rack-oauth2 1.20.0 → 1.21.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/rack/oauth2/client.rb +74 -23
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ea660f2b5d5093f50fc789662f642f06ab591bf544250fea42d78a9849215384
|
|
4
|
+
data.tar.gz: 1e5ae55d569b7206ce78315439f249b8a4fbf9d0f6c64381de52d9d71f1441e7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: dab28eaa8890caaecab687bf022e3ecef01388c06ba10af2afb78e61db87f16c8a5b84935fbac2c0b83be08a092ebf981c8efca19c3f5c322c5bb17926127b20
|
|
7
|
+
data.tar.gz: 231a74d20f2a5635255686c58451b1045fabbb072c6fb971d8a39149444d68a6e48a06fdf87146632fbcd815b988c6bff1a5802f8499b3f8e580756a95fecaf2
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.21.0
|
data/lib/rack/oauth2/client.rb
CHANGED
|
@@ -69,7 +69,65 @@ module Rack
|
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
def access_token!(*args)
|
|
72
|
-
headers, params =
|
|
72
|
+
headers, params, http_client, options = authenticated_context_from(*args)
|
|
73
|
+
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
|
74
|
+
params.merge! @grant.as_json
|
|
75
|
+
params.merge! options
|
|
76
|
+
handle_response do
|
|
77
|
+
http_client.post(
|
|
78
|
+
absolute_uri_for(token_endpoint),
|
|
79
|
+
Util.compact_hash(params),
|
|
80
|
+
headers
|
|
81
|
+
)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def revoke!(*args)
|
|
86
|
+
headers, params, http_client, options = authenticated_context_from(*args)
|
|
87
|
+
|
|
88
|
+
params.merge! case
|
|
89
|
+
when access_token = options.delete(:access_token)
|
|
90
|
+
{
|
|
91
|
+
token: access_token,
|
|
92
|
+
token_type_hint: :access_token
|
|
93
|
+
}
|
|
94
|
+
when refresh_token = options.delete(:refresh_token)
|
|
95
|
+
{
|
|
96
|
+
token: refresh_token,
|
|
97
|
+
token_type_hint: :refresh_token
|
|
98
|
+
}
|
|
99
|
+
when @grant.is_a?(Grant::RefreshToken)
|
|
100
|
+
{
|
|
101
|
+
token: @grant.refresh_token,
|
|
102
|
+
token_type_hint: :refresh_token
|
|
103
|
+
}
|
|
104
|
+
when options[:token].blank?
|
|
105
|
+
raise AttrRequired::AttrMissing, 'One of "token", "access_token" and "refresh_token" is required'
|
|
106
|
+
end
|
|
107
|
+
params.merge! options
|
|
108
|
+
|
|
109
|
+
handle_revocation_response do
|
|
110
|
+
http_client.post(
|
|
111
|
+
absolute_uri_for(revocation_endpoint),
|
|
112
|
+
Util.compact_hash(params),
|
|
113
|
+
headers
|
|
114
|
+
)
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
private
|
|
119
|
+
|
|
120
|
+
def absolute_uri_for(endpoint)
|
|
121
|
+
_endpoint_ = Util.parse_uri endpoint
|
|
122
|
+
_endpoint_.scheme ||= self.scheme || 'https'
|
|
123
|
+
_endpoint_.host ||= self.host
|
|
124
|
+
_endpoint_.port ||= self.port
|
|
125
|
+
raise 'No Host Info' unless _endpoint_.host
|
|
126
|
+
_endpoint_.to_s
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
def authenticated_context_from(*args)
|
|
130
|
+
headers, params = {}, {}
|
|
73
131
|
http_client = Rack::OAuth2.http_client
|
|
74
132
|
|
|
75
133
|
# NOTE:
|
|
@@ -78,9 +136,6 @@ module Rack
|
|
|
78
136
|
options = args.extract_options!
|
|
79
137
|
client_auth_method = args.first || options.delete(:client_auth_method).try(:to_sym) || :basic
|
|
80
138
|
|
|
81
|
-
params[:scope] = Array(options.delete(:scope)).join(' ') if options[:scope].present?
|
|
82
|
-
params.merge! options
|
|
83
|
-
|
|
84
139
|
case client_auth_method
|
|
85
140
|
when :basic
|
|
86
141
|
cred = Base64.strict_encode64 [
|
|
@@ -100,9 +155,11 @@ module Rack
|
|
|
100
155
|
client_assertion_type: URN::ClientAssertionType::JWT_BEARER
|
|
101
156
|
)
|
|
102
157
|
# NOTE: optionally auto-generate client_assertion.
|
|
103
|
-
if
|
|
158
|
+
params[:client_assertion] = if options[:client_assertion].present?
|
|
159
|
+
options.delete(:client_assertion)
|
|
160
|
+
else
|
|
104
161
|
require 'json/jwt'
|
|
105
|
-
|
|
162
|
+
JSON::JWT.new(
|
|
106
163
|
iss: identifier,
|
|
107
164
|
sub: identifier,
|
|
108
165
|
aud: absolute_uri_for(token_endpoint),
|
|
@@ -127,24 +184,8 @@ module Rack
|
|
|
127
184
|
client_secret: secret
|
|
128
185
|
)
|
|
129
186
|
end
|
|
130
|
-
handle_response do
|
|
131
|
-
http_client.post(
|
|
132
|
-
absolute_uri_for(token_endpoint),
|
|
133
|
-
Util.compact_hash(params),
|
|
134
|
-
headers
|
|
135
|
-
)
|
|
136
|
-
end
|
|
137
|
-
end
|
|
138
|
-
|
|
139
|
-
private
|
|
140
187
|
|
|
141
|
-
|
|
142
|
-
_endpoint_ = Util.parse_uri endpoint
|
|
143
|
-
_endpoint_.scheme ||= self.scheme || 'https'
|
|
144
|
-
_endpoint_.host ||= self.host
|
|
145
|
-
_endpoint_.port ||= self.port
|
|
146
|
-
raise 'No Host Info' unless _endpoint_.host
|
|
147
|
-
_endpoint_.to_s
|
|
188
|
+
[headers, params, http_client, options]
|
|
148
189
|
end
|
|
149
190
|
|
|
150
191
|
def handle_response
|
|
@@ -157,6 +198,16 @@ module Rack
|
|
|
157
198
|
end
|
|
158
199
|
end
|
|
159
200
|
|
|
201
|
+
def handle_revocation_response
|
|
202
|
+
response = yield
|
|
203
|
+
case response.status
|
|
204
|
+
when 200..201
|
|
205
|
+
:success
|
|
206
|
+
else
|
|
207
|
+
handle_error_response handle_error_response
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
|
|
160
211
|
def handle_success_response(response)
|
|
161
212
|
token_hash = JSON.parse(response.body).with_indifferent_access
|
|
162
213
|
case (@forced_token_type || token_hash[:token_type]).try(:downcase)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rack-oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.21.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov matake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-07-
|
|
11
|
+
date: 2022-07-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack
|