rodauth-oauth 0.6.0 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d21e4fc67f961c41299cbd79176ed284729c5d4198dd38008edee29d455baaeb
-  data.tar.gz: 5274aa48c6192b7182764d762fb55a4d025aefef8ee85693b770c8ce691a0de2
+  metadata.gz: d000e6a25796dbdc8c58d378e93819343810f6089c33d02732443342ce721ec3
+  data.tar.gz: e61c19bd7e74c3f2b68541bf7aa78c143c669d5a745bf4efc389e786598fbcd8
 SHA512:
-  metadata.gz: 0aa9e79243f70753fd3741f21f862f0f8795b21eea16bba81319a18183a43027c344f099ab2b2663b84e30e7453cde33e9fceb4d015c32057b79fb4dc10a4680
-  data.tar.gz: d2dcb2edcca49fa0d9f29e321bd52cb26d40e466e10c1936a564925be9976051b9ef730a32e9a9fdc7fed9ba00778749ddc78fc9db60af227926285fc46fa285
+  metadata.gz: 9d727127c9e5a6d3a935b6194fbd0bd81358f3ea9876387d1639c3cf419b15246a0b89d57688d8ef15e830bd7b86f482463332c0fa843cb494ee56afe23c3e2e
+  data.tar.gz: 1d565e48e99b4897ca47a64c5b937405a5a10a9696893059d59670e58ae0dc1677daf17194ddfefcdd0d9fc33960ab5fd3a1fd3716cbe0e7fae961537ad46058

data/CHANGELOG.md

@@ -2,6 +2,67 @@
 
 ## master
 
+### 0.7.2 (14/12/2021)
+
+#### Features
+
+* Revoking tokens from the OAuth Application management interface (@muellerj)
+
+Token revocation was only possible when using the client ID and Secret, to aid "logout" functionality from client applications. Although the admin interface (available via `r.oauth_applications`) displayed a "Revoke" button alongside tokens in the list page, this was not working. The RFC does allow for the use case of application administrators being able to manually revoke tokens (as a result of client support, for example), so this functionality was enabled (only for the oauth application owner, for now).
+
+#### Bugfixes
+
+Default scope usage related bugfixes:
+
+* Improved default scope conversion to avoid nested arrays (@muellerj);
+* Authorize form shows a disabled checkbox and POST's no scope when default scope is to be used (@muellerj);
+* example default scope fixed for example authorization server (should be string) (@muellerj);
+* several param fixes in view templates (@muellerj);
+
+OAuth Applications Management fixes:
+
+* Access to OAuth Application page is now restricted to app owner;
+* OAuth Applications page now lists the **only** the applications owned by the logged in user;
+
+### 0.7.1 (05/12/2021)
+
+#### Improvements
+
+* Adapted the `rodauth-i18n` configuration to comply with the guidelines for `v0.2.0` (which is the defacto minimmal supported version).
+
+#### Bugfixes
+
+* `convert_timestamp` was removed from the templates, as it's private API.
+* Several missing or wrong URLs in templates fixed (authorize form was wrongly processing scopes when none was selected).
+
+### 0.7.0 (02/12/2021)
+
+#### Features
+
+* Internationalization (i18n) support by hooking on [rodauth-i18n](https://github.com/janko/rodauth-i18n).
+  * Sets all text using `translatable_method`.
+  * Provides english translations for all `rodauth-oauth` related user facing text.
+
+#### Improvements
+
+* Enable CORS requests for OpenID configuration endpoint (@ianks)
+* Introspect endpoint now exposes the `exp` token property (@gmanley)
+
+#### Bugfixes
+
+*  on rotation policy, although the first refresh token was invalidated, a new one wasn't being provided. This change allows a new refresh token to be generated and exposed in the response (@gmanley)
+
+#### Chore
+
+Setting `rodauth` minimal supported version to `2.0.0`.
+
+### 0.6.1 (08/09/2021)
+
+#### Bugfixes
+
+* Fixed rails view templates escaping.
+* Fixed declaration of authorize template in the generator.
+
 ### 0.6.0 (21/05/2021)
 
 ### Improvements

data/README.md

@@ -173,7 +173,7 @@ puts payload #=> {"access_token" => "awr23f3h8f9d2h89...", "token_type" => "Bear
 
 #### Revoking tokens
 
-Token revocation can be done both by the idenntity owner or the application owner, and can therefore be done either online (browser-based form) or server-to-server. Here's an example using server-to-server:
+Token revocation can be done both by the identity owner or the application owner, and can therefore be done either online (browser-based form) or server-to-server. Here's an example using server-to-server:
 
 ```ruby
 require "httpx"
@@ -516,7 +516,7 @@ payload = json.parse(response.to_s)
 puts payload #=> {
 # "access_token" => ....
 # "mac_key" => ....
-# "mac_algorithm" => 
+# "mac_algorithm" =>
 ```
 
 which you'll be able to use to generate the mac signature to send in the "Authorization" header.
@@ -565,7 +565,7 @@ plugin :rodauth do
   enable :oauth_jwt
   oauth_jwt_key rsa_private
   oauth_jwt_public_key rsa_public
-  oauth_jwt_algorithm "RS256" 
+  oauth_jwt_algorithm "RS256"
 end
 ```
 
@@ -581,7 +581,7 @@ plugin :rodauth do
   enable :oauth_jwt
   oauth_jwt_jwk_key rsa_private
   oauth_jwt_jwk_public_key rsa_public
-  oauth_jwt_jwk_algorithm "RS256" 
+  oauth_jwt_jwk_algorithm "RS256"
 end
 ```
 
@@ -627,6 +627,14 @@ puts payload #=> {
 
 You'll still need the "oauth_tokens" table, however you can remove the "token" column.
 
+#### Internationalization (i18n)
+
+`rodauth-oauth` supports translating all user-facing text found in all pages and forms, by integrating with [rodauth-i18n](https://github.com/janko/rodauth-i18n). Just set it up in your application and `rodauth` configuration.
+
+Default translations shipping with `rodauth-oauth` can be found [in this directory](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/tree/master/locales). If they're not available for the languages you'd like to support, consider getting them translated from the english text, and contributing them to this repository via a Merge Request.
+
+(This feature is available since `v0.7`.)
+
 #### Caveats
 
 Although very handy for the mentioned use case, one can't revoke a JWT token on demand (it must expire first).
@@ -646,4 +654,3 @@ After checking out the repo, run `bundle install` to install dependencies. Then,
 ## Contributing
 
 Bug reports and pull requests are welcome on Gitlab at https://gitlab.com/honeyryderchuck/rodauth-oauth.
-

data/lib/generators/rodauth/oauth/views_generator.rb

@@ -9,7 +9,7 @@ module Rodauth::OAuth
         source_root "#{__dir__}/templates"
         namespace "rodauth:oauth:views"
 
-        DEFAULT = %w[oauth_authorize].freeze
+        DEFAULT = %w[authorize].freeze
         VIEWS = {
           oauth_authorize: DEFAULT,
           oauth_applications: %w[oauth_applications oauth_application new_oauth_application]

data/lib/rodauth/features/oauth.rb

@@ -66,6 +66,7 @@ module Rodauth
     notice_flash "Your oauth application has been registered", "create_oauth_application"
 
     notice_flash "The oauth token has been revoked", "revoke_oauth_token"
+    error_flash "You are not authorized to revoke this token", "revoke_unauthorized_account"
 
     view "authorize", "Authorize", "authorize"
     view "oauth_applications", "Oauth Applications", "oauth_applications"
@@ -168,24 +169,24 @@ module Rodauth
     auth_value_method :oauth_token_type, "bearer"
     auth_value_method :oauth_refresh_token_protection_policy, "none" # can be: none, sender_constrained, rotation
 
-    auth_value_method :invalid_client_message, "Invalid client"
-    auth_value_method :invalid_grant_type_message, "Invalid grant type"
-    auth_value_method :invalid_grant_message, "Invalid grant"
-    auth_value_method :invalid_scope_message, "Invalid scope"
+    translatable_method :invalid_client_message, "Invalid client"
+    translatable_method :invalid_grant_type_message, "Invalid grant type"
+    translatable_method :invalid_grant_message, "Invalid grant"
+    translatable_method :invalid_scope_message, "Invalid scope"
 
-    auth_value_method :invalid_url_message, "Invalid URL"
-    auth_value_method :unsupported_token_type_message, "Invalid token type hint"
+    translatable_method :invalid_url_message, "Invalid URL"
+    translatable_method :unsupported_token_type_message, "Invalid token type hint"
 
-    auth_value_method :unique_error_message, "is already in use"
-    auth_value_method :null_error_message, "is not filled"
-    auth_value_method :already_in_use_message, "error generating unique token"
+    translatable_method :unique_error_message, "is already in use"
+    translatable_method :null_error_message, "is not filled"
+    translatable_method :already_in_use_message, "error generating unique token"
     auth_value_method :already_in_use_error_code, "invalid_request"
 
     # PKCE
     auth_value_method :code_challenge_required_error_code, "invalid_request"
-    auth_value_method :code_challenge_required_message, "code challenge required"
+    translatable_method :code_challenge_required_message, "code challenge required"
     auth_value_method :unsupported_transform_algorithm_error_code, "invalid_request"
-    auth_value_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
+    translatable_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
 
     # METADATA
     auth_value_method :oauth_metadata_service_documentation, nil
@@ -279,7 +280,13 @@ module Rodauth
       next unless is_authorization_server?
 
       before_revoke_route
-      require_oauth_application
+
+      if logged_in?
+        require_account
+        require_oauth_application_from_account
+      else
+        require_oauth_application
+      end
 
       r.post do
         catch_error do
@@ -386,7 +393,10 @@ module Rodauth
         end
 
         request.on(oauth_applications_id_pattern) do |id|
-          oauth_application = db[oauth_applications_table].where(oauth_applications_id_column => id).first
+          oauth_application = db[oauth_applications_table]
+                              .where(oauth_applications_id_column => id)
+                              .where(oauth_applications_account_id_column => account_id)
+                              .first
           next unless oauth_application
 
           scope.instance_variable_set(:@oauth_application, oauth_application)
@@ -407,7 +417,8 @@ module Rodauth
         end
 
         request.get do
-          scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table])
+          scope.instance_variable_set(:@oauth_applications, db[oauth_applications_table]
+            .where(oauth_applications_account_id_column => account_id))
           oauth_applications_view
         end
 
@@ -474,7 +485,7 @@ module Rodauth
       when String
         scope.split(" ")
       when nil
-        [oauth_application_default_scope]
+        Array(oauth_application_default_scope)
       end
     end
 
@@ -570,6 +581,8 @@ module Rodauth
       end
 
       self.class.send(:define_method, :__one_oauth_token_per_account) { one_oauth_token_per_account }
+
+      i18n_register(File.expand_path(File.join(__dir__, "..", "..", "..", "locales"))) if features.include?(:i18n)
     end
 
     def use_date_arithmetic?
@@ -682,6 +695,20 @@ module Rodauth
       authorization_required unless @oauth_application && secret_matches?(@oauth_application, client_secret)
     end
 
+    def require_oauth_application_from_account
+      ds = db[oauth_applications_table]
+           .join(oauth_tokens_table, Sequel[oauth_tokens_table][oauth_tokens_oauth_application_id_column] =>
+                                     Sequel[oauth_applications_table][oauth_applications_id_column])
+           .where(oauth_token_by_token_ds(param("token")).opts.fetch(:where, true))
+           .where(Sequel[oauth_applications_table][oauth_applications_account_id_column] => account_id)
+
+      @oauth_application = ds.qualify.first
+      return if @oauth_application
+
+      set_redirect_error_flash revoke_unauthorized_account_error_flash
+      redirect request.referer || "/"
+    end
+
     def secret_matches?(oauth_application, secret)
       BCrypt::Password.new(oauth_application[oauth_applications_client_secret_column]) == secret
     end
@@ -772,17 +799,21 @@ module Rodauth
       end
     end
 
-    def oauth_token_by_token(token)
+    def oauth_token_by_token_ds(token)
       ds = db[oauth_tokens_table]
 
       ds = if oauth_tokens_token_hash_column
-             ds.where(oauth_tokens_token_hash_column => generate_token_hash(token))
+             ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_hash_column] => generate_token_hash(token))
            else
-             ds.where(oauth_tokens_token_column => token)
+             ds.where(Sequel[oauth_tokens_table][oauth_tokens_token_column] => token)
            end
 
-      ds.where(Sequel[oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
-        .where(oauth_tokens_revoked_at_column => nil).first
+      ds.where(Sequel[oauth_tokens_table][oauth_tokens_expires_in_column] >= Sequel::CURRENT_TIMESTAMP)
+        .where(Sequel[oauth_tokens_table][oauth_tokens_revoked_at_column] => nil)
+    end
+
+    def oauth_token_by_token(token)
+      oauth_token_by_token_ds(token).first
     end
 
     def oauth_token_by_refresh_token(token, revoked: false)
@@ -1103,6 +1134,14 @@ module Rodauth
                           oauth_tokens_scopes_column => oauth_token[oauth_tokens_scopes_column]
                         }
 
+                        refresh_token = oauth_unique_id_generator
+
+                        if oauth_tokens_refresh_token_hash_column
+                          insert_params[oauth_tokens_refresh_token_hash_column] = generate_token_hash(refresh_token)
+                        else
+                          insert_params[oauth_tokens_refresh_token_column] = refresh_token
+                        end
+
                         # revoke the refresh token
                         oauth_tokens_ds.where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
                                        .update(oauth_tokens_revoked_at_column => Sequel::CURRENT_TIMESTAMP)
@@ -1116,6 +1155,7 @@ module Rodauth
                       end
 
         oauth_token[oauth_tokens_token_column] = token
+        oauth_token[oauth_tokens_refresh_token_column] = refresh_token if refresh_token
         oauth_token
       end
     end
@@ -1141,7 +1181,8 @@ module Rodauth
         scope: token[oauth_tokens_scopes_column],
         client_id: oauth_application[oauth_applications_client_id_column],
         # username
-        token_type: oauth_token_type
+        token_type: oauth_token_type,
+        exp: token[oauth_tokens_expires_in_column].to_i
       }
     end
 

data/lib/rodauth/features/oauth_jwt.rb

@@ -33,8 +33,8 @@ module Rodauth
     auth_value_method :oauth_jwt_jwe_copyright, nil
     auth_value_method :oauth_jwt_audience, nil
 
-    auth_value_method :request_uri_not_supported_message, "request uri is unsupported"
-    auth_value_method :invalid_request_object_message, "request object is invalid"
+    translatable_method :request_uri_not_supported_message, "request uri is unsupported"
+    translatable_method :invalid_request_object_message, "request object is invalid"
 
     auth_value_methods(
       :jwt_encode,

data/lib/rodauth/features/oidc.rb

@@ -68,7 +68,7 @@ module Rodauth
     auth_value_method :oauth_grants_nonce_column, :nonce
     auth_value_method :oauth_tokens_nonce_column, :nonce
 
-    auth_value_method :invalid_scope_message, "The Access Token expired"
+    translatable_method :invalid_scope_message, "The Access Token expired"
 
     auth_value_method :webfinger_relation, "http://openid.net/specs/connect/1.0/issuer"
 
@@ -186,6 +186,8 @@ module Rodauth
 
     def openid_configuration(alt_issuer = nil)
       request.on(".well-known/openid-configuration") do
+        allow_cors(request)
+
         request.get do
           json_response_success(openid_configuration_body(alt_issuer), cache: true)
         end
@@ -493,5 +495,15 @@ module Rodauth
           (val.respond_to?(:empty?) && val.empty?)
       end
     end
+
+    def allow_cors(request)
+      return unless request.request_method == "OPTIONS"
+
+      response["Access-Control-Allow-Origin"] = "*"
+      response["Access-Control-Allow-Methods"] = "GET, OPTIONS"
+      response["Access-Control-Max-Age"] = "3600"
+      response.status = 200
+      request.halt
+    end
   end
 end

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.6.0"
+    VERSION = "0.7.2"
   end
 end

data/locales/en.yml

@@ -0,0 +1,35 @@
+en:
+  rodauth:
+    require_authorization_error_flash: "Please authorize to continue"
+    create_oauth_application_error_flash: "There was an error registering your oauth application"
+    create_oauth_application_notice_flash: "Your oauth application has been registered"
+    revoke_unauthorized_account_error_flash: "You are not authorized to revoke this token"
+    revoke_oauth_token_notice_flash: "The oauth token has been revoked"
+    oauth_authorize_title: "Authorize"
+    oauth_oauth_applications_page_title: "Oauth Applications"
+    oauth_oauth_application_page_title: "Oauth Application"
+    oauth_new_oauth_application_page_title: "New Oauth Application"
+    oauth_oauth_tokens_page_title: "Oauth Tokens"
+    name_label: "Name"
+    description_label: "Description"
+    scopes_label: "Scopes"
+    homepage_url_label: "Homepage URL"
+    redirect_uri_label: "Redirect URL"
+    client_secret_label: "Client Secret"
+    client_id_label: "Client ID"
+    oauth_applications_button: "Register"
+    oauth_authorize_button: "Authorize"
+    oauth_token_revoke_button: "Revoke"
+    oauth_authorize_post_button: "Back to Client Application"
+    invalid_grant_message: "Invalid grant"
+    invalid_scope_message: "Invalid scope"
+    invalid_url_message: "Invalid URL"
+    unsupported_token_type_message: "Invalid token type hint"
+    unique_error_message: "is already in use"
+    null_error_message: "is not filled"
+    already_in_use_message: "error generating unique token"
+    code_challenge_required_message: "code challenge required"
+    unsupported_transform_algorithm_message: "transform algorithm not supported"
+    request_uri_not_supported_message: "request uri is unsupported"
+    invalid_request_object_message: "request object is invalid"
+    invalid_scope_message: "The Access Token expired"

data/templates/authorize.str

@@ -1,4 +1,4 @@
-<form method="post" class="form-horizontal" role="form" id="authorize-form">
+<form method="post" action="#{rodauth.authorize_path}" class="form-horizontal" role="form" id="authorize-form">
   #{csrf_tag(rodauth.authorize_path) if respond_to?(:csrf_tag)}
   <p class="lead">The application #{rodauth.oauth_application[rodauth.oauth_applications_name_column]} would like to access your data.</p>
 
@@ -7,12 +7,22 @@
 
     #{
       rodauth.scopes.map do |scope|
-        <<-HTML
-         	<div class="form-check">
-            <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" #{"checked disabled" if scope == rodauth.oauth_application_default_scope}>
-            <label class="form-check-label" for="#{scope}">#{scope}</label>
-          </div>
-        HTML
+        if scope == rodauth.oauth_application_default_scope
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}" checked disabled>
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+              <input type="hidden" name="scope[]" value="#{scope}">
+            </div>
+          HTML
+        else
+          <<-HTML
+            <div class="form-check">
+              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{scope}">
+              <label class="form-check-label" for="#{scope}">#{scope}</label>
+            </div>
+          HTML
+        end
       end.join
     }
 
@@ -31,4 +41,4 @@
     <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
     <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">Cancel</a>
   </p>
-</form>
+</form>

data/templates/oauth_application.str

@@ -7,5 +7,5 @@
       end.join
     }
   </dl>
-  <a href="/#{"#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}"}" class="btn btn-outline-secondary">Oauth Tokens</a>
-</div>
+  <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[:id]}/#{rodauth.oauth_tokens_path}" class="btn btn-outline-secondary">Oauth Tokens</a>
+</div>

data/templates/oauth_tokens.str

@@ -10,7 +10,8 @@
               <th scope="col">Token</th>
               <th scope="col">Refresh Token</th>
               <th scope="col">Expires in</th>
-              <th scope="col">Revoke</th>
+              <th scope="col">Revoked at</th>
+              <th scope="col">Scopes</th>
               <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_tokens.count}</span>
             </tr>
           </thead>
@@ -19,16 +20,17 @@
               @oauth_tokens.map do |oauth_token|
                 <<-HTML
                   <tr>
-                    <td>#{oauth_token[rodauth.oauth_tokens_token_column]}</td>
-                    <td>#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</td>
-                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_expires_in_column])}</td>
-                    <td>#{rodauth.convert_timestamp(oauth_token[rodauth.oauth_tokens_revoked_at_column])}</td>
+                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_token_column]}</code></td>
+                    <td><code class="token">#{oauth_token[rodauth.oauth_tokens_refresh_token_column]}</code></td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_expires_in_column]}</td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_revoked_at_column]}</td>
+                    <td>#{oauth_token[rodauth.oauth_tokens_scopes_column]}</td>
                     <td>
                       #{
-                        if !oauth_token[rodauth.oauth_tokens_revoked_at_param] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
+                        if !oauth_token[rodauth.oauth_tokens_revoked_at_column] && !oauth_token[rodauth.oauth_tokens_token_hash_column]
                           <<-HTML
                             <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
-                              #{csrf_tag(rodauth.oauth_revoke_path) if respond_to?(:csrf_tag)}
+                              #{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
                               #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
                               #{rodauth.input_field_string("token", "revoke-token", :value => oauth_token[rodauth.oauth_tokens_token_column], :type=>"hidden")}
                               #{rodauth.button(rodauth.oauth_token_revoke_button)}
@@ -46,4 +48,4 @@
       HTML
     end
   }
-</div>
+</div>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.2
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-21 00:00:00.000000000 Z
+date: 2021-12-14 00:00:00.000000000 Z
 dependencies: []
 description: Implementation of the OAuth 2.0 protocol on top of rodauth.
 email:
@@ -39,6 +39,7 @@ files:
 - lib/rodauth/oauth/railtie.rb
 - lib/rodauth/oauth/ttl_store.rb
 - lib/rodauth/oauth/version.rb
+- locales/en.yml
 - templates/authorize.str
 - templates/client_secret_field.str
 - templates/description_field.str
@@ -51,7 +52,8 @@ files:
 - templates/redirect_uri_field.str
 - templates/scope_field.str
 homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
-licenses: []
+licenses:
+- Apache 2.0
 metadata:
   homepage_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
   source_code_uri: https://gitlab.com/honeyryderchuck/rodauth-oauth
@@ -71,7 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: Implementation of the OAuth 2.0 protocol on top of rodauth.