smart_app_launch_test_kit 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/smart_app_launch/app_redirect_test.rb +2 -1
- data/lib/smart_app_launch/token_payload_validation.rb +6 -0
- data/lib/smart_app_launch/token_refresh_body_test.rb +3 -2
- data/lib/smart_app_launch/token_refresh_group.rb +1 -1
- data/lib/smart_app_launch/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4b5b5d83f2f6bd20c159c0c258b0a67123880f3f526c21487795c0b7e60dde44
|
|
4
|
+
data.tar.gz: bcd5875e3e0a8a34a5d573d1cfda6b6babfc55c1b4364834a761c21c264ad83b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 76d53cd6f4b40e128dc3510f0e4e01de66e8e61c475c7db1516bf726e8f2890c4ebc08e5838e2d3714b7791a3e5a65fc4165eeae6136bada32e23a08ada64caf
|
|
7
|
+
data.tar.gz: 6d6a3851b0d01ceb6d1576be40eb74be5a8b86089d705c26ab877251a843d68d9d4afc10c13de43d5eb122e9e971c2e5d76f8afb17b30f3def60370769ecd660
|
|
@@ -87,7 +87,8 @@ module SMARTAppLaunch
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
if use_pkce == 'true'
|
|
90
|
-
|
|
90
|
+
# code verifier must be between 43 and 128 characters
|
|
91
|
+
code_verifier = SecureRandom.uuid + '-' + SecureRandom.uuid
|
|
91
92
|
code_challenge =
|
|
92
93
|
if pkce_code_challenge_method == 'S256'
|
|
93
94
|
self.class.calculate_s256_challenge(code_verifier)
|
|
@@ -28,6 +28,12 @@ module SMARTAppLaunch
|
|
|
28
28
|
end
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
+
def validate_scope_subset(received_scopes, original_scopes)
|
|
32
|
+
extra_scopes = received_scopes.split - original_scopes.split
|
|
33
|
+
assert extra_scopes.empty?, "Token response contained scopes which are not a subset of the scope granted to the "\
|
|
34
|
+
"original access token: #{extra_scopes.join(', ')}"
|
|
35
|
+
end
|
|
36
|
+
|
|
31
37
|
def validate_token_field_types(body)
|
|
32
38
|
STRING_FIELDS
|
|
33
39
|
.select { |field| body[field].present? }
|
|
@@ -11,6 +11,8 @@ module SMARTAppLaunch
|
|
|
11
11
|
an access token or a message indicating that the authorization request
|
|
12
12
|
has been denied. `access_token`, `expires_in`, `token_type`, and `scope` are
|
|
13
13
|
required. `access_token` must be `Bearer`.
|
|
14
|
+
|
|
15
|
+
Scopes returned must be a strict subset of the scopes granted in the original launch.
|
|
14
16
|
)
|
|
15
17
|
input :received_scopes
|
|
16
18
|
output :refresh_token, :access_token, :token_retrieval_time, :expires_in, :received_scopes
|
|
@@ -36,8 +38,7 @@ module SMARTAppLaunch
|
|
|
36
38
|
validate_token_field_types(body)
|
|
37
39
|
validate_token_type(body)
|
|
38
40
|
|
|
39
|
-
|
|
40
|
-
'Received scopes not equal to originally granted scopes'
|
|
41
|
+
validate_scope_subset(received_scopes, old_received_scopes)
|
|
41
42
|
end
|
|
42
43
|
end
|
|
43
44
|
end
|
|
@@ -10,7 +10,7 @@ module SMARTAppLaunch
|
|
|
10
10
|
description %(
|
|
11
11
|
# Background
|
|
12
12
|
|
|
13
|
-
The #{title} Sequence tests the ability of the system to
|
|
13
|
+
The #{title} Sequence tests the ability of the system to successfully
|
|
14
14
|
exchange a refresh token for an access token. Refresh tokens are typically
|
|
15
15
|
longer lived than access tokens and allow client applications to obtain a
|
|
16
16
|
new access token Refresh tokens themselves cannot provide access to
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_app_launch_test_kit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Stephen MacVicar
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-04-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: inferno_core
|