RubyGems - signet - Versions diffs - 0.13.2 → 0.14.0 - Mend

signet 0.13.2 → 0.14.0

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/signet/oauth_2/client.rb +27 -1
data/lib/signet/version.rb +1 -1
data/spec/signet/oauth_2/client_spec.rb +40 -0
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05bb1f34c74307a1e398665dd2b8ccd1530f35464109bd39419f7652e0615753
-  data.tar.gz: 0bf44b1bcfaaa5e6f4c9f990c317fc8ef10fb33cdd381ef45a7219a346202197
+  metadata.gz: bc147432dec3ce0cfc7dcb2f935b0b7063e65d7831415f58b00a133834b60eac
+  data.tar.gz: d3b11b9064d2bb95a4d905a8199a2372ea96a9214ba050cdc7a496108cc90094
 SHA512:
-  metadata.gz: ce122ed9f26d33953e23022b2ed98b8dd05b2ee8666a2a3fa5a65d604aa04e316839aa1ce7d3e84c1530ab9007b128927e03a93849fc6752e04949dcf8e8cb1d
-  data.tar.gz: b2c7bba0437a0306ea77e2cdd07921ab418a0354a57ec5494d0995cc52f364ee773599dfd8348615e5c41cb11938bb0e5a5aa62c22ebfc863543acb6ec128da6
+  metadata.gz: 13dd09c6860ee3607e0930ca51485f16b51137c62684288a834eb0b008dbcea7b5ee665320061561838f1d680920f15254cc8acc9d83ef80c6c8dcad72277950
+  data.tar.gz: 3052287168b60094c7d87e9f51b7ad89bf57f72e78f188a0f0be60a4914a62a36d2dd3e18ff6d89524665695ac3126c85af330884fe83c9ccf022ad61df2be7b

data/CHANGELOG.md CHANGED

@@ -1,3 +1,7 @@
+### 0.14.0 / 2020-03-31
+* Support for fetching ID tokens from google oauth2 endpoint.
 ### 0.13.2 / 2020-03-25
 Rerelease of 0.13.1.

data/lib/signet/oauth_2/client.rb CHANGED

@@ -46,6 +46,9 @@ module Signet
       #   - <code>:scope</code> -
       #     The scope of the access request, expressed either as an Array
       #     or as a space-delimited String.
+      #   - <code>:target_audience</code> -
+      #     The final target audience for ID tokens fetched by this client,
+      #     as a String.
       #   - <code>:state</code> -
       #     An arbitrary string designed to allow the client to maintain state.
       #   - <code>:code</code> -
@@ -101,6 +104,7 @@ module Signet
         @principal            = nil
         @redirect_uri         = nil
         @scope                = nil
+        @target_audience      = nil
         @state                = nil
         @username             = nil
         @access_type          = nil
@@ -130,6 +134,9 @@ module Signet
       #   - <code>:scope</code> -
       #     The scope of the access request, expressed either as an Array
       #     or as a space-delimited String.
+      #   - <code>:target_audience</code> -
+      #     The final target audience for ID tokens fetched by this client,
+      #     as a String.
       #   - <code>:state</code> -
       #     An arbitrary string designed to allow the client to maintain state.
       #   - <code>:code</code> -
@@ -181,6 +188,7 @@ module Signet
         self.client_id = options[:client_id] if options.key? :client_id
         self.client_secret = options[:client_secret] if options.key? :client_secret
         self.scope = options[:scope] if options.key? :scope
+        self.target_audience = options[:target_audience] if options.key? :target_audience
         self.state = options[:state] if options.key? :state
         self.code = options[:code] if options.key? :code
         self.redirect_uri = options[:redirect_uri] if options.key? :redirect_uri
@@ -423,6 +431,22 @@ module Signet
         end
       end
+      ##
+      # Returns the final target audience for ID tokens fetched by this client.
+      #
+      # @return [String] The target audience.
+      def target_audience
+        @target_audience
+      end
+      ##
+      # Sets the final target audience for ID tokens fetched by this client.
+      #
+      # @param [String] new_target_audience The new target audience.
+      def target_audience= new_target_audience
+        @target_audience = new_target_audience
+      end
       ##
       # Returns the client's current state value.
       #
@@ -893,11 +917,13 @@ module Signet
           "iat" => (now - skew).to_i
         }
         assertion["scope"] = scope.join " " unless scope.nil?
+        assertion["target_audience"] = target_audience unless target_audience.nil?
         assertion["prn"] = person unless person.nil?
         assertion["sub"] = sub unless sub.nil?
         JWT.encode assertion, signing_key, signing_algorithm
       end
       # rubocop:disable Style/MethodDefParentheses
+      # rubocop:disable Metrics/AbcSize
       ##
       # Serialize the client object to JSON.
@@ -912,6 +938,7 @@ module Signet
           "client_id"            => client_id,
           "client_secret"        => client_secret,
           "scope"                => scope,
+          "target_audience"      => target_audience,
           "state"                => state,
           "code"                 => code,
           "redirect_uri"         => redirect_uri ? redirect_uri.to_s : nil,
@@ -930,7 +957,6 @@ module Signet
         )
       end
       # rubocop:enable Style/MethodDefParentheses
-      # rubocop:disable Metrics/AbcSize
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/MethodLength
       # rubocop:disable Metrics/PerceivedComplexity

data/lib/signet/version.rb CHANGED

@@ -13,5 +13,5 @@
 #    limitations under the License.
 module Signet
-  VERSION = "0.13.2".freeze
+  VERSION = "0.14.0".freeze
 end

data/spec/signet/oauth_2/client_spec.rb CHANGED

@@ -1212,3 +1212,43 @@ describe Signet::OAuth2::Client, "configured with custom parameters a la JSON.lo
     expect(params).to include("new_param" => "new_val")
   end
 end
+describe Signet::OAuth2::Client, "configured for id tokens" do
+  before do
+    @key = OpenSSL::PKey::RSA.new 2048
+    @client = Signet::OAuth2::Client.new(
+      token_credential_uri: "https://oauth2.googleapis.com/token",
+      target_audience:      "https://api.example.com",
+      issuer:               "app@example.com",
+      audience:             "https://hello.googleapis.com",
+      signing_key:          @key
+    )
+  end
+  it "should set target_audience" do
+    expect(@client.target_audience).to eq "https://api.example.com"
+  end
+  it "should send a valid id token request" do
+    stubs = Faraday::Adapter::Test::Stubs.new do |stub|
+      stub.post "/token" do |env|
+        params = Addressable::URI.form_unencode env[:body]
+        claim, header = JWT.decode params.assoc("assertion").last, @key.public_key, true, algorithm: "RS256"
+        expect(params.assoc("grant_type")).to eq ["grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"]
+        expect(claim["target_audience"]).to eq "https://api.example.com"
+        expect(claim["iss"]).to eq "app@example.com"
+        expect(claim["aud"]).to eq "https://hello.googleapis.com"
+        build_json_response(
+          "id_token"  => "12345id",
+          "refresh_token" => "54321refresh",
+          "expires_in"    => "3600"
+        )
+      end
+    end
+    connection = Faraday.new url: "https://www.google.com" do |builder|
+      builder.adapter :test, stubs
+    end
+    @client.fetch_access_token! connection: connection
+    expect(@client.id_token).to eq "12345id"
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.13.2
+  version: 0.14.0
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-26 00:00:00.000000000 Z
+date: 2020-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable