rodauth-oauth 0.10.4 → 1.0.0.pre.beta2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (68) hide show
  1. checksums.yaml +4 -4
  2. data/MIGRATION-GUIDE-v1.md +286 -0
  3. data/README.md +28 -35
  4. data/doc/release_notes/1_0_0_beta1.md +38 -0
  5. data/doc/release_notes/1_0_0_beta2.md +34 -0
  6. data/lib/generators/rodauth/oauth/install_generator.rb +0 -1
  7. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb +21 -11
  8. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/device_search.html.erb +1 -1
  9. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/device_verification.html.erb +2 -2
  10. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb +1 -6
  11. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb +0 -2
  12. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_grants.html.erb +41 -0
  13. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb +2 -2
  14. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_grants.html.erb +37 -0
  15. data/lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb +57 -57
  16. data/lib/rodauth/features/oauth_application_management.rb +61 -74
  17. data/lib/rodauth/features/oauth_assertion_base.rb +19 -23
  18. data/lib/rodauth/features/oauth_authorization_code_grant.rb +62 -90
  19. data/lib/rodauth/features/oauth_authorize_base.rb +115 -22
  20. data/lib/rodauth/features/oauth_base.rb +397 -315
  21. data/lib/rodauth/features/oauth_client_credentials_grant.rb +20 -18
  22. data/lib/rodauth/features/{oauth_device_grant.rb → oauth_device_code_grant.rb} +62 -73
  23. data/lib/rodauth/features/oauth_dynamic_client_registration.rb +52 -31
  24. data/lib/rodauth/features/oauth_grant_management.rb +70 -0
  25. data/lib/rodauth/features/oauth_implicit_grant.rb +29 -27
  26. data/lib/rodauth/features/oauth_jwt.rb +53 -689
  27. data/lib/rodauth/features/oauth_jwt_base.rb +458 -0
  28. data/lib/rodauth/features/oauth_jwt_bearer_grant.rb +48 -17
  29. data/lib/rodauth/features/oauth_jwt_jwks.rb +47 -0
  30. data/lib/rodauth/features/oauth_jwt_secured_authorization_request.rb +116 -0
  31. data/lib/rodauth/features/oauth_management_base.rb +2 -0
  32. data/lib/rodauth/features/oauth_pkce.rb +22 -26
  33. data/lib/rodauth/features/oauth_resource_indicators.rb +33 -25
  34. data/lib/rodauth/features/oauth_resource_server.rb +59 -0
  35. data/lib/rodauth/features/oauth_saml_bearer_grant.rb +7 -1
  36. data/lib/rodauth/features/oauth_token_introspection.rb +76 -46
  37. data/lib/rodauth/features/oauth_token_revocation.rb +46 -33
  38. data/lib/rodauth/features/oidc.rb +382 -241
  39. data/lib/rodauth/features/oidc_dynamic_client_registration.rb +127 -51
  40. data/lib/rodauth/features/oidc_rp_initiated_logout.rb +115 -0
  41. data/lib/rodauth/oauth/database_extensions.rb +8 -6
  42. data/lib/rodauth/oauth/http_extensions.rb +74 -0
  43. data/lib/rodauth/oauth/railtie.rb +20 -0
  44. data/lib/rodauth/oauth/ttl_store.rb +2 -0
  45. data/lib/rodauth/oauth/version.rb +1 -1
  46. data/lib/rodauth/oauth.rb +29 -1
  47. data/locales/en.yml +34 -22
  48. data/locales/pt.yml +34 -22
  49. data/templates/authorize.str +19 -17
  50. data/templates/device_search.str +1 -1
  51. data/templates/device_verification.str +2 -2
  52. data/templates/jwks_field.str +1 -0
  53. data/templates/new_oauth_application.str +1 -2
  54. data/templates/oauth_application.str +2 -2
  55. data/templates/oauth_application_oauth_grants.str +54 -0
  56. data/templates/oauth_applications.str +2 -2
  57. data/templates/oauth_grants.str +52 -0
  58. metadata +23 -16
  59. data/lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb +0 -4
  60. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_tokens.html.erb +0 -39
  61. data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb +0 -35
  62. data/lib/rodauth/features/oauth.rb +0 -9
  63. data/lib/rodauth/features/oauth_http_mac.rb +0 -86
  64. data/lib/rodauth/features/oauth_token_management.rb +0 -81
  65. data/lib/rodauth/oauth/refinements.rb +0 -48
  66. data/templates/jwt_public_key_field.str +0 -4
  67. data/templates/oauth_application_oauth_tokens.str +0 -52
  68. data/templates/oauth_tokens.str +0 -50
data/locales/pt.yml CHANGED
@@ -3,21 +3,29 @@ pt:
3
3
  require_authorization_error_flash: "Autorize para continuar"
4
4
  create_oauth_application_error_flash: "Aconteceu um erro ao registar o aplicativo oauth"
5
5
  create_oauth_application_notice_flash: "O seu aplicativo oauth foi registado com sucesso"
6
- revoke_unauthorized_account_error_flash: "Não está autorizado a revogar este token"
7
- revoke_oauth_token_notice_flash: "O token oauth foi revogado com sucesso"
6
+ revoke_unauthorized_account_error_flash: "Não está autorizado a revogar esta concessão"
7
+ revoke_oauth_grant_notice_flash: "O token oauth foi revogado com sucesso"
8
8
  device_verification_notice_flash: "O dispositivo foi verificado com sucesso"
9
9
  user_code_not_found_error_flash: "Não existe nenhum dispositivo a ser autorizado com o código de usuário inserido"
10
10
  authorize_page_title: "Autorizar"
11
+ authorize_page_lead: "O aplicativo %{name} gostaria de aceder aos seus dados."
12
+ oauth_cancel_button: "Cancelar"
11
13
  oauth_applications_page_title: "Aplicativos OAuth"
12
14
  oauth_application_page_title: "Aplicativo Oauth"
13
15
  new_oauth_application_page_title: "Novo Aplicativo Oauth"
14
- oauth_application_oauth_tokens_page_title: "Tokens Oauth do Aplicativo"
15
- oauth_tokens_page_title: "Os meus Tokens Oauth"
16
+ oauth_application_oauth_grants_page_title: "Concessões Oauth do Aplicativo"
17
+ oauth_grants_page_title: "As minhas concessões Oauth"
16
18
  device_verification_page_title: "Verificação de dispositivo"
17
19
  device_search_page_title: "Pesquisa de dispositivo"
18
20
  oauth_management_pagination_previous_button: "Anterior"
19
21
  oauth_management_pagination_next_button: "Próxima"
20
- oauth_tokens_scopes_label: "Escopos"
22
+ oauth_grants_type_label: "Tipo de concessão"
23
+ oauth_grants_scopes_label: "Escopos"
24
+ oauth_grants_token_label: "Token"
25
+ oauth_grants_refresh_token_label: "Refresh Token"
26
+ oauth_grants_expires_in_label: "Expira em"
27
+ oauth_grants_revoked_at_label: "Revogado a"
28
+ oauth_no_grants_text: "Nenhuma concessão OAuth ainda!"
21
29
  oauth_applications_name_label: "Nome"
22
30
  oauth_applications_description_label: "Descrição"
23
31
  oauth_applications_scopes_label: "Escopos prédefinidos"
@@ -28,30 +36,34 @@ pt:
28
36
  oauth_applications_redirect_uri_label: "URL para redireccionamento"
29
37
  oauth_applications_client_secret_label: "Segredo de cliente"
30
38
  oauth_applications_client_id_label: "ID do cliente"
39
+ oauth_no_applications_text: "Nenhum aplicativo OAuth ainda!"
31
40
  oauth_grant_user_code_label: "Código do usuário"
32
41
  oauth_grant_user_jws_jwk_label: "Chaves JSON Web"
33
42
  oauth_grant_user_jwt_public_key_label: "Chave pública"
34
43
  oauth_application_button: "Registar"
35
44
  oauth_authorize_button: "Autorizar"
36
- oauth_token_revoke_button: "Revogar"
45
+ oauth_grant_revoke_button: "Revogar"
37
46
  oauth_authorize_post_button: "Voltar para o aplicativo cliente"
47
+ oauth_device_verification_page_lead: "O dispositivo com o código de usuário %{user_code} gostaria de aceder aos seus dados."
38
48
  oauth_device_verification_button: "Verificar"
49
+ oauth_device_search_page_lead: "Introduza o código de usuário do dispositivo que gostaria de autorizar."
39
50
  oauth_device_search_button: "Pesquisar"
40
- invalid_client_message: "A autenticação do cliente falhou"
41
- invalid_grant_type_message: "Tipo de atribuição inválida"
42
- invalid_grant_message: "Atribuição inválida"
43
- invalid_scope_message: "Escopo inválido"
51
+ oauth_invalid_client_message: "A autenticação do cliente falhou"
52
+ oauth_invalid_grant_type_message: "Tipo de atribuição inválida"
53
+ oauth_invalid_grant_message: "Atribuição inválida"
54
+ oauth_invalid_scope_message: "Escopo inválido"
44
55
  invalid_url_message: "URL inválido"
45
- unsupported_token_type_message: "Sugestão de tipo de token inválida"
46
- unique_error_message: "já está sendo utilizado"
56
+ oauth_unsupported_token_type_message: "Sugestão de tipo de token inválida"
47
57
  null_error_message: "não está preenchido"
48
- already_in_use_message: "erro ao gerar token único"
49
- expired_token_message: "o código de dispositivo expirou"
50
- access_denied_message: "o pedido de autorização foi negado"
51
- authorization_pending_message: "o pedido de autorização ainda está pendente"
52
- slow_down_message: "o pedido de autorização ainda está pendente mas o intervalo de actualização deve ser aumentado"
53
- code_challenge_required_message: "código de negociação necessário"
54
- unsupported_transform_algorithm_message: "algoritmo de transformação não suportado"
55
- request_uri_not_supported_message: "request_uri não é suportado"
56
- invalid_request_object_message: "request_object é inválido"
57
- invalid_scope_message: "O Token de acesso expirou"
58
+ oauth_unsupported_response_type_message: "Tipo de resposta inválido"
59
+ oauth_already_in_use_message: "erro ao gerar token único"
60
+ oauth_expired_token_message: "o código de dispositivo expirou"
61
+ oauth_access_denied_message: "o pedido de autorização foi negado"
62
+ oauth_authorization_pending_message: "o pedido de autorização ainda está pendente"
63
+ oauth_slow_down_message: "o pedido de autorização ainda está pendente mas o intervalo de actualização deve ser aumentado"
64
+ oauth_code_challenge_required_message: "código de negociação necessário"
65
+ oauth_unsupported_transform_algorithm_message: "algoritmo de transformação não suportado"
66
+ oauth_invalid_request_object_message: "request_object é inválido"
67
+ oauth_invalid_scope_message: "O Token de acesso expirou"
68
+ oauth_authorize_parameter_required: "'%{parameter}' é um parâmetro obrigatório"
69
+ oauth_invalid_post_logout_redirect_uri_message: "URI de redireccionamento pós-logout inválido"
@@ -8,10 +8,15 @@
8
8
  end
9
9
  }
10
10
  <p class="lead">
11
- The application
12
- <a target="_blank" href="#{h(rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column])}">
13
- #{h(rodauth.oauth_application[rodauth.oauth_applications_name_column])}
14
- </a> would like to access your data.
11
+ #{
12
+ application_uri = rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column]
13
+ application_name = application_uri ? (<<-LINK) : rodauth.oauth_application[rodauth.oauth_applications_name_column]
14
+ <a target="_blank" href="#{h(application_uri)}">
15
+ #{h(rodauth.oauth_application[rodauth.oauth_applications_name_column])}
16
+ </a>
17
+ LINK
18
+ rodauth.authorize_page_lead(name: application_name)
19
+ }
15
20
  </p>
16
21
  <div class="list-group">
17
22
  #{
@@ -52,18 +57,12 @@
52
57
  }
53
58
 
54
59
  <div class="form-group">
55
- <h1 class="display-6">#{rodauth.oauth_tokens_scopes_label}</h1>
60
+ <h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
56
61
 
57
62
  #{
58
- rodauth.scopes.map do |scope|
59
- if scope == rodauth.oauth_application_default_scope
60
- <<-HTML
61
- <div class="form-check">
62
- <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{h(scope)}" checked disabled>
63
- <label class="form-check-label" for="#{scope}">#{h(scope)}</label>
64
- <input type="hidden" name="scope[]" value="#{h(scope)}">
65
- </div>
66
- HTML
63
+ rodauth.authorize_scopes.map do |scope|
64
+ if rodauth.features.include?(:oidc) && scope == "offline_access"
65
+ "<input type=\"hidden\" name=\"scope[]\" value=\"#{scope}\" />"
67
66
  else
68
67
  <<-HTML
69
68
  <div class="form-check">
@@ -76,7 +75,6 @@
76
75
  }
77
76
 
78
77
  <input type="hidden" name="client_id" value="#{rodauth.param("client_id")}"/>
79
-
80
78
  #{"<input type=\"hidden\" name=\"access_type\" value=\"#{rodauth.param("access_type")}\"/>" if rodauth.param_or_nil("access_type")}
81
79
  #{"<input type=\"hidden\" name=\"response_type\" value=\"#{rodauth.param("response_type")}\"/>" if rodauth.param_or_nil("response_type")}
82
80
  #{"<input type=\"hidden\" name=\"response_mode\" value=\"#{rodauth.param("response_mode")}\"/>" if rodauth.param_or_nil("response_mode")}
@@ -84,10 +82,12 @@
84
82
  #{"<input type=\"hidden\" name=\"redirect_uri\" value=\"#{rodauth.redirect_uri}\"/>" if rodauth.param_or_nil("redirect_uri")}
85
83
  #{"<input type=\"hidden\" name=\"code_challenge\" value=\"#{rodauth.param("code_challenge")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge")}
86
84
  #{"<input type=\"hidden\" name=\"code_challenge_method\" value=\"#{rodauth.param("code_challenge_method")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge_method")}
85
+ #{"<input type=\"hidden\" name=\"prompt\" value=\"#{rodauth.param("prompt")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("prompt")}
87
86
  #{"<input type=\"hidden\" name=\"nonce\" value=\"#{rodauth.param("nonce")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("nonce")}
88
87
  #{"<input type=\"hidden\" name=\"ui_locales\" value=\"#{rodauth.param("ui_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("ui_locales")}
89
88
  #{"<input type=\"hidden\" name=\"claims_locales\" value=\"#{rodauth.param("claims_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims_locales")}
90
- #{"<input type=\"hidden\" name=\"acr\" value=\"#{rodauth.param("acr_values")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("acr_values")}
89
+ #{"<input type=\"hidden\" name=\"claims\" value=\"#{h(rodauth.param("claims"))}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims")}
90
+ #{"<input type=\"hidden\" name=\"acr_values\" value=\"#{rodauth.param("acr_values")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("acr_values")}
91
91
  #{
92
92
  if rodauth.features.include?(:oauth_resource_indicators) && rodauth.resource_indicators
93
93
  rodauth.resource_indicators.map do |resource|
@@ -98,6 +98,8 @@
98
98
  </div>
99
99
  <p class="text-center">
100
100
  <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
101
- <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">#{rodauth.oauth_cancel_button}</a>
101
+ <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">
102
+ #{rodauth.oauth_cancel_button}
103
+ </a>
102
104
  </p>
103
105
  </form>
@@ -1,5 +1,5 @@
1
1
  <form method="get" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-search-form">
2
- <p class="lead">Insert the user code from the device you'd like to authorize.</p>
2
+ <p class="lead">#{rodauth.oauth_device_search_page_lead}</p>
3
3
 
4
4
  <div class="form-group">
5
5
  <label for="user_code">#{rodauth.oauth_grant_user_code_label}</label>
@@ -1,9 +1,9 @@
1
1
  <form method="post" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-verification-form">
2
2
  #{csrf_tag(rodauth.device_path) if respond_to?(:csrf_tag)}
3
- <p class="lead">The device with user code #{@oauth_grant[rodauth.oauth_grants_user_code_column]} would like to access your data.</p>
3
+ <p class="lead">#{rodauth.oauth_device_verification_page_lead(user_code: @oauth_grant[rodauth.oauth_grants_user_code_column])}</p>
4
4
 
5
5
  <div class="form-group">
6
- <h1 class="display-6">#{rodauth.oauth_tokens_scopes_label}</h1>
6
+ <h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
7
7
 
8
8
  <ul class="list-group">
9
9
  #{
@@ -2,3 +2,4 @@
2
2
  <label for="name">#{rodauth.oauth_applications_jwks_label}#{rodauth.input_field_label_suffix}</label>
3
3
  <textarea id="jwks" class="form-control" name="#{rodauth.oauth_application_jwks_param}" rows="3"></textarea>
4
4
  </div>
5
+ #{rodauth.input_field_string(rodauth.oauth_application_jwks_uri_param, "jwks-uri", :type=>"text")}
@@ -1,6 +1,6 @@
1
1
  <h2>#{rodauth.new_oauth_application_page_title}</h2>
2
2
  <form method="post" action="#{rodauth.oauth_applications_path}" class="rodauth" role="form" id="oauth-application-form">
3
- #{rodauth.csrf_tag}
3
+ #{csrf_tag(rodauth.oauth_applications_path) if respond_to?(:csrf_tag)}
4
4
  #{rodauth.render('name_field')}
5
5
  #{rodauth.render('description_field')}
6
6
  #{rodauth.render('homepage_url_field')}
@@ -10,7 +10,6 @@
10
10
  #{
11
11
  if rodauth.features.include?(:oauth_jwt)
12
12
  <<-HTML
13
- #{rodauth.render('jwt_public_key_field')}
14
13
  #{rodauth.render('jwks_field')}
15
14
  HTML
16
15
  end
@@ -3,7 +3,7 @@
3
3
  #{
4
4
  params = [*rodauth.oauth_application_required_params, "client_id", "client_secret"]
5
5
  if rodauth.features.include?(:oauth_jwt)
6
- params += %w[jwks jwt_public_key]
6
+ params += %w[jwks]
7
7
  end
8
8
  params.map do |param|
9
9
  "<dt class=\"#{param}\">#{rodauth.send(:"oauth_applications_#{param}_label")}: </dt>" +
@@ -11,5 +11,5 @@
11
11
  end.join
12
12
  }
13
13
  </dl>
14
- <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.oauth_applications_oauth_tokens_path}" class="btn btn-outline-secondary">#{rodauth.oauth_application_oauth_tokens_page_title}</a>
14
+ <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.oauth_applications_oauth_grants_path}" class="btn btn-outline-secondary">#{rodauth.oauth_application_oauth_grants_page_title}</a>
15
15
  </div>
@@ -0,0 +1,54 @@
1
+ <div id="oauth-grants">
2
+ #{
3
+ if @oauth_grants.count.zero?
4
+ "<p>#{rodauth.oauth_no_grants_text}</p>"
5
+ else
6
+ <<-HTML
7
+ <table class="table">
8
+ <thead>
9
+ <tr>
10
+ <th scope="col">#{rodauth.oauth_grants_type_label}</th>
11
+ <th scope="col">#{rodauth.oauth_grants_token_label}</th>
12
+ <th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
13
+ <th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
14
+ <th scope="col">#{rodauth.oauth_grants_revoked_at_label}</th>
15
+ <th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
16
+ <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
17
+ </tr>
18
+ </thead>
19
+ <tbody>
20
+ #{
21
+ @oauth_grants.map do |oauth_grant|
22
+ <<-HTML
23
+ <tr>
24
+ <td><code class="token">#{oauth_grant[rodauth.oauth_grants_type_column]}</code></td>
25
+ <td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
26
+ <td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
27
+ <td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
28
+ <td>#{oauth_grant[rodauth.oauth_grants_revoked_at_column]}</td>
29
+ <td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
30
+ <td>
31
+ #{
32
+ if !oauth_grant[rodauth.oauth_grants_revoked_at_column] && !oauth_grant[rodauth.oauth_grants_token_hash_column]
33
+ <<-HTML
34
+ <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
35
+ #{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
36
+ #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
37
+ #{rodauth.input_field_string("token", "revoke-token", :value => oauth_grant[rodauth.oauth_grants_token_column], :type=>"hidden")}
38
+ #{rodauth.button(rodauth.oauth_grant_revoke_button)}
39
+ </form>
40
+ HTML
41
+ end
42
+ }
43
+ </td>
44
+ </tr>
45
+ HTML
46
+ end.join
47
+ }
48
+ </tbody>
49
+ </table>
50
+ #{rodauth.oauth_management_pagination_links(@oauth_grants)}
51
+ HTML
52
+ end
53
+ }
54
+ </div>
@@ -2,11 +2,11 @@
2
2
  <a class="btn btn-outline-primary" href="/oauth-applications/new">#{rodauth.new_oauth_application_page_title}</a>
3
3
  #{
4
4
  if @oauth_applications.count.zero?
5
- "<p>No oauth applications yet!</p>"
5
+ "<p>#{rodauth.oauth_no_applications_text}</p>"
6
6
  else
7
7
  "<ul class=\"list-group\">" +
8
8
  @oauth_applications.map do |application|
9
- "<li class=\"list-group-item\"><a href=\"/oauth-applications/#{application[:id]}\">#{application[:name]}</a></li>"
9
+ "<li class=\"list-group-item\"><a href=\"#{rodauth.oauth_application_path(application[rodauth.oauth_applications_id_column])}\">#{application[:name]}</a></li>"
10
10
  end.join +
11
11
  "</ul>"
12
12
  end
@@ -0,0 +1,52 @@
1
+ <div id="oauth-grants">
2
+ #{
3
+ if @oauth_grants.count.zero?
4
+ "<p>#{rodauth.oauth_no_grants_text}</p>"
5
+ else
6
+ <<-HTML
7
+ <table class="table">
8
+ <thead>
9
+ <tr>
10
+ <th scope="col">#{rodauth.oauth_applications_name_label}</th>
11
+ <th scope="col">#{rodauth.oauth_grants_type_label}</th>
12
+ <th scope="col">#{rodauth.oauth_grants_token_label}</th>
13
+ <th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
14
+ <th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
15
+ <th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
16
+ <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
17
+ </tr>
18
+ </thead>
19
+ <tbody>
20
+ #{
21
+ @oauth_grants.map do |oauth_grant|
22
+ <<-HTML
23
+ <tr>
24
+ <td>#{oauth_grant[rodauth.oauth_applications_name_column]}</td>
25
+ <td>#{oauth_grant[rodauth.oauth_grants_type_column]}</td>
26
+ <td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
27
+ <td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
28
+ <td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
29
+ <td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
30
+ <td>
31
+ #{
32
+ if !oauth_grant[rodauth.oauth_grants_token_hash_column]
33
+ <<-HTML
34
+ <form method="post" action="#{rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])}" class="form-horizontal" role="form" id="grant-revoke-form">
35
+ #{csrf_tag(rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])) if respond_to?(:csrf_tag)}
36
+ #{rodauth.button(rodauth.oauth_grant_revoke_button)}
37
+ </form>
38
+ HTML
39
+ end
40
+ }
41
+ </td>
42
+ </tr>
43
+ HTML
44
+ end.join
45
+ }
46
+ </tbody>
47
+ </table>
48
+ #{rodauth.oauth_management_pagination_links(@oauth_grants)}
49
+ HTML
50
+ end
51
+ }
52
+ </div>
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-oauth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.10.4
4
+ version: 1.0.0.pre.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tiago Cardoso
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-09-17 00:00:00.000000000 Z
11
+ date: 2022-11-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rodauth
@@ -32,6 +32,7 @@ extensions: []
32
32
  extra_rdoc_files:
33
33
  - LICENSE.txt
34
34
  - README.md
35
+ - MIGRATION-GUIDE-v1.md
35
36
  - CHANGELOG.md
36
37
  - doc/release_notes/0_0_1.md
37
38
  - doc/release_notes/0_0_2.md
@@ -65,9 +66,12 @@ extra_rdoc_files:
65
66
  - doc/release_notes/0_9_1.md
66
67
  - doc/release_notes/0_9_2.md
67
68
  - doc/release_notes/0_9_3.md
69
+ - doc/release_notes/1_0_0_beta1.md
70
+ - doc/release_notes/1_0_0_beta2.md
68
71
  files:
69
72
  - CHANGELOG.md
70
73
  - LICENSE.txt
74
+ - MIGRATION-GUIDE-v1.md
71
75
  - README.md
72
76
  - doc/release_notes/0_0_1.md
73
77
  - doc/release_notes/0_0_2.md
@@ -101,47 +105,51 @@ files:
101
105
  - doc/release_notes/0_9_1.md
102
106
  - doc/release_notes/0_9_2.md
103
107
  - doc/release_notes/0_9_3.md
108
+ - doc/release_notes/1_0_0_beta1.md
109
+ - doc/release_notes/1_0_0_beta2.md
104
110
  - lib/generators/rodauth/oauth/install_generator.rb
105
111
  - lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
106
112
  - lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
107
- - lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb
108
113
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb
109
114
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/device_search.html.erb
110
115
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/device_verification.html.erb
111
116
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb
112
117
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb
113
- - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_tokens.html.erb
118
+ - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_grants.html.erb
114
119
  - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb
115
- - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb
120
+ - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_grants.html.erb
116
121
  - lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb
117
122
  - lib/generators/rodauth/oauth/views_generator.rb
118
- - lib/rodauth/features/oauth.rb
119
123
  - lib/rodauth/features/oauth_application_management.rb
120
124
  - lib/rodauth/features/oauth_assertion_base.rb
121
125
  - lib/rodauth/features/oauth_authorization_code_grant.rb
122
126
  - lib/rodauth/features/oauth_authorize_base.rb
123
127
  - lib/rodauth/features/oauth_base.rb
124
128
  - lib/rodauth/features/oauth_client_credentials_grant.rb
125
- - lib/rodauth/features/oauth_device_grant.rb
129
+ - lib/rodauth/features/oauth_device_code_grant.rb
126
130
  - lib/rodauth/features/oauth_dynamic_client_registration.rb
127
- - lib/rodauth/features/oauth_http_mac.rb
131
+ - lib/rodauth/features/oauth_grant_management.rb
128
132
  - lib/rodauth/features/oauth_implicit_grant.rb
129
133
  - lib/rodauth/features/oauth_jwt.rb
134
+ - lib/rodauth/features/oauth_jwt_base.rb
130
135
  - lib/rodauth/features/oauth_jwt_bearer_grant.rb
136
+ - lib/rodauth/features/oauth_jwt_jwks.rb
137
+ - lib/rodauth/features/oauth_jwt_secured_authorization_request.rb
131
138
  - lib/rodauth/features/oauth_management_base.rb
132
139
  - lib/rodauth/features/oauth_pkce.rb
133
140
  - lib/rodauth/features/oauth_resource_indicators.rb
141
+ - lib/rodauth/features/oauth_resource_server.rb
134
142
  - lib/rodauth/features/oauth_saml_bearer_grant.rb
135
143
  - lib/rodauth/features/oauth_token_introspection.rb
136
- - lib/rodauth/features/oauth_token_management.rb
137
144
  - lib/rodauth/features/oauth_token_revocation.rb
138
145
  - lib/rodauth/features/oidc.rb
139
146
  - lib/rodauth/features/oidc_dynamic_client_registration.rb
147
+ - lib/rodauth/features/oidc_rp_initiated_logout.rb
140
148
  - lib/rodauth/oauth.rb
141
149
  - lib/rodauth/oauth/database_extensions.rb
150
+ - lib/rodauth/oauth/http_extensions.rb
142
151
  - lib/rodauth/oauth/jwe_extensions.rb
143
152
  - lib/rodauth/oauth/railtie.rb
144
- - lib/rodauth/oauth/refinements.rb
145
153
  - lib/rodauth/oauth/ttl_store.rb
146
154
  - lib/rodauth/oauth/version.rb
147
155
  - locales/en.yml
@@ -153,13 +161,12 @@ files:
153
161
  - templates/device_verification.str
154
162
  - templates/homepage_url_field.str
155
163
  - templates/jwks_field.str
156
- - templates/jwt_public_key_field.str
157
164
  - templates/name_field.str
158
165
  - templates/new_oauth_application.str
159
166
  - templates/oauth_application.str
160
- - templates/oauth_application_oauth_tokens.str
167
+ - templates/oauth_application_oauth_grants.str
161
168
  - templates/oauth_applications.str
162
- - templates/oauth_tokens.str
169
+ - templates/oauth_grants.str
163
170
  - templates/redirect_uri_field.str
164
171
  - templates/scope_field.str
165
172
  homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
@@ -180,12 +187,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
180
187
  requirements:
181
188
  - - ">="
182
189
  - !ruby/object:Gem::Version
183
- version: '0'
190
+ version: 2.5.0
184
191
  required_rubygems_version: !ruby/object:Gem::Requirement
185
192
  requirements:
186
- - - ">="
193
+ - - ">"
187
194
  - !ruby/object:Gem::Version
188
- version: '0'
195
+ version: 1.3.1
189
196
  requirements: []
190
197
  rubygems_version: 3.2.32
191
198
  signing_key:
@@ -1,4 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class OauthToken < ApplicationRecord
4
- end
@@ -1,39 +0,0 @@
1
- <% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
2
- <% tokens_count = oauth_tokens.count %>
3
- <% if tokens_count.zero? %>
4
- <p>No oauth tokens yet!</p>
5
- <% else %>
6
- <table class="table">
7
- <thead>
8
- <tr>
9
- <th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
10
- <th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
11
- <th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
12
- <th scope="col"><=% rodauth.oauth_tokens_revoked_at_label %></th>
13
- <th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
14
- <th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
15
- </tr>
16
- </thead>
17
- <tbody>
18
- <% oauth_tokens.each do |oauth_token| %>
19
- <tr>
20
- <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
21
- <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
22
- <td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
23
- <td><%= oauth_token[rodauth.oauth_tokens_revoked_at_column] %></td>
24
- <td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
25
- <td>
26
- <% if !oauth_token[rodauth.oauth_tokens_revoked_at_column] %>
27
- <%= form_tag rodauth.revoke_path, method: :post do %>
28
- <%= hidden_field_tag :token_type_hint, "access_token" %>
29
- <%= hidden_field_tag :token, oauth_token[rodauth.oauth_tokens_token_column] %>
30
- <%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
31
- <% end %>
32
- <% end %>
33
- </td>
34
- </tr>
35
- <% end %>
36
- </tbody>
37
- </table>
38
- <%= rodauth.oauth_management_pagination_links(@oauth_tokens) %>
39
- <% end %>
@@ -1,35 +0,0 @@
1
- <% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
2
- <% tokens_count = oauth_tokens.count %>
3
- <% if tokens_count.zero? %>
4
- <p>No oauth tokens yet!</p>
5
- <% else %>
6
- <table class="table">
7
- <thead>
8
- <tr>
9
- <th scope="col"><=% rodauth.oauth_applications_name_label %></th>
10
- <th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
11
- <th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
12
- <th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
13
- <th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
14
- <th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
15
- </tr>
16
- </thead>
17
- <tbody>
18
- <% oauth_tokens.each do |oauth_token| %>
19
- <tr>
20
- <td><%= oauth_token[rodauth.oauth_applications_name_column] %></td>
21
- <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
22
- <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
23
- <td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
24
- <td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
25
- <td>
26
- <%= form_tag rodauth.oauth_token_path(oauth_token[rodauth.oauth_tokens_id_column]), method: :post do %>
27
- <%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
28
- <% end %>
29
- </td>
30
- </tr>
31
- <% end %>
32
- </tbody>
33
- </table>
34
- <%= rodauth.oauth_management_pagination_links(oauth_tokens) %>
35
- <% end %>
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Rodauth
4
- Feature.define(:oauth, :Oauth) do
5
- depends :oauth_base, :oauth_authorization_code_grant, :oauth_pkce, :oauth_implicit_grant,
6
- :oauth_client_credentials_grant, :oauth_device_grant, :oauth_token_introspection,
7
- :oauth_token_revocation, :oauth_application_management, :oauth_token_management
8
- end
9
- end