rack-oauth2 1.13.0 → 1.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.rdoc +0 -6
- data/VERSION +1 -1
- data/lib/rack/oauth2/client.rb +6 -3
- data/lib/rack/oauth2/urn.rb +3 -3
- data/lib/rack/oauth2/util.rb +4 -0
- data/spec/rack/oauth2/client_spec.rb +22 -2
- data/spec/rack/oauth2/util_spec.rb +5 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '088da2d085846ab34b5eff33247abacd16b94041fd9cf2f4cf89a70e955318b9'
|
|
4
|
+
data.tar.gz: e7799db50a8441912d39ff193e2531ff0f5400ac4a2d6b8e3bce6121193ff9a7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b8418d25dcd7acbaecc740e44fa67dc36dd63399be872151b3df0118359298ff73c855c566af0353409da0cba0e96c3c779dabfc92f0140e47321e987c84370e
|
|
7
|
+
data.tar.gz: 4969ef8fdf1b4dd67ad8f8aa18591d0a0a353718f817a662a27af4e34a13dc7d4cc2e09a2bd345fb2736b502bcc38a9dcebc7681efb60d6123f16cfe3440dcaa
|
data/README.rdoc
CHANGED
|
@@ -28,17 +28,11 @@ http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01
|
|
|
28
28
|
|
|
29
29
|
=== Bearer
|
|
30
30
|
|
|
31
|
-
Running on Heroku
|
|
32
|
-
https://rack-oauth2-sample.heroku.com
|
|
33
|
-
|
|
34
31
|
Source on GitHub
|
|
35
32
|
https://github.com/nov/rack-oauth2-sample
|
|
36
33
|
|
|
37
34
|
=== MAC
|
|
38
35
|
|
|
39
|
-
Running on Heroku
|
|
40
|
-
https://rack-oauth2-sample-mac.heroku.com
|
|
41
|
-
|
|
42
36
|
Source on GitHub
|
|
43
37
|
https://github.com/nov/rack-oauth2-sample-mac
|
|
44
38
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.14.0
|
data/lib/rack/oauth2/client.rb
CHANGED
|
@@ -73,17 +73,20 @@ module Rack
|
|
|
73
73
|
http_client = Rack::OAuth2.http_client
|
|
74
74
|
|
|
75
75
|
# NOTE:
|
|
76
|
-
# Using Array#
|
|
76
|
+
# Using Array#extract_options! for backward compatibility.
|
|
77
77
|
# Until v1.0.5, the first argument was 'client_auth_method' in scalar.
|
|
78
78
|
options = args.extract_options!
|
|
79
|
-
client_auth_method = args.first || options.delete(:client_auth_method) || :basic
|
|
79
|
+
client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
|
|
80
80
|
|
|
81
81
|
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
|
82
82
|
params.merge! options
|
|
83
83
|
|
|
84
84
|
case client_auth_method
|
|
85
85
|
when :basic
|
|
86
|
-
cred =
|
|
86
|
+
cred = Base64.strict_encode64 [
|
|
87
|
+
Util.www_form_urlencode(identifier),
|
|
88
|
+
Util.www_form_urlencode(secret)
|
|
89
|
+
].join(':')
|
|
87
90
|
headers.merge!(
|
|
88
91
|
'Authorization' => "Basic #{cred}"
|
|
89
92
|
)
|
data/lib/rack/oauth2/urn.rb
CHANGED
|
@@ -3,14 +3,14 @@ module Rack
|
|
|
3
3
|
module URN
|
|
4
4
|
module TokenType
|
|
5
5
|
JWT = 'urn:ietf:params:oauth:token-type:jwt' # RFC7519
|
|
6
|
-
ACCESS_TOKEN = 'urn:ietf:params:oauth:token-type:
|
|
7
|
-
REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:
|
|
6
|
+
ACCESS_TOKEN = 'urn:ietf:params:oauth:token-type:access_token' # RFC8693
|
|
7
|
+
REFRESH_TOKEN = 'urn:ietf:params:oauth:token-type:refresh_token' # RFC8693
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
module GrantType
|
|
11
11
|
JWT_BEARER = 'urn:ietf:params:oauth:grant-type:jwt-bearer' # RFC7523
|
|
12
12
|
SAML2_BEARER = 'urn:ietf:params:oauth:grant-type:saml2-bearer' # RFC7522
|
|
13
|
-
TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' #
|
|
13
|
+
TOKEN_EXCHANGE = 'urn:ietf:params:oauth:grant-type:token-exchange' # RFC8693
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
module ClientAssertionType
|
data/lib/rack/oauth2/util.rb
CHANGED
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
require 'spec_helper.rb'
|
|
2
2
|
|
|
3
3
|
describe Rack::OAuth2::Client do
|
|
4
|
+
let(:client_id) { 'client_id' }
|
|
5
|
+
let(:client_secret) { 'client_secret' }
|
|
4
6
|
let :client do
|
|
5
7
|
Rack::OAuth2::Client.new(
|
|
6
|
-
identifier:
|
|
7
|
-
secret:
|
|
8
|
+
identifier: client_id,
|
|
9
|
+
secret: client_secret,
|
|
8
10
|
host: 'server.example.com',
|
|
9
11
|
redirect_uri: 'https://client.example.com/callback'
|
|
10
12
|
)
|
|
@@ -97,6 +99,24 @@ describe Rack::OAuth2::Client do
|
|
|
97
99
|
client.access_token!
|
|
98
100
|
end
|
|
99
101
|
|
|
102
|
+
context 'when Basic auth method is used' do
|
|
103
|
+
context 'when client_id is a url' do
|
|
104
|
+
let(:client_id) { 'https://client.example.com'}
|
|
105
|
+
|
|
106
|
+
it 'should be encoded in "application/x-www-form-urlencoded"' do
|
|
107
|
+
mock_response(
|
|
108
|
+
:post,
|
|
109
|
+
'https://server.example.com/oauth2/token',
|
|
110
|
+
'tokens/bearer.json',
|
|
111
|
+
request_header: {
|
|
112
|
+
'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
|
|
113
|
+
}
|
|
114
|
+
)
|
|
115
|
+
client.access_token!
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
100
120
|
context 'when jwt_bearer auth method specified' do
|
|
101
121
|
context 'when client_secret is given' do
|
|
102
122
|
it 'should be JWT bearer client assertion w/ auto-generated HS256-signed JWT assertion' do
|
|
@@ -14,6 +14,11 @@ describe Rack::OAuth2::Util do
|
|
|
14
14
|
it { should == '%3D%2B%20.-%2F' }
|
|
15
15
|
end
|
|
16
16
|
|
|
17
|
+
describe '.www_form_urlencode' do
|
|
18
|
+
subject { util.www_form_urlencode '=+ .-/' }
|
|
19
|
+
it { should == '%3D%2B+.-%2F' }
|
|
20
|
+
end
|
|
21
|
+
|
|
17
22
|
describe '.base64_encode' do
|
|
18
23
|
subject { util.base64_encode '=+ .-/' }
|
|
19
24
|
it { should == 'PSsgLi0v' }
|