rodauth-oauth 0.10.4 → 1.0.0.pre.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/MIGRATION-GUIDE-v1.md +286 -0
- data/README.md +28 -35
- data/doc/release_notes/1_0_0_beta1.md +38 -0
- data/doc/release_notes/1_0_0_beta2.md +34 -0
- data/lib/generators/rodauth/oauth/install_generator.rb +0 -1
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb +21 -11
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/device_search.html.erb +1 -1
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/device_verification.html.erb +2 -2
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb +1 -6
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb +0 -2
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_grants.html.erb +41 -0
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb +2 -2
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_grants.html.erb +37 -0
- data/lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb +57 -57
- data/lib/rodauth/features/oauth_application_management.rb +61 -74
- data/lib/rodauth/features/oauth_assertion_base.rb +19 -23
- data/lib/rodauth/features/oauth_authorization_code_grant.rb +62 -90
- data/lib/rodauth/features/oauth_authorize_base.rb +115 -22
- data/lib/rodauth/features/oauth_base.rb +397 -315
- data/lib/rodauth/features/oauth_client_credentials_grant.rb +20 -18
- data/lib/rodauth/features/{oauth_device_grant.rb → oauth_device_code_grant.rb} +62 -73
- data/lib/rodauth/features/oauth_dynamic_client_registration.rb +52 -31
- data/lib/rodauth/features/oauth_grant_management.rb +70 -0
- data/lib/rodauth/features/oauth_implicit_grant.rb +29 -27
- data/lib/rodauth/features/oauth_jwt.rb +53 -689
- data/lib/rodauth/features/oauth_jwt_base.rb +458 -0
- data/lib/rodauth/features/oauth_jwt_bearer_grant.rb +48 -17
- data/lib/rodauth/features/oauth_jwt_jwks.rb +47 -0
- data/lib/rodauth/features/oauth_jwt_secured_authorization_request.rb +116 -0
- data/lib/rodauth/features/oauth_management_base.rb +2 -0
- data/lib/rodauth/features/oauth_pkce.rb +22 -26
- data/lib/rodauth/features/oauth_resource_indicators.rb +33 -25
- data/lib/rodauth/features/oauth_resource_server.rb +59 -0
- data/lib/rodauth/features/oauth_saml_bearer_grant.rb +7 -1
- data/lib/rodauth/features/oauth_token_introspection.rb +76 -46
- data/lib/rodauth/features/oauth_token_revocation.rb +46 -33
- data/lib/rodauth/features/oidc.rb +382 -241
- data/lib/rodauth/features/oidc_dynamic_client_registration.rb +127 -51
- data/lib/rodauth/features/oidc_rp_initiated_logout.rb +115 -0
- data/lib/rodauth/oauth/database_extensions.rb +8 -6
- data/lib/rodauth/oauth/http_extensions.rb +74 -0
- data/lib/rodauth/oauth/railtie.rb +20 -0
- data/lib/rodauth/oauth/ttl_store.rb +2 -0
- data/lib/rodauth/oauth/version.rb +1 -1
- data/lib/rodauth/oauth.rb +29 -1
- data/locales/en.yml +34 -22
- data/locales/pt.yml +34 -22
- data/templates/authorize.str +19 -17
- data/templates/device_search.str +1 -1
- data/templates/device_verification.str +2 -2
- data/templates/jwks_field.str +1 -0
- data/templates/new_oauth_application.str +1 -2
- data/templates/oauth_application.str +2 -2
- data/templates/oauth_application_oauth_grants.str +54 -0
- data/templates/oauth_applications.str +2 -2
- data/templates/oauth_grants.str +52 -0
- metadata +23 -16
- data/lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb +0 -4
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_tokens.html.erb +0 -39
- data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb +0 -35
- data/lib/rodauth/features/oauth.rb +0 -9
- data/lib/rodauth/features/oauth_http_mac.rb +0 -86
- data/lib/rodauth/features/oauth_token_management.rb +0 -81
- data/lib/rodauth/oauth/refinements.rb +0 -48
- data/templates/jwt_public_key_field.str +0 -4
- data/templates/oauth_application_oauth_tokens.str +0 -52
- data/templates/oauth_tokens.str +0 -50
data/locales/pt.yml
CHANGED
@@ -3,21 +3,29 @@ pt:
|
|
3
3
|
require_authorization_error_flash: "Autorize para continuar"
|
4
4
|
create_oauth_application_error_flash: "Aconteceu um erro ao registar o aplicativo oauth"
|
5
5
|
create_oauth_application_notice_flash: "O seu aplicativo oauth foi registado com sucesso"
|
6
|
-
revoke_unauthorized_account_error_flash: "Não está autorizado a revogar
|
7
|
-
|
6
|
+
revoke_unauthorized_account_error_flash: "Não está autorizado a revogar esta concessão"
|
7
|
+
revoke_oauth_grant_notice_flash: "O token oauth foi revogado com sucesso"
|
8
8
|
device_verification_notice_flash: "O dispositivo foi verificado com sucesso"
|
9
9
|
user_code_not_found_error_flash: "Não existe nenhum dispositivo a ser autorizado com o código de usuário inserido"
|
10
10
|
authorize_page_title: "Autorizar"
|
11
|
+
authorize_page_lead: "O aplicativo %{name} gostaria de aceder aos seus dados."
|
12
|
+
oauth_cancel_button: "Cancelar"
|
11
13
|
oauth_applications_page_title: "Aplicativos OAuth"
|
12
14
|
oauth_application_page_title: "Aplicativo Oauth"
|
13
15
|
new_oauth_application_page_title: "Novo Aplicativo Oauth"
|
14
|
-
|
15
|
-
|
16
|
+
oauth_application_oauth_grants_page_title: "Concessões Oauth do Aplicativo"
|
17
|
+
oauth_grants_page_title: "As minhas concessões Oauth"
|
16
18
|
device_verification_page_title: "Verificação de dispositivo"
|
17
19
|
device_search_page_title: "Pesquisa de dispositivo"
|
18
20
|
oauth_management_pagination_previous_button: "Anterior"
|
19
21
|
oauth_management_pagination_next_button: "Próxima"
|
20
|
-
|
22
|
+
oauth_grants_type_label: "Tipo de concessão"
|
23
|
+
oauth_grants_scopes_label: "Escopos"
|
24
|
+
oauth_grants_token_label: "Token"
|
25
|
+
oauth_grants_refresh_token_label: "Refresh Token"
|
26
|
+
oauth_grants_expires_in_label: "Expira em"
|
27
|
+
oauth_grants_revoked_at_label: "Revogado a"
|
28
|
+
oauth_no_grants_text: "Nenhuma concessão OAuth ainda!"
|
21
29
|
oauth_applications_name_label: "Nome"
|
22
30
|
oauth_applications_description_label: "Descrição"
|
23
31
|
oauth_applications_scopes_label: "Escopos prédefinidos"
|
@@ -28,30 +36,34 @@ pt:
|
|
28
36
|
oauth_applications_redirect_uri_label: "URL para redireccionamento"
|
29
37
|
oauth_applications_client_secret_label: "Segredo de cliente"
|
30
38
|
oauth_applications_client_id_label: "ID do cliente"
|
39
|
+
oauth_no_applications_text: "Nenhum aplicativo OAuth ainda!"
|
31
40
|
oauth_grant_user_code_label: "Código do usuário"
|
32
41
|
oauth_grant_user_jws_jwk_label: "Chaves JSON Web"
|
33
42
|
oauth_grant_user_jwt_public_key_label: "Chave pública"
|
34
43
|
oauth_application_button: "Registar"
|
35
44
|
oauth_authorize_button: "Autorizar"
|
36
|
-
|
45
|
+
oauth_grant_revoke_button: "Revogar"
|
37
46
|
oauth_authorize_post_button: "Voltar para o aplicativo cliente"
|
47
|
+
oauth_device_verification_page_lead: "O dispositivo com o código de usuário %{user_code} gostaria de aceder aos seus dados."
|
38
48
|
oauth_device_verification_button: "Verificar"
|
49
|
+
oauth_device_search_page_lead: "Introduza o código de usuário do dispositivo que gostaria de autorizar."
|
39
50
|
oauth_device_search_button: "Pesquisar"
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
51
|
+
oauth_invalid_client_message: "A autenticação do cliente falhou"
|
52
|
+
oauth_invalid_grant_type_message: "Tipo de atribuição inválida"
|
53
|
+
oauth_invalid_grant_message: "Atribuição inválida"
|
54
|
+
oauth_invalid_scope_message: "Escopo inválido"
|
44
55
|
invalid_url_message: "URL inválido"
|
45
|
-
|
46
|
-
unique_error_message: "já está sendo utilizado"
|
56
|
+
oauth_unsupported_token_type_message: "Sugestão de tipo de token inválida"
|
47
57
|
null_error_message: "não está preenchido"
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
+
oauth_unsupported_response_type_message: "Tipo de resposta inválido"
|
59
|
+
oauth_already_in_use_message: "erro ao gerar token único"
|
60
|
+
oauth_expired_token_message: "o código de dispositivo expirou"
|
61
|
+
oauth_access_denied_message: "o pedido de autorização foi negado"
|
62
|
+
oauth_authorization_pending_message: "o pedido de autorização ainda está pendente"
|
63
|
+
oauth_slow_down_message: "o pedido de autorização ainda está pendente mas o intervalo de actualização deve ser aumentado"
|
64
|
+
oauth_code_challenge_required_message: "código de negociação necessário"
|
65
|
+
oauth_unsupported_transform_algorithm_message: "algoritmo de transformação não suportado"
|
66
|
+
oauth_invalid_request_object_message: "request_object é inválido"
|
67
|
+
oauth_invalid_scope_message: "O Token de acesso expirou"
|
68
|
+
oauth_authorize_parameter_required: "'%{parameter}' é um parâmetro obrigatório"
|
69
|
+
oauth_invalid_post_logout_redirect_uri_message: "URI de redireccionamento pós-logout inválido"
|
data/templates/authorize.str
CHANGED
@@ -8,10 +8,15 @@
|
|
8
8
|
end
|
9
9
|
}
|
10
10
|
<p class="lead">
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
11
|
+
#{
|
12
|
+
application_uri = rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column]
|
13
|
+
application_name = application_uri ? (<<-LINK) : rodauth.oauth_application[rodauth.oauth_applications_name_column]
|
14
|
+
<a target="_blank" href="#{h(application_uri)}">
|
15
|
+
#{h(rodauth.oauth_application[rodauth.oauth_applications_name_column])}
|
16
|
+
</a>
|
17
|
+
LINK
|
18
|
+
rodauth.authorize_page_lead(name: application_name)
|
19
|
+
}
|
15
20
|
</p>
|
16
21
|
<div class="list-group">
|
17
22
|
#{
|
@@ -52,18 +57,12 @@
|
|
52
57
|
}
|
53
58
|
|
54
59
|
<div class="form-group">
|
55
|
-
<h1 class="display-6">#{rodauth.
|
60
|
+
<h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
|
56
61
|
|
57
62
|
#{
|
58
|
-
rodauth.
|
59
|
-
if scope ==
|
60
|
-
|
61
|
-
<div class="form-check">
|
62
|
-
<input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{h(scope)}" checked disabled>
|
63
|
-
<label class="form-check-label" for="#{scope}">#{h(scope)}</label>
|
64
|
-
<input type="hidden" name="scope[]" value="#{h(scope)}">
|
65
|
-
</div>
|
66
|
-
HTML
|
63
|
+
rodauth.authorize_scopes.map do |scope|
|
64
|
+
if rodauth.features.include?(:oidc) && scope == "offline_access"
|
65
|
+
"<input type=\"hidden\" name=\"scope[]\" value=\"#{scope}\" />"
|
67
66
|
else
|
68
67
|
<<-HTML
|
69
68
|
<div class="form-check">
|
@@ -76,7 +75,6 @@
|
|
76
75
|
}
|
77
76
|
|
78
77
|
<input type="hidden" name="client_id" value="#{rodauth.param("client_id")}"/>
|
79
|
-
|
80
78
|
#{"<input type=\"hidden\" name=\"access_type\" value=\"#{rodauth.param("access_type")}\"/>" if rodauth.param_or_nil("access_type")}
|
81
79
|
#{"<input type=\"hidden\" name=\"response_type\" value=\"#{rodauth.param("response_type")}\"/>" if rodauth.param_or_nil("response_type")}
|
82
80
|
#{"<input type=\"hidden\" name=\"response_mode\" value=\"#{rodauth.param("response_mode")}\"/>" if rodauth.param_or_nil("response_mode")}
|
@@ -84,10 +82,12 @@
|
|
84
82
|
#{"<input type=\"hidden\" name=\"redirect_uri\" value=\"#{rodauth.redirect_uri}\"/>" if rodauth.param_or_nil("redirect_uri")}
|
85
83
|
#{"<input type=\"hidden\" name=\"code_challenge\" value=\"#{rodauth.param("code_challenge")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge")}
|
86
84
|
#{"<input type=\"hidden\" name=\"code_challenge_method\" value=\"#{rodauth.param("code_challenge_method")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge_method")}
|
85
|
+
#{"<input type=\"hidden\" name=\"prompt\" value=\"#{rodauth.param("prompt")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("prompt")}
|
87
86
|
#{"<input type=\"hidden\" name=\"nonce\" value=\"#{rodauth.param("nonce")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("nonce")}
|
88
87
|
#{"<input type=\"hidden\" name=\"ui_locales\" value=\"#{rodauth.param("ui_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("ui_locales")}
|
89
88
|
#{"<input type=\"hidden\" name=\"claims_locales\" value=\"#{rodauth.param("claims_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims_locales")}
|
90
|
-
#{"<input type=\"hidden\" name=\"
|
89
|
+
#{"<input type=\"hidden\" name=\"claims\" value=\"#{h(rodauth.param("claims"))}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims")}
|
90
|
+
#{"<input type=\"hidden\" name=\"acr_values\" value=\"#{rodauth.param("acr_values")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("acr_values")}
|
91
91
|
#{
|
92
92
|
if rodauth.features.include?(:oauth_resource_indicators) && rodauth.resource_indicators
|
93
93
|
rodauth.resource_indicators.map do |resource|
|
@@ -98,6 +98,8 @@
|
|
98
98
|
</div>
|
99
99
|
<p class="text-center">
|
100
100
|
<input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
|
101
|
-
<a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger"
|
101
|
+
<a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">
|
102
|
+
#{rodauth.oauth_cancel_button}
|
103
|
+
</a>
|
102
104
|
</p>
|
103
105
|
</form>
|
data/templates/device_search.str
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
<form method="get" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-search-form">
|
2
|
-
<p class="lead"
|
2
|
+
<p class="lead">#{rodauth.oauth_device_search_page_lead}</p>
|
3
3
|
|
4
4
|
<div class="form-group">
|
5
5
|
<label for="user_code">#{rodauth.oauth_grant_user_code_label}</label>
|
@@ -1,9 +1,9 @@
|
|
1
1
|
<form method="post" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-verification-form">
|
2
2
|
#{csrf_tag(rodauth.device_path) if respond_to?(:csrf_tag)}
|
3
|
-
<p class="lead"
|
3
|
+
<p class="lead">#{rodauth.oauth_device_verification_page_lead(user_code: @oauth_grant[rodauth.oauth_grants_user_code_column])}</p>
|
4
4
|
|
5
5
|
<div class="form-group">
|
6
|
-
<h1 class="display-6">#{rodauth.
|
6
|
+
<h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
|
7
7
|
|
8
8
|
<ul class="list-group">
|
9
9
|
#{
|
data/templates/jwks_field.str
CHANGED
@@ -2,3 +2,4 @@
|
|
2
2
|
<label for="name">#{rodauth.oauth_applications_jwks_label}#{rodauth.input_field_label_suffix}</label>
|
3
3
|
<textarea id="jwks" class="form-control" name="#{rodauth.oauth_application_jwks_param}" rows="3"></textarea>
|
4
4
|
</div>
|
5
|
+
#{rodauth.input_field_string(rodauth.oauth_application_jwks_uri_param, "jwks-uri", :type=>"text")}
|
@@ -1,6 +1,6 @@
|
|
1
1
|
<h2>#{rodauth.new_oauth_application_page_title}</h2>
|
2
2
|
<form method="post" action="#{rodauth.oauth_applications_path}" class="rodauth" role="form" id="oauth-application-form">
|
3
|
-
#{rodauth.csrf_tag}
|
3
|
+
#{csrf_tag(rodauth.oauth_applications_path) if respond_to?(:csrf_tag)}
|
4
4
|
#{rodauth.render('name_field')}
|
5
5
|
#{rodauth.render('description_field')}
|
6
6
|
#{rodauth.render('homepage_url_field')}
|
@@ -10,7 +10,6 @@
|
|
10
10
|
#{
|
11
11
|
if rodauth.features.include?(:oauth_jwt)
|
12
12
|
<<-HTML
|
13
|
-
#{rodauth.render('jwt_public_key_field')}
|
14
13
|
#{rodauth.render('jwks_field')}
|
15
14
|
HTML
|
16
15
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
#{
|
4
4
|
params = [*rodauth.oauth_application_required_params, "client_id", "client_secret"]
|
5
5
|
if rodauth.features.include?(:oauth_jwt)
|
6
|
-
params += %w[jwks
|
6
|
+
params += %w[jwks]
|
7
7
|
end
|
8
8
|
params.map do |param|
|
9
9
|
"<dt class=\"#{param}\">#{rodauth.send(:"oauth_applications_#{param}_label")}: </dt>" +
|
@@ -11,5 +11,5 @@
|
|
11
11
|
end.join
|
12
12
|
}
|
13
13
|
</dl>
|
14
|
-
<a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.
|
14
|
+
<a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.oauth_applications_oauth_grants_path}" class="btn btn-outline-secondary">#{rodauth.oauth_application_oauth_grants_page_title}</a>
|
15
15
|
</div>
|
@@ -0,0 +1,54 @@
|
|
1
|
+
<div id="oauth-grants">
|
2
|
+
#{
|
3
|
+
if @oauth_grants.count.zero?
|
4
|
+
"<p>#{rodauth.oauth_no_grants_text}</p>"
|
5
|
+
else
|
6
|
+
<<-HTML
|
7
|
+
<table class="table">
|
8
|
+
<thead>
|
9
|
+
<tr>
|
10
|
+
<th scope="col">#{rodauth.oauth_grants_type_label}</th>
|
11
|
+
<th scope="col">#{rodauth.oauth_grants_token_label}</th>
|
12
|
+
<th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
|
13
|
+
<th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
|
14
|
+
<th scope="col">#{rodauth.oauth_grants_revoked_at_label}</th>
|
15
|
+
<th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
|
16
|
+
<th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
|
17
|
+
</tr>
|
18
|
+
</thead>
|
19
|
+
<tbody>
|
20
|
+
#{
|
21
|
+
@oauth_grants.map do |oauth_grant|
|
22
|
+
<<-HTML
|
23
|
+
<tr>
|
24
|
+
<td><code class="token">#{oauth_grant[rodauth.oauth_grants_type_column]}</code></td>
|
25
|
+
<td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
|
26
|
+
<td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
|
27
|
+
<td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
|
28
|
+
<td>#{oauth_grant[rodauth.oauth_grants_revoked_at_column]}</td>
|
29
|
+
<td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
|
30
|
+
<td>
|
31
|
+
#{
|
32
|
+
if !oauth_grant[rodauth.oauth_grants_revoked_at_column] && !oauth_grant[rodauth.oauth_grants_token_hash_column]
|
33
|
+
<<-HTML
|
34
|
+
<form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
|
35
|
+
#{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
|
36
|
+
#{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
|
37
|
+
#{rodauth.input_field_string("token", "revoke-token", :value => oauth_grant[rodauth.oauth_grants_token_column], :type=>"hidden")}
|
38
|
+
#{rodauth.button(rodauth.oauth_grant_revoke_button)}
|
39
|
+
</form>
|
40
|
+
HTML
|
41
|
+
end
|
42
|
+
}
|
43
|
+
</td>
|
44
|
+
</tr>
|
45
|
+
HTML
|
46
|
+
end.join
|
47
|
+
}
|
48
|
+
</tbody>
|
49
|
+
</table>
|
50
|
+
#{rodauth.oauth_management_pagination_links(@oauth_grants)}
|
51
|
+
HTML
|
52
|
+
end
|
53
|
+
}
|
54
|
+
</div>
|
@@ -2,11 +2,11 @@
|
|
2
2
|
<a class="btn btn-outline-primary" href="/oauth-applications/new">#{rodauth.new_oauth_application_page_title}</a>
|
3
3
|
#{
|
4
4
|
if @oauth_applications.count.zero?
|
5
|
-
"<p
|
5
|
+
"<p>#{rodauth.oauth_no_applications_text}</p>"
|
6
6
|
else
|
7
7
|
"<ul class=\"list-group\">" +
|
8
8
|
@oauth_applications.map do |application|
|
9
|
-
"<li class=\"list-group-item\"><a href=\"
|
9
|
+
"<li class=\"list-group-item\"><a href=\"#{rodauth.oauth_application_path(application[rodauth.oauth_applications_id_column])}\">#{application[:name]}</a></li>"
|
10
10
|
end.join +
|
11
11
|
"</ul>"
|
12
12
|
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
<div id="oauth-grants">
|
2
|
+
#{
|
3
|
+
if @oauth_grants.count.zero?
|
4
|
+
"<p>#{rodauth.oauth_no_grants_text}</p>"
|
5
|
+
else
|
6
|
+
<<-HTML
|
7
|
+
<table class="table">
|
8
|
+
<thead>
|
9
|
+
<tr>
|
10
|
+
<th scope="col">#{rodauth.oauth_applications_name_label}</th>
|
11
|
+
<th scope="col">#{rodauth.oauth_grants_type_label}</th>
|
12
|
+
<th scope="col">#{rodauth.oauth_grants_token_label}</th>
|
13
|
+
<th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
|
14
|
+
<th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
|
15
|
+
<th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
|
16
|
+
<th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
|
17
|
+
</tr>
|
18
|
+
</thead>
|
19
|
+
<tbody>
|
20
|
+
#{
|
21
|
+
@oauth_grants.map do |oauth_grant|
|
22
|
+
<<-HTML
|
23
|
+
<tr>
|
24
|
+
<td>#{oauth_grant[rodauth.oauth_applications_name_column]}</td>
|
25
|
+
<td>#{oauth_grant[rodauth.oauth_grants_type_column]}</td>
|
26
|
+
<td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
|
27
|
+
<td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
|
28
|
+
<td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
|
29
|
+
<td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
|
30
|
+
<td>
|
31
|
+
#{
|
32
|
+
if !oauth_grant[rodauth.oauth_grants_token_hash_column]
|
33
|
+
<<-HTML
|
34
|
+
<form method="post" action="#{rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])}" class="form-horizontal" role="form" id="grant-revoke-form">
|
35
|
+
#{csrf_tag(rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])) if respond_to?(:csrf_tag)}
|
36
|
+
#{rodauth.button(rodauth.oauth_grant_revoke_button)}
|
37
|
+
</form>
|
38
|
+
HTML
|
39
|
+
end
|
40
|
+
}
|
41
|
+
</td>
|
42
|
+
</tr>
|
43
|
+
HTML
|
44
|
+
end.join
|
45
|
+
}
|
46
|
+
</tbody>
|
47
|
+
</table>
|
48
|
+
#{rodauth.oauth_management_pagination_links(@oauth_grants)}
|
49
|
+
HTML
|
50
|
+
end
|
51
|
+
}
|
52
|
+
</div>
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-oauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0.pre.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Cardoso
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-09
|
11
|
+
date: 2022-11-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rodauth
|
@@ -32,6 +32,7 @@ extensions: []
|
|
32
32
|
extra_rdoc_files:
|
33
33
|
- LICENSE.txt
|
34
34
|
- README.md
|
35
|
+
- MIGRATION-GUIDE-v1.md
|
35
36
|
- CHANGELOG.md
|
36
37
|
- doc/release_notes/0_0_1.md
|
37
38
|
- doc/release_notes/0_0_2.md
|
@@ -65,9 +66,12 @@ extra_rdoc_files:
|
|
65
66
|
- doc/release_notes/0_9_1.md
|
66
67
|
- doc/release_notes/0_9_2.md
|
67
68
|
- doc/release_notes/0_9_3.md
|
69
|
+
- doc/release_notes/1_0_0_beta1.md
|
70
|
+
- doc/release_notes/1_0_0_beta2.md
|
68
71
|
files:
|
69
72
|
- CHANGELOG.md
|
70
73
|
- LICENSE.txt
|
74
|
+
- MIGRATION-GUIDE-v1.md
|
71
75
|
- README.md
|
72
76
|
- doc/release_notes/0_0_1.md
|
73
77
|
- doc/release_notes/0_0_2.md
|
@@ -101,47 +105,51 @@ files:
|
|
101
105
|
- doc/release_notes/0_9_1.md
|
102
106
|
- doc/release_notes/0_9_2.md
|
103
107
|
- doc/release_notes/0_9_3.md
|
108
|
+
- doc/release_notes/1_0_0_beta1.md
|
109
|
+
- doc/release_notes/1_0_0_beta2.md
|
104
110
|
- lib/generators/rodauth/oauth/install_generator.rb
|
105
111
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
|
106
112
|
- lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
|
107
|
-
- lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb
|
108
113
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb
|
109
114
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/device_search.html.erb
|
110
115
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/device_verification.html.erb
|
111
116
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb
|
112
117
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb
|
113
|
-
- lib/generators/rodauth/oauth/templates/app/views/rodauth/
|
118
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_grants.html.erb
|
114
119
|
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb
|
115
|
-
- lib/generators/rodauth/oauth/templates/app/views/rodauth/
|
120
|
+
- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_grants.html.erb
|
116
121
|
- lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb
|
117
122
|
- lib/generators/rodauth/oauth/views_generator.rb
|
118
|
-
- lib/rodauth/features/oauth.rb
|
119
123
|
- lib/rodauth/features/oauth_application_management.rb
|
120
124
|
- lib/rodauth/features/oauth_assertion_base.rb
|
121
125
|
- lib/rodauth/features/oauth_authorization_code_grant.rb
|
122
126
|
- lib/rodauth/features/oauth_authorize_base.rb
|
123
127
|
- lib/rodauth/features/oauth_base.rb
|
124
128
|
- lib/rodauth/features/oauth_client_credentials_grant.rb
|
125
|
-
- lib/rodauth/features/
|
129
|
+
- lib/rodauth/features/oauth_device_code_grant.rb
|
126
130
|
- lib/rodauth/features/oauth_dynamic_client_registration.rb
|
127
|
-
- lib/rodauth/features/
|
131
|
+
- lib/rodauth/features/oauth_grant_management.rb
|
128
132
|
- lib/rodauth/features/oauth_implicit_grant.rb
|
129
133
|
- lib/rodauth/features/oauth_jwt.rb
|
134
|
+
- lib/rodauth/features/oauth_jwt_base.rb
|
130
135
|
- lib/rodauth/features/oauth_jwt_bearer_grant.rb
|
136
|
+
- lib/rodauth/features/oauth_jwt_jwks.rb
|
137
|
+
- lib/rodauth/features/oauth_jwt_secured_authorization_request.rb
|
131
138
|
- lib/rodauth/features/oauth_management_base.rb
|
132
139
|
- lib/rodauth/features/oauth_pkce.rb
|
133
140
|
- lib/rodauth/features/oauth_resource_indicators.rb
|
141
|
+
- lib/rodauth/features/oauth_resource_server.rb
|
134
142
|
- lib/rodauth/features/oauth_saml_bearer_grant.rb
|
135
143
|
- lib/rodauth/features/oauth_token_introspection.rb
|
136
|
-
- lib/rodauth/features/oauth_token_management.rb
|
137
144
|
- lib/rodauth/features/oauth_token_revocation.rb
|
138
145
|
- lib/rodauth/features/oidc.rb
|
139
146
|
- lib/rodauth/features/oidc_dynamic_client_registration.rb
|
147
|
+
- lib/rodauth/features/oidc_rp_initiated_logout.rb
|
140
148
|
- lib/rodauth/oauth.rb
|
141
149
|
- lib/rodauth/oauth/database_extensions.rb
|
150
|
+
- lib/rodauth/oauth/http_extensions.rb
|
142
151
|
- lib/rodauth/oauth/jwe_extensions.rb
|
143
152
|
- lib/rodauth/oauth/railtie.rb
|
144
|
-
- lib/rodauth/oauth/refinements.rb
|
145
153
|
- lib/rodauth/oauth/ttl_store.rb
|
146
154
|
- lib/rodauth/oauth/version.rb
|
147
155
|
- locales/en.yml
|
@@ -153,13 +161,12 @@ files:
|
|
153
161
|
- templates/device_verification.str
|
154
162
|
- templates/homepage_url_field.str
|
155
163
|
- templates/jwks_field.str
|
156
|
-
- templates/jwt_public_key_field.str
|
157
164
|
- templates/name_field.str
|
158
165
|
- templates/new_oauth_application.str
|
159
166
|
- templates/oauth_application.str
|
160
|
-
- templates/
|
167
|
+
- templates/oauth_application_oauth_grants.str
|
161
168
|
- templates/oauth_applications.str
|
162
|
-
- templates/
|
169
|
+
- templates/oauth_grants.str
|
163
170
|
- templates/redirect_uri_field.str
|
164
171
|
- templates/scope_field.str
|
165
172
|
homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
|
@@ -180,12 +187,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
180
187
|
requirements:
|
181
188
|
- - ">="
|
182
189
|
- !ruby/object:Gem::Version
|
183
|
-
version:
|
190
|
+
version: 2.5.0
|
184
191
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
185
192
|
requirements:
|
186
|
-
- - "
|
193
|
+
- - ">"
|
187
194
|
- !ruby/object:Gem::Version
|
188
|
-
version:
|
195
|
+
version: 1.3.1
|
189
196
|
requirements: []
|
190
197
|
rubygems_version: 3.2.32
|
191
198
|
signing_key:
|
@@ -1,39 +0,0 @@
|
|
1
|
-
<% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
|
2
|
-
<% tokens_count = oauth_tokens.count %>
|
3
|
-
<% if tokens_count.zero? %>
|
4
|
-
<p>No oauth tokens yet!</p>
|
5
|
-
<% else %>
|
6
|
-
<table class="table">
|
7
|
-
<thead>
|
8
|
-
<tr>
|
9
|
-
<th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
|
10
|
-
<th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
|
11
|
-
<th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
|
12
|
-
<th scope="col"><=% rodauth.oauth_tokens_revoked_at_label %></th>
|
13
|
-
<th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
|
14
|
-
<th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
|
15
|
-
</tr>
|
16
|
-
</thead>
|
17
|
-
<tbody>
|
18
|
-
<% oauth_tokens.each do |oauth_token| %>
|
19
|
-
<tr>
|
20
|
-
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
|
21
|
-
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
|
22
|
-
<td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
|
23
|
-
<td><%= oauth_token[rodauth.oauth_tokens_revoked_at_column] %></td>
|
24
|
-
<td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
|
25
|
-
<td>
|
26
|
-
<% if !oauth_token[rodauth.oauth_tokens_revoked_at_column] %>
|
27
|
-
<%= form_tag rodauth.revoke_path, method: :post do %>
|
28
|
-
<%= hidden_field_tag :token_type_hint, "access_token" %>
|
29
|
-
<%= hidden_field_tag :token, oauth_token[rodauth.oauth_tokens_token_column] %>
|
30
|
-
<%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
|
31
|
-
<% end %>
|
32
|
-
<% end %>
|
33
|
-
</td>
|
34
|
-
</tr>
|
35
|
-
<% end %>
|
36
|
-
</tbody>
|
37
|
-
</table>
|
38
|
-
<%= rodauth.oauth_management_pagination_links(@oauth_tokens) %>
|
39
|
-
<% end %>
|
@@ -1,35 +0,0 @@
|
|
1
|
-
<% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
|
2
|
-
<% tokens_count = oauth_tokens.count %>
|
3
|
-
<% if tokens_count.zero? %>
|
4
|
-
<p>No oauth tokens yet!</p>
|
5
|
-
<% else %>
|
6
|
-
<table class="table">
|
7
|
-
<thead>
|
8
|
-
<tr>
|
9
|
-
<th scope="col"><=% rodauth.oauth_applications_name_label %></th>
|
10
|
-
<th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
|
11
|
-
<th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
|
12
|
-
<th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
|
13
|
-
<th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
|
14
|
-
<th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
|
15
|
-
</tr>
|
16
|
-
</thead>
|
17
|
-
<tbody>
|
18
|
-
<% oauth_tokens.each do |oauth_token| %>
|
19
|
-
<tr>
|
20
|
-
<td><%= oauth_token[rodauth.oauth_applications_name_column] %></td>
|
21
|
-
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
|
22
|
-
<td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
|
23
|
-
<td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
|
24
|
-
<td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
|
25
|
-
<td>
|
26
|
-
<%= form_tag rodauth.oauth_token_path(oauth_token[rodauth.oauth_tokens_id_column]), method: :post do %>
|
27
|
-
<%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
|
28
|
-
<% end %>
|
29
|
-
</td>
|
30
|
-
</tr>
|
31
|
-
<% end %>
|
32
|
-
</tbody>
|
33
|
-
</table>
|
34
|
-
<%= rodauth.oauth_management_pagination_links(oauth_tokens) %>
|
35
|
-
<% end %>
|
@@ -1,9 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rodauth
|
4
|
-
Feature.define(:oauth, :Oauth) do
|
5
|
-
depends :oauth_base, :oauth_authorization_code_grant, :oauth_pkce, :oauth_implicit_grant,
|
6
|
-
:oauth_client_credentials_grant, :oauth_device_grant, :oauth_token_introspection,
|
7
|
-
:oauth_token_revocation, :oauth_application_management, :oauth_token_management
|
8
|
-
end
|
9
|
-
end
|