rack-oauth2 1.10.1 → 1.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e09ccf53817af77d1e714e25e20e9b76fd63de080fb1f3d9617fff3aef126a32
-  data.tar.gz: '088a7815b796f5c05ac3445ee39cc997bcc20964a66c1d4fc7a5c3906e27eb36'
+  metadata.gz: de77a3afabd5ae9ec958c5799970a99a5576cb727b27c80020d1199c986f25f1
+  data.tar.gz: 6225a40427c3bb882890f5d6e54407b1a80bd56f5b74f4278122678a2206ae29
 SHA512:
-  metadata.gz: b261cc8b398a4b02797b581d455307bc46f0f248990c4fef7b0286eb7eb2e191568ecb5c8c0b6123ef5cd43f5f517c0980bf405b9b3efd0874c29b8e97218696
-  data.tar.gz: adf42215042112d7577d76b35437fa2b2b45f8a259a896c5621790a7603053e6ea1ada28ba2d27330e5338689061002cc870969a8895ba040349faea5ec7340b
+  metadata.gz: ce7ecffd6ee6aae2296c2d20a1353bfb96cdee665b1d06961859f2e3e1922822cb481e3791d7fefc6a53644ce6d150f7ec6eb63880b6112e66b0a9cd64f27fdf
+  data.tar.gz: 80c3816f4a0e1649c2f7f268fbde3583eb435c2978e155de963f9354cf6e2330778c22b80e15757a592042b800a5cf1fca9466557735aef3d90a59b77db2fd2b

data/.travis.yml

@@ -2,6 +2,7 @@ before_install:
   - gem install bundler
 
 rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
+  - 2.5.8
+  - 2.6.6
+  - 2.7.2
+  - 3.0.0

data/README.rdoc

@@ -28,17 +28,11 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
 
 === Bearer
 
-Running on Heroku
-https://rack-oauth2-sample.heroku.com
-
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample
 
 === MAC
 
-Running on Heroku
-https://rack-oauth2-sample-mac.heroku.com
-
 Source on GitHub
 https://github.com/nov/rack-oauth2-sample-mac
 

data/VERSION

@@ -1 +1 @@
-1.10.1
+1.19.0

data/lib/rack/oauth2/client.rb

@@ -16,12 +16,12 @@ module Rack
       end
 
       def authorization_uri(params = {})
+        params[:redirect_uri] ||= self.redirect_uri
         params[:response_type] ||= :code
         params[:response_type] = Array(params[:response_type]).join(' ')
         params[:scope] = Array(params[:scope]).join(' ')
         Util.redirect_uri absolute_uri_for(authorization_endpoint), :query, params.merge(
-          client_id: self.identifier,
-          redirect_uri: self.redirect_uri
+          client_id: self.identifier
         )
       end
 
@@ -73,16 +73,24 @@ module Rack
         http_client = Rack::OAuth2.http_client
 
         # NOTE:
-        #  Using Array#estract_options! for backward compatibility.
+        #  Using Array#extract_options! for backward compatibility.
         #  Until v1.0.5, the first argument was 'client_auth_method' in scalar.
         options = args.extract_options!
-        client_auth_method = args.first || options.delete(:client_auth_method) || :basic
+        client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
 
         params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
         params.merge! options
 
         case client_auth_method
         when :basic
+          cred = Base64.strict_encode64 [
+            Util.www_form_url_encode(identifier),
+            Util.www_form_url_encode(secret)
+          ].join(':')
+          headers.merge!(
+            'Authorization' => "Basic #{cred}"
+          )
+        when :basic_without_www_form_urlencode
           cred = ["#{identifier}:#{secret}"].pack('m').tr("\n", '')
           headers.merge!(
             'Authorization' => "Basic #{cred}"

data/lib/rack/oauth2/server/abstract/error.rb

@@ -42,6 +42,7 @@ module Rack
 
         class Unauthorized < Error
           def initialize(error = :unauthorized, description = nil, options = {})
+            @skip_www_authenticate = options[:skip_www_authenticate]
             super 401, error, description, options
           end
         end

data/lib/rack/oauth2/server/rails/response_ext.rb

@@ -5,7 +5,7 @@ module Rack
         module ResponseExt
           def redirect?
             ensure_finish do
-              @response.redirect?
+              super
             end
           end
 
@@ -17,7 +17,7 @@ module Rack
 
           def json
             ensure_finish do
-              @response.body
+              @body
             end
           end
 
@@ -39,7 +39,7 @@ module Rack
           end
 
           def ensure_finish
-            @status, @header, @response = finish unless finished?
+            @status, @header, @body = finish unless finished?
             yield
           end
         end

data/lib/rack/oauth2/server/token/error.rb

@@ -8,7 +8,9 @@ module Rack
         class Unauthorized < Abstract::Unauthorized
           def finish
             super do |response|
-              response.header['WWW-Authenticate'] = 'Basic realm="OAuth2 Token Endpoint"'
+              unless @skip_www_authenticate
+                response.header['WWW-Authenticate'] = 'Basic realm="OAuth2 Token Endpoint"'
+              end
             end
           end
         end

data/lib/rack/oauth2/server/token.rb

@@ -44,16 +44,27 @@ module Rack
 
         class Request < Abstract::Request
           attr_required :grant_type
-          attr_optional :client_secret
+          attr_optional :client_secret, :client_assertion, :client_assertion_type
 
           def initialize(env)
             auth = Rack::Auth::Basic::Request.new(env)
             if auth.provided? && auth.basic?
-              @client_id, @client_secret = auth.credentials
+              @client_id, @client_secret = auth.credentials.map do |cred|
+                Util.www_form_url_decode cred
+              end
               super
             else
               super
               @client_secret = params['client_secret']
+              @client_assertion = params['client_assertion']
+              @client_assertion_type = params['client_assertion_type']
+              if client_assertion.present? && client_assertion_type == URN::ClientAssertionType::JWT_BEARER
+                require 'json/jwt'
+                @client_id = JSON::JWT.decode(
+                  client_assertion,
+                  :skip_verification
+                )[:sub] rescue nil
+              end
             end
             @grant_type = params['grant_type'].to_s
           end

data/lib/rack/oauth2/urn.rb

@@ -3,14 +3,14 @@ module Rack
     module URN
       module TokenType
         JWT           = 'urn:ietf:params:oauth:token-type:jwt'           # RFC7519
-        ACCESS_TOKEN  = 'urn:ietf:params:oauth:token-type:access-token'  # draft-ietf-oauth-token-exchange
-        REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh-token' # draft-ietf-oauth-token-exchange
+        ACCESS_TOKEN  = 'urn:ietf:params:oauth:token-type:access_token'  # RFC8693
+        REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh_token' # RFC8693
       end
 
       module GrantType
         JWT_BEARER     = 'urn:ietf:params:oauth:grant-type:jwt-bearer'     # RFC7523
         SAML2_BEARER   = 'urn:ietf:params:oauth:grant-type:saml2-bearer'   # RFC7522
-        TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # draft-ietf-oauth-token-exchange
+        TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # RFC8693
       end
 
       module ClientAssertionType

data/lib/rack/oauth2/util.rb

@@ -4,8 +4,12 @@ module Rack
   module OAuth2
     module Util
       class << self
-        def rfc3986_encode(text)
-          URI.encode(text, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))
+        def www_form_url_encode(text)
+          URI.encode_www_form_component(text)
+        end
+
+        def www_form_url_decode(text)
+          URI.decode_www_form_component(text)
         end
 
         def base64_encode(text)
@@ -35,11 +39,12 @@ module Rack
 
         def redirect_uri(base_uri, location, params)
           redirect_uri = parse_uri base_uri
+          encoded_response_params = Util.compact_hash(params).to_query.gsub('+', '%20')
           case location
           when :query
-            redirect_uri.query = [redirect_uri.query, Util.compact_hash(params).to_query].compact.join('&')
+            redirect_uri.query = [redirect_uri.query, encoded_response_params].compact.join('&')
           when :fragment
-            redirect_uri.fragment = Util.compact_hash(params).to_query
+            redirect_uri.fragment = encoded_response_params
           end
           redirect_uri.to_s
         end
@@ -59,4 +64,4 @@ module Rack
       end
     end
   end
-end
+end

data/lib/rack/oauth2.rb

@@ -43,6 +43,11 @@ module Rack
       _http_client_ = HTTPClient.new(
         agent_name: agent_name
       )
+
+      # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
+      _http_client_.ssl_config.clear_cert_store
+      _http_client_.ssl_config.cert_store.set_default_paths
+
       http_config.try(:call, _http_client_)
       local_http_config.try(:call, _http_client_) unless local_http_config.nil?
       _http_client_.request_filter << Debugger::RequestFilter.new if debugging?

data/rack-oauth2.gemspec

@@ -13,7 +13,7 @@ Gem::Specification.new do |s|
   s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.files = `git ls-files`.split("\n")
   s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.add_runtime_dependency 'rack'
+  s.add_runtime_dependency 'rack', '>= 2.1.0'
   s.add_runtime_dependency 'httpclient'
   s.add_runtime_dependency 'activesupport'
   s.add_runtime_dependency 'attr_required'

data/spec/rack/oauth2/client_spec.rb

@@ -1,10 +1,12 @@
 require 'spec_helper.rb'
 
 describe Rack::OAuth2::Client do
+  let(:client_id) { 'client_id' }
+  let(:client_secret) { 'client_secret' }
   let :client do
     Rack::OAuth2::Client.new(
-      identifier: 'client_id',
-      secret: 'client_secret',
+      identifier: client_id,
+      secret: client_secret,
       host: 'server.example.com',
       redirect_uri: 'https://client.example.com/callback'
     )
@@ -49,12 +51,12 @@ describe Rack::OAuth2::Client do
 
     context 'when response_type is an Array' do
       subject { client.authorization_uri(response_type: [:token, :code]) }
-      it { should include 'response_type=token+code' }
+      it { should include 'response_type=token%20code' }
     end
 
     context 'when scope is given' do
       subject { client.authorization_uri(scope: [:scope1, :scope2]) }
-      it { should include 'scope=scope1+scope2' }
+      it { should include 'scope=scope1%20scope2' }
     end
   end
 
@@ -97,6 +99,42 @@ describe Rack::OAuth2::Client do
           client.access_token!
         end
 
+        context 'when Basic auth method is used' do
+          context 'when client_id is a url' do
+            let(:client_id) { 'https://client.example.com'}
+
+            it 'should be encoded in "application/x-www-form-urlencoded"' do
+              mock_response(
+                :post,
+                'https://server.example.com/oauth2/token',
+                'tokens/bearer.json',
+                request_header: {
+                  'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
+                }
+              )
+              client.access_token!
+            end
+          end
+        end
+
+        context 'when basic_without_www_form_urlencode method is used' do
+          context 'when client_id is a url' do
+             let(:client_id) { 'https://client.example.com'}
+
+             it 'should be encoded in "application/x-www-form-urlencoded"' do
+               mock_response(
+                 :post,
+                 'https://server.example.com/oauth2/token',
+                 'tokens/bearer.json',
+                 request_header: {
+                   'Authorization' => 'Basic aHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
+                 }
+               )
+               client.access_token! :basic_without_www_form_urlencode
+             end
+           end
+        end
+
         context 'when jwt_bearer auth method specified' do
           context 'when client_secret is given' do
             it 'should be JWT bearer client assertion w/ auto-generated HS256-signed JWT assertion' do

data/spec/rack/oauth2/server/authorize/code_spec.rb

@@ -51,7 +51,7 @@ describe Rack::OAuth2::Server::Authorize::Code do
         error: :access_denied,
         error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "#{redirect_uri}?#{error_message.to_query}&state=state"
+      response.location.should == "#{redirect_uri}?#{error_message.to_query.gsub('+', '%20')}&state=state"
     end
   end
 end

data/spec/rack/oauth2/server/authorize/extensions/code_and_token_spec.rb

@@ -54,7 +54,7 @@ describe Rack::OAuth2::Server::Authorize::Extension::CodeAndToken do
         error: :access_denied,
         error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "#{redirect_uri}##{error_message.to_query}"
+      response.location.should == "#{redirect_uri}##{error_message.to_query.gsub('+', '%20')}"
     end
   end
 end

data/spec/rack/oauth2/server/authorize/token_spec.rb

@@ -67,7 +67,7 @@ describe Rack::OAuth2::Server::Authorize::Token do
         error: :access_denied,
         error_description: Rack::OAuth2::Server::Authorize::ErrorMethods::DEFAULT_DESCRIPTION[:access_denied]
       }
-      response.location.should == "#{redirect_uri}##{error_message.to_query}&state=state"
+      response.location.should == "#{redirect_uri}##{error_message.to_query.gsub('+', '%20')}&state=state"
     end
   end
 end

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -10,7 +10,7 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
       status, header, response = error.finish
       status.should == 400
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -44,7 +44,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         status.should == 401
         header['Content-Type'].should == 'application/json'
         header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
-        response.body.should == ['{"error":"invalid_token"}']
+        response.should == ['{"error":"invalid_token"}']
       end
 
       context 'when error_code is not invalid_token' do
@@ -53,7 +53,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should have error_code in body but not in WWW-Authenticate header' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          response.first.should include '"error":"something"'
         end
       end
 
@@ -63,7 +63,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should have error_code in body but not in WWW-Authenticate header' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should == '{"error":"unauthorized"}'
+          response.first.should == '{"error":"unauthorized"}'
         end
       end
 
@@ -74,7 +74,7 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         it 'should use given realm' do
           status, header, response = error_with_scheme.finish
           header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          response.first.should include '"error":"something"'
         end
       end
     end
@@ -91,7 +91,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
       status, header, response = error.finish
       status.should == 403
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"insufficient_scope"}']
+      response.should == ['{"error":"insufficient_scope"}']
     end
   end
 
@@ -100,7 +100,7 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
 
     it 'should have blank WWW-Authenticate header' do
       status, header, response = error.finish
-      response.body.first.should include '"scope":"scope1 scope2"'
+      response.first.should include '"scope":"scope1 scope2"'
     end
   end
 end

data/spec/rack/oauth2/server/token/client_credentials_spec.rb

@@ -4,14 +4,19 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
   let(:request) { Rack::MockRequest.new app }
   let(:app) do
     Rack::OAuth2::Server::Token.new do |request, response|
+      unless request.client_id == client_id && request.client_secret == client_secret
+        request.invalid_client!
+      end
       response.access_token = Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
     end
   end
+  let(:client_id) { 'client_id '}
+  let(:client_secret) { 'client_secret' }
   let(:params) do
     {
       grant_type: 'client_credentials',
-      client_id: 'client_id',
-      client_secret: 'client_secret'
+      client_id: client_id,
+      client_secret: client_secret
     }
   end
   subject { request.post('/', params: params) }
@@ -20,4 +25,29 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
   its(:content_type) { should == 'application/json' }
   its(:body)         { should include '"access_token":"access_token"' }
   its(:body)         { should include '"token_type":"bearer"' }
+
+  context 'basic auth' do
+    let(:params) do
+      { grant_type: 'client_credentials' }
+    end
+    let(:encoded_creds) do
+      Base64.strict_encode64([
+        Rack::OAuth2::Util.www_form_url_encode(client_id),
+        Rack::OAuth2::Util.www_form_url_encode(client_secret)
+      ].join(':'))
+    end
+    subject do
+      request.post('/',
+        {params: params, 'HTTP_AUTHORIZATION' => "Basic #{encoded_creds}"})
+    end
+
+    its(:status)       { should == 200 }
+
+    context 'compliance with RFC6749 sec 2.3.1' do
+      let(:client_id) { 'client: yes/please!' }
+      let(:client_secret) { 'terrible:secret:of:space' }
+
+      its(:status)       { should == 200 }
+    end
+  end
 end

data/spec/rack/oauth2/server/token/error_spec.rb

@@ -10,7 +10,7 @@ describe Rack::OAuth2::Server::Token::BadRequest do
       status, header, response = error.finish
       status.should == 400
       header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -26,7 +26,7 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
       status.should == 401
       header['Content-Type'].should == 'application/json'
       header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
-      response.body.should == ['{"error":"invalid_request"}']
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -74,4 +74,4 @@ describe Rack::OAuth2::Server::Token::ErrorMethods do
       end
     end
   end
-end
+end

data/spec/rack/oauth2/server/token_spec.rb

@@ -30,7 +30,7 @@ describe Rack::OAuth2::Server::Token do
       it 'should fail with unsupported_grant_type' do
         status, header, response = app.call(env)
         status.should == 400
-        response.body.first.should include '"error":"invalid_request"'
+        response.first.should include '"error":"invalid_request"'
       end
     end
 
@@ -71,6 +71,60 @@ describe Rack::OAuth2::Server::Token do
     end
   end
 
+  context 'when client_id is given via JWT client assertion' do
+    before do
+      require 'json/jwt'
+      params[:client_assertion] = JSON::JWT.new(
+        sub: params[:client_id]
+        # NOTE: actual client_assertion should have more claims.
+      ).sign('client_secret').to_s
+      params[:client_assertion_type] = Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER
+      params.delete(:client_id)
+    end
+
+    context 'when client_assertion is invalid JWT' do
+      before do
+        params[:client_assertion] = 'invalid-jwt'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion_type is missing' do
+      before do
+        params.delete(:client_assertion_type)
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion_type is unknown' do
+      before do
+        params[:client_assertion_type] = 'unknown'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion issuer is different from client_id' do
+      before do
+        params[:client_id] = 'another_client_id'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'otherwise' do
+      its(:status)       { should == 200 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"access_token":"access_token"' }
+    end
+  end
+
   Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.each do |error, default_message|
     status = if error == :invalid_client
       401
@@ -87,7 +141,22 @@ describe Rack::OAuth2::Server::Token do
       its(:content_type) { should == 'application/json' }
       its(:body)         { should include "\"error\":\"#{error}\"" }
       its(:body)         { should include "\"error_description\":\"#{default_message}\"" }
+      if error == :invalid_client
+        its(:headers)    { should include 'WWW-Authenticate' }
+      end
+    end
+  end
+
+  context 'when skip_www_authenticate option is specified on invalid_client' do
+    let(:app) do
+      Rack::OAuth2::Server::Token.new do |request, response|
+        request.invalid_client!(
+          Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION[:invalid_client],
+          skip_www_authenticate: true
+        )
+      end
     end
+    its(:headers) { should_not include 'WWW-Authenticate' }
   end
 
   context 'when responding' do

data/spec/rack/oauth2/util_spec.rb

@@ -9,9 +9,14 @@ describe Rack::OAuth2::Util do
     'http://client.example.com/callback'
   end
 
-  describe '.rfc3986_encode' do
-    subject { util.rfc3986_encode '=+ .-/' }
-    it { should == '%3D%2B%20.-%2F' }
+  describe '.www_form_url_encode' do
+    subject { util.www_form_url_encode '=+ .-/' }
+    it { should == '%3D%2B+.-%2F' }
+  end
+
+  describe '.www_form_urldecode' do
+    subject { util.www_form_url_decode '%3D%2B+.-%2F' }
+    it { should == '=+ .-/' }
   end
 
   describe '.base64_encode' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.10.1
+  version: 1.19.0
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-15 00:00:00.000000000 Z
+date: 2021-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: httpclient
   requirement: !ruby/object:Gem::Requirement
@@ -301,7 +301,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported