rack-oauth2 1.19.0 → 1.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.travis.yml +1 -1
- data/VERSION +1 -1
- data/lib/rack/oauth2/client.rb +75 -24
- data/rack-oauth2.gemspec +2 -1
- data/spec/rack/oauth2/client_spec.rb +3 -1
- metadata +19 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ea660f2b5d5093f50fc789662f642f06ab591bf544250fea42d78a9849215384
|
4
|
+
data.tar.gz: 1e5ae55d569b7206ce78315439f249b8a4fbf9d0f6c64381de52d9d71f1441e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dab28eaa8890caaecab687bf022e3ecef01388c06ba10af2afb78e61db87f16c8a5b84935fbac2c0b83be08a092ebf981c8efca19c3f5c322c5bb17926127b20
|
7
|
+
data.tar.gz: 231a74d20f2a5635255686c58451b1045fabbb072c6fb971d8a39149444d68a6e48a06fdf87146632fbcd815b988c6bff1a5802f8499b3f8e580756a95fecaf2
|
data/.github/FUNDING.yml
ADDED
data/.travis.yml
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.21.0
|
data/lib/rack/oauth2/client.rb
CHANGED
@@ -3,7 +3,7 @@ module Rack
|
|
3
3
|
class Client
|
4
4
|
include AttrRequired, AttrOptional
|
5
5
|
attr_required :identifier
|
6
|
-
attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint
|
6
|
+
attr_optional :secret, :private_key, :certificate, :redirect_uri, :scheme, :host, :port, :authorization_endpoint, :token_endpoint, :revocation_endpoint
|
7
7
|
|
8
8
|
def initialize(attributes = {})
|
9
9
|
(required_attributes + optional_attributes).each do |key|
|
@@ -69,7 +69,65 @@ module Rack
|
|
69
69
|
end
|
70
70
|
|
71
71
|
def access_token!(*args)
|
72
|
-
headers, params =
|
72
|
+
headers, params, http_client, options = authenticated_context_from(*args)
|
73
|
+
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
74
|
+
params.merge! @grant.as_json
|
75
|
+
params.merge! options
|
76
|
+
handle_response do
|
77
|
+
http_client.post(
|
78
|
+
absolute_uri_for(token_endpoint),
|
79
|
+
Util.compact_hash(params),
|
80
|
+
headers
|
81
|
+
)
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
def revoke!(*args)
|
86
|
+
headers, params, http_client, options = authenticated_context_from(*args)
|
87
|
+
|
88
|
+
params.merge! case
|
89
|
+
when access_token = options.delete(:access_token)
|
90
|
+
{
|
91
|
+
token: access_token,
|
92
|
+
token_type_hint: :access_token
|
93
|
+
}
|
94
|
+
when refresh_token = options.delete(:refresh_token)
|
95
|
+
{
|
96
|
+
token: refresh_token,
|
97
|
+
token_type_hint: :refresh_token
|
98
|
+
}
|
99
|
+
when @grant.is_a?(Grant::RefreshToken)
|
100
|
+
{
|
101
|
+
token: @grant.refresh_token,
|
102
|
+
token_type_hint: :refresh_token
|
103
|
+
}
|
104
|
+
when options[:token].blank?
|
105
|
+
raise AttrRequired::AttrMissing, 'One of "token", "access_token" and "refresh_token" is required'
|
106
|
+
end
|
107
|
+
params.merge! options
|
108
|
+
|
109
|
+
handle_revocation_response do
|
110
|
+
http_client.post(
|
111
|
+
absolute_uri_for(revocation_endpoint),
|
112
|
+
Util.compact_hash(params),
|
113
|
+
headers
|
114
|
+
)
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
private
|
119
|
+
|
120
|
+
def absolute_uri_for(endpoint)
|
121
|
+
_endpoint_ = Util.parse_uri endpoint
|
122
|
+
_endpoint_.scheme ||= self.scheme || 'https'
|
123
|
+
_endpoint_.host ||= self.host
|
124
|
+
_endpoint_.port ||= self.port
|
125
|
+
raise 'No Host Info' unless _endpoint_.host
|
126
|
+
_endpoint_.to_s
|
127
|
+
end
|
128
|
+
|
129
|
+
def authenticated_context_from(*args)
|
130
|
+
headers, params = {}, {}
|
73
131
|
http_client = Rack::OAuth2.http_client
|
74
132
|
|
75
133
|
# NOTE:
|
@@ -78,9 +136,6 @@ module Rack
|
|
78
136
|
options = args.extract_options!
|
79
137
|
client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
|
80
138
|
|
81
|
-
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
82
|
-
params.merge! options
|
83
|
-
|
84
139
|
case client_auth_method
|
85
140
|
when :basic
|
86
141
|
cred = Base64.strict_encode64 [
|
@@ -100,9 +155,11 @@ module Rack
|
|
100
155
|
client_assertion_type: URN::ClientAssertionType::JWT_BEARER
|
101
156
|
)
|
102
157
|
# NOTE: optionally auto-generate client_assertion.
|
103
|
-
if
|
158
|
+
params[:client_assertion] = if options[:client_assertion].present?
|
159
|
+
options.delete(:client_assertion)
|
160
|
+
else
|
104
161
|
require 'json/jwt'
|
105
|
-
|
162
|
+
JSON::JWT.new(
|
106
163
|
iss: identifier,
|
107
164
|
sub: identifier,
|
108
165
|
aud: absolute_uri_for(token_endpoint),
|
@@ -127,24 +184,8 @@ module Rack
|
|
127
184
|
client_secret: secret
|
128
185
|
)
|
129
186
|
end
|
130
|
-
handle_response do
|
131
|
-
http_client.post(
|
132
|
-
absolute_uri_for(token_endpoint),
|
133
|
-
Util.compact_hash(params),
|
134
|
-
headers
|
135
|
-
)
|
136
|
-
end
|
137
|
-
end
|
138
|
-
|
139
|
-
private
|
140
187
|
|
141
|
-
|
142
|
-
_endpoint_ = Util.parse_uri endpoint
|
143
|
-
_endpoint_.scheme ||= self.scheme || 'https'
|
144
|
-
_endpoint_.host ||= self.host
|
145
|
-
_endpoint_.port ||= self.port
|
146
|
-
raise 'No Host Info' unless _endpoint_.host
|
147
|
-
_endpoint_.to_s
|
188
|
+
[headers, params, http_client, options]
|
148
189
|
end
|
149
190
|
|
150
191
|
def handle_response
|
@@ -157,6 +198,16 @@ module Rack
|
|
157
198
|
end
|
158
199
|
end
|
159
200
|
|
201
|
+
def handle_revocation_response
|
202
|
+
response = yield
|
203
|
+
case response.status
|
204
|
+
when 200..201
|
205
|
+
:success
|
206
|
+
else
|
207
|
+
handle_error_response handle_error_response
|
208
|
+
end
|
209
|
+
end
|
210
|
+
|
160
211
|
def handle_success_response(response)
|
161
212
|
token_hash = JSON.parse(response.body).with_indifferent_access
|
162
213
|
case (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
data/rack-oauth2.gemspec
CHANGED
@@ -7,7 +7,7 @@ Gem::Specification.new do |s|
|
|
7
7
|
s.email = 'nov@matake.jp'
|
8
8
|
s.extra_rdoc_files = ['LICENSE', 'README.rdoc']
|
9
9
|
s.rdoc_options = ['--charset=UTF-8']
|
10
|
-
s.homepage = '
|
10
|
+
s.homepage = 'https://github.com/nov/rack-oauth2'
|
11
11
|
s.license = 'MIT'
|
12
12
|
s.require_paths = ['lib']
|
13
13
|
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
@@ -23,4 +23,5 @@ Gem::Specification.new do |s|
|
|
23
23
|
s.add_development_dependency 'rspec'
|
24
24
|
s.add_development_dependency 'rspec-its'
|
25
25
|
s.add_development_dependency 'webmock'
|
26
|
+
s.add_development_dependency 'rexml'
|
26
27
|
end
|
@@ -8,7 +8,8 @@ describe Rack::OAuth2::Client do
|
|
8
8
|
identifier: client_id,
|
9
9
|
secret: client_secret,
|
10
10
|
host: 'server.example.com',
|
11
|
-
redirect_uri: 'https://client.example.com/callback'
|
11
|
+
redirect_uri: 'https://client.example.com/callback',
|
12
|
+
revocation_endpoint: '/oauth2/revoke'
|
12
13
|
)
|
13
14
|
end
|
14
15
|
subject { client }
|
@@ -17,6 +18,7 @@ describe Rack::OAuth2::Client do
|
|
17
18
|
its(:secret) { should == 'client_secret' }
|
18
19
|
its(:authorization_endpoint) { should == '/oauth2/authorize' }
|
19
20
|
its(:token_endpoint) { should == '/oauth2/token' }
|
21
|
+
its(:revocation_endpoint) { should == '/oauth2/revoke' }
|
20
22
|
|
21
23
|
context 'when identifier is missing' do
|
22
24
|
it do
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rack-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.21.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-07-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rack
|
@@ -150,6 +150,20 @@ dependencies:
|
|
150
150
|
- - ">="
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: '0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rexml
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
153
167
|
description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
|
154
168
|
supported.
|
155
169
|
email: nov@matake.jp
|
@@ -160,6 +174,7 @@ extra_rdoc_files:
|
|
160
174
|
- README.rdoc
|
161
175
|
files:
|
162
176
|
- ".document"
|
177
|
+
- ".github/FUNDING.yml"
|
163
178
|
- ".gitignore"
|
164
179
|
- ".rspec"
|
165
180
|
- ".travis.yml"
|
@@ -281,7 +296,7 @@ files:
|
|
281
296
|
- spec/rack/oauth2/server/token_spec.rb
|
282
297
|
- spec/rack/oauth2/util_spec.rb
|
283
298
|
- spec/spec_helper.rb
|
284
|
-
homepage:
|
299
|
+
homepage: https://github.com/nov/rack-oauth2
|
285
300
|
licenses:
|
286
301
|
- MIT
|
287
302
|
metadata: {}
|
@@ -301,7 +316,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
301
316
|
- !ruby/object:Gem::Version
|
302
317
|
version: '0'
|
303
318
|
requirements: []
|
304
|
-
rubygems_version: 3.1.
|
319
|
+
rubygems_version: 3.1.6
|
305
320
|
signing_key:
|
306
321
|
specification_version: 4
|
307
322
|
summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
|