpers do
+        def get_client(params = nil)
+            oidc = OpenIDConnectClient::Client.new('PROVIDER_ENDPOINT', 'CLIENT_ID', 'SECRET')
+            oidc.redirect_url = 'http://localhost:9292/callback'
+            oidc.scopes = 'openid email profile address phone'
+            oidc.state = session[:state]
+            oidc.params = params if params
+            oidc
+        end
+    end
+end
+App.run!
+__END__
+<html>
+<head>
+    <title>OpenID Connect Client Example</title>
+    <style>
+        body {
+            font-family: Helvetica, Arial, sans-serif;
+        }
+    </style>
+</head>
+<body>
+    <div>
+        Hi <%= given_name %><br>
+        Your email is <%= email %><br>
+        Your address is <%= address[:street_address] %><br>
+        Your postal code is <%= address[:postal_code] %>
+    </div>
+</body>
+</html>

data/lib/openid_connect_client/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module OpenIDConnectClient
+  VERSION = "0.1.1"
+end

data/lib/openid_connect_client.rb ADDED Viewed

@@ -0,0 +1,685 @@
+require "openid_connect_client/version"
+module OpenIDConnectClient
+  class OpenIDConnectClientException < Exception
+  end
+  class Client
+      require 'securerandom'
+      require 'digest/md5'
+      require 'cgi'
+      require 'base64'
+      require 'openssl'
+      require 'xml/libxml'
+      require 'curb'
+      private #==============================================================================================================================
+          #
+          # Gets anything that we need configuration wise including endpoints, and other values
+          #
+          # @return void
+          # @throws OpenIDConnectClientException
+          #
+          def get_provider_config
+              well_known_config_response = fetch_url(@well_known_config_url).body_str
+              unless well_known_config_response
+                  raise OpenIDConnectClientException, "Unable to get provider configuration data. Make sure your provider has a well known configuration available."
+              end
+              values = JSON[well_known_config_response]
+              values.each do |key, value|
+                  @state[key.to_sym] = value
+              end
+          end
+          #
+          # @param param
+          # @throws OpenIDConnectClientException
+          # @return string
+          #
+          def get_provider_config_value(param)
+              # If the configuration value is not available, attempt to fetch it from a well known config endpoint
+              # This is also known as auto "discovery"
+              if @state[param].nil?
+                  well_known_config_response = fetch_url(@well_known_config_url).body_str
+                  unless well_known_config_response
+                      raise OpenIDConnectClientException, "Unable to get provider configuration data. Make sure your provider has a well known configuration available."
+                  end
+                  value = JSON[well_known_config_response][param.to_s]
+                  unless value
+                      raise OpenIDConnectClientException, "The provider #{param} has not been set. Make sure your provider has a well known configuration available."
+                  end
+                  @state[param] = value
+              end
+              @state[param]
+          end
+          #
+          # @param array keys
+          # @param array header
+          # @throws OpenIDConnectClientException
+          # @return object
+          #
+          def get_key_for_header(keys, header)
+              keys.each do |key|
+                  if !(key["alg"] and header["kid"]) and key["kty"] == 'RSA' or (key["alg"] == header["alg"] and key["kid"] == header["kid"])
+                      return key
+                  end
+              end
+              if header["kid"]
+                  raise OpenIDConnectClientException, "Unable to find a key for (algorithm, kid): #{header["alg"]}, #{header["kid"]}."
+              else
+                  raise OpenIDConnectClientException, "Unable to find a key for RSA."
+              end
+          end
+          #
+          # @param jwt string encoded JWT
+          # @throws OpenIDConnectClientException
+          # @return bool
+          #
+          def verify_JWT_signature(jwt)
+              parts = jwt.split(".")
+              signature = decode_64(parts.pop())
+              decoded_header = decode_64(parts[0])
+              header = JSON[decoded_header]
+              payload = parts.join(".")
+              fetched_jwks = fetch_url(get_provider_config_value(:jwks_uri)).body_str
+              jwks = JSON[fetched_jwks]
+              unless not jwks.nil?
+                  raise OpenIDConnectClientException, "Error decoding JSON from jwks_uri."
+              end
+              verified = false
+              case header["alg"]
+                  when 'RS256', 'RS384', 'RS512'
+                      hashtype = "sha" + header["alg"][0,2]
+                      verified = verify_RSA_JWT_signature(hashtype, get_key_for_header(jwks["keys"], header), payload, signature)
+              else
+                  raise OpenIDConnectClientException, "No support for signature type: #{header["alg"]}."
+              end
+              verified
+          end
+          #
+          # @param string hashtype
+          # @param object key
+          # @throws OpenIDConnectClientException
+          #
+          def verify_RSA_JWT_signature(hashtype, key, payload, signature)
+              unless key["n"] and key["e"]
+                  raise OpenIDConnectClientException, "Malformed key object."
+              end
+              public_key_xml = "<RSAKeyValue>\r\n  <Modulus>#{url_safe_base64(key["n"])}</Modulus>\r\n  <Exponent>#{url_safe_base64(key["e"])}</Exponent>\r\n</RSAKeyValue>"
+              digest = case hashtype
+                  when 'md2' then OpenSSL::Digest::MD2.new
+                  when 'md5' then OpenSSL::Digest::MD5.new
+                  when 'sha1' then OpenSSL::Digest::SHA1.new
+                  when 'sha256' then OpenSSL::Digest::SHA256.new
+                  when 'sha384' then OpenSSL::Digest::SHA384.new
+                  when 'sha512' then OpenSSL::Digest::SHA512.new
+                  else OpenSSL::Digest::SHA256.new
+              end
+              key = rsa_key_from_xml(public_key_xml)
+              key.public_key.verify(digest, signature, payload)
+          end
+          #
+          # @param object claims
+          # @return bool
+          #
+          def verify_JWT_claims(claims)
+              (claims["iss"] == @provider_url and ((claims["aud"] == @client_id) or (claims["aud"].include? @client_id)) and (claims["nonce"] == @state[:openid_connect_nonce]))
+          end
+          #
+          # @param jwt string encoded JWT
+          # @param int section the section we would like to decode
+          # @return object
+          #
+          def decode_JWT(jwt, section = 0)
+              parts = jwt.split(".")
+              url_decoded = decode_64(parts[section])
+              JSON[url_decoded]
+          end
+          # Utility methods ==================================================================================================================
+          #
+          # @param string json
+          # @return bool
+          #
+          def is_valid_url?(url)
+              begin
+                  URI.parse(url)
+                  return url
+              rescue URI::InvalidURIError
+                  return false
+              end
+          end
+          #
+          # @param string json
+          # @return bool
+          #
+          def is_json?(json)
+              begin
+                  JSON.parse(json)
+                  return true
+              rescue JSON::ParserError => e
+                  return false
+              end
+          end
+          #
+          # @param object object
+          # @return string
+          #
+          def http_build_query(object)
+            h = hashify(object)
+            result = ""
+            separator = '&'
+            h.keys.sort.each do |key|
+                result << (CGI.escape(key) + '=' + CGI.escape(h[key]) + separator)
+            end
+            result = result.sub(/#{separator}$/, '') # Remove the trailing k-v separator
+            return result
+          end
+          #
+          # @param object object
+          # @param string parent_key
+          #
+          def hashify(object, parent_key = '')
+            unless object.is_a?(Hash) or object.is_a?(Array) or parent_key.length > 0
+                raise ArgumentError.new('This is made for serializing Hashes and Arrays only.')
+            end
+            result = {}
+            case object
+                when String, Symbol, Numeric
+                      result[parent_key] = object.to_s
+                when Hash
+                      # Recursively call hashify, building closure-like state by
+                      # appending the current location in the tree as new "parent_key"
+                      # values.
+                      hashes = object.map do |key, value|
+                          if parent_key =~ /^[0-9]+/ or parent_key.length == 0
+                              new_parent_key = key.to_s
+                          else
+                              new_parent_key = parent_key + '[' + key.to_s + ']'
+                          end
+                          hashify(value, new_parent_key)
+                      end
+                      hash = hashes.reduce { |memo, hash| memo.merge hash }
+                      result.merge! hash
+                when Enumerable
+                      # _Very_ similar to above, but iterating with "each_with_index"
+                      hashes = {}
+                      object.each_with_index do |value, index|
+                          if parent_key.length == 0
+                              new_parent_key = index.to_s
+                          else
+                              new_parent_key = parent_key + '[' + index.to_s + ']'
+                          end
+                          hashes.merge! hashify(value, new_parent_key)
+                      end
+                      result.merge! hashes
+                  else
+                      raise Exception.new("This should only be serializing Strings, Symbols, or Numerics.")
+            end
+              return result
+          end
+          #
+          # @param string str
+          # @return string
+          #
+          def decode_64(str)
+              Base64.decode64(url_safe_base64(str))
+          end
+          #
+          # Per RFC4648, "base64 encoding with URL-safe and filename-safe alphabet".  This just replaces characters 62 and 63.
+          # None of the reference implementations seem to restore the padding if necessary, but we'll do it anyway.
+          #
+          # @param string str
+          # @return string
+          #
+          def url_safe_base64(str)
+              # add '=' padding
+              str = case str.length % 4
+                  when 2 then str + '=='
+                  when 3 then str + '='
+                  else str
+              end
+              str.tr('-_', '+/')
+          end
+          #
+          # @param string xml_string
+          # @return object
+          #
+          def rsa_key_from_xml(xml_string)
+              d = XML::Parser.string(xml_string).parse
+              m = Base64.decode64(d.find_first('Modulus').content).unpack('H*')
+              e = Base64.decode64(d.find_first('Exponent').content).unpack('H*')
+              pub_key = OpenSSL::PKey::RSA.new
+              #modules
+              pub_key.n = OpenSSL::BN.new(m[0].hex.to_s)
+              #exponent
+              pub_key.e = OpenSSL::BN.new(e[0].hex.to_s)
+              #return Public Key
+              pub_key
+          end
+          #
+          # Used for arbitrary value generation for nonces and state
+          #
+          # @return string
+          #
+          def random_string()
+              SecureRandom.urlsafe_base64
+          end
+          #
+          # @param url
+          # @param null post_body string If this is set the post type will be POST
+          # @param array headers Extra headers to be send with the request. Format as 'NameHeader: ValueHeader'
+          # @throws OpenIDConnectClientException
+          # @return mixed
+          #
+          def fetch_url(url, post_body = nil, headers = Array.new)
+              curb = Curl::Easy.new(url) do |curl|
+                  headers.each do |key, value|
+                      curl.headers[key] = value
+                  end
+                  if post_body
+                      if is_json?(post_body)
+                          content_type = "application/json"
+                      else
+                          content_type = "application/x-www-form-urlencoded"
+                      end
+                      curl.headers["Content-Type"] = content_type
+                      curl.post_body = post_body
+                  else
+                      curl.http(:GET)
+                  end
+                  curl.timeout = 60
+                  curl.proxy_url = @proxy_url if self.instance_variable_defined? :@proxy_url
+                  curl.verbose = true
+                  if self.instance_variable_defined? :@cert_path
+                      curl.ssl_verify_peer = true
+                      curl.ssl_verify_host = true
+                      curl.cert = @cert_path
+                  else
+                      curl.ssl_verify_peer = false
+                  end
+              end
+              curb.post_body = post_body if post_body
+              result = curb.perform
+              if result
+                  return curb
+              else
+                  return false
+              end
+          end
+      public #==============================================================================================================================
+          attr_reader :access_token, :refresh_token, :auth_endpoint
+          attr_writer :http_proxy, :cert_path, :params
+          attr_accessor :client_name, :client_id, :client_secret, :well_known_config_url, :state, :provider_config
+          #
+          # @param provider_url string optional
+          # @param client_id string optional
+          # @param client_secret string optional
+          #
+          def initialize(provider_url = nil, client_id = nil, client_secret = nil)
+              @scopes = Hash.new
+              @state = Hash.new
+              @state = Hash.new
+              @auth_params = Hash.new
+              @user_info = Hash.new
+              @params = Hash.new
+              @response = Hash.new
+              @client_id = client_id
+              @client_secret = client_secret
+              @provider_url = provider_url
+              substitute = "/"
+              if self.instance_variable_defined? :@provider_url
+                  @well_known_config_url = provider_url.gsub(/[#{substitute}]+$/, '') + "/.well-known/openid-configuration/"
+              end
+          end
+          #
+          # Builds the user authentication url.
+          #
+          # @return void
+          #
+          def authorize()
+              get_provider_config()
+              auth_endpoint = get_provider_config_value(:authorization_endpoint)
+              response_type = "code"
+              # Generate and store a nonce in the session
+              # The nonce is an arbitrary value
+              nonce = random_string()
+              @state[:openid_connect_nonce] = nonce
+              # State essentially acts as a session key for OIDC
+              state = random_string()
+              @state[:openid_connect_state] = state
+              @auth_params = @auth_params.merge({
+                  response_type: response_type,
+                  redirect_uri: @redirect_url,
+                  client_id: @client_id,
+                  nonce: nonce,
+                  state: state,
+                  scope: 'openid'
+              })
+              # If the client has been registered with additional scopes
+              if @scopes.length > 0
+                  @auth_params[:scope] = @scopes.join(' ')
+                  auth_endpoint += '?' + http_build_query(@auth_params)
+                  @auth_endpoint = auth_endpoint
+              end
+          end
+          #
+          # Gets the access token needed to request user info.
+          #
+          # @return bool
+          # @throws OpenIDConnectClientException
+          #
+          def authenticate()
+              # Do a preemptive check to see if the provider has raised an error from a previous redirect
+              unless @response[:error].nil?
+                  raise OpenIDConnectClientException, "Error: #{@response[:error]} Description: #{@response[:error_description]}"
+              end
+              # If we have an authorization code then proceed to request a token
+              if not @params["code"].nil? || @params["code"].empty?
+                  code = @params["code"]
+                  token_endpoint = get_provider_config_value(:token_endpoint)
+                  grant_type = "authorization_code"
+                  token_params = {
+                      grant_type: grant_type,
+                      code: code,
+                      redirect_uri: @redirect_url,
+                      client_id: @client_id,
+                      client_secret: @client_secret
+                  }
+                  # Convert token params to string format
+                  token_params = http_build_query(token_params)
+                  token_data = fetch_url(token_endpoint, token_params).body_str
+                  unless token_data
+                      raise OpenIDConnectClientException, "Unable to get token data from the provider."
+                  end
+                  token_json = JSON[token_data]
+                  # Throw an error if the server returns one
+                  if token_json["error"]
+                      raise OpenIDConnectClientException, token_json["error_description"]
+                  end
+                  # Do an OpenID Connect session check
+                  unless @params[:state] == @state[:openid_connect_state]
+                      raise OpenIDConnectClientException, "Unable to determine state."
+                  end
+                  unless token_json["id_token"]
+                      raise OpenIDConnectClientException, "User did not authorize openid scope."
+                  end
+                  # Verify the signature
+                  unless verify_JWT_signature(token_json["id_token"])
+                      raise OpenIDConnectClientException, "Unable to verify signature."
+                  end
+                  claims = decode_JWT(token_json["id_token"], 1)
+                  # If this is a valid claim
+                  unless verify_JWT_claims(claims)
+                      raise OpenIDConnectClientException, "Unable to verify JWT claims."
+                  end
+                  # Save the access token
+                  @access_token = token_json["access_token"]
+                  # Save the refresh token, if we got one
+                  if token_json["refresh_token"]
+                      @refresh_token = token_json["refresh_token"]
+                  end
+                  # Success!
+                  return true
+              end
+          end
+          #
+          # @param attribute
+          #
+          #
+          # Attribute           Type          Description
+          # user_id            string         REQUIRED Identifier for the End-User at the Issuer.
+          # name               string         End-User's full name in displayable form including all name parts, ordered according to End-User's locale and preferences.
+          # given_name         string         Given name or first name of the End-User.
+          # family_name        string         Surname or last name of the End-User.
+          # middle_name        string         Middle name of the End-User.
+          # nickname           string         Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
+          # profile            string         URL of End-User's profile page.
+          # picture            string         URL of the End-User's profile picture.
+          # website            string         URL of End-User's web page or blog.
+          # email              string         The End-User's preferred e-mail address.
+          # verified           boolean        True if the End-User's e-mail address has been verified; otherwise false.
+          # gender             string         The End-User's gender: Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.
+          # birthday           string         The End-User's birthday, represented as a date string in MM/DD/YYYY format. The year MAY be 0000, indicating that it is omitted.
+          # zoneinfo           string         String from zoneinfo [zoneinfo] time zone database. For example, Europe/Paris or America/Los_Angeles.
+          # locale             string         The End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Implementations MAY choose to accept this locale syntax as well.
+          # phone_number       string         The End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim. For example, +1 (425) 555-1212 or +56 (2) 687 2400.
+          # address            JSON object    The End-User's preferred address. The value of the address member is a JSON [RFC4627] structure containing some or all of the members defined in Section 2.4.2.1.
+          # updated_time       string         Time the End-User's information was last updated, represented as a RFC 3339 [RFC3339] datetime. For example, 2011-01-03T23:58:42+0000.
+          #
+          # @return mixed
+          # @throws OpenIDConnectClientException
+          #
+          def get(attribute)
+              if @user_info.include? attribute
+                  return @user_info["#{attribute}"]
+              end
+              user_info_endpoint = get_provider_config_value(:userinfo_endpoint)
+              schema = "openid"
+              user_info_endpoint += "?schema=#{schema}"
+              headers = {"Authorization" => "Bearer #{@access_token}"}
+              user_data = fetch_url(user_info_endpoint, nil, headers).body_str
+              if user_data.nil? || user_data.empty?
+                  raise OpenIDConnectClientException, "Unable to get #{attribute} from the provider."
+              end
+              user_json = JSON[user_data]
+              @user_info = user_json
+              if @user_info.include? attribute
+                  return @user_info["#{attribute}"]
+              end
+              return nil
+          end
+          #
+          # Dynamic registration
+          #
+          # @return void
+          # @throws OpenIDConnectClientException
+          #
+          def register
+              registration_endpoint = get_provider_config_value(:registration_endpoint)
+              send_object = {
+                  redirect_uris: [@redirect_url],
+                  client_name: @client_name
+              }
+              @response = fetch_url(registration_endpoint, JSON[send_object])
+              json_response = JSON[response]
+              if not json_response
+                  raise OpenIDConnectClientException, "Error registering: JSON response received from the server was invalid."
+              elsif json_response[:error_description]
+                  raise OpenIDConnectClientException, json_response[:error_description]
+              end
+              if json_response[:client_id]
+                  @client_secret = json_response[:client_id]
+              else
+                  raise OpenIDConnectClientException, "Error registering: Please contact the OpenID Connect provider and obtain a Client ID and Secret directly from them"
+              end
+          end
+          # Getters/Setters ==================================================================================================================
+          #
+          # @param hash hash
+          # @return hash
+          #
+          def add_auth_param(hash)
+              @auth_params = @auth_params.merge(hash)
+          end
+          #
+          # @param hash hash
+          # @return hash
+          #
+          def add_provider_config_param(hash)
+              @state = @state.merge(hash)
+          end
+          #
+          # @param scopes - example: openid, given_name, etc...
+          #
+          def scopes=(scopes)
+              @scopes = scopes.split(' ') if scopes
+          end
+          #
+          # @param hash state
+          # @return hash
+          #
+          def state=(state)
+              @state = @state.merge(state) if state
+          end
+          #
+          # @return string
+          # @throws OpenIDConnectClientException
+          #
+          def provider_url()
+              # If the provider URL has been set then return it.
+              unless self.instance_variable_defined? :@provider_url
+                  raise OpenIDConnectClientException, "The provider URL has not been set."
+              end
+              @provider_url
+          end
+          #
+          # @param provider_url
+          # @return string
+          # @throws OpenIDConnectClientException
+          #
+          def provider_url=(url)
+              unless is_valid_url?(url)
+                  raise OpenIDConnectClientException, "Invalid URL."
+              end
+              @state[:issuer] = url
+          end
+          #
+          # Gets the URL of the current page we are on, encodes, and returns it
+          #
+          # @return string
+          # @throws OpenIDConnectClientException
+          #
+          def redirect_url()
+              # If the redirect URL has been set then return it.
+              unless self.instance_variable_defined? :@redirect_url
+                  raise OpenIDConnectClientException, "The redirect URL has not been set."
+              end
+              @redirect_url
+          end
+          #
+          # @param url Sets redirect URL for auth flow
+          # @return string
+          # @throws OpenIDConnectClientException
+          #
+          def redirect_url=(url)
+              unless is_valid_url?(url)
+                  raise OpenIDConnectClientException, "Invalid URL."
+              end
+              @redirect_url = url
+          end
+  end
+end

data/openid_connect_client.gemspec ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'openid_connect_client/version'
+Gem::Specification.new do |spec|
+  spec.name          = "openid_connect_client"
+  spec.version       = OpenIDConnectClient::VERSION
+  spec.authors       = ["Rita Zerrizuela"]
+  spec.email         = ["zeta@widcket.com"]
+  spec.summary       = %q{An easy to use OpenID Connect Client for Ruby.}
+  spec.description   = %q{This one is a literal, not so idiomatic port of OpenID Connect PHP. However, the due to the different nature of Ruby and PHP, usage is not an exact match. See Readme.}
+  spec.homepage      = "https://github.com/LabGCBA/openid-connect-ruby.git"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_runtime_dependency "curb", '~> 0'
+end

metadata ADDED Viewed

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: openid_connect_client
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Rita Zerrizuela
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2016-04-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: curb
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This one is a literal, not so idiomatic port of OpenID Connect PHP. However,
+  the due to the different nature of Ruby and PHP, usage is not an exact match. See
+  Readme.
+email:
+- zeta@widcket.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- example.rb
+- lib/openid_connect_client.rb
+- lib/openid_connect_client/version.rb
+- openid_connect_client.gemspec
+homepage: https://github.com/LabGCBA/openid-connect-ruby.git
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.5.1
+signing_key:
+specification_version: 4
+summary: An easy to use OpenID Connect Client for Ruby.
+test_files: []