rack-openid2 2.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6e20d1ffad12ca51d18f244bad5932c7eb45e1e3dc2f26d07f6ac3446d6d1fad
+  data.tar.gz: 26ec20ac08847c203293a9d545ac8c7673ff219a8432e4537bac25e763cbea21
+SHA512:
+  metadata.gz: 53cba4e65ce7d4ffc3a6bf7da94088417df3789464cbe65a28e22432bba7d0fedac7d2156aaee4764672ec5ec0086c2df45ab2fc6e07c187f40407f31a5bf066
+  data.tar.gz: a37b8bf96acda455f479dc0f5d9fbd8aadff4fdee2982b63c9c136c09110a10e8df2afac8179adf1b2c4964f12d8e00983eabaa8c8cef67d35d2172edb89450a

data/LICENSE.txt

@@ -0,0 +1,21 @@
+Copyright (c) 2010 Joshua Peek
+Copyright (c) 2024 Peter Boling
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,137 @@
+# Rack::OpenID
+
+<div id="badges">
+
+[![CI Supported Build][🚎s-wfi]][🚎s-wf]
+[![CI Unsupported Build][🚎us-wfi]][🚎us-wf]
+[![CI Style Build][🚎st-wfi]][🚎st-wf]
+[![CI Coverage Build][🚎cov-wfi]][🚎cov-wf]
+[![CI Heads Build][🚎hd-wfi]][🚎hd-wf]
+
+[🚎s-wf]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/supported.yml
+[🚎s-wfi]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/supported.yml/badge.svg
+[🚎us-wf]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/unsupported.yml
+[🚎us-wfi]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/unsupported.yml/badge.svg
+[🚎st-wf]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/style.yml
+[🚎st-wfi]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/style.yml/badge.svg
+[🚎cov-wf]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/coverage.yml
+[🚎cov-wfi]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/coverage.yml/badge.svg
+[🚎hd-wf]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/heads.yml
+[🚎hd-wfi]: https://github.com/VitalConnectInc/rack-openid2/actions/workflows/heads.yml/badge.svg
+
+</div>
+
+Provides a more HTTPish API around the ruby-openid library.
+
+## Usage
+
+You trigger an OpenID request similar to HTTP authentication. From your app, return a "401 Unauthorized" and a "WWW-Authenticate" header with the identifier you would like to validate.
+
+On competition, the OpenID response is automatically verified and assigned to `env["rack.openid.response"]`.
+
+### Rack Example
+
+```Ruby
+MyApp = lambda do |env|
+  if resp = env["rack.openid.response"]
+    case resp.status
+    when :success
+      ...
+    when :failure
+      ...
+    else
+      [401, {"WWW-Authenticate" => 'OpenID identifier="http://example.com/"'}, []]
+    end
+  end
+end
+
+use Rack::OpenID
+run MyApp
+```
+
+### Sinatra Example
+
+```Ruby
+# Session needs to be before Rack::OpenID
+use Rack::Session::Cookie
+
+require 'rack/openid'
+use Rack::OpenID
+
+get '/login' do
+  erb :login
+end
+
+post '/login' do
+  if resp = request.env["rack.openid.response"]
+    if resp.status == :success
+      "Welcome: #{resp.display_identifier}"
+    else
+      "Error: #{resp.status}"
+    end
+  else
+    headers 'WWW-Authenticate' => Rack::OpenID.build_header(
+      :identifier => params["openid_identifier"]
+    )
+    throw :halt, [401, 'got openid?']
+  end
+end
+
+enable :inline_templates
+
+__END__
+
+@@ login
+<form action="/login" method="post">
+  <p>
+    <label for="openid_identifier">OpenID:</label>
+    <input id="openid_identifier" name="openid_identifier" type="text" />
+  </p>
+
+  <p>
+    <input name="commit" type="submit" value="Sign in" />
+  </p>
+</form>
+```
+
+## TODO
+
+- 1 failing test (skipped)
+- rewrite tests with minitest/spec
+
+## 🌈 Contributors
+
+Current maintainer(s):
+
+- [Peter Boling](https://github.com/pboling)
+
+Special thanks to:
+- [Joshua Peek](https://github.com/josh) author of original `rack-openid`
+- [Michael Grosser](http://grosser.it) maintainer of original `rack-openid`
+
+and contributors to original `rack-openid`:
+- [Kenny Buckler](https://github.com/kbuckler)
+- [Mike Dillon](https://github.com/md5)
+- [Richard Wilson](https://github.com/Senjai)
+
+[![Contributors][🖐contributors-img]][🖐contributors]
+
+Made with [contributors-img][🖐contrib-rocks].
+
+[🖐contrib-rocks]: https://contrib.rocks
+[🖐contributors]: https://github.com/VitalConnectInc/rack-openid2/graphs/contributors
+[🖐contributors-img]: https://contrib.rocks/image?repo=VitalConnectInc/rack-openid2
+
+## 📄 License
+
+The gem is available as open source under the terms of
+the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
+
+See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
+
+[comment]: <> ( 📄 LEGAL LINKS )
+
+[📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
+[📄license]: LICENSE.txt
+[📄license-ref]: https://opensource.org/licenses/MIT
+[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg

data/lib/rack/openid/simple_auth.rb

@@ -0,0 +1,80 @@
+require "rack/openid"
+require "rack/request"
+
+module Rack
+  class OpenID
+    # A simple OpenID middleware that restricts access to
+    # a single identifier.
+    #
+    #   use Rack::OpenID::SimpleAuth, "http://example.org"
+    #
+    # SimpleAuth will automatically insert the required Rack::OpenID
+    # middleware, so use Rack::OpenID is unnecessary.
+    class SimpleAuth
+      class << self
+        def new(*args)
+          Rack::OpenID.new(super)
+        end
+      end
+
+      attr_reader :app, :identifier
+
+      def initialize(app, identifier)
+        @app = app
+        @identifier = identifier
+      end
+
+      def call(env)
+        if session_authenticated?(env)
+          app.call(env)
+        elsif successful_response?(env)
+          authenticate_session(env)
+          redirect_to(requested_url(env))
+        else
+          authentication_request
+        end
+      end
+
+      private
+
+      def session(env)
+        env["rack.session"] || raise_session_error
+      end
+
+      def raise_session_error
+        raise "Rack::OpenID::SimpleAuth requires a session"
+      end
+
+      def session_authenticated?(env)
+        session(env)["authenticated"] == true
+      end
+
+      def authenticate_session(env)
+        session(env)["authenticated"] = true
+      end
+
+      def successful_response?(env)
+        if (resp = env[OpenID::RESPONSE])
+          resp.status == :success && resp.display_identifier == identifier
+        end
+      end
+
+      def requested_url(env)
+        req = Rack::Request.new(env)
+        req.url
+      end
+
+      def redirect_to(url)
+        [303, {"Content-Type" => "text/html", "Location" => url}, []]
+      end
+
+      def authentication_request
+        [401, {OpenID::AUTHENTICATE_HEADER => www_authenticate_header}, []]
+      end
+
+      def www_authenticate_header
+        OpenID.build_header(identifier: identifier)
+      end
+    end
+  end
+end

data/lib/rack/openid/version.rb

@@ -0,0 +1,7 @@
+module Rack
+  class OpenID
+    module Version
+      VERSION = "2.0.0"
+    end
+  end
+end

data/lib/rack/openid.rb

@@ -0,0 +1,319 @@
+# External Libraries
+require "version_gem"
+require "rack/request"
+require "rack/utils"
+# Require ruby-openid2 and some of its extensions
+require "openid"
+require "openid/consumer"
+require "openid/extensions/sreg"
+require "openid/extensions/ax"
+require "openid/extensions/oauth"
+require "openid/extensions/pape"
+
+# This gem
+require_relative "openid/version"
+
+module Rack
+  # A Rack middleware that provides a more HTTPish API around the
+  # ruby-openid library.
+  #
+  # You trigger an OpenID request similar to HTTP authentication.
+  # From your app, return a "401 Unauthorized" and a "WWW-Authenticate"
+  # header with the identifier you would like to validate.
+  #
+  # On competition, the OpenID response is automatically verified and
+  # assigned to env["rack.openid.response"].
+  class OpenID
+    class << self
+      # Helper method for building the "WWW-Authenticate" header value.
+      #
+      #   Rack::OpenID.build_header(:identifier => "http://josh.openid.com/")
+      #     #=> OpenID identifier="http://josh.openid.com/"
+      def build_header(params = {})
+        "OpenID " + params.map { |key, value|
+          if value.is_a?(Array)
+            "#{key}=\"#{value.join(",")}\""
+          else
+            "#{key}=\"#{value}\""
+          end
+        }.join(", ")
+      end
+
+      # Helper method for parsing "WWW-Authenticate" header values into
+      # a hash.
+      #
+      #   Rack::OpenID.parse_header("OpenID identifier='http://josh.openid.com/'")
+      #     #=> {:identifier => "http://josh.openid.com/"}
+      def parse_header(str)
+        params = {}
+        if AUTHENTICATE_REGEXP.match?(str)
+          str = str.gsub(/#{AUTHENTICATE_REGEXP}\s+/o, "")
+          str.split(", ").each { |pair|
+            key, *value = pair.split("=")
+            value = value.join("=")
+            value.gsub!(/^\"/, "").gsub!(/\"$/, "")
+            value = value.split(",")
+            params[key] = (value.length > 1) ? value : value.first
+          }
+        end
+        params
+      end
+    end
+
+    class TimeoutResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :failure
+    end
+
+    class MissingResponse
+      include ::OpenID::Consumer::Response
+      STATUS = :missing
+    end
+
+    HTTP_METHODS = %w(GET HEAD PUT POST DELETE OPTIONS)
+
+    RESPONSE = "rack.openid.response"
+    AUTHENTICATE_HEADER = "WWW-Authenticate"
+    AUTHENTICATE_REGEXP = /^OpenID/
+
+    URL_FIELD_SELECTOR = lambda { |field| field.to_s =~ %r{^https?://} }
+
+    # Initialize middleware with application and optional OpenID::Store.
+    # If no store is given, OpenID::Store::Memory is used.
+    #
+    #   use Rack::OpenID
+    #
+    # or
+    #
+    #   use Rack::OpenID, OpenID::Store::Memcache.new
+    def initialize(app, store = nil)
+      @app = app
+      @store = store || default_store
+    end
+
+    # Standard Rack +call+ dispatch that accepts an +env+ and
+    # returns a [status, header, body] response.
+    def call(env)
+      req = Rack::Request.new(env)
+
+      sanitize_params!(req.params)
+
+      if req.params["openid.mode"]
+        complete_authentication(env)
+      end
+
+      status, headers, body = @app.call(env)
+
+      qs = headers[AUTHENTICATE_HEADER]
+      if status.to_i == 401 && qs && qs.match(AUTHENTICATE_REGEXP)
+        begin_authentication(env, qs)
+      else
+        [status, headers, body]
+      end
+    end
+
+    private
+
+    def sanitize_params!(params)
+      ["openid.sig", "openid.response_nonce"].each do |param|
+        (params[param] || "").tr!(" ", "+")
+      end
+    end
+
+    def begin_authentication(env, qs)
+      req = Rack::Request.new(env)
+      params = self.class.parse_header(qs)
+      session = env["rack.session"]
+
+      unless session
+        raise "Rack::OpenID requires a session"
+      end
+
+      consumer = ::OpenID::Consumer.new(session, @store)
+      identifier = params["identifier"] || params["identity"]
+
+      begin
+        oidreq = consumer.begin(identifier)
+        add_simple_registration_fields(oidreq, params)
+        add_attribute_exchange_fields(oidreq, params)
+        add_oauth_fields(oidreq, params)
+        add_pape_fields(oidreq, params)
+
+        url = open_id_redirect_url(req, oidreq, params)
+        redirect_to(url)
+      rescue ::OpenID::OpenIDError, ::Timeout::Error
+        env[RESPONSE] = MissingResponse.new
+        @app.call(env)
+      end
+    end
+
+    def complete_authentication(env)
+      req = Rack::Request.new(env)
+      session = env["rack.session"]
+
+      unless session
+        raise "Rack::OpenID requires a session"
+      end
+
+      oidresp = timeout_protection_from_identity_server {
+        consumer = ::OpenID::Consumer.new(session, @store)
+        consumer.complete(flatten_params(req.params), req.url)
+      }
+
+      env[RESPONSE] = oidresp
+
+      method = req.GET["_method"]
+      override_request_method(env, method)
+
+      sanitize_query_string(env)
+    end
+
+    def flatten_params(params)
+      Rack::Utils.parse_query(Rack::Utils.build_nested_query(params))
+    end
+
+    def override_request_method(env, method)
+      return unless method
+      method = method.upcase
+      if HTTP_METHODS.include?(method)
+        env["REQUEST_METHOD"] = method
+      end
+    end
+
+    def sanitize_query_string(env)
+      query_hash = env["rack.request.query_hash"]
+      query_hash.delete("_method")
+      query_hash.delete_if do |key, value|
+        key =~ /^openid\./
+      end
+
+      env["QUERY_STRING"] = env["rack.request.query_string"] =
+        Rack::Utils.build_query(env["rack.request.query_hash"])
+
+      qs = env["QUERY_STRING"]
+      request_uri = (env["PATH_INFO"] || "").dup
+      request_uri << "?" + qs unless qs == ""
+      env["REQUEST_URI"] = request_uri
+    end
+
+    def scheme_with_host_and_port(req, host = nil)
+      url = req.scheme + "://"
+      url << (host || req.host)
+
+      scheme, port = req.scheme, req.port
+      if scheme == "https" && port != 443 ||
+          scheme == "http" && port != 80
+        url << ":#{port}"
+      end
+
+      url
+    end
+
+    def realm(req, domain = nil)
+      if domain
+        scheme_with_host_and_port(req, domain)
+      else
+        scheme_with_host_and_port(req)
+      end
+    end
+
+    def request_url(req)
+      url = scheme_with_host_and_port(req)
+      url << req.script_name
+      url << req.path_info
+      url << "?#{req.query_string}" if req.query_string.to_s.length > 0
+      url
+    end
+
+    def redirect_to(url)
+      [303, {"Content-Type" => "text/html", "Location" => url}, []]
+    end
+
+    def open_id_redirect_url(req, oidreq, options)
+      trust_root = options["trust_root"]
+      return_to = options["return_to"]
+      method = options["method"]
+      immediate = options["immediate"] == "true"
+
+      realm = realm(req, options["realm_domain"])
+      request_url = request_url(req)
+
+      if return_to
+        method ||= "get"
+      else
+        return_to = request_url
+        method ||= req.request_method
+      end
+
+      method = method.to_s.downcase
+      oidreq.return_to_args["_method"] = method unless method == "get"
+      oidreq.redirect_url(trust_root || realm, return_to || request_url, immediate)
+    end
+
+    def add_simple_registration_fields(oidreq, fields)
+      sregreq = ::OpenID::SReg::Request.new
+
+      required = Array(fields["required"]).reject(&URL_FIELD_SELECTOR)
+      sregreq.request_fields(required, true) if required.any?
+
+      optional = Array(fields["optional"]).reject(&URL_FIELD_SELECTOR)
+      sregreq.request_fields(optional, false) if optional.any?
+
+      policy_url = fields["policy_url"]
+      sregreq.policy_url = policy_url if policy_url
+
+      oidreq.add_extension(sregreq)
+    end
+
+    def add_attribute_exchange_fields(oidreq, fields)
+      axreq = ::OpenID::AX::FetchRequest.new
+
+      required = Array(fields["required"]).select(&URL_FIELD_SELECTOR)
+      optional = Array(fields["optional"]).select(&URL_FIELD_SELECTOR)
+
+      if required.any? || optional.any?
+        required.each do |field|
+          axreq.add(::OpenID::AX::AttrInfo.new(field, nil, true))
+        end
+
+        optional.each do |field|
+          axreq.add(::OpenID::AX::AttrInfo.new(field, nil, false))
+        end
+
+        oidreq.add_extension(axreq)
+      end
+    end
+
+    def add_oauth_fields(oidreq, fields)
+      if (consumer = fields["oauth[consumer]"]) && (scope = fields["oauth[scope]"])
+        oauthreq = ::OpenID::OAuth::Request.new(consumer, Array(scope).join(" "))
+        oidreq.add_extension(oauthreq)
+      end
+    end
+
+    def add_pape_fields(oidreq, fields)
+      preferred_auth_policies = fields["pape[preferred_auth_policies]"]
+      max_auth_age = fields["pape[max_auth_age]"]
+      if preferred_auth_policies || max_auth_age
+        preferred_auth_policies = preferred_auth_policies.split if preferred_auth_policies.is_a?(String)
+        pape_request = ::OpenID::PAPE::Request.new(preferred_auth_policies || [], max_auth_age)
+        oidreq.add_extension(pape_request)
+      end
+    end
+
+    def default_store
+      require "openid/store/memory"
+      ::OpenID::Store::Memory.new
+    end
+
+    def timeout_protection_from_identity_server
+      yield
+    rescue ::Timeout::Error
+      TimeoutResponse.new
+    end
+  end
+end
+
+Rack::OpenID::Version.class_eval do
+  extend VersionGem::Basic
+end

metadata

@@ -0,0 +1,310 @@
+--- !ruby/object:Gem::Specification
+name: rack-openid2
+version: !ruby/object:Gem::Version
+  version: 2.0.0
+platform: ruby
+authors:
+- Peter Boling
+- Michael Grosser
+- Joshua Peek
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIEgDCCAuigAwIBAgIBATANBgkqhkiG9w0BAQsFADBDMRUwEwYDVQQDDAxwZXRl
+  ci5ib2xpbmcxFTATBgoJkiaJk/IsZAEZFgVnbWFpbDETMBEGCgmSJomT8ixkARkW
+  A2NvbTAeFw0yMzA5MjAxNzMwMjhaFw0yNDA5MTkxNzMwMjhaMEMxFTATBgNVBAMM
+  DHBldGVyLmJvbGluZzEVMBMGCgmSJomT8ixkARkWBWdtYWlsMRMwEQYKCZImiZPy
+  LGQBGRYDY29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA+a9UvHo3
+  84k96WgU5Kk5HB+cLZs/modjorsTfqY67MJF5nNvAoqcKTUBW4uG+Zpfnm3jaDO5
+  GxhJEIZWfndYzycHT2KMVQ1uTP82ba8ZaKrPlPIafkbui3mdds47qsmqHiblKERg
+  U532lkwfqHDlJwE7OBZQ59EwWWLynlT/yAUHpOBbqIuHKUxdpmBI+sIjrZcD1e05
+  WmjkO6fwIdC5oM757aoPxIgXD587VOViH11Vkm2doskj4T8yONtwVHlcrrhJ9Bzd
+  /zdp6vEn7GZQrABvpOlqwWxQ72ZnFhJe/RJZf6CXOPOh69Ai0QKYl2a1sYuCJKS3
+  nsBnxXJINEEznjR7rZjNUmYD+CZqfjzgPqedRxTlASe7iA4w7xZOqMDzcuhNwcUQ
+  tMEH6BTktxKP3jXZPXRfHCf6s+HRVb6vezAonTBVyydf5Xp5VwWkd6cwm+2BzHl5
+  7kc/3lLxKMcsyEUprAsk8LdHohwZdC267l+RS++AP6Cz6x+nB3oGob19AgMBAAGj
+  fzB9MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBQCSSas60GqqMjt
+  xR7LoY1gucEvtzAhBgNVHREEGjAYgRZwZXRlci5ib2xpbmdAZ21haWwuY29tMCEG
+  A1UdEgQaMBiBFnBldGVyLmJvbGluZ0BnbWFpbC5jb20wDQYJKoZIhvcNAQELBQAD
+  ggGBAMl9ifcw5p+PdvB7dCPoNKoVdp/2LbC9ztETHuYL2gUMJB6UoS3o9c/piSuR
+  V3ZMQaijmNu6ms1bWAtJ66LjmYrVflJtf9yp31Kierr9LpisMSUx2qbMOHGa8d2Z
+  vCUWPF8E9Cg0mP3GAyZ6qql8jDh/anUKeksPXqJvNxNPDu2DVYsa/IWdl96whzS4
+  Bl7SwB1E7agps40UcshCSKaVDOU0M+XN6SrnJMElnBic+KSAkBkVFbzS0BE4ODZM
+  BgE6nYzQ05qhuvbE+oGdACTlemNtDDWCh0uw+7x0q2PocGIDU5zsPn/WNTkCXPmB
+  CHGvqDNWq4M7ncTKAaS2XExgyb7uPdq9fKiOW8nmH+zCiGzJXzBWwZlKf7L4Ht9E
+  a3f0e5C+zvee9Z5Ng9ciyfav9/fcXgYt5MjoBv27THr5XfBhgOCIHSYW2tqJmWKi
+  KuxrfYrN+9HvMdm+nZ6TypmKftHY3Gj+/uu+g8Icm/zrvTWAEE0mcJOkfrIoNPJb
+  pF8dMA==
+  -----END CERTIFICATE-----
+date: 2024-09-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: ruby-openid2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: version_gem
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.1.4
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: minitest-rg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: rack-session
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '13'
+- !ruby/object:Gem::Dependency
+  name: kettle-soup-cover
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+- !ruby/object:Gem::Dependency
+  name: rubocop-lts
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '18.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 18.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '18.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 18.2.1
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.36'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.36'
+- !ruby/object:Gem::Dependency
+  name: rubocop-packaging
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.2
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.35.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.35.1
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.34
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.34
+- !ruby/object:Gem::Dependency
+  name: yard-junk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+description:
+email: peter.boling@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/rack/openid.rb
+- lib/rack/openid/simple_auth.rb
+- lib/rack/openid/version.rb
+homepage: https://github.com/VitalConnectInc/rack-openid2
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/VitalConnectInc/rack-openid2
+  source_code_uri: https://github.com/VitalConnectInc/rack-openid2/tree/v2.0.0
+  changelog_uri: https://github.com/VitalConnectInc/rack-openid2/blob/v2.0.0/CHANGELOG.md
+  bug_tracker_uri: https://github.com/VitalConnectInc/rack-openid2/issues
+  documentation_uri: https://www.rubydoc.info/gems/rack-openid2/2.0.0
+  wiki_uri: https://github.com/VitalConnectInc/rack-openid2/wiki
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.22
+signing_key:
+specification_version: 4
+summary: Provides a more HTTPish API around the ruby-openid library
+test_files: []