rack-oauth2 1.12.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.github/workflows/spec.yml +32 -0
- data/CHANGELOG.md +25 -0
- data/README.rdoc +1 -26
- data/VERSION +1 -1
- data/lib/rack/oauth2/access_token/authenticator.rb +1 -10
- data/lib/rack/oauth2/access_token/bearer.rb +1 -1
- data/lib/rack/oauth2/access_token/mtls.rb +2 -2
- data/lib/rack/oauth2/access_token.rb +4 -6
- data/lib/rack/oauth2/client.rb +97 -41
- data/lib/rack/oauth2/server/abstract/error.rb +2 -1
- data/lib/rack/oauth2/server/extension/pkce.rb +1 -1
- data/lib/rack/oauth2/server/rails/response_ext.rb +5 -5
- data/lib/rack/oauth2/server/resource/error.rb +4 -4
- data/lib/rack/oauth2/server/resource.rb +0 -1
- data/lib/rack/oauth2/server/token/error.rb +3 -1
- data/lib/rack/oauth2/server/token.rb +16 -5
- data/lib/rack/oauth2/urn.rb +3 -3
- data/lib/rack/oauth2/util.rb +6 -2
- data/lib/rack/oauth2.rb +11 -10
- data/rack-oauth2.gemspec +7 -5
- data/spec/helpers/webmock_helper.rb +8 -2
- data/spec/rack/oauth2/access_token/authenticator_spec.rb +2 -22
- data/spec/rack/oauth2/access_token/bearer_spec.rb +2 -2
- data/spec/rack/oauth2/access_token_spec.rb +0 -17
- data/spec/rack/oauth2/client_spec.rb +173 -75
- data/spec/rack/oauth2/oauth2_spec.rb +0 -43
- data/spec/rack/oauth2/server/authorize/error_spec.rb +6 -6
- data/spec/rack/oauth2/server/resource/bearer/error_spec.rb +2 -2
- data/spec/rack/oauth2/server/resource/bearer_spec.rb +9 -9
- data/spec/rack/oauth2/server/resource/error_spec.rb +21 -21
- data/spec/rack/oauth2/server/token/authorization_code_spec.rb +2 -2
- data/spec/rack/oauth2/server/token/client_credentials_spec.rb +32 -2
- data/spec/rack/oauth2/server/token/error_spec.rb +8 -8
- data/spec/rack/oauth2/server/token_spec.rb +72 -3
- data/spec/rack/oauth2/util_spec.rb +8 -3
- metadata +47 -51
- data/.travis.yml +0 -7
- data/lib/rack/oauth2/access_token/legacy.rb +0 -19
- data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb +0 -17
- data/lib/rack/oauth2/access_token/mac/signature.rb +0 -34
- data/lib/rack/oauth2/access_token/mac/verifier.rb +0 -44
- data/lib/rack/oauth2/access_token/mac.rb +0 -103
- data/lib/rack/oauth2/debugger/request_filter.rb +0 -30
- data/lib/rack/oauth2/debugger.rb +0 -3
- data/lib/rack/oauth2/server/resource/mac/error.rb +0 -24
- data/lib/rack/oauth2/server/resource/mac.rb +0 -36
- data/spec/mock_response/tokens/legacy.json +0 -5
- data/spec/mock_response/tokens/legacy.txt +0 -1
- data/spec/mock_response/tokens/legacy_without_expires_in.txt +0 -1
- data/spec/mock_response/tokens/mac.json +0 -8
- data/spec/rack/oauth2/access_token/legacy_spec.rb +0 -23
- data/spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb +0 -28
- data/spec/rack/oauth2/access_token/mac/signature_spec.rb +0 -59
- data/spec/rack/oauth2/access_token/mac/verifier_spec.rb +0 -25
- data/spec/rack/oauth2/access_token/mac_spec.rb +0 -141
- data/spec/rack/oauth2/debugger/request_filter_spec.rb +0 -33
- data/spec/rack/oauth2/server/resource/mac/error_spec.rb +0 -52
- data/spec/rack/oauth2/server/resource/mac_spec.rb +0 -119
- /data/spec/mock_response/{blank → blank.txt} +0 -0
@@ -22,29 +22,29 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
22
22
|
|
23
23
|
shared_examples_for :authenticated_bearer_request do
|
24
24
|
it 'should be authenticated' do
|
25
|
-
status,
|
25
|
+
status, headers, response = request
|
26
26
|
status.should == 200
|
27
27
|
access_token.should == bearer_token
|
28
28
|
end
|
29
29
|
end
|
30
30
|
shared_examples_for :unauthorized_bearer_request do
|
31
31
|
it 'should be unauthorized' do
|
32
|
-
status,
|
32
|
+
status, headers, response = request
|
33
33
|
status.should == 401
|
34
|
-
|
34
|
+
headers['WWW-Authenticate'].should include 'Bearer'
|
35
35
|
access_token.should be_nil
|
36
36
|
end
|
37
37
|
end
|
38
38
|
shared_examples_for :bad_bearer_request do
|
39
39
|
it 'should be bad_request' do
|
40
|
-
status,
|
40
|
+
status, headers, response = request
|
41
41
|
status.should == 400
|
42
42
|
access_token.should be_nil
|
43
43
|
end
|
44
44
|
end
|
45
45
|
shared_examples_for :skipped_authentication_request do
|
46
46
|
it 'should skip OAuth 2.0 authentication' do
|
47
|
-
status,
|
47
|
+
status, headers, response = request
|
48
48
|
status.should == 200
|
49
49
|
access_token.should be_nil
|
50
50
|
end
|
@@ -94,15 +94,15 @@ describe Rack::OAuth2::Server::Resource::Bearer do
|
|
94
94
|
end
|
95
95
|
end
|
96
96
|
it 'should use specified realm' do
|
97
|
-
status,
|
98
|
-
|
97
|
+
status, headers, response = request
|
98
|
+
headers['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
|
99
99
|
end
|
100
100
|
end
|
101
101
|
|
102
102
|
context 'otherwize' do
|
103
103
|
it 'should use default realm' do
|
104
|
-
status,
|
105
|
-
|
104
|
+
status, headers, response = request
|
105
|
+
headers['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
|
106
106
|
end
|
107
107
|
end
|
108
108
|
end
|
@@ -7,10 +7,10 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
13
|
-
response.
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
|
+
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
16
16
|
end
|
@@ -40,20 +40,20 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
40
40
|
|
41
41
|
describe '#finish' do
|
42
42
|
it 'should respond in JSON' do
|
43
|
-
status,
|
43
|
+
status, headers, response = error_with_scheme.finish
|
44
44
|
status.should == 401
|
45
|
-
|
46
|
-
|
47
|
-
response.
|
45
|
+
headers['Content-Type'].should == 'application/json'
|
46
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
|
47
|
+
response.should == ['{"error":"invalid_token"}']
|
48
48
|
end
|
49
49
|
|
50
50
|
context 'when error_code is not invalid_token' do
|
51
51
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
|
52
52
|
|
53
53
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
54
|
-
status,
|
55
|
-
|
56
|
-
response.
|
54
|
+
status, headers, response = error_with_scheme.finish
|
55
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
56
|
+
response.first.should include '"error":"something"'
|
57
57
|
end
|
58
58
|
end
|
59
59
|
|
@@ -61,9 +61,9 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
61
61
|
let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
|
62
62
|
|
63
63
|
it 'should have error_code in body but not in WWW-Authenticate header' do
|
64
|
-
status,
|
65
|
-
|
66
|
-
response.
|
64
|
+
status, headers, response = error_with_scheme.finish
|
65
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
66
|
+
response.first.should == '{"error":"unauthorized"}'
|
67
67
|
end
|
68
68
|
end
|
69
69
|
|
@@ -72,9 +72,9 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
|
|
72
72
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
|
73
73
|
|
74
74
|
it 'should use given realm' do
|
75
|
-
status,
|
76
|
-
|
77
|
-
response.
|
75
|
+
status, headers, response = error_with_scheme.finish
|
76
|
+
headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
|
77
|
+
response.first.should include '"error":"something"'
|
78
78
|
end
|
79
79
|
end
|
80
80
|
end
|
@@ -88,10 +88,10 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
88
88
|
|
89
89
|
describe '#finish' do
|
90
90
|
it 'should respond in JSON' do
|
91
|
-
status,
|
91
|
+
status, headers, response = error.finish
|
92
92
|
status.should == 403
|
93
|
-
|
94
|
-
response.
|
93
|
+
headers['Content-Type'].should == 'application/json'
|
94
|
+
response.should == ['{"error":"insufficient_scope"}']
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
@@ -99,8 +99,8 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
|
|
99
99
|
let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
|
100
100
|
|
101
101
|
it 'should have blank WWW-Authenticate header' do
|
102
|
-
status,
|
103
|
-
response.
|
102
|
+
status, headers, response = error.finish
|
103
|
+
response.first.should include '"scope":"scope1 scope2"'
|
104
104
|
end
|
105
105
|
end
|
106
106
|
end
|
@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
|
|
24
24
|
its(:body) { should include '"token_type":"bearer"' }
|
25
25
|
|
26
26
|
it 'should prevent to be cached' do
|
27
|
-
response.
|
28
|
-
response.
|
27
|
+
response.headers['Cache-Control'].should == 'no-store'
|
28
|
+
response.headers['Pragma'].should == 'no-cache'
|
29
29
|
end
|
30
30
|
|
31
31
|
[:code].each do |required|
|
@@ -4,14 +4,19 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
|
|
4
4
|
let(:request) { Rack::MockRequest.new app }
|
5
5
|
let(:app) do
|
6
6
|
Rack::OAuth2::Server::Token.new do |request, response|
|
7
|
+
unless request.client_id == client_id && request.client_secret == client_secret
|
8
|
+
request.invalid_client!
|
9
|
+
end
|
7
10
|
response.access_token = Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
|
8
11
|
end
|
9
12
|
end
|
13
|
+
let(:client_id) { 'client_id '}
|
14
|
+
let(:client_secret) { 'client_secret' }
|
10
15
|
let(:params) do
|
11
16
|
{
|
12
17
|
grant_type: 'client_credentials',
|
13
|
-
client_id:
|
14
|
-
client_secret:
|
18
|
+
client_id: client_id,
|
19
|
+
client_secret: client_secret
|
15
20
|
}
|
16
21
|
end
|
17
22
|
subject { request.post('/', params: params) }
|
@@ -20,4 +25,29 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
|
|
20
25
|
its(:content_type) { should == 'application/json' }
|
21
26
|
its(:body) { should include '"access_token":"access_token"' }
|
22
27
|
its(:body) { should include '"token_type":"bearer"' }
|
28
|
+
|
29
|
+
context 'basic auth' do
|
30
|
+
let(:params) do
|
31
|
+
{ grant_type: 'client_credentials' }
|
32
|
+
end
|
33
|
+
let(:encoded_creds) do
|
34
|
+
Base64.strict_encode64([
|
35
|
+
Rack::OAuth2::Util.www_form_url_encode(client_id),
|
36
|
+
Rack::OAuth2::Util.www_form_url_encode(client_secret)
|
37
|
+
].join(':'))
|
38
|
+
end
|
39
|
+
subject do
|
40
|
+
request.post('/',
|
41
|
+
{params: params, 'HTTP_AUTHORIZATION' => "Basic #{encoded_creds}"})
|
42
|
+
end
|
43
|
+
|
44
|
+
its(:status) { should == 200 }
|
45
|
+
|
46
|
+
context 'compliance with RFC6749 sec 2.3.1' do
|
47
|
+
let(:client_id) { 'client: yes/please!' }
|
48
|
+
let(:client_secret) { 'terrible:secret:of:space' }
|
49
|
+
|
50
|
+
its(:status) { should == 200 }
|
51
|
+
end
|
52
|
+
end
|
23
53
|
end
|
@@ -7,10 +7,10 @@ describe Rack::OAuth2::Server::Token::BadRequest do
|
|
7
7
|
|
8
8
|
describe '#finish' do
|
9
9
|
it 'should respond in JSON' do
|
10
|
-
status,
|
10
|
+
status, headers, response = error.finish
|
11
11
|
status.should == 400
|
12
|
-
|
13
|
-
response.
|
12
|
+
headers['Content-Type'].should == 'application/json'
|
13
|
+
response.should == ['{"error":"invalid_request"}']
|
14
14
|
end
|
15
15
|
end
|
16
16
|
end
|
@@ -22,11 +22,11 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
|
|
22
22
|
|
23
23
|
describe '#finish' do
|
24
24
|
it 'should respond in JSON' do
|
25
|
-
status,
|
25
|
+
status, headers, response = error.finish
|
26
26
|
status.should == 401
|
27
|
-
|
28
|
-
|
29
|
-
response.
|
27
|
+
headers['Content-Type'].should == 'application/json'
|
28
|
+
headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
|
29
|
+
response.should == ['{"error":"invalid_request"}']
|
30
30
|
end
|
31
31
|
end
|
32
32
|
end
|
@@ -74,4 +74,4 @@ describe Rack::OAuth2::Server::Token::ErrorMethods do
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
end
|
77
|
-
end
|
77
|
+
end
|
@@ -28,9 +28,9 @@ describe Rack::OAuth2::Server::Token do
|
|
28
28
|
)
|
29
29
|
end
|
30
30
|
it 'should fail with unsupported_grant_type' do
|
31
|
-
status,
|
31
|
+
status, headers, response = app.call(env)
|
32
32
|
status.should == 400
|
33
|
-
response.
|
33
|
+
response.first.should include '"error":"invalid_request"'
|
34
34
|
end
|
35
35
|
end
|
36
36
|
|
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
|
|
43
43
|
)
|
44
44
|
end
|
45
45
|
it 'should ignore duplicates' do
|
46
|
-
status,
|
46
|
+
status, headers, response = app.call(env)
|
47
47
|
status.should == 200
|
48
48
|
end
|
49
49
|
end
|
@@ -71,6 +71,60 @@ describe Rack::OAuth2::Server::Token do
|
|
71
71
|
end
|
72
72
|
end
|
73
73
|
|
74
|
+
context 'when client_id is given via JWT client assertion' do
|
75
|
+
before do
|
76
|
+
require 'json/jwt'
|
77
|
+
params[:client_assertion] = JSON::JWT.new(
|
78
|
+
sub: params[:client_id]
|
79
|
+
# NOTE: actual client_assertion should have more claims.
|
80
|
+
).sign('client_secret').to_s
|
81
|
+
params[:client_assertion_type] = Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER
|
82
|
+
params.delete(:client_id)
|
83
|
+
end
|
84
|
+
|
85
|
+
context 'when client_assertion is invalid JWT' do
|
86
|
+
before do
|
87
|
+
params[:client_assertion] = 'invalid-jwt'
|
88
|
+
end
|
89
|
+
its(:status) { should == 400 }
|
90
|
+
its(:content_type) { should == 'application/json' }
|
91
|
+
its(:body) { should include '"error":"invalid_request"' }
|
92
|
+
end
|
93
|
+
|
94
|
+
context 'when client_assertion_type is missing' do
|
95
|
+
before do
|
96
|
+
params.delete(:client_assertion_type)
|
97
|
+
end
|
98
|
+
its(:status) { should == 400 }
|
99
|
+
its(:content_type) { should == 'application/json' }
|
100
|
+
its(:body) { should include '"error":"invalid_request"' }
|
101
|
+
end
|
102
|
+
|
103
|
+
context 'when client_assertion_type is unknown' do
|
104
|
+
before do
|
105
|
+
params[:client_assertion_type] = 'unknown'
|
106
|
+
end
|
107
|
+
its(:status) { should == 400 }
|
108
|
+
its(:content_type) { should == 'application/json' }
|
109
|
+
its(:body) { should include '"error":"invalid_request"' }
|
110
|
+
end
|
111
|
+
|
112
|
+
context 'when client_assertion issuer is different from client_id' do
|
113
|
+
before do
|
114
|
+
params[:client_id] = 'another_client_id'
|
115
|
+
end
|
116
|
+
its(:status) { should == 400 }
|
117
|
+
its(:content_type) { should == 'application/json' }
|
118
|
+
its(:body) { should include '"error":"invalid_request"' }
|
119
|
+
end
|
120
|
+
|
121
|
+
context 'otherwise' do
|
122
|
+
its(:status) { should == 200 }
|
123
|
+
its(:content_type) { should == 'application/json' }
|
124
|
+
its(:body) { should include '"access_token":"access_token"' }
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
74
128
|
Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.each do |error, default_message|
|
75
129
|
status = if error == :invalid_client
|
76
130
|
401
|
@@ -87,7 +141,22 @@ describe Rack::OAuth2::Server::Token do
|
|
87
141
|
its(:content_type) { should == 'application/json' }
|
88
142
|
its(:body) { should include "\"error\":\"#{error}\"" }
|
89
143
|
its(:body) { should include "\"error_description\":\"#{default_message}\"" }
|
144
|
+
if error == :invalid_client
|
145
|
+
its(:headers) { should include 'WWW-Authenticate' }
|
146
|
+
end
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
context 'when skip_www_authenticate option is specified on invalid_client' do
|
151
|
+
let(:app) do
|
152
|
+
Rack::OAuth2::Server::Token.new do |request, response|
|
153
|
+
request.invalid_client!(
|
154
|
+
Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION[:invalid_client],
|
155
|
+
skip_www_authenticate: true
|
156
|
+
)
|
157
|
+
end
|
90
158
|
end
|
159
|
+
its(:headers) { should_not include 'WWW-Authenticate' }
|
91
160
|
end
|
92
161
|
|
93
162
|
context 'when responding' do
|
@@ -9,9 +9,14 @@ describe Rack::OAuth2::Util do
|
|
9
9
|
'http://client.example.com/callback'
|
10
10
|
end
|
11
11
|
|
12
|
-
describe '.
|
13
|
-
subject { util.
|
14
|
-
it { should == '%3D%2B
|
12
|
+
describe '.www_form_url_encode' do
|
13
|
+
subject { util.www_form_url_encode '=+ .-/' }
|
14
|
+
it { should == '%3D%2B+.-%2F' }
|
15
|
+
end
|
16
|
+
|
17
|
+
describe '.www_form_urldecode' do
|
18
|
+
subject { util.www_form_url_decode '%3D%2B+.-%2F' }
|
19
|
+
it { should == '=+ .-/' }
|
15
20
|
end
|
16
21
|
|
17
22
|
describe '.base64_encode' do
|
metadata
CHANGED
@@ -1,31 +1,45 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-10-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.1.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.1.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: faraday
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
18
32
|
- !ruby/object:Gem::Version
|
19
|
-
version: '2.
|
33
|
+
version: '2.0'
|
20
34
|
type: :runtime
|
21
35
|
prerelease: false
|
22
36
|
version_requirements: !ruby/object:Gem::Requirement
|
23
37
|
requirements:
|
24
|
-
- - "
|
38
|
+
- - "~>"
|
25
39
|
- !ruby/object:Gem::Version
|
26
|
-
version: '2.
|
40
|
+
version: '2.0'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
42
|
+
name: faraday-follow_redirects
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
30
44
|
requirements:
|
31
45
|
- - ">="
|
@@ -150,8 +164,21 @@ dependencies:
|
|
150
164
|
- - ">="
|
151
165
|
- !ruby/object:Gem::Version
|
152
166
|
version: '0'
|
153
|
-
|
154
|
-
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: rexml
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
181
|
+
description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
|
155
182
|
email: nov@matake.jp
|
156
183
|
executables: []
|
157
184
|
extensions: []
|
@@ -160,9 +187,11 @@ extra_rdoc_files:
|
|
160
187
|
- README.rdoc
|
161
188
|
files:
|
162
189
|
- ".document"
|
190
|
+
- ".github/FUNDING.yml"
|
191
|
+
- ".github/workflows/spec.yml"
|
163
192
|
- ".gitignore"
|
164
193
|
- ".rspec"
|
165
|
-
-
|
194
|
+
- CHANGELOG.md
|
166
195
|
- Gemfile
|
167
196
|
- LICENSE
|
168
197
|
- README.rdoc
|
@@ -172,11 +201,6 @@ files:
|
|
172
201
|
- lib/rack/oauth2/access_token.rb
|
173
202
|
- lib/rack/oauth2/access_token/authenticator.rb
|
174
203
|
- lib/rack/oauth2/access_token/bearer.rb
|
175
|
-
- lib/rack/oauth2/access_token/legacy.rb
|
176
|
-
- lib/rack/oauth2/access_token/mac.rb
|
177
|
-
- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
|
178
|
-
- lib/rack/oauth2/access_token/mac/signature.rb
|
179
|
-
- lib/rack/oauth2/access_token/mac/verifier.rb
|
180
204
|
- lib/rack/oauth2/access_token/mtls.rb
|
181
205
|
- lib/rack/oauth2/client.rb
|
182
206
|
- lib/rack/oauth2/client/error.rb
|
@@ -188,8 +212,6 @@ files:
|
|
188
212
|
- lib/rack/oauth2/client/grant/refresh_token.rb
|
189
213
|
- lib/rack/oauth2/client/grant/saml2_bearer.rb
|
190
214
|
- lib/rack/oauth2/client/grant/token_exchange.rb
|
191
|
-
- lib/rack/oauth2/debugger.rb
|
192
|
-
- lib/rack/oauth2/debugger/request_filter.rb
|
193
215
|
- lib/rack/oauth2/server.rb
|
194
216
|
- lib/rack/oauth2/server/abstract.rb
|
195
217
|
- lib/rack/oauth2/server/abstract/error.rb
|
@@ -212,8 +234,6 @@ files:
|
|
212
234
|
- lib/rack/oauth2/server/resource/bearer.rb
|
213
235
|
- lib/rack/oauth2/server/resource/bearer/error.rb
|
214
236
|
- lib/rack/oauth2/server/resource/error.rb
|
215
|
-
- lib/rack/oauth2/server/resource/mac.rb
|
216
|
-
- lib/rack/oauth2/server/resource/mac/error.rb
|
217
237
|
- lib/rack/oauth2/server/token.rb
|
218
238
|
- lib/rack/oauth2/server/token/authorization_code.rb
|
219
239
|
- lib/rack/oauth2/server/token/client_credentials.rb
|
@@ -229,23 +249,14 @@ files:
|
|
229
249
|
- rack-oauth2.gemspec
|
230
250
|
- spec/helpers/time.rb
|
231
251
|
- spec/helpers/webmock_helper.rb
|
232
|
-
- spec/mock_response/blank
|
252
|
+
- spec/mock_response/blank.txt
|
233
253
|
- spec/mock_response/errors/invalid_request.json
|
234
254
|
- spec/mock_response/resources/fake.txt
|
235
255
|
- spec/mock_response/tokens/_Bearer.json
|
236
256
|
- spec/mock_response/tokens/bearer.json
|
237
|
-
- spec/mock_response/tokens/legacy.json
|
238
|
-
- spec/mock_response/tokens/legacy.txt
|
239
|
-
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
240
|
-
- spec/mock_response/tokens/mac.json
|
241
257
|
- spec/mock_response/tokens/unknown.json
|
242
258
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
243
259
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
244
|
-
- spec/rack/oauth2/access_token/legacy_spec.rb
|
245
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
246
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
247
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
248
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
249
260
|
- spec/rack/oauth2/access_token_spec.rb
|
250
261
|
- spec/rack/oauth2/client/error_spec.rb
|
251
262
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -255,7 +266,6 @@ files:
|
|
255
266
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
256
267
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
257
268
|
- spec/rack/oauth2/client_spec.rb
|
258
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
259
269
|
- spec/rack/oauth2/oauth2_spec.rb
|
260
270
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
261
271
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -268,8 +278,6 @@ files:
|
|
268
278
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
269
279
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
270
280
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
271
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
272
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
273
281
|
- spec/rack/oauth2/server/resource_spec.rb
|
274
282
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
275
283
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
@@ -281,11 +289,11 @@ files:
|
|
281
289
|
- spec/rack/oauth2/server/token_spec.rb
|
282
290
|
- spec/rack/oauth2/util_spec.rb
|
283
291
|
- spec/spec_helper.rb
|
284
|
-
homepage:
|
292
|
+
homepage: https://github.com/nov/rack-oauth2
|
285
293
|
licenses:
|
286
294
|
- MIT
|
287
295
|
metadata: {}
|
288
|
-
post_install_message:
|
296
|
+
post_install_message:
|
289
297
|
rdoc_options:
|
290
298
|
- "--charset=UTF-8"
|
291
299
|
require_paths:
|
@@ -301,30 +309,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
301
309
|
- !ruby/object:Gem::Version
|
302
310
|
version: '0'
|
303
311
|
requirements: []
|
304
|
-
rubygems_version: 3.
|
305
|
-
signing_key:
|
312
|
+
rubygems_version: 3.3.7
|
313
|
+
signing_key:
|
306
314
|
specification_version: 4
|
307
|
-
summary: OAuth 2.0 Server & Client Library - Both Bearer
|
315
|
+
summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
|
308
316
|
test_files:
|
309
317
|
- spec/helpers/time.rb
|
310
318
|
- spec/helpers/webmock_helper.rb
|
311
|
-
- spec/mock_response/blank
|
319
|
+
- spec/mock_response/blank.txt
|
312
320
|
- spec/mock_response/errors/invalid_request.json
|
313
321
|
- spec/mock_response/resources/fake.txt
|
314
322
|
- spec/mock_response/tokens/_Bearer.json
|
315
323
|
- spec/mock_response/tokens/bearer.json
|
316
|
-
- spec/mock_response/tokens/legacy.json
|
317
|
-
- spec/mock_response/tokens/legacy.txt
|
318
|
-
- spec/mock_response/tokens/legacy_without_expires_in.txt
|
319
|
-
- spec/mock_response/tokens/mac.json
|
320
324
|
- spec/mock_response/tokens/unknown.json
|
321
325
|
- spec/rack/oauth2/access_token/authenticator_spec.rb
|
322
326
|
- spec/rack/oauth2/access_token/bearer_spec.rb
|
323
|
-
- spec/rack/oauth2/access_token/legacy_spec.rb
|
324
|
-
- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
|
325
|
-
- spec/rack/oauth2/access_token/mac/signature_spec.rb
|
326
|
-
- spec/rack/oauth2/access_token/mac/verifier_spec.rb
|
327
|
-
- spec/rack/oauth2/access_token/mac_spec.rb
|
328
327
|
- spec/rack/oauth2/access_token_spec.rb
|
329
328
|
- spec/rack/oauth2/client/error_spec.rb
|
330
329
|
- spec/rack/oauth2/client/grant/authorization_code_spec.rb
|
@@ -334,7 +333,6 @@ test_files:
|
|
334
333
|
- spec/rack/oauth2/client/grant/refresh_token_spec.rb
|
335
334
|
- spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
|
336
335
|
- spec/rack/oauth2/client_spec.rb
|
337
|
-
- spec/rack/oauth2/debugger/request_filter_spec.rb
|
338
336
|
- spec/rack/oauth2/oauth2_spec.rb
|
339
337
|
- spec/rack/oauth2/server/abstract/error_spec.rb
|
340
338
|
- spec/rack/oauth2/server/authorize/code_spec.rb
|
@@ -347,8 +345,6 @@ test_files:
|
|
347
345
|
- spec/rack/oauth2/server/resource/bearer/error_spec.rb
|
348
346
|
- spec/rack/oauth2/server/resource/bearer_spec.rb
|
349
347
|
- spec/rack/oauth2/server/resource/error_spec.rb
|
350
|
-
- spec/rack/oauth2/server/resource/mac/error_spec.rb
|
351
|
-
- spec/rack/oauth2/server/resource/mac_spec.rb
|
352
348
|
- spec/rack/oauth2/server/resource_spec.rb
|
353
349
|
- spec/rack/oauth2/server/token/authorization_code_spec.rb
|
354
350
|
- spec/rack/oauth2/server/token/client_credentials_spec.rb
|
data/.travis.yml
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class Legacy < AccessToken
|
5
|
-
def initialize(attributes = {})
|
6
|
-
super
|
7
|
-
self.expires_in = (
|
8
|
-
self.expires_in ||
|
9
|
-
attributes[:expires]
|
10
|
-
).try(:to_i)
|
11
|
-
end
|
12
|
-
|
13
|
-
def authenticate(request)
|
14
|
-
request.header["Authorization"] = "OAuth #{access_token}"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,17 +0,0 @@
|
|
1
|
-
module Rack
|
2
|
-
module OAuth2
|
3
|
-
class AccessToken
|
4
|
-
class MAC
|
5
|
-
class Sha256HexVerifier < Verifier
|
6
|
-
attr_optional :raw_body
|
7
|
-
|
8
|
-
def calculate
|
9
|
-
return nil unless raw_body.present?
|
10
|
-
|
11
|
-
OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|