rodauth-oauth 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/README.md +11 -4
- data/lib/rodauth/features/oauth.rb +22 -12
- data/lib/rodauth/features/oauth_jwt.rb +2 -2
- data/lib/rodauth/features/oidc.rb +13 -1
- data/lib/rodauth/oauth/version.rb +1 -1
- data/lib/rodauth/oauth.rb +2 -0
- data/locales/en.yml +34 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 91f66a3575e9f63b13eac64e44c3ce768fb5904ce5e77e0239e3f1f437c21fbf
|
4
|
+
data.tar.gz: bb80d8836f4ad0b99b8e75458861c36526b9a60e623f6d799ff88a751bfe9bc0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '09a5d103d91e13b011456259b255ddd930692e5f50b9ebc892fa86c8ac48006e2815f7339cb10cf1d710eefd5ae18da56a08e43aedd47002bcbaa1cf82c59c6d'
|
7
|
+
data.tar.gz: 745409245789cb8e77a50724192b126e047a5258827bdec765bd2ff07ff3ff4c77bb44463bc513f384f35a3e470f67496a1f12a56777cb27c6af36e903febb7f
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,27 @@
|
|
2
2
|
|
3
3
|
## master
|
4
4
|
|
5
|
+
### 0.7.0 (02/12/2021)
|
6
|
+
|
7
|
+
#### Features
|
8
|
+
|
9
|
+
* Internationalization (i18n) support by hooking on [rodauth-oauth](https://github.com/janko/rodauth-i18n).
|
10
|
+
* Sets all text using `translatable_method`.
|
11
|
+
* Provides english translations for all `rodauth-oauth` related user facing text.
|
12
|
+
|
13
|
+
#### Improvements
|
14
|
+
|
15
|
+
* Enable CORS requests for OpenID configuration endpoint (@ianks)
|
16
|
+
* Introspect endpoint now exposes the `exp` token property (@gmanley)
|
17
|
+
|
18
|
+
#### Bugfixes
|
19
|
+
|
20
|
+
* on rotation policy, although the first refresh token was invalidated, a new one wasn't being provided. This change allows a new refresh token to be generated and exposed in the response (@gmanley)
|
21
|
+
|
22
|
+
#### Chore
|
23
|
+
|
24
|
+
Setting `rodauth` minimal supported version to `2.0.0`.
|
25
|
+
|
5
26
|
### 0.6.1 (08/09/2021)
|
6
27
|
|
7
28
|
#### Bugfixes
|
data/README.md
CHANGED
@@ -516,7 +516,7 @@ payload = json.parse(response.to_s)
|
|
516
516
|
puts payload #=> {
|
517
517
|
# "access_token" => ....
|
518
518
|
# "mac_key" => ....
|
519
|
-
# "mac_algorithm" =>
|
519
|
+
# "mac_algorithm" =>
|
520
520
|
```
|
521
521
|
|
522
522
|
which you'll be able to use to generate the mac signature to send in the "Authorization" header.
|
@@ -565,7 +565,7 @@ plugin :rodauth do
|
|
565
565
|
enable :oauth_jwt
|
566
566
|
oauth_jwt_key rsa_private
|
567
567
|
oauth_jwt_public_key rsa_public
|
568
|
-
oauth_jwt_algorithm "RS256"
|
568
|
+
oauth_jwt_algorithm "RS256"
|
569
569
|
end
|
570
570
|
```
|
571
571
|
|
@@ -581,7 +581,7 @@ plugin :rodauth do
|
|
581
581
|
enable :oauth_jwt
|
582
582
|
oauth_jwt_jwk_key rsa_private
|
583
583
|
oauth_jwt_jwk_public_key rsa_public
|
584
|
-
oauth_jwt_jwk_algorithm "RS256"
|
584
|
+
oauth_jwt_jwk_algorithm "RS256"
|
585
585
|
end
|
586
586
|
```
|
587
587
|
|
@@ -627,6 +627,14 @@ puts payload #=> {
|
|
627
627
|
|
628
628
|
You'll still need the "oauth_tokens" table, however you can remove the "token" column.
|
629
629
|
|
630
|
+
#### Internationalization (i18n)
|
631
|
+
|
632
|
+
`rodauth-oauth` supports translating all user-facing text found in all pages and forms, by integrating with [rodauth-i18n](https://github.com/janko/rodauth-i18n). Just set it up in your application and `rodauth` configuration.
|
633
|
+
|
634
|
+
Default translations shipping with `rodauth-oauth` can be found [in this directory](https://gitlab.com/honeyryderchuck/rodauth-oauth/-/tree/master/locales). If they're not available for the languages you'd like to support, consider getting them translated from the english text, and contributing them to this repository via a Merge Request.
|
635
|
+
|
636
|
+
(This feature is available since `v0.7`.)
|
637
|
+
|
630
638
|
#### Caveats
|
631
639
|
|
632
640
|
Although very handy for the mentioned use case, one can't revoke a JWT token on demand (it must expire first).
|
@@ -646,4 +654,3 @@ After checking out the repo, run `bundle install` to install dependencies. Then,
|
|
646
654
|
## Contributing
|
647
655
|
|
648
656
|
Bug reports and pull requests are welcome on Gitlab at https://gitlab.com/honeyryderchuck/rodauth-oauth.
|
649
|
-
|
@@ -168,24 +168,24 @@ module Rodauth
|
|
168
168
|
auth_value_method :oauth_token_type, "bearer"
|
169
169
|
auth_value_method :oauth_refresh_token_protection_policy, "none" # can be: none, sender_constrained, rotation
|
170
170
|
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
171
|
+
translatable_method :invalid_client_message, "Invalid client"
|
172
|
+
translatable_method :invalid_grant_type_message, "Invalid grant type"
|
173
|
+
translatable_method :invalid_grant_message, "Invalid grant"
|
174
|
+
translatable_method :invalid_scope_message, "Invalid scope"
|
175
175
|
|
176
|
-
|
177
|
-
|
176
|
+
translatable_method :invalid_url_message, "Invalid URL"
|
177
|
+
translatable_method :unsupported_token_type_message, "Invalid token type hint"
|
178
178
|
|
179
|
-
|
180
|
-
|
181
|
-
|
179
|
+
translatable_method :unique_error_message, "is already in use"
|
180
|
+
translatable_method :null_error_message, "is not filled"
|
181
|
+
translatable_method :already_in_use_message, "error generating unique token"
|
182
182
|
auth_value_method :already_in_use_error_code, "invalid_request"
|
183
183
|
|
184
184
|
# PKCE
|
185
185
|
auth_value_method :code_challenge_required_error_code, "invalid_request"
|
186
|
-
|
186
|
+
translatable_method :code_challenge_required_message, "code challenge required"
|
187
187
|
auth_value_method :unsupported_transform_algorithm_error_code, "invalid_request"
|
188
|
-
|
188
|
+
translatable_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
|
189
189
|
|
190
190
|
# METADATA
|
191
191
|
auth_value_method :oauth_metadata_service_documentation, nil
|
@@ -1103,6 +1103,14 @@ module Rodauth
|
|
1103
1103
|
oauth_tokens_scopes_column => oauth_token[oauth_tokens_scopes_column]
|
1104
1104
|
}
|
1105
1105
|
|
1106
|
+
refresh_token = oauth_unique_id_generator
|
1107
|
+
|
1108
|
+
if oauth_tokens_refresh_token_hash_column
|
1109
|
+
insert_params[oauth_tokens_refresh_token_hash_column] = generate_token_hash(refresh_token)
|
1110
|
+
else
|
1111
|
+
insert_params[oauth_tokens_refresh_token_column] = refresh_token
|
1112
|
+
end
|
1113
|
+
|
1106
1114
|
# revoke the refresh token
|
1107
1115
|
oauth_tokens_ds.where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
|
1108
1116
|
.update(oauth_tokens_revoked_at_column => Sequel::CURRENT_TIMESTAMP)
|
@@ -1116,6 +1124,7 @@ module Rodauth
|
|
1116
1124
|
end
|
1117
1125
|
|
1118
1126
|
oauth_token[oauth_tokens_token_column] = token
|
1127
|
+
oauth_token[oauth_tokens_refresh_token_column] = refresh_token if refresh_token
|
1119
1128
|
oauth_token
|
1120
1129
|
end
|
1121
1130
|
end
|
@@ -1141,7 +1150,8 @@ module Rodauth
|
|
1141
1150
|
scope: token[oauth_tokens_scopes_column],
|
1142
1151
|
client_id: oauth_application[oauth_applications_client_id_column],
|
1143
1152
|
# username
|
1144
|
-
token_type: oauth_token_type
|
1153
|
+
token_type: oauth_token_type,
|
1154
|
+
exp: token[oauth_tokens_expires_in_column].to_i
|
1145
1155
|
}
|
1146
1156
|
end
|
1147
1157
|
|
@@ -33,8 +33,8 @@ module Rodauth
|
|
33
33
|
auth_value_method :oauth_jwt_jwe_copyright, nil
|
34
34
|
auth_value_method :oauth_jwt_audience, nil
|
35
35
|
|
36
|
-
|
37
|
-
|
36
|
+
translatable_method :request_uri_not_supported_message, "request uri is unsupported"
|
37
|
+
translatable_method :invalid_request_object_message, "request object is invalid"
|
38
38
|
|
39
39
|
auth_value_methods(
|
40
40
|
:jwt_encode,
|
@@ -68,7 +68,7 @@ module Rodauth
|
|
68
68
|
auth_value_method :oauth_grants_nonce_column, :nonce
|
69
69
|
auth_value_method :oauth_tokens_nonce_column, :nonce
|
70
70
|
|
71
|
-
|
71
|
+
translatable_method :invalid_scope_message, "The Access Token expired"
|
72
72
|
|
73
73
|
auth_value_method :webfinger_relation, "http://openid.net/specs/connect/1.0/issuer"
|
74
74
|
|
@@ -186,6 +186,8 @@ module Rodauth
|
|
186
186
|
|
187
187
|
def openid_configuration(alt_issuer = nil)
|
188
188
|
request.on(".well-known/openid-configuration") do
|
189
|
+
allow_cors(request)
|
190
|
+
|
189
191
|
request.get do
|
190
192
|
json_response_success(openid_configuration_body(alt_issuer), cache: true)
|
191
193
|
end
|
@@ -493,5 +495,15 @@ module Rodauth
|
|
493
495
|
(val.respond_to?(:empty?) && val.empty?)
|
494
496
|
end
|
495
497
|
end
|
498
|
+
|
499
|
+
def allow_cors(request)
|
500
|
+
return unless request.request_method == "OPTIONS"
|
501
|
+
|
502
|
+
response["Access-Control-Allow-Origin"] = "*"
|
503
|
+
response["Access-Control-Allow-Methods"] = "GET, OPTIONS"
|
504
|
+
response["Access-Control-Max-Age"] = "3600"
|
505
|
+
response.status = 200
|
506
|
+
request.halt
|
507
|
+
end
|
496
508
|
end
|
497
509
|
end
|
data/lib/rodauth/oauth.rb
CHANGED
data/locales/en.yml
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
en:
|
2
|
+
rodauth:
|
3
|
+
require_authorization_error_flash: "Please authorize to continue"
|
4
|
+
create_oauth_application_error_flash: "There was an error registering your oauth application"
|
5
|
+
create_oauth_application_notice_flash: "Your oauth application has been registered"
|
6
|
+
revoke_oauth_token_notice_flash: "The oauth token has been revoked"
|
7
|
+
oauth_authorize_title: "Authorize"
|
8
|
+
oauth_oauth_applications_page_title: "Oauth Applications"
|
9
|
+
oauth_oauth_application_page_title: "Oauth Application"
|
10
|
+
oauth_new_oauth_application_page_title: "New Oauth Application"
|
11
|
+
oauth_oauth_tokens_page_title: "Oauth Tokens"
|
12
|
+
name_label: "Name"
|
13
|
+
description_label: "Description"
|
14
|
+
scopes_label: "Scopes"
|
15
|
+
homepage_url_label: "Homepage URL"
|
16
|
+
redirect_uri_label: "Redirect URL"
|
17
|
+
client_secret_label: "Client Secret"
|
18
|
+
client_id_label: "Client ID"
|
19
|
+
oauth_applications_button: "Register"
|
20
|
+
oauth_authorize_button: "Authorize"
|
21
|
+
oauth_token_revoke_button: "Revoke"
|
22
|
+
oauth_authorize_post_button: "Back to Client Application"
|
23
|
+
invalid_grant_message: "Invalid grant"
|
24
|
+
invalid_scope_message: "Invalid scope"
|
25
|
+
invalid_url_message: "Invalid URL"
|
26
|
+
unsupported_token_type_message: "Invalid token type hint"
|
27
|
+
unique_error_message: "is already in use"
|
28
|
+
null_error_message: "is not filled"
|
29
|
+
already_in_use_message: "error generating unique token"
|
30
|
+
code_challenge_required_message: "code challenge required"
|
31
|
+
unsupported_transform_algorithm_message: "transform algorithm not supported"
|
32
|
+
request_uri_not_supported_message: "request uri is unsupported"
|
33
|
+
invalid_request_object_message: "request object is invalid"
|
34
|
+
invalid_scope_message: "The Access Token expired"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rodauth-oauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tiago Cardoso
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-12-02 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Implementation of the OAuth 2.0 protocol on top of rodauth.
|
14
14
|
email:
|
@@ -39,6 +39,7 @@ files:
|
|
39
39
|
- lib/rodauth/oauth/railtie.rb
|
40
40
|
- lib/rodauth/oauth/ttl_store.rb
|
41
41
|
- lib/rodauth/oauth/version.rb
|
42
|
+
- locales/en.yml
|
42
43
|
- templates/authorize.str
|
43
44
|
- templates/client_secret_field.str
|
44
45
|
- templates/description_field.str
|
@@ -71,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
71
72
|
- !ruby/object:Gem::Version
|
72
73
|
version: '0'
|
73
74
|
requirements: []
|
74
|
-
rubygems_version: 3.2.
|
75
|
+
rubygems_version: 3.2.22
|
75
76
|
signing_key:
|
76
77
|
specification_version: 4
|
77
78
|
summary: Implementation of the OAuth 2.0 protocol on top of rodauth.
|