rodauth-oauth 0.6.1 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c0c72cd872103e1d10929ad5934312a123a42b3c9cb55c06c118fbcb0d83f4a7
-  data.tar.gz: 57bbcef2981c20627cfc9239b30781af03898e34b5d2861b84a820d778e1dac3
+  metadata.gz: 91f66a3575e9f63b13eac64e44c3ce768fb5904ce5e77e0239e3f1f437c21fbf
+  data.tar.gz: bb80d8836f4ad0b99b8e75458861c36526b9a60e623f6d799ff88a751bfe9bc0
 SHA512:
-  metadata.gz: a4c48e1ce93074c5dff85f506c8c5b8c7f024409f9c58ae942bb2adb5241303586cb0930a1c849566c793d6d9e508a73b0f5fc5772a82e3c87852415997e7889
-  data.tar.gz: 54e5777b2506ea99f830cd3d9b66ca1755372681cd19013638bc25680b0ce601275fb5fd732b123fcefddb7f56ba0ac1fc6a069f028c377be5a7408d92debb9e
+  metadata.gz: '09a5d103d91e13b011456259b255ddd930692e5f50b9ebc892fa86c8ac48006e2815f7339cb10cf1d710eefd5ae18da56a08e43aedd47002bcbaa1cf82c59c6d'
+  data.tar.gz: 745409245789cb8e77a50724192b126e047a5258827bdec765bd2ff07ff3ff4c77bb44463bc513f384f35a3e470f67496a1f12a56777cb27c6af36e903febb7f

data/CHANGELOG.md

@@ -2,6 +2,27 @@
 
 ## master
 
+### 0.7.0 (02/12/2021)
+
+#### Features
+
+* Internationalization (i18n) support by hooking on [rodauth-oauth](https://github.com/janko/rodauth-i18n).
+  * Sets all text using `translatable_method`.
+  * Provides english translations for all `rodauth-oauth` related user facing text.
+
+#### Improvements
+
+* Enable CORS requests for OpenID configuration endpoint (@ianks)
+* Introspect endpoint now exposes the `exp` token property (@gmanley)
+
+#### Bugfixes
+
+*  on rotation policy, although the first refresh token was invalidated, a new one wasn't being provided. This change allows a new refresh token to be generated and exposed in the response (@gmanley)
+
+#### Chore
+
+Setting `rodauth` minimal supported version to `2.0.0`.
+
 ### 0.6.1 (08/09/2021)
 
 #### Bugfixes

data/README.md

@@ -516,7 +516,7 @@ payload = json.parse(response.to_s)
 puts payload #=> {
 # "access_token" => ....
 # "mac_key" => ....
-# "mac_algorithm" => 
+# "mac_algorithm" =>
 ```
 
 which you'll be able to use to generate the mac signature to send in the "Authorization" header.
@@ -565,7 +565,7 @@ plugin :rodauth do
   enable :oauth_jwt
   oauth_jwt_key rsa_private
   oauth_jwt_public_key rsa_public
-  oauth_jwt_algorithm "RS256" 
+  oauth_jwt_algorithm "RS256"
 end
 ```
 
@@ -581,7 +581,7 @@ plugin :rodauth do
   enable :oauth_jwt
   oauth_jwt_jwk_key rsa_private
   oauth_jwt_jwk_public_key rsa_public
-  oauth_jwt_jwk_algorithm "RS256" 
+  oauth_jwt_jwk_algorithm "RS256"
 end
 ```
 
@@ -627,6 +627,14 @@ puts payload #=> {
 
 You'll still need the "oauth_tokens" table, however you can remove the "token" column.
 
+#### Internationalization (i18n)
+
+`rodauth-oauth` supports translating all user-facing text found in all pages and forms, by integrating with [rodauth-i18n](https://github.com/janko/rodauth-i18n). Just set it up in your application and `rodauth` configuration.
+
+Default translations shipping with `rodauth-oauth` can be found [in this directory](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/tree/master/locales). If they're not available for the languages you'd like to support, consider getting them translated from the english text, and contributing them to this repository via a Merge Request.
+
+(This feature is available since `v0.7`.)
+
 #### Caveats
 
 Although very handy for the mentioned use case, one can't revoke a JWT token on demand (it must expire first).
@@ -646,4 +654,3 @@ After checking out the repo, run `bundle install` to install dependencies. Then,
 ## Contributing
 
 Bug reports and pull requests are welcome on Gitlab at https://gitlab.com/honeyryderchuck/rodauth-oauth.
-

data/lib/rodauth/features/oauth.rb

@@ -168,24 +168,24 @@ module Rodauth
     auth_value_method :oauth_token_type, "bearer"
     auth_value_method :oauth_refresh_token_protection_policy, "none" # can be: none, sender_constrained, rotation
 
-    auth_value_method :invalid_client_message, "Invalid client"
-    auth_value_method :invalid_grant_type_message, "Invalid grant type"
-    auth_value_method :invalid_grant_message, "Invalid grant"
-    auth_value_method :invalid_scope_message, "Invalid scope"
+    translatable_method :invalid_client_message, "Invalid client"
+    translatable_method :invalid_grant_type_message, "Invalid grant type"
+    translatable_method :invalid_grant_message, "Invalid grant"
+    translatable_method :invalid_scope_message, "Invalid scope"
 
-    auth_value_method :invalid_url_message, "Invalid URL"
-    auth_value_method :unsupported_token_type_message, "Invalid token type hint"
+    translatable_method :invalid_url_message, "Invalid URL"
+    translatable_method :unsupported_token_type_message, "Invalid token type hint"
 
-    auth_value_method :unique_error_message, "is already in use"
-    auth_value_method :null_error_message, "is not filled"
-    auth_value_method :already_in_use_message, "error generating unique token"
+    translatable_method :unique_error_message, "is already in use"
+    translatable_method :null_error_message, "is not filled"
+    translatable_method :already_in_use_message, "error generating unique token"
     auth_value_method :already_in_use_error_code, "invalid_request"
 
     # PKCE
     auth_value_method :code_challenge_required_error_code, "invalid_request"
-    auth_value_method :code_challenge_required_message, "code challenge required"
+    translatable_method :code_challenge_required_message, "code challenge required"
     auth_value_method :unsupported_transform_algorithm_error_code, "invalid_request"
-    auth_value_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
+    translatable_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
 
     # METADATA
     auth_value_method :oauth_metadata_service_documentation, nil
@@ -1103,6 +1103,14 @@ module Rodauth
                           oauth_tokens_scopes_column => oauth_token[oauth_tokens_scopes_column]
                         }
 
+                        refresh_token = oauth_unique_id_generator
+
+                        if oauth_tokens_refresh_token_hash_column
+                          insert_params[oauth_tokens_refresh_token_hash_column] = generate_token_hash(refresh_token)
+                        else
+                          insert_params[oauth_tokens_refresh_token_column] = refresh_token
+                        end
+
                         # revoke the refresh token
                         oauth_tokens_ds.where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
                                        .update(oauth_tokens_revoked_at_column => Sequel::CURRENT_TIMESTAMP)
@@ -1116,6 +1124,7 @@ module Rodauth
                       end
 
         oauth_token[oauth_tokens_token_column] = token
+        oauth_token[oauth_tokens_refresh_token_column] = refresh_token if refresh_token
         oauth_token
       end
     end
@@ -1141,7 +1150,8 @@ module Rodauth
         scope: token[oauth_tokens_scopes_column],
         client_id: oauth_application[oauth_applications_client_id_column],
         # username
-        token_type: oauth_token_type
+        token_type: oauth_token_type,
+        exp: token[oauth_tokens_expires_in_column].to_i
       }
     end
 

data/lib/rodauth/features/oauth_jwt.rb

@@ -33,8 +33,8 @@ module Rodauth
     auth_value_method :oauth_jwt_jwe_copyright, nil
     auth_value_method :oauth_jwt_audience, nil
 
-    auth_value_method :request_uri_not_supported_message, "request uri is unsupported"
-    auth_value_method :invalid_request_object_message, "request object is invalid"
+    translatable_method :request_uri_not_supported_message, "request uri is unsupported"
+    translatable_method :invalid_request_object_message, "request object is invalid"
 
     auth_value_methods(
       :jwt_encode,

data/lib/rodauth/features/oidc.rb

@@ -68,7 +68,7 @@ module Rodauth
     auth_value_method :oauth_grants_nonce_column, :nonce
     auth_value_method :oauth_tokens_nonce_column, :nonce
 
-    auth_value_method :invalid_scope_message, "The Access Token expired"
+    translatable_method :invalid_scope_message, "The Access Token expired"
 
     auth_value_method :webfinger_relation, "http://openid.net/specs/connect/1.0/issuer"
 
@@ -186,6 +186,8 @@ module Rodauth
 
     def openid_configuration(alt_issuer = nil)
       request.on(".well-known/openid-configuration") do
+        allow_cors(request)
+
         request.get do
           json_response_success(openid_configuration_body(alt_issuer), cache: true)
         end
@@ -493,5 +495,15 @@ module Rodauth
           (val.respond_to?(:empty?) && val.empty?)
       end
     end
+
+    def allow_cors(request)
+      return unless request.request_method == "OPTIONS"
+
+      response["Access-Control-Allow-Origin"] = "*"
+      response["Access-Control-Allow-Methods"] = "GET, OPTIONS"
+      response["Access-Control-Max-Age"] = "3600"
+      response.status = 200
+      request.halt
+    end
   end
 end

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.6.1"
+    VERSION = "0.7.0"
   end
 end

data/lib/rodauth/oauth.rb

@@ -5,3 +5,5 @@ require "rodauth"
 require "rodauth/oauth/version"
 
 require "rodauth/oauth/railtie" if defined?(Rails)
+
+Rodauth::I18n.directories << File.expand_path(File.join(__dir__, "..", "..", "locales")) if defined?(Rodauth::I18n)

data/locales/en.yml

@@ -0,0 +1,34 @@
+en:
+  rodauth:
+    require_authorization_error_flash: "Please authorize to continue"
+    create_oauth_application_error_flash: "There was an error registering your oauth application"
+    create_oauth_application_notice_flash: "Your oauth application has been registered"
+    revoke_oauth_token_notice_flash: "The oauth token has been revoked"
+    oauth_authorize_title: "Authorize"
+    oauth_oauth_applications_page_title: "Oauth Applications"
+    oauth_oauth_application_page_title: "Oauth Application"
+    oauth_new_oauth_application_page_title: "New Oauth Application"
+    oauth_oauth_tokens_page_title: "Oauth Tokens"
+    name_label: "Name"
+    description_label: "Description"
+    scopes_label: "Scopes"
+    homepage_url_label: "Homepage URL"
+    redirect_uri_label: "Redirect URL"
+    client_secret_label: "Client Secret"
+    client_id_label: "Client ID"
+    oauth_applications_button: "Register"
+    oauth_authorize_button: "Authorize"
+    oauth_token_revoke_button: "Revoke"
+    oauth_authorize_post_button: "Back to Client Application"
+    invalid_grant_message: "Invalid grant"
+    invalid_scope_message: "Invalid scope"
+    invalid_url_message: "Invalid URL"
+    unsupported_token_type_message: "Invalid token type hint"
+    unique_error_message: "is already in use"
+    null_error_message: "is not filled"
+    already_in_use_message: "error generating unique token"
+    code_challenge_required_message: "code challenge required"
+    unsupported_transform_algorithm_message: "transform algorithm not supported"
+    request_uri_not_supported_message: "request uri is unsupported"
+    invalid_request_object_message: "request object is invalid"
+    invalid_scope_message: "The Access Token expired"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.7.0
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-08 00:00:00.000000000 Z
+date: 2021-12-02 00:00:00.000000000 Z
 dependencies: []
 description: Implementation of the OAuth 2.0 protocol on top of rodauth.
 email:
@@ -39,6 +39,7 @@ files:
 - lib/rodauth/oauth/railtie.rb
 - lib/rodauth/oauth/ttl_store.rb
 - lib/rodauth/oauth/version.rb
+- locales/en.yml
 - templates/authorize.str
 - templates/client_secret_field.str
 - templates/description_field.str
@@ -71,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.15
+rubygems_version: 3.2.22
 signing_key:
 specification_version: 4
 summary: Implementation of the OAuth 2.0 protocol on top of rodauth.