signet 0.17.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/README.md +6 -6
- data/lib/signet/oauth_1/credential.rb +1 -1
- data/lib/signet/oauth_1.rb +1 -1
- data/lib/signet/oauth_2/client.rb +87 -50
- data/lib/signet/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 13fbdf2ef81b9b3fd51060e1a41624ad6bac62c6980eca00905cd88e8f053be8
|
|
4
|
+
data.tar.gz: 3b04aaebc576451c9de4e3661eb441cd6d0bd6d3a7bdf63493eeaecdd819ede4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9c11f05eb845cd94228ab7e10b656bd9ea9c7d63ebc7dc4fb2413a12901d3803b2bd6de48dfa77fb68fb842effb42bf65c5ca1ce5ff90bdbd1a0ac6806630a15
|
|
7
|
+
data.tar.gz: 46097fea3a8a754b9b8e31476f50270fb8d6c48df3ff69f537546bfd6437de3ef58dff3f0d1ff355d378d54e82a05c6a4b6509dd647ba912705abe252b182d62
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
# Release History
|
|
2
2
|
|
|
3
|
+
### 0.19.0 (2024-02-01)
|
|
4
|
+
|
|
5
|
+
#### Features
|
|
6
|
+
|
|
7
|
+
* Update minimum Ruby version to 2.7
|
|
8
|
+
|
|
9
|
+
### 0.18.0 (2023-09-01)
|
|
10
|
+
|
|
11
|
+
#### Features
|
|
12
|
+
|
|
13
|
+
* Expose Granted Scopes while fetching credentials ([#230](https://github.com/googleapis/signet/issues/230))
|
|
14
|
+
|
|
3
15
|
### 0.17.0 (2022-06-23)
|
|
4
16
|
|
|
5
17
|
* Updated minimum Ruby version to 2.6
|
data/README.md
CHANGED
|
@@ -59,11 +59,11 @@ Be sure `https://rubygems.org` is in your gem sources.
|
|
|
59
59
|
|
|
60
60
|
## Supported Ruby Versions
|
|
61
61
|
|
|
62
|
-
This library is supported on Ruby 2.
|
|
62
|
+
This library is supported on Ruby 2.7+.
|
|
63
63
|
|
|
64
64
|
Google provides official support for Ruby versions that are actively supported
|
|
65
|
-
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
|
66
|
-
security maintenance, and not end of life.
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
65
|
+
by Ruby Core—that is, Ruby versions that are either in normal maintenance or
|
|
66
|
+
in security maintenance, and not end of life. Older versions of Ruby _may_
|
|
67
|
+
still work, but are unsupported and not recommended. See
|
|
68
|
+
https://www.ruby-lang.org/en/downloads/branches/ for details about the Ruby
|
|
69
|
+
support schedule.
|
|
@@ -75,7 +75,7 @@ module Signet # :nodoc:
|
|
|
75
75
|
args = args.first.to_ary
|
|
76
76
|
end
|
|
77
77
|
if args.all? { |value| value.is_a? Array }
|
|
78
|
-
parameters = args.each_with_object({}) { |(k, v), h| h[k] = v
|
|
78
|
+
parameters = args.each_with_object({}) { |(k, v), h| h[k] = v }
|
|
79
79
|
@key = key_from_hash.call parameters
|
|
80
80
|
@secret = secret_from_hash.call parameters
|
|
81
81
|
elsif args.size == 2
|
data/lib/signet/oauth_1.rb
CHANGED
|
@@ -350,7 +350,7 @@ module Signet # :nodoc:
|
|
|
350
350
|
query_values = parsed_uri.query_values || {}
|
|
351
351
|
if options[:additional_parameters]
|
|
352
352
|
query_values = query_values.merge(
|
|
353
|
-
options[:additional_parameters].each_with_object({}) { |(k, v), h| h[k] = v
|
|
353
|
+
options[:additional_parameters].each_with_object({}) { |(k, v), h| h[k] = v }
|
|
354
354
|
)
|
|
355
355
|
end
|
|
356
356
|
query_values["oauth_token"] = temporary_credential_key if temporary_credential_key
|
|
@@ -32,52 +32,54 @@ module Signet
|
|
|
32
32
|
#
|
|
33
33
|
# @param [Hash] options
|
|
34
34
|
# The configuration parameters for the client.
|
|
35
|
-
# -
|
|
35
|
+
# - `:authorization_uri` -
|
|
36
36
|
# The authorization server's HTTP endpoint capable of
|
|
37
37
|
# authenticating the end-user and obtaining authorization.
|
|
38
|
-
# -
|
|
38
|
+
# - `:token_credential_uri` -
|
|
39
39
|
# The authorization server's HTTP endpoint capable of issuing
|
|
40
40
|
# tokens and refreshing expired tokens.
|
|
41
|
-
# -
|
|
41
|
+
# - `:client_id` -
|
|
42
42
|
# A unique identifier issued to the client to identify itself to the
|
|
43
43
|
# authorization server.
|
|
44
|
-
# -
|
|
44
|
+
# - `:client_secret` -
|
|
45
45
|
# A shared symmetric secret issued by the authorization server,
|
|
46
46
|
# which is used to authenticate the client.
|
|
47
|
-
# -
|
|
47
|
+
# - `:scope` -
|
|
48
48
|
# The scope of the access request, expressed either as an Array
|
|
49
49
|
# or as a space-delimited String.
|
|
50
|
-
# -
|
|
50
|
+
# - `:target_audience` -
|
|
51
51
|
# The final target audience for ID tokens fetched by this client,
|
|
52
52
|
# as a String.
|
|
53
|
-
# -
|
|
53
|
+
# - `:state` -
|
|
54
54
|
# An arbitrary string designed to allow the client to maintain state.
|
|
55
|
-
# -
|
|
55
|
+
# - `:code` -
|
|
56
56
|
# The authorization code received from the authorization server.
|
|
57
|
-
# -
|
|
57
|
+
# - `:redirect_uri` -
|
|
58
58
|
# The redirection URI used in the initial request.
|
|
59
|
-
# -
|
|
59
|
+
# - `:username` -
|
|
60
60
|
# The resource owner's username.
|
|
61
|
-
# -
|
|
61
|
+
# - `:password` -
|
|
62
62
|
# The resource owner's password.
|
|
63
|
-
# -
|
|
63
|
+
# - `:issuer` -
|
|
64
64
|
# Issuer ID when using assertion profile
|
|
65
|
-
# -
|
|
65
|
+
# - `:person` -
|
|
66
66
|
# Target user for assertions
|
|
67
|
-
# -
|
|
67
|
+
# - `:expiry` -
|
|
68
68
|
# Number of seconds assertions are valid for
|
|
69
|
-
# -
|
|
69
|
+
# - `:signing_key` -
|
|
70
70
|
# Signing key when using assertion profile
|
|
71
|
-
# -
|
|
71
|
+
# - `:refresh_token` -
|
|
72
72
|
# The refresh token associated with the access token
|
|
73
73
|
# to be refreshed.
|
|
74
|
-
# -
|
|
74
|
+
# - `:access_token` -
|
|
75
75
|
# The current access token for this client.
|
|
76
|
-
# -
|
|
76
|
+
# - `:id_token` -
|
|
77
77
|
# The current ID token for this client.
|
|
78
|
-
# -
|
|
78
|
+
# - `:extension_parameters` -
|
|
79
79
|
# When using an extension grant type, this the set of parameters used
|
|
80
80
|
# by that extension.
|
|
81
|
+
# - `:granted_scopes` -
|
|
82
|
+
# All scopes granted by authorization server.
|
|
81
83
|
#
|
|
82
84
|
# @example
|
|
83
85
|
# client = Signet::OAuth2::Client.new(
|
|
@@ -109,6 +111,7 @@ module Signet
|
|
|
109
111
|
@state = nil
|
|
110
112
|
@username = nil
|
|
111
113
|
@access_type = nil
|
|
114
|
+
@granted_scopes = nil
|
|
112
115
|
update! options
|
|
113
116
|
end
|
|
114
117
|
|
|
@@ -117,56 +120,58 @@ module Signet
|
|
|
117
120
|
#
|
|
118
121
|
# @param [Hash] options
|
|
119
122
|
# The configuration parameters for the client.
|
|
120
|
-
# -
|
|
123
|
+
# - `:authorization_uri` -
|
|
121
124
|
# The authorization server's HTTP endpoint capable of
|
|
122
125
|
# authenticating the end-user and obtaining authorization.
|
|
123
|
-
# -
|
|
126
|
+
# - `:token_credential_uri` -
|
|
124
127
|
# The authorization server's HTTP endpoint capable of issuing
|
|
125
128
|
# tokens and refreshing expired tokens.
|
|
126
|
-
# -
|
|
129
|
+
# - `:client_id` -
|
|
127
130
|
# A unique identifier issued to the client to identify itself to the
|
|
128
131
|
# authorization server.
|
|
129
|
-
# -
|
|
132
|
+
# - `:client_secret` -
|
|
130
133
|
# A shared symmetric secret issued by the authorization server,
|
|
131
134
|
# which is used to authenticate the client.
|
|
132
|
-
# -
|
|
135
|
+
# - `:scope` -
|
|
133
136
|
# The scope of the access request, expressed either as an Array
|
|
134
137
|
# or as a space-delimited String.
|
|
135
|
-
# -
|
|
138
|
+
# - `:target_audience` -
|
|
136
139
|
# The final target audience for ID tokens fetched by this client,
|
|
137
140
|
# as a String.
|
|
138
|
-
# -
|
|
141
|
+
# - `:state` -
|
|
139
142
|
# An arbitrary string designed to allow the client to maintain state.
|
|
140
|
-
# -
|
|
143
|
+
# - `:code` -
|
|
141
144
|
# The authorization code received from the authorization server.
|
|
142
|
-
# -
|
|
145
|
+
# - `:redirect_uri` -
|
|
143
146
|
# The redirection URI used in the initial request.
|
|
144
|
-
# -
|
|
147
|
+
# - `:username` -
|
|
145
148
|
# The resource owner's username.
|
|
146
|
-
# -
|
|
149
|
+
# - `:password` -
|
|
147
150
|
# The resource owner's password.
|
|
148
|
-
# -
|
|
151
|
+
# - `:issuer` -
|
|
149
152
|
# Issuer ID when using assertion profile
|
|
150
|
-
# -
|
|
153
|
+
# - `:audience` -
|
|
151
154
|
# Target audience for assertions
|
|
152
|
-
# -
|
|
155
|
+
# - `:person` -
|
|
153
156
|
# Target user for assertions
|
|
154
|
-
# -
|
|
157
|
+
# - `:expiry` -
|
|
155
158
|
# Number of seconds assertions are valid for
|
|
156
|
-
# -
|
|
159
|
+
# - `:signing_key` -
|
|
157
160
|
# Signing key when using assertion profile
|
|
158
|
-
# -
|
|
161
|
+
# - `:refresh_token` -
|
|
159
162
|
# The refresh token associated with the access token
|
|
160
163
|
# to be refreshed.
|
|
161
|
-
# -
|
|
164
|
+
# - `:access_token` -
|
|
162
165
|
# The current access token for this client.
|
|
163
|
-
# -
|
|
166
|
+
# - `:access_type` -
|
|
164
167
|
# The current access type parameter for #authorization_uri.
|
|
165
|
-
# -
|
|
168
|
+
# - `:id_token` -
|
|
166
169
|
# The current ID token for this client.
|
|
167
|
-
# -
|
|
170
|
+
# - `:extension_parameters` -
|
|
168
171
|
# When using an extension grant type, this is the set of parameters used
|
|
169
172
|
# by that extension.
|
|
173
|
+
# - `:granted_scopes` -
|
|
174
|
+
# All scopes granted by authorization server.
|
|
170
175
|
#
|
|
171
176
|
# @example
|
|
172
177
|
# client.update!(
|
|
@@ -253,7 +258,7 @@ module Signet
|
|
|
253
258
|
self.access_token = options[:access_token] if options.key? :access_token
|
|
254
259
|
self.refresh_token = options[:refresh_token] if options.key? :refresh_token
|
|
255
260
|
self.id_token = options[:id_token] if options.key? :id_token
|
|
256
|
-
|
|
261
|
+
self.granted_scopes = options[:granted_scopes] if options.key? :granted_scopes
|
|
257
262
|
self
|
|
258
263
|
end
|
|
259
264
|
|
|
@@ -611,7 +616,7 @@ module Signet
|
|
|
611
616
|
# @param [Integer, String] new_expiry
|
|
612
617
|
# Assertion expiry, in seconds
|
|
613
618
|
def expiry= new_expiry
|
|
614
|
-
@expiry = new_expiry
|
|
619
|
+
@expiry = new_expiry&.to_i
|
|
615
620
|
end
|
|
616
621
|
|
|
617
622
|
##
|
|
@@ -823,6 +828,33 @@ module Signet
|
|
|
823
828
|
@expires_at = normalize_timestamp new_expires_at
|
|
824
829
|
end
|
|
825
830
|
|
|
831
|
+
##
|
|
832
|
+
# Returns the scopes granted by the authorization server.
|
|
833
|
+
#
|
|
834
|
+
# @return [Array, nil] The scope of access returned by the authorization server.
|
|
835
|
+
def granted_scopes
|
|
836
|
+
@granted_scopes
|
|
837
|
+
end
|
|
838
|
+
|
|
839
|
+
##
|
|
840
|
+
# Sets the scopes returned by authorization server for this client.
|
|
841
|
+
#
|
|
842
|
+
# @param [String, Array, nil] new_granted_scopes
|
|
843
|
+
# The scope of access returned by authorization server. This will
|
|
844
|
+
# ideally be expressed as space-delimited String.
|
|
845
|
+
def granted_scopes= new_granted_scopes
|
|
846
|
+
case new_granted_scopes
|
|
847
|
+
when Array
|
|
848
|
+
@granted_scopes = new_granted_scopes
|
|
849
|
+
when String
|
|
850
|
+
@granted_scopes = new_granted_scopes.split
|
|
851
|
+
when nil
|
|
852
|
+
@granted_scopes = nil
|
|
853
|
+
else
|
|
854
|
+
raise TypeError, "Expected Array or String, got #{new_granted_scopes.class}"
|
|
855
|
+
end
|
|
856
|
+
end
|
|
857
|
+
|
|
826
858
|
##
|
|
827
859
|
# Returns true if the access token has expired.
|
|
828
860
|
# Returns false if the token has not expired or has an nil @expires_at.
|
|
@@ -857,6 +889,7 @@ module Signet
|
|
|
857
889
|
@code = nil
|
|
858
890
|
@issued_at = nil
|
|
859
891
|
@expires_at = nil
|
|
892
|
+
@granted_scopes = nil
|
|
860
893
|
end
|
|
861
894
|
|
|
862
895
|
##
|
|
@@ -916,27 +949,28 @@ module Signet
|
|
|
916
949
|
# @return [String] A serialized JSON representation of the client.
|
|
917
950
|
def to_json *_args
|
|
918
951
|
MultiJson.dump(
|
|
919
|
-
"authorization_uri" => authorization_uri
|
|
920
|
-
"token_credential_uri" => token_credential_uri
|
|
952
|
+
"authorization_uri" => authorization_uri&.to_s,
|
|
953
|
+
"token_credential_uri" => token_credential_uri&.to_s,
|
|
921
954
|
"client_id" => client_id,
|
|
922
955
|
"client_secret" => client_secret,
|
|
923
956
|
"scope" => scope,
|
|
924
957
|
"target_audience" => target_audience,
|
|
925
958
|
"state" => state,
|
|
926
959
|
"code" => code,
|
|
927
|
-
"redirect_uri" => redirect_uri
|
|
960
|
+
"redirect_uri" => redirect_uri&.to_s,
|
|
928
961
|
"username" => username,
|
|
929
962
|
"password" => password,
|
|
930
963
|
"issuer" => issuer,
|
|
931
964
|
"audience" => audience,
|
|
932
965
|
"person" => person,
|
|
933
966
|
"expiry" => expiry,
|
|
934
|
-
"expires_at" => expires_at
|
|
967
|
+
"expires_at" => expires_at&.to_i,
|
|
935
968
|
"signing_key" => signing_key,
|
|
936
969
|
"refresh_token" => refresh_token,
|
|
937
970
|
"access_token" => access_token,
|
|
938
971
|
"id_token" => id_token,
|
|
939
|
-
"extension_parameters" => extension_parameters
|
|
972
|
+
"extension_parameters" => extension_parameters,
|
|
973
|
+
"granted_scopes" => granted_scopes
|
|
940
974
|
)
|
|
941
975
|
end
|
|
942
976
|
|
|
@@ -1020,19 +1054,22 @@ module Signet
|
|
|
1020
1054
|
content_type = response.header[:content_type]
|
|
1021
1055
|
end
|
|
1022
1056
|
|
|
1023
|
-
return ::Signet::OAuth2.parse_credentials body, content_type if status == 200
|
|
1024
|
-
|
|
1025
1057
|
message = " Server message:\n#{response.body.to_s.strip}" unless body.to_s.strip.empty?
|
|
1058
|
+
|
|
1026
1059
|
if [400, 401, 403].include? status
|
|
1027
1060
|
message = "Authorization failed.#{message}"
|
|
1028
1061
|
raise ::Signet::AuthorizationError.new message, response: response
|
|
1029
1062
|
elsif status.to_s[0] == "5"
|
|
1030
1063
|
message = "Remote server error.#{message}"
|
|
1031
1064
|
raise ::Signet::RemoteServerError, message
|
|
1032
|
-
|
|
1065
|
+
elsif status != 200
|
|
1033
1066
|
message = "Unexpected status code: #{response.status}.#{message}"
|
|
1034
1067
|
raise ::Signet::UnexpectedStatusError, message
|
|
1035
1068
|
end
|
|
1069
|
+
# status == 200
|
|
1070
|
+
parsed_response = ::Signet::OAuth2.parse_credentials body, content_type
|
|
1071
|
+
parsed_response["granted_scopes"] = parsed_response.delete("scope") if parsed_response
|
|
1072
|
+
parsed_response
|
|
1036
1073
|
end
|
|
1037
1074
|
|
|
1038
1075
|
def fetch_access_token! options = {}
|
data/lib/signet/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: signet
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.19.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bob Aman
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2024-02-13 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: addressable
|
|
@@ -85,14 +85,14 @@ dependencies:
|
|
|
85
85
|
requirements:
|
|
86
86
|
- - "~>"
|
|
87
87
|
- !ruby/object:Gem::Version
|
|
88
|
-
version: 1.
|
|
88
|
+
version: 1.27.1
|
|
89
89
|
type: :development
|
|
90
90
|
prerelease: false
|
|
91
91
|
version_requirements: !ruby/object:Gem::Requirement
|
|
92
92
|
requirements:
|
|
93
93
|
- - "~>"
|
|
94
94
|
- !ruby/object:Gem::Version
|
|
95
|
-
version: 1.
|
|
95
|
+
version: 1.27.1
|
|
96
96
|
- !ruby/object:Gem::Dependency
|
|
97
97
|
name: kramdown
|
|
98
98
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -227,14 +227,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
227
227
|
requirements:
|
|
228
228
|
- - ">="
|
|
229
229
|
- !ruby/object:Gem::Version
|
|
230
|
-
version: '2.
|
|
230
|
+
version: '2.7'
|
|
231
231
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
232
232
|
requirements:
|
|
233
233
|
- - ">="
|
|
234
234
|
- !ruby/object:Gem::Version
|
|
235
235
|
version: 1.3.5
|
|
236
236
|
requirements: []
|
|
237
|
-
rubygems_version: 3.3
|
|
237
|
+
rubygems_version: 3.5.3
|
|
238
238
|
signing_key:
|
|
239
239
|
specification_version: 4
|
|
240
240
|
summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.
|