signet 0.17.0 → 0.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +6 -6
- data/lib/signet/oauth_1/credential.rb +1 -1
- data/lib/signet/oauth_1.rb +1 -1
- data/lib/signet/oauth_2/client.rb +87 -50
- data/lib/signet/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 430b4ec8945e95be77f454a8103b93cbaf6ec2e2ff5d8ea875a96686e5c877d0
|
|
4
|
+
data.tar.gz: 672370d6c1769532dc02b34f4c89a8c2aac7613bd5aab71e1f182e0ceba2ea0c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cdd439206b52e37418e88c8010df6943f3d826277e222c4444f2bf351d1787040cc14192346125d8935d7ff8ac167b2f93d849aa32bda81524be9c041196e857
|
|
7
|
+
data.tar.gz: 9fc07647d3c15cfbd6526baaa589ec7f6e09083c92a0a299e47b2e07937e593dec6df78638796160a110a68a30c453064d86e0fac0dba349807ac3316618dbef
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -59,11 +59,11 @@ Be sure `https://rubygems.org` is in your gem sources.
|
|
|
59
59
|
|
|
60
60
|
## Supported Ruby Versions
|
|
61
61
|
|
|
62
|
-
This library is supported on Ruby 2.
|
|
62
|
+
This library is supported on Ruby 2.6+.
|
|
63
63
|
|
|
64
64
|
Google provides official support for Ruby versions that are actively supported
|
|
65
|
-
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
|
66
|
-
security maintenance, and not end of life.
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
65
|
+
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
|
66
|
+
in security maintenance, and not end of life. Older versions of Ruby _may_
|
|
67
|
+
still work, but are unsupported and not recommended. See
|
|
68
|
+
https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
|
|
69
|
+
support schedule.
|
|
@@ -75,7 +75,7 @@ module Signet # :nodoc:
|
|
|
75
75
|
args = args.first.to_ary
|
|
76
76
|
end
|
|
77
77
|
if args.all? { |value| value.is_a? Array }
|
|
78
|
-
parameters = args.each_with_object({}) { |(k, v), h| h[k] = v
|
|
78
|
+
parameters = args.each_with_object({}) { |(k, v), h| h[k] = v }
|
|
79
79
|
@key = key_from_hash.call parameters
|
|
80
80
|
@secret = secret_from_hash.call parameters
|
|
81
81
|
elsif args.size == 2
|
data/lib/signet/oauth_1.rb
CHANGED
|
@@ -350,7 +350,7 @@ module Signet # :nodoc:
|
|
|
350
350
|
query_values = parsed_uri.query_values || {}
|
|
351
351
|
if options[:additional_parameters]
|
|
352
352
|
query_values = query_values.merge(
|
|
353
|
-
options[:additional_parameters].each_with_object({}) { |(k, v), h| h[k] = v
|
|
353
|
+
options[:additional_parameters].each_with_object({}) { |(k, v), h| h[k] = v }
|
|
354
354
|
)
|
|
355
355
|
end
|
|
356
356
|
query_values["oauth_token"] = temporary_credential_key if temporary_credential_key
|
|
@@ -32,52 +32,54 @@ module Signet
|
|
|
32
32
|
#
|
|
33
33
|
# @param [Hash] options
|
|
34
34
|
# The configuration parameters for the client.
|
|
35
|
-
# -
|
|
35
|
+
# - `:authorization_uri` -
|
|
36
36
|
# The authorization server's HTTP endpoint capable of
|
|
37
37
|
# authenticating the end-user and obtaining authorization.
|
|
38
|
-
# -
|
|
38
|
+
# - `:token_credential_uri` -
|
|
39
39
|
# The authorization server's HTTP endpoint capable of issuing
|
|
40
40
|
# tokens and refreshing expired tokens.
|
|
41
|
-
# -
|
|
41
|
+
# - `:client_id` -
|
|
42
42
|
# A unique identifier issued to the client to identify itself to the
|
|
43
43
|
# authorization server.
|
|
44
|
-
# -
|
|
44
|
+
# - `:client_secret` -
|
|
45
45
|
# A shared symmetric secret issued by the authorization server,
|
|
46
46
|
# which is used to authenticate the client.
|
|
47
|
-
# -
|
|
47
|
+
# - `:scope` -
|
|
48
48
|
# The scope of the access request, expressed either as an Array
|
|
49
49
|
# or as a space-delimited String.
|
|
50
|
-
# -
|
|
50
|
+
# - `:target_audience` -
|
|
51
51
|
# The final target audience for ID tokens fetched by this client,
|
|
52
52
|
# as a String.
|
|
53
|
-
# -
|
|
53
|
+
# - `:state` -
|
|
54
54
|
# An arbitrary string designed to allow the client to maintain state.
|
|
55
|
-
# -
|
|
55
|
+
# - `:code` -
|
|
56
56
|
# The authorization code received from the authorization server.
|
|
57
|
-
# -
|
|
57
|
+
# - `:redirect_uri` -
|
|
58
58
|
# The redirection URI used in the initial request.
|
|
59
|
-
# -
|
|
59
|
+
# - `:username` -
|
|
60
60
|
# The resource owner's username.
|
|
61
|
-
# -
|
|
61
|
+
# - `:password` -
|
|
62
62
|
# The resource owner's password.
|
|
63
|
-
# -
|
|
63
|
+
# - `:issuer` -
|
|
64
64
|
# Issuer ID when using assertion profile
|
|
65
|
-
# -
|
|
65
|
+
# - `:person` -
|
|
66
66
|
# Target user for assertions
|
|
67
|
-
# -
|
|
67
|
+
# - `:expiry` -
|
|
68
68
|
# Number of seconds assertions are valid for
|
|
69
|
-
# -
|
|
69
|
+
# - `:signing_key` -
|
|
70
70
|
# Signing key when using assertion profile
|
|
71
|
-
# -
|
|
71
|
+
# - `:refresh_token` -
|
|
72
72
|
# The refresh token associated with the access token
|
|
73
73
|
# to be refreshed.
|
|
74
|
-
# -
|
|
74
|
+
# - `:access_token` -
|
|
75
75
|
# The current access token for this client.
|
|
76
|
-
# -
|
|
76
|
+
# - `:id_token` -
|
|
77
77
|
# The current ID token for this client.
|
|
78
|
-
# -
|
|
78
|
+
# - `:extension_parameters` -
|
|
79
79
|
# When using an extension grant type, this the set of parameters used
|
|
80
80
|
# by that extension.
|
|
81
|
+
# - `:granted_scopes` -
|
|
82
|
+
# All scopes granted by authorization server.
|
|
81
83
|
#
|
|
82
84
|
# @example
|
|
83
85
|
# client = Signet::OAuth2::Client.new(
|
|
@@ -109,6 +111,7 @@ module Signet
|
|
|
109
111
|
@state = nil
|
|
110
112
|
@username = nil
|
|
111
113
|
@access_type = nil
|
|
114
|
+
@granted_scopes = nil
|
|
112
115
|
update! options
|
|
113
116
|
end
|
|
114
117
|
|
|
@@ -117,56 +120,58 @@ module Signet
|
|
|
117
120
|
#
|
|
118
121
|
# @param [Hash] options
|
|
119
122
|
# The configuration parameters for the client.
|
|
120
|
-
# -
|
|
123
|
+
# - `:authorization_uri` -
|
|
121
124
|
# The authorization server's HTTP endpoint capable of
|
|
122
125
|
# authenticating the end-user and obtaining authorization.
|
|
123
|
-
# -
|
|
126
|
+
# - `:token_credential_uri` -
|
|
124
127
|
# The authorization server's HTTP endpoint capable of issuing
|
|
125
128
|
# tokens and refreshing expired tokens.
|
|
126
|
-
# -
|
|
129
|
+
# - `:client_id` -
|
|
127
130
|
# A unique identifier issued to the client to identify itself to the
|
|
128
131
|
# authorization server.
|
|
129
|
-
# -
|
|
132
|
+
# - `:client_secret` -
|
|
130
133
|
# A shared symmetric secret issued by the authorization server,
|
|
131
134
|
# which is used to authenticate the client.
|
|
132
|
-
# -
|
|
135
|
+
# - `:scope` -
|
|
133
136
|
# The scope of the access request, expressed either as an Array
|
|
134
137
|
# or as a space-delimited String.
|
|
135
|
-
# -
|
|
138
|
+
# - `:target_audience` -
|
|
136
139
|
# The final target audience for ID tokens fetched by this client,
|
|
137
140
|
# as a String.
|
|
138
|
-
# -
|
|
141
|
+
# - `:state` -
|
|
139
142
|
# An arbitrary string designed to allow the client to maintain state.
|
|
140
|
-
# -
|
|
143
|
+
# - `:code` -
|
|
141
144
|
# The authorization code received from the authorization server.
|
|
142
|
-
# -
|
|
145
|
+
# - `:redirect_uri` -
|
|
143
146
|
# The redirection URI used in the initial request.
|
|
144
|
-
# -
|
|
147
|
+
# - `:username` -
|
|
145
148
|
# The resource owner's username.
|
|
146
|
-
# -
|
|
149
|
+
# - `:password` -
|
|
147
150
|
# The resource owner's password.
|
|
148
|
-
# -
|
|
151
|
+
# - `:issuer` -
|
|
149
152
|
# Issuer ID when using assertion profile
|
|
150
|
-
# -
|
|
153
|
+
# - `:audience` -
|
|
151
154
|
# Target audience for assertions
|
|
152
|
-
# -
|
|
155
|
+
# - `:person` -
|
|
153
156
|
# Target user for assertions
|
|
154
|
-
# -
|
|
157
|
+
# - `:expiry` -
|
|
155
158
|
# Number of seconds assertions are valid for
|
|
156
|
-
# -
|
|
159
|
+
# - `:signing_key` -
|
|
157
160
|
# Signing key when using assertion profile
|
|
158
|
-
# -
|
|
161
|
+
# - `:refresh_token` -
|
|
159
162
|
# The refresh token associated with the access token
|
|
160
163
|
# to be refreshed.
|
|
161
|
-
# -
|
|
164
|
+
# - `:access_token` -
|
|
162
165
|
# The current access token for this client.
|
|
163
|
-
# -
|
|
166
|
+
# - `:access_type` -
|
|
164
167
|
# The current access type parameter for #authorization_uri.
|
|
165
|
-
# -
|
|
168
|
+
# - `:id_token` -
|
|
166
169
|
# The current ID token for this client.
|
|
167
|
-
# -
|
|
170
|
+
# - `:extension_parameters` -
|
|
168
171
|
# When using an extension grant type, this is the set of parameters used
|
|
169
172
|
# by that extension.
|
|
173
|
+
# - `:granted_scopes` -
|
|
174
|
+
# All scopes granted by authorization server.
|
|
170
175
|
#
|
|
171
176
|
# @example
|
|
172
177
|
# client.update!(
|
|
@@ -253,7 +258,7 @@ module Signet
|
|
|
253
258
|
self.access_token = options[:access_token] if options.key? :access_token
|
|
254
259
|
self.refresh_token = options[:refresh_token] if options.key? :refresh_token
|
|
255
260
|
self.id_token = options[:id_token] if options.key? :id_token
|
|
256
|
-
|
|
261
|
+
self.granted_scopes = options[:granted_scopes] if options.key? :granted_scopes
|
|
257
262
|
self
|
|
258
263
|
end
|
|
259
264
|
|
|
@@ -611,7 +616,7 @@ module Signet
|
|
|
611
616
|
# @param [Integer, String] new_expiry
|
|
612
617
|
# Assertion expiry, in seconds
|
|
613
618
|
def expiry= new_expiry
|
|
614
|
-
@expiry = new_expiry
|
|
619
|
+
@expiry = new_expiry&.to_i
|
|
615
620
|
end
|
|
616
621
|
|
|
617
622
|
##
|
|
@@ -823,6 +828,33 @@ module Signet
|
|
|
823
828
|
@expires_at = normalize_timestamp new_expires_at
|
|
824
829
|
end
|
|
825
830
|
|
|
831
|
+
##
|
|
832
|
+
# Returns the scopes granted by the authorization server.
|
|
833
|
+
#
|
|
834
|
+
# @return [Array, nil] The scope of access returned by the authorization server.
|
|
835
|
+
def granted_scopes
|
|
836
|
+
@granted_scopes
|
|
837
|
+
end
|
|
838
|
+
|
|
839
|
+
##
|
|
840
|
+
# Sets the scopes returned by authorization server for this client.
|
|
841
|
+
#
|
|
842
|
+
# @param [String, Array, nil] new_granted_scopes
|
|
843
|
+
# The scope of access returned by authorization server. This will
|
|
844
|
+
# ideally be expressed as space-delimited String.
|
|
845
|
+
def granted_scopes= new_granted_scopes
|
|
846
|
+
case new_granted_scopes
|
|
847
|
+
when Array
|
|
848
|
+
@granted_scopes = new_granted_scopes
|
|
849
|
+
when String
|
|
850
|
+
@granted_scopes = new_granted_scopes.split
|
|
851
|
+
when nil
|
|
852
|
+
@granted_scopes = nil
|
|
853
|
+
else
|
|
854
|
+
raise TypeError, "Expected Array or String, got #{new_granted_scopes.class}"
|
|
855
|
+
end
|
|
856
|
+
end
|
|
857
|
+
|
|
826
858
|
##
|
|
827
859
|
# Returns true if the access token has expired.
|
|
828
860
|
# Returns false if the token has not expired or has an nil @expires_at.
|
|
@@ -857,6 +889,7 @@ module Signet
|
|
|
857
889
|
@code = nil
|
|
858
890
|
@issued_at = nil
|
|
859
891
|
@expires_at = nil
|
|
892
|
+
@granted_scopes = nil
|
|
860
893
|
end
|
|
861
894
|
|
|
862
895
|
##
|
|
@@ -916,27 +949,28 @@ module Signet
|
|
|
916
949
|
# @return [String] A serialized JSON representation of the client.
|
|
917
950
|
def to_json *_args
|
|
918
951
|
MultiJson.dump(
|
|
919
|
-
"authorization_uri" => authorization_uri
|
|
920
|
-
"token_credential_uri" => token_credential_uri
|
|
952
|
+
"authorization_uri" => authorization_uri&.to_s,
|
|
953
|
+
"token_credential_uri" => token_credential_uri&.to_s,
|
|
921
954
|
"client_id" => client_id,
|
|
922
955
|
"client_secret" => client_secret,
|
|
923
956
|
"scope" => scope,
|
|
924
957
|
"target_audience" => target_audience,
|
|
925
958
|
"state" => state,
|
|
926
959
|
"code" => code,
|
|
927
|
-
"redirect_uri" => redirect_uri
|
|
960
|
+
"redirect_uri" => redirect_uri&.to_s,
|
|
928
961
|
"username" => username,
|
|
929
962
|
"password" => password,
|
|
930
963
|
"issuer" => issuer,
|
|
931
964
|
"audience" => audience,
|
|
932
965
|
"person" => person,
|
|
933
966
|
"expiry" => expiry,
|
|
934
|
-
"expires_at" => expires_at
|
|
967
|
+
"expires_at" => expires_at&.to_i,
|
|
935
968
|
"signing_key" => signing_key,
|
|
936
969
|
"refresh_token" => refresh_token,
|
|
937
970
|
"access_token" => access_token,
|
|
938
971
|
"id_token" => id_token,
|
|
939
|
-
"extension_parameters" => extension_parameters
|
|
972
|
+
"extension_parameters" => extension_parameters,
|
|
973
|
+
"granted_scopes" => granted_scopes
|
|
940
974
|
)
|
|
941
975
|
end
|
|
942
976
|
|
|
@@ -1020,19 +1054,22 @@ module Signet
|
|
|
1020
1054
|
content_type = response.header[:content_type]
|
|
1021
1055
|
end
|
|
1022
1056
|
|
|
1023
|
-
return ::Signet::OAuth2.parse_credentials body, content_type if status == 200
|
|
1024
|
-
|
|
1025
1057
|
message = " Server message:\n#{response.body.to_s.strip}" unless body.to_s.strip.empty?
|
|
1058
|
+
|
|
1026
1059
|
if [400, 401, 403].include? status
|
|
1027
1060
|
message = "Authorization failed.#{message}"
|
|
1028
1061
|
raise ::Signet::AuthorizationError.new message, response: response
|
|
1029
1062
|
elsif status.to_s[0] == "5"
|
|
1030
1063
|
message = "Remote server error.#{message}"
|
|
1031
1064
|
raise ::Signet::RemoteServerError, message
|
|
1032
|
-
|
|
1065
|
+
elsif status != 200
|
|
1033
1066
|
message = "Unexpected status code: #{response.status}.#{message}"
|
|
1034
1067
|
raise ::Signet::UnexpectedStatusError, message
|
|
1035
1068
|
end
|
|
1069
|
+
# status == 200
|
|
1070
|
+
parsed_response = ::Signet::OAuth2.parse_credentials body, content_type
|
|
1071
|
+
parsed_response["granted_scopes"] = parsed_response.delete("scope") if parsed_response
|
|
1072
|
+
parsed_response
|
|
1036
1073
|
end
|
|
1037
1074
|
|
|
1038
1075
|
def fetch_access_token! options = {}
|
data/lib/signet/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.18.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bob Aman
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2023-09-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -85,14 +85,14 @@ dependencies:
|
|
|
85
85
|
requirements:
|
|
86
86
|
- - "~>"
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
|
-
version: 1.26.
|
|
88
|
+
version: 1.26.1
|
|
89
89
|
type: :development
|
|
90
90
|
prerelease: false
|
|
91
91
|
version_requirements: !ruby/object:Gem::Requirement
|
|
92
92
|
requirements:
|
|
93
93
|
- - "~>"
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 1.26.
|
|
95
|
+
version: 1.26.1
|
|
96
96
|
- !ruby/object:Gem::Dependency
|
|
97
97
|
name: kramdown
|
|
98
98
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -234,7 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
235
|
version: 1.3.5
|
|
236
236
|
requirements: []
|
|
237
|
-
rubygems_version: 3.
|
|
237
|
+
rubygems_version: 3.4.19
|
|
238
238
|
signing_key:
|
|
239
239
|
specification_version: 4
|
|
240
240
|
summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.
|