ruby_oidc_client 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5b5f37ec00ec2675db46405e2ae66bbb0575039bdf0de00ac5f2a9f9420360de
+  data.tar.gz: 86093df21b39985900be9a4fcba7c831bdcb64331759c63f2acd13a8f93787a4
+SHA512:
+  metadata.gz: 5eb4f9337b6f5dfde2a008c544fd2a706ab58d81ee23ab2618cc36cd5376ec4840c94c2169ec32ce37a85a5c9efec742749a575b2f75e5a0cc23b5ad9d7d9f88
+  data.tar.gz: 137967b68fddf32d29a0bcd69923297aec3eb5ef8ff89e347db096ce10b49ea116004a5380038023e273eec25df9b04bf55c5c0f145d20cb249bff3b9d713d76

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,13 @@
+AllCops:
+  TargetRubyVersion: 2.6
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+0.1.0
+
+- Flexible Configuration:
+  - Supports various authentication methods including client_secret_basic and private_key_jwt.
+  - Configurable token endpoint auth method.
+  - Configurable JWKS for signing and encryption.
+- Authorization:
+  - Generation of authorization URL with support for different scopes, and parameters like scope and claims.
+  - Support for both standard and pushed authorization requests.
+  - Generation of proofs including state, nonce, and code verifier for PKCE.
+- Token Acquisition:
+  - Token exchange functionality for obtaining tokens from an authorization code.
+- User Information Retrieval:
+  - Userinfo endpoint interaction to retrieve user information using an access token.
+- JWT Handling:
+  - JWT decoding support including handling of encrypted JWTs.
+  - JWT signing and encryption support.
+- Utilities:
+  - Fetching provider configuration from the well-known configuration endpoint.
+- Error Handling:
+  - Comprehensive error handling for various steps in the OIDC interaction process.
+- Example:
+  - Sinatra example usage provided in the examples folder demonstrating how to use the IDPartner class for OIDC interactions.

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 IDPartner
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,52 @@
+# RubyOidcClient
+
+RubyOidcClient is a Ruby gem that simplifies OpenID Connect client operations. This gem provides a set of functionalities to interact with OIDC providers, facilitating authentication and authorization processes.
+
+## Installation
+
+You can install the `ruby_oidc_client` gem by executing the following command:
+
+```bash
+$ gem install ruby_oidc_client
+```
+
+Alternatively, if you are using Bundler, add this line to your application's Gemfile:
+
+```ruby
+gem 'ruby_oidc_client'
+```
+
+And then execute:
+
+```bash
+$ bundle install
+```
+
+## Usage
+
+Please check the [examples folder](./examples/)
+
+### Running Tests
+
+After checking out the repo, install the necessary dependencies and run the tests by executing:
+
+```bash
+$ rspec
+```
+
+### Running RuboCop
+
+To check the code for styling issues according to the RuboCop guidelines, run:
+
+```bash
+$ rubocop
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [https://github.com/idpartner-app/ruby_oidc_client](https://github.com/idpartner-app/ruby_oidc_client).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+```

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/examples/README.md

@@ -0,0 +1,3 @@
+# IDPartner examples
+
+This contains the an example with the [ruby_oidc_client](https://github.com/idpartner-app/ruby_oidc_client) library, called [client-secret-basic](./client-secret-basic/README.md), which is a sinatra project using the client_secret_basic authentication method to obtain user info

data/examples/client_secret_basic/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+gem "sinatra"
+gem "webrick"

data/examples/client_secret_basic/Gemfile.lock

@@ -0,0 +1,26 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    mustermann (3.0.0)
+      ruby2_keywords (~> 0.0.1)
+    rack (2.2.8)
+    rack-protection (3.1.0)
+      rack (~> 2.2, >= 2.2.4)
+    ruby2_keywords (0.0.5)
+    sinatra (3.1.0)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.1.0)
+      tilt (~> 2.0)
+    tilt (2.3.0)
+    webrick (1.8.1)
+
+PLATFORMS
+  x86_64-darwin-23
+
+DEPENDENCIES
+  sinatra
+  webrick
+
+BUNDLED WITH
+   2.4.21

data/examples/client_secret_basic/README.md

@@ -0,0 +1,24 @@
+# client_secret_basic flow using ruby_oidc_client lib
+
+## Prerequisites
+
+1. [Create an IDPartner Account](https://console.idpartner.com).
+1. [Create an Application (Client Secret)](https://docs.idpartner.com/documentation/relying-party-user-guide/registering-your-app#create-an-application).
+1. Ensure the following properties are set:
+   - Origin URL: http://localhost:3001/button/oauth
+   - Redirect URL: http://localhost:3001/button/oauth/callback
+1. Grab the "Client ID" and the "Client Secret" to update the following parts in your code:
+   1. [Update CHANGE_ME_CLIENT_ID in the configuration file](./config.json)
+   1. [Update CHANGE_ME_CLIENT_SECRET in the configuration file](./config.json)
+
+   Aditionally you optionally can configure the next steps:
+   1. [Update the "redirect_uri" in the configuration file](./config.json)
+
+## Running the project
+
+1. Run: `bundle`
+1. Run: `ruby app.rb`
+1. Access http://localhost:3001
+1. Click the "Choose your ID Partner" button
+1. Search for "Mikomo Bank"
+1. Use these test credentials `mikomo_10/mikomo_10`

data/examples/client_secret_basic/app.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require "sinatra"
+require_relative "../../lib/id_partner"
+
+class App < Sinatra::Base
+  config = JSON.parse(File.read("config.json"))
+
+  set :bind, "0.0.0.0"
+  set :port, config["port"]
+  set :public_folder, "#{File.dirname(__FILE__)}/public"
+  enable :sessions
+
+  id_partner = RubyOidcClient::IDPartner.new({
+                                               client_id: config["client_id"],
+                                               client_secret: config["client_secret"],
+                                               redirect_uri: config["redirect_uri"]
+                                             })
+
+  get "/" do
+    erb :index, locals: { title: "RP Client Secret Example", config: config }
+  end
+
+  get "/button/oauth" do
+    scope = config["scope"]
+    proofs = id_partner.generate_proofs
+    session[:proofs] = proofs
+    session[:issuer] = params[:iss]
+    redirect id_partner.get_authorization_url(params, proofs, scope, { prompt: "consent" })
+  end
+
+  get "/button/oauth/callback" do
+    token = id_partner.token(params, session[:proofs])
+    userinfo = id_partner.userinfo(token["access_token"])
+    content_type :json
+    userinfo.to_json
+  end
+
+  get "/jwks" do
+    content_type :json
+    id_partner.public_jwks.to_json
+  end
+
+  run! if app_file == $PROGRAM_NAME
+end

data/examples/client_secret_basic/config.json

@@ -0,0 +1,7 @@
+{
+  "client_id": "CHANGE_ME_CLIENT_ID",
+  "client_secret": "CHANGE_ME_CLIENT_SECRET",
+  "redirect_uri": "http://localhost:3001/button/oauth/callback",
+  "scope": "openid offline_access email profile birthdate address",
+  "port": 3001
+}

data/examples/client_secret_basic/public/stylesheets/style.css

@@ -0,0 +1,8 @@
+body {
+  padding: 50px;
+  font: 14px "Lucida Grande", Helvetica, Arial, sans-serif;
+}
+
+a {
+  color: #00B7FF;
+}

data/examples/client_secret_basic/views/index.erb

@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src="https://install.idpartner.com/script.js"></script>
+    <title><%= title %></title>
+    <link rel='stylesheet' href='/stylesheets/style.css' />
+  </head>
+  <body>
+    <id-partner id="<%= config["client_id"] %>"></id-partner>
+  </body>
+</html>

data/lib/id_partner.rb

@@ -0,0 +1,260 @@
+# frozen_string_literal: true
+
+require_relative "ruby_oidc_client/version"
+require "json/jwt"
+require "net/http"
+require "uri"
+require "base64"
+
+module RubyOidcClient
+  class IDPartner
+    SUPPORTED_AUTH_METHODS = [
+      "client_secret_basic",
+      "tls_client_auth",
+      "private_key_jwt" # For backward compatibility
+    ].freeze
+    SIGNING_ALG = "PS256"
+    ENCRYPTION_ALG = "RSA-OAEP"
+    ENCRYPTION_ENC = "A256CBC-HS512"
+
+    attr_reader :config, :endpoints, :provider_keys
+
+    def initialize(config)
+      raise ArgumentError, "Config missing." unless config
+
+      default_config = {
+        account_selector_service_url: "https://auth-api.idpartner.com/oidc-proxy",
+        token_endpoint_auth_method: "client_secret_basic",
+        jwks: nil,
+        client_secret: nil
+      }
+
+      @config = default_config.merge(config)
+
+      unless SUPPORTED_AUTH_METHODS.include?(@config[:token_endpoint_auth_method])
+        raise ArgumentError,
+              "Unsupported token_endpoint_auth_method '#{config[:token_endpoint_auth_method]}'. It must be one of (#{SUPPORTED_AUTH_METHODS.join(", ")})"
+      end
+
+      client_secret_config = @config[:token_endpoint_auth_method] == "client_secret_basic" ? { client_secret: @config[:client_secret] } : {}
+
+      jwks_config = if @config[:jwks]
+                      {
+                        authorization_encrypted_response_alg: ENCRYPTION_ALG,
+                        authorization_encrypted_response_enc: ENCRYPTION_ENC,
+                        id_token_encrypted_response_alg: ENCRYPTION_ALG,
+                        id_token_encrypted_response_enc: ENCRYPTION_ENC,
+                        request_object_signing_alg: SIGNING_ALG
+                      }
+                    else
+                      {}
+                    end
+
+      @config = @config.merge({
+                                authorization_signed_response_alg: SIGNING_ALG,
+                                id_token_signed_response_alg: SIGNING_ALG
+                              }).merge(client_secret_config).merge(jwks_config)
+    end
+
+    def generate_proofs
+      {
+        state: SecureRandom.urlsafe_base64(64),
+        nonce: SecureRandom.urlsafe_base64(64),
+        code_verifier: SecureRandom.urlsafe_base64(64)
+      }
+    end
+
+    def get_authorization_url(query, proofs, scope, extra_authorization_params = {})
+      raise ArgumentError, "The URL query parameter is required." unless query
+      raise ArgumentError, "The scope parameter is required." unless scope
+      raise ArgumentError, "The proofs parameter is required." unless proofs
+
+      if query[:iss].nil?
+        return "#{config[:account_selector_service_url]}/auth/select-accounts?client_id=#{config[:client_id]}&visitor_id=#{query[:visitor_id]}&scope=#{scope}&claims=#{extract_claims(extra_authorization_params[:claims]).join("+")}"
+      end
+
+      @config[:iss] = query[:iss]
+      obtain_well_known_config_endpoints
+
+      extra_authorization_params[:claims] = extra_authorization_params[:claims]&.to_json
+      extended_authorization_params = {
+        redirect_uri: config[:redirect_uri],
+        code_challenge_method: "S256",
+        code_challenge: generate_code_challenge(proofs[:code_verifier]),
+        state: proofs[:state],
+        nonce: proofs[:nonce],
+        scope: scope,
+        response_type: "code",
+        client_id: config[:client_id],
+        'x-fapi-interaction-id': SecureRandom.uuid,
+        identity_provider_id: query[:idp_id],
+        idpartner_token: query[:idpartner_token],
+        response_mode: "jwt"
+      }.merge(extra_authorization_params).compact
+
+      pushed_authorization_request_params = extended_authorization_params
+      pushed_authorization_request_params = { request: create_request_object(extended_authorization_params) } if config[:jwks]
+
+      request_uri = push_authorization_request(pushed_authorization_request_params)["request_uri"]
+      query_params = URI.encode_www_form(request_uri: request_uri)
+      "#{endpoints[:authorization_endpoint]}?#{query_params}"
+    end
+
+    def public_jwks
+      return {} unless config[:jwks]
+
+      jwk_set = JSON::JWK::Set.new(JSON.parse(config[:jwks]))
+      public_jwks = jwk_set.collect do |jwk|
+        public_jwk = jwk.to_key.public_key.to_jwk
+        public_jwk.merge("alg" => jwk["alg"], "use" => jwk["use"]).compact
+      end
+
+      { "keys" => public_jwks }
+    end
+
+    def token(query, proofs)
+      decoded_jwt = decode_jwt(query[:response])
+      basic_auth_credentials = Base64.strict_encode64("#{config[:client_id]}:#{config[:client_secret]}")
+      payload = {
+        code: decoded_jwt["code"],
+        code_verifier: proofs[:code_verifier],
+        grant_type: "authorization_code",
+        redirect_uri: config[:redirect_uri]
+      }
+
+      uri = URI(endpoints[:token_endpoint])
+      http = Net::HTTP.new(uri.host, uri.port)
+      headers = {
+        "Authorization" => "Basic #{basic_auth_credentials}",
+        "Content-Type" => "application/x-www-form-urlencoded",
+        "Accept" => "application/json"
+      }
+      token_request = Net::HTTP::Post.new(uri.request_uri, headers)
+      token_request.set_form_data(payload)
+      token_response = http.request(token_request)
+      raise "Failed to exchange token: #{token_response.body}" unless token_response.is_a?(Net::HTTPSuccess)
+
+      JSON.parse(token_response.body)
+    end
+
+    def userinfo(access_token)
+      uri = URI(endpoints[:userinfo_endpoint])
+      http = Net::HTTP.new(uri.host, uri.port)
+      headers = {
+        "Authorization" => "Bearer #{access_token}",
+        "Accept" => "application/json"
+      }
+
+      userinfo_request = Net::HTTP::Get.new(uri.request_uri, headers)
+      userinfo_response = http.request(userinfo_request)
+
+      raise "Failed to retrieve userinfo: #{userinfo_response.body}" unless userinfo_response.is_a?(Net::HTTPSuccess)
+
+      JSON.parse(userinfo_response.body)
+    rescue StandardError => e
+      raise "Failed to fetch well-known config: #{e.message}"
+    end
+
+    private
+
+    def extract_claims(claims_object)
+      return [] unless claims_object.is_a?(Hash)
+
+      userinfo_keys = claims_object[:userinfo]&.keys || []
+      id_token_keys = claims_object[:id_token]&.keys || []
+
+      (userinfo_keys + id_token_keys).uniq
+    end
+
+    def obtain_well_known_config_endpoints
+      uri = URI("#{config[:iss]}/.well-known/openid-configuration")
+      http = Net::HTTP.new(uri.host, uri.port)
+      headers = { "Accept" => "application/json" }
+      request = Net::HTTP::Get.new(uri.request_uri, headers)
+      response = http.request(request)
+      raise "Failed to retrieve well-known: #{response.body}" unless response.is_a?(Net::HTTPSuccess)
+      well_known_config = JSON.parse(response.body)
+      @endpoints = {
+        authorization_endpoint: well_known_config["authorization_endpoint"],
+        token_endpoint: well_known_config["token_endpoint"],
+        userinfo_endpoint: well_known_config["userinfo_endpoint"],
+        pushed_authorization_request_endpoint: well_known_config["pushed_authorization_request_endpoint"],
+        jwks_uri: well_known_config["jwks_uri"]
+      }
+    rescue StandardError => e
+      raise "Failed to fetch well-known config: #{e.message}"
+    end
+
+    def create_request_object(params)
+      extended_params = params.merge({
+                                       iss: config[:client_id],
+                                       aud: config[:iss],
+                                       exp: Time.now.to_i + 60,
+                                       iat: Time.now.to_i,
+                                       nbf: Time.now.to_i
+                                     })
+
+      sig_key = sig_key()
+      jwt = JSON::JWT.new(extended_params)
+      jwt.sign(sig_key, sig_key["alg"]).to_s
+    end
+
+    def push_authorization_request(request_object)
+      uri = URI(endpoints[:pushed_authorization_request_endpoint])
+      http = Net::HTTP.new(uri.host, uri.port)
+      basic_auth_credentials = Base64.strict_encode64("#{config[:client_id]}:#{config[:client_secret]}")
+      headers = {
+        "Authorization" => "Basic #{basic_auth_credentials}",
+        "Content-Type" => "application/x-www-form-urlencoded",
+        "Accept" => "application/json"
+      }
+      par_request = Net::HTTP::Post.new(uri.request_uri, headers)
+      par_request.set_form_data(request_object)
+      par_response = http.request(par_request)
+      raise "Failed to push authorization request: #{par_response.body}" unless par_response.is_a?(Net::HTTPSuccess)
+
+      JSON.parse(par_response.body)
+    rescue StandardError => e
+      raise "An error occurred: #{e.message}"
+    end
+
+    def generate_code_challenge(code_verifier)
+      Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier)).gsub(/=+$/, "")
+    end
+
+    def sig_key
+      jwk_set = JSON::JWK::Set.new(JSON.parse(config[:jwks]))
+      jwk_set.find { |j| j[:use] == "sig" }
+    end
+
+    def enc_key
+      jwk_set = JSON::JWK::Set.new(JSON.parse(config[:jwks]))
+      jwk_set.find { |j| j[:use] == "enc" }
+    end
+
+    def decode_jwt(jwt_str)
+      if jwt_str.split(".").length == 5
+        jwe = JSON::JWT.decode(jwt_str, enc_key)
+        jwt_str = jwe.plain_text
+      end
+
+      kid = JSON::JWT.decode(jwt_str, :skip_verification).kid
+      sig_key = provider_key(kid)
+      JSON::JWT.decode(jwt_str, sig_key)
+    end
+
+    def provider_key(kid)
+      fetch_provider_keys unless provider_keys
+      @provider_keys[kid] || (raise "No provider key found for kid: #{kid}")
+    end
+
+    def fetch_provider_keys
+      jwks_uri = endpoints[:jwks_uri]
+      fetched_provider_keys = JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: nil, auto_detect: false)
+      @provider_keys = {}
+      fetched_provider_keys.each do |key|
+        @provider_keys[key["kid"]] = key
+      end
+    end
+  end
+end

data/lib/ruby_oidc_client/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module RubyOidcClient
+  VERSION = "0.0.1"
+end

data/ruby_oidc_client.gemspec

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require_relative "lib/ruby_oidc_client/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "ruby_oidc_client"
+  spec.version = RubyOidcClient::VERSION
+  spec.authors = ["Giovanni Alberto"]
+  spec.email = ["delirable@gmail.com"]
+
+  spec.summary = "A Ruby client for interacting with OpenID Connect providers using the IDPartner class."
+  spec.description = "The IDPartner gem provides a Ruby client for engaging with OpenID Connect providers, simplifying the process of authorization, token acquisition, and user information retrieval. It supports various authentication methods and handles endpoint discovery via well-known configuration. The gem encapsulates the complexities of generating, signing, and verifying JWTs, making OpenID Connect integration straightforward and secure."
+  spec.homepage = "https://github.com/idpartner-app/ruby_oidc_client"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 2.6.0"
+
+  spec.metadata["allowed_push_host"] = "https://rubygems.org"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/idpartner-app/ruby_oidc_client"
+  spec.metadata["changelog_uri"] = "https://github.com/idpartner-app/ruby_oidc_client/blob/master/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(__dir__) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (File.expand_path(f) == __FILE__) ||
+        f.start_with?(*%w[bin/ test/ spec/ features/ .git .circleci appveyor Gemfile])
+    end
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  # Uncomment to register a new dependency of your gem
+  spec.add_dependency "json-jwt", "~> 1.16.3"
+
+  # Optionally, within your gemspec file if you prefer to declare dev/test dependencies here
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rubocop", "~> 1.21"
+  spec.add_development_dependency "vcr", "~> 6.2.0"
+  spec.add_development_dependency "webmock", "~> 3.19.1"
+
+  # For more information and examples about making a new gem, check out our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/sig/ruby_oidc_client.rbs

@@ -0,0 +1,40 @@
+class IDPartner
+  type SUPPORTED_AUTH_METHODS: Array[String]
+  type SIGNING_ALG: String
+  type ENCRYPTION_ALG: String
+  type ENCRYPTION_ENC: String
+
+  attr_reader config: Hash[Symbol, String], endpoints: Hash[Symbol, String]
+
+  def initialize: (Hash[Symbol, String]) -> void
+
+  def generate_proofs: -> Hash[Symbol, String]
+
+  def get_authorization_url: (
+    query: Hash[Symbol, String],
+    proofs: Hash[Symbol, String],
+    scope: Array[String],
+    prompt: String,
+    claims_object: Hash[Symbol, String]
+  ) -> String
+
+  def get_public_jwks: -> Hash[String, Array[untyped]]
+
+  def token: (query: Hash[Symbol, String], proofs: Hash[Symbol, String]) -> Hash[String, String]
+
+  def userinfo: (String) -> Hash[String, String]
+
+  private
+
+  def get_endpoints_from_well_known_config: -> void
+
+  def create_request_object: (Hash[Symbol, untyped]) -> String
+
+  def push_authorization_request: (Hash[Symbol, untyped]) -> Hash[String, untyped]
+
+  def generate_code_challenge: (String) -> String
+
+  def parse_private_key: (String) -> untyped
+
+  def verify_jws: (String) -> Hash[Symbol, untyped]
+end

metadata

@@ -0,0 +1,155 @@
+--- !ruby/object:Gem::Specification
+name: ruby_oidc_client
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Giovanni Alberto
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2023-11-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.16.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.16.3
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 6.2.0
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.19.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.19.1
+description: The IDPartner gem provides a Ruby client for engaging with OpenID Connect
+  providers, simplifying the process of authorization, token acquisition, and user
+  information retrieval. It supports various authentication methods and handles endpoint
+  discovery via well-known configuration. The gem encapsulates the complexities of
+  generating, signing, and verifying JWTs, making OpenID Connect integration straightforward
+  and secure.
+email:
+- delirable@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- Rakefile
+- examples/README.md
+- examples/client_secret_basic/Gemfile
+- examples/client_secret_basic/Gemfile.lock
+- examples/client_secret_basic/README.md
+- examples/client_secret_basic/app.rb
+- examples/client_secret_basic/config.json
+- examples/client_secret_basic/public/stylesheets/style.css
+- examples/client_secret_basic/views/index.erb
+- lib/id_partner.rb
+- lib/ruby_oidc_client/version.rb
+- ruby_oidc_client.gemspec
+- sig/ruby_oidc_client.rbs
+homepage: https://github.com/idpartner-app/ruby_oidc_client
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/idpartner-app/ruby_oidc_client
+  source_code_uri: https://github.com/idpartner-app/ruby_oidc_client
+  changelog_uri: https://github.com/idpartner-app/ruby_oidc_client/blob/master/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.10
+signing_key:
+specification_version: 4
+summary: A Ruby client for interacting with OpenID Connect providers using the IDPartner
+  class.
+test_files: []