signet 0.13.2 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/signet/oauth_2/client.rb +27 -1
- data/lib/signet/version.rb +1 -1
- data/spec/signet/oauth_2/client_spec.rb +40 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc147432dec3ce0cfc7dcb2f935b0b7063e65d7831415f58b00a133834b60eac
|
|
4
|
+
data.tar.gz: d3b11b9064d2bb95a4d905a8199a2372ea96a9214ba050cdc7a496108cc90094
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 13dd09c6860ee3607e0930ca51485f16b51137c62684288a834eb0b008dbcea7b5ee665320061561838f1d680920f15254cc8acc9d83ef80c6c8dcad72277950
|
|
7
|
+
data.tar.gz: 3052287168b60094c7d87e9f51b7ad89bf57f72e78f188a0f0be60a4914a62a36d2dd3e18ff6d89524665695ac3126c85af330884fe83c9ccf022ad61df2be7b
|
data/CHANGELOG.md
CHANGED
|
@@ -46,6 +46,9 @@ module Signet
|
|
|
46
46
|
# - <code>:scope</code> -
|
|
47
47
|
# The scope of the access request, expressed either as an Array
|
|
48
48
|
# or as a space-delimited String.
|
|
49
|
+
# - <code>:target_audience</code> -
|
|
50
|
+
# The final target audience for ID tokens fetched by this client,
|
|
51
|
+
# as a String.
|
|
49
52
|
# - <code>:state</code> -
|
|
50
53
|
# An arbitrary string designed to allow the client to maintain state.
|
|
51
54
|
# - <code>:code</code> -
|
|
@@ -101,6 +104,7 @@ module Signet
|
|
|
101
104
|
@principal = nil
|
|
102
105
|
@redirect_uri = nil
|
|
103
106
|
@scope = nil
|
|
107
|
+
@target_audience = nil
|
|
104
108
|
@state = nil
|
|
105
109
|
@username = nil
|
|
106
110
|
@access_type = nil
|
|
@@ -130,6 +134,9 @@ module Signet
|
|
|
130
134
|
# - <code>:scope</code> -
|
|
131
135
|
# The scope of the access request, expressed either as an Array
|
|
132
136
|
# or as a space-delimited String.
|
|
137
|
+
# - <code>:target_audience</code> -
|
|
138
|
+
# The final target audience for ID tokens fetched by this client,
|
|
139
|
+
# as a String.
|
|
133
140
|
# - <code>:state</code> -
|
|
134
141
|
# An arbitrary string designed to allow the client to maintain state.
|
|
135
142
|
# - <code>:code</code> -
|
|
@@ -181,6 +188,7 @@ module Signet
|
|
|
181
188
|
self.client_id = options[:client_id] if options.key? :client_id
|
|
182
189
|
self.client_secret = options[:client_secret] if options.key? :client_secret
|
|
183
190
|
self.scope = options[:scope] if options.key? :scope
|
|
191
|
+
self.target_audience = options[:target_audience] if options.key? :target_audience
|
|
184
192
|
self.state = options[:state] if options.key? :state
|
|
185
193
|
self.code = options[:code] if options.key? :code
|
|
186
194
|
self.redirect_uri = options[:redirect_uri] if options.key? :redirect_uri
|
|
@@ -423,6 +431,22 @@ module Signet
|
|
|
423
431
|
end
|
|
424
432
|
end
|
|
425
433
|
|
|
434
|
+
##
|
|
435
|
+
# Returns the final target audience for ID tokens fetched by this client.
|
|
436
|
+
#
|
|
437
|
+
# @return [String] The target audience.
|
|
438
|
+
def target_audience
|
|
439
|
+
@target_audience
|
|
440
|
+
end
|
|
441
|
+
|
|
442
|
+
##
|
|
443
|
+
# Sets the final target audience for ID tokens fetched by this client.
|
|
444
|
+
#
|
|
445
|
+
# @param [String] new_target_audience The new target audience.
|
|
446
|
+
def target_audience= new_target_audience
|
|
447
|
+
@target_audience = new_target_audience
|
|
448
|
+
end
|
|
449
|
+
|
|
426
450
|
##
|
|
427
451
|
# Returns the client's current state value.
|
|
428
452
|
#
|
|
@@ -893,11 +917,13 @@ module Signet
|
|
|
893
917
|
"iat" => (now - skew).to_i
|
|
894
918
|
}
|
|
895
919
|
assertion["scope"] = scope.join " " unless scope.nil?
|
|
920
|
+
assertion["target_audience"] = target_audience unless target_audience.nil?
|
|
896
921
|
assertion["prn"] = person unless person.nil?
|
|
897
922
|
assertion["sub"] = sub unless sub.nil?
|
|
898
923
|
JWT.encode assertion, signing_key, signing_algorithm
|
|
899
924
|
end
|
|
900
925
|
# rubocop:disable Style/MethodDefParentheses
|
|
926
|
+
# rubocop:disable Metrics/AbcSize
|
|
901
927
|
|
|
902
928
|
##
|
|
903
929
|
# Serialize the client object to JSON.
|
|
@@ -912,6 +938,7 @@ module Signet
|
|
|
912
938
|
"client_id" => client_id,
|
|
913
939
|
"client_secret" => client_secret,
|
|
914
940
|
"scope" => scope,
|
|
941
|
+
"target_audience" => target_audience,
|
|
915
942
|
"state" => state,
|
|
916
943
|
"code" => code,
|
|
917
944
|
"redirect_uri" => redirect_uri ? redirect_uri.to_s : nil,
|
|
@@ -930,7 +957,6 @@ module Signet
|
|
|
930
957
|
)
|
|
931
958
|
end
|
|
932
959
|
# rubocop:enable Style/MethodDefParentheses
|
|
933
|
-
# rubocop:disable Metrics/AbcSize
|
|
934
960
|
# rubocop:disable Metrics/CyclomaticComplexity
|
|
935
961
|
# rubocop:disable Metrics/MethodLength
|
|
936
962
|
# rubocop:disable Metrics/PerceivedComplexity
|
data/lib/signet/version.rb
CHANGED
|
@@ -1212,3 +1212,43 @@ describe Signet::OAuth2::Client, "configured with custom parameters a la JSON.lo
|
|
|
1212
1212
|
expect(params).to include("new_param" => "new_val")
|
|
1213
1213
|
end
|
|
1214
1214
|
end
|
|
1215
|
+
|
|
1216
|
+
describe Signet::OAuth2::Client, "configured for id tokens" do
|
|
1217
|
+
before do
|
|
1218
|
+
@key = OpenSSL::PKey::RSA.new 2048
|
|
1219
|
+
@client = Signet::OAuth2::Client.new(
|
|
1220
|
+
token_credential_uri: "https://oauth2.googleapis.com/token",
|
|
1221
|
+
target_audience: "https://api.example.com",
|
|
1222
|
+
issuer: "app@example.com",
|
|
1223
|
+
audience: "https://hello.googleapis.com",
|
|
1224
|
+
signing_key: @key
|
|
1225
|
+
)
|
|
1226
|
+
end
|
|
1227
|
+
|
|
1228
|
+
it "should set target_audience" do
|
|
1229
|
+
expect(@client.target_audience).to eq "https://api.example.com"
|
|
1230
|
+
end
|
|
1231
|
+
|
|
1232
|
+
it "should send a valid id token request" do
|
|
1233
|
+
stubs = Faraday::Adapter::Test::Stubs.new do |stub|
|
|
1234
|
+
stub.post "/token" do |env|
|
|
1235
|
+
params = Addressable::URI.form_unencode env[:body]
|
|
1236
|
+
claim, header = JWT.decode params.assoc("assertion").last, @key.public_key, true, algorithm: "RS256"
|
|
1237
|
+
expect(params.assoc("grant_type")).to eq ["grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"]
|
|
1238
|
+
expect(claim["target_audience"]).to eq "https://api.example.com"
|
|
1239
|
+
expect(claim["iss"]).to eq "app@example.com"
|
|
1240
|
+
expect(claim["aud"]).to eq "https://hello.googleapis.com"
|
|
1241
|
+
build_json_response(
|
|
1242
|
+
"id_token" => "12345id",
|
|
1243
|
+
"refresh_token" => "54321refresh",
|
|
1244
|
+
"expires_in" => "3600"
|
|
1245
|
+
)
|
|
1246
|
+
end
|
|
1247
|
+
end
|
|
1248
|
+
connection = Faraday.new url: "https://www.google.com" do |builder|
|
|
1249
|
+
builder.adapter :test, stubs
|
|
1250
|
+
end
|
|
1251
|
+
@client.fetch_access_token! connection: connection
|
|
1252
|
+
expect(@client.id_token).to eq "12345id"
|
|
1253
|
+
end
|
|
1254
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.14.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bob Aman
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-
|
|
12
|
+
date: 2020-04-02 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|