verify_vsp_client 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ee1f8e908abcdd3e2d6d0a74dce049b8ea3b8fa19671206263d6126a4220f356
+  data.tar.gz: 18ae2f8fa7f0ab41914cc8f3dcdc0d8a2c31b61fd3f29cf44657d5b1b4eeffaf
+SHA512:
+  metadata.gz: d9387be5bd43a1513b69b6f38b6d78c40704eaa8c8077ad3c2aaff5ed7afef3818e6666a2324fac5f18890316959eb31c24f43f0dcd23061b5693aff24811f11
+  data.tar.gz: 6987744fe5f673d47d54deb1a5239fafd1c50d7597835aa7bb1e9975bbadcb02caf3682c6e76062f544e6fb8c07fe049b2046d5788e51de33bc3f73e35778cea

data/.github/setup-rubygems.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+
+mkdir ~/.gem
+echo -e "---\r\n:rubygems_api_key: $RUBYGEMS_API_KEY" > ~/.gem/credentials
+chmod 0600 ~/.gem/credentials

data/.github/workflows/build.yml

@@ -0,0 +1,22 @@
+name: Build
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v1
+      - name: Set up Ruby 2.6
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.6.x
+      - name: Build and test with Rake
+        run: |
+          sudo apt-get update
+          sudo apt-get install sqlite3 libsqlite3-dev
+          gem install bundler
+          bundle install --jobs 4 --retry 3
+          bundle exec rake

data/.github/workflows/publish.yml

@@ -0,0 +1,25 @@
+name: Publish to rubygems
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Set up Ruby 2.6
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.6.x
+      - name: Setup Rubygems
+        env:
+          RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
+        run: |
+          bash .github/setup-rubygems.sh
+      - name: Publish to Rubygems
+        run: |
+          gem build verify_vsp_client.gemspec
+          gem push "verify_vsp_client-$(git describe --tags).gem"

data/.gitignore

@@ -0,0 +1,12 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+Gemfile.lock

data/.rspec

@@ -0,0 +1,4 @@
+--format documentation
+--color
+--require spec_helper
+--order rand

data/.ruby-version

@@ -0,0 +1 @@
+2.6.4

data/CHANGELOG.md

@@ -0,0 +1,16 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog]
+
+## [Unreleased]
+
+## [0.1.0] - 2019-09-20
+
+- Initial release
+
+[unreleased]:
+  https://github.com/dxw/verify_vsp_client/compare/0.1.0...HEAD
+[0.1.0]: https://github.com/dxw/verify_vsp_client/compare/c01154a06c06b74a0eadebca7d316155cb1fd98f...0.1.0
+[keep a changelog]: https://keepachangelog.com/en/1.0.0/

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at robbie.paul@dxw.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in verify_vsp_client.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2019 Robbie Paul
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,121 @@
+[![Build status](https://github.com/dxw/verify_vsp_client/workflows/Build/badge.svg)](https://github.com/dxw/verify_vsp_client/actions)
+[![License](http://img.shields.io/:license-mit-blue.svg)](https://mit-license.org/)
+
+# Verify VSP Client
+
+ Ruby client for sending and receiving requests to a [Verify Service Provider] allowing you to
+ connect to [GOV.UK Verify]
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'verify_vsp_client'
+```
+
+And then execute:
+
+    $ bundle
+
+Create a new `verify_vsp_client.rb` initialiser in `config/initializers`:
+
+```ruby
+VerifyVspClient.configure do |config|
+  config.vsp_host = YOUR_VSP_HOST
+end
+```
+
+## Usage
+
+For a more detailed explanation of how to send and receive requests to the VSP, read the [GOV.UK Verify docs](https://www.docs.verify.service.gov.uk/get-started/set-up-successful-verification-journey/)
+
+### Generate an authentication request
+
+An authentication request with contain a `samlRequest`, `requestId` and `ssoLocation`.
+You will need to store the `requestId` and access it later as part of translating the response:
+
+```ruby
+def new
+  @verify_authentication_request = VerifyVspClient::AuthenticationRequest.generate
+  session[:verify_request_id] = @verify_authentication_request.request_id
+end
+```
+
+### Send the authentication request to the VSP
+
+Create a form that makes a POST to `ssoLocation` containing a `SAMLRequest` hidden field.
+The form should look something like this:
+ 
+```erbruby
+<%= form_tag @verify_authentication_request.sso_location, authenticity_token: false do %>
+  <h1>Continue to next step</h1>
+  <%= hidden_field_tag "relayState" %>
+  <%= hidden_field_tag "SAMLRequest", @verify_authentication_request.saml_request %>
+  <p>If your browser does not redirect in a few seconds, please press the "Continue" button.</p>
+  <%= submit_tag "Continue" %>
+<% end %>
+
+<!-- JavaScript to automatically submit the form and POST to `ssoLocation` -->
+<script>
+  var form = document.forms[0];
+  form.setAttribute('style', 'display: none;');
+  window.setTimeout(function () { form.removeAttribute('style') }, 5000);
+  form.submit()
+</script>
+```
+
+### Request to translate the SAML response
+
+Your application will receive a POST containing a SAMLResponse. Because the POST is being sent 
+from an external source we'll need to skip verifying CSRF token for this action:
+
+```ruby
+skip_before_action :verify_authenticity_token, only: [:create]
+  
+def create
+  @response = VerifyVspClient::Response.translate(
+    saml_response: params["SAMLResponse"],
+    request_id: session[:verify_request_id],
+    level_of_assurance: "LEVEL_2"
+  )
+  if @response.verified?
+    # The user has successfully verified their identity, you can access
+    # the information about the user's identity using: 
+    @response.parameters
+  else
+    # It's important for your app to also handle the failure scenarios:
+    # @response.scenario == VerifyVspClient::AUTHENTICATION_FAILED_SCENARIO
+    # @response.scenario == VerifyVspClient::NO_AUTHENTICATION_SCENARIO
+  end
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run 
+the tests. You can also run `bin/console` for an interactive prompt that will allow you to 
+experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new 
+version, update the version number in `version.rb`, and then run `bundle exec rake release`, which 
+will create a git tag for the version, push git commits and tags, and push the `.gem` file 
+to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/dxw/verify_vsp_client. 
+This project is intended to be a safe, welcoming space for collaboration, and contributors are 
+expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the VerifyVspClient project’s codebases, issue trackers, chat rooms and 
+mailing lists is expected to follow the [code of conduct](https://github.com/dxw/verify_vsp_client/blob/master/CODE_OF_CONDUCT.md).
+
+[Verify Service Provider]: https://github.com/alphagov/verify-service-provider
+[GOV.UK Verify]: https://www.verify.service.gov.uk/

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require "standard/rake"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: [:spec, :standard]

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "verify_vsp_client"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/verify_vsp_client.rb

@@ -0,0 +1,28 @@
+require "active_support"
+require "active_support/core_ext"
+
+require_relative "verify_vsp_client/version"
+require_relative "verify_vsp_client/service_provider"
+require_relative "verify_vsp_client/authentication_request"
+require_relative "verify_vsp_client/redacted_response"
+require_relative "verify_vsp_client/response"
+require_relative "verify_vsp_client/response_error"
+
+module VerifyVspClient
+  IDENTITY_VERIFIED_SCENARIO = "IDENTITY_VERIFIED".freeze
+  AUTHENTICATION_FAILED_SCENARIO = "AUTHENTICATION_FAILED".freeze
+  NO_AUTHENTICATION_SCENARIO = "NO_AUTHENTICATION".freeze
+
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+
+  class Configuration
+    attr_accessor :vsp_host
+  end
+end

data/lib/verify_vsp_client/authentication_request.rb

@@ -0,0 +1,25 @@
+module VerifyVspClient
+  # SAML Authentication Request used to start the verification user journey.
+  #
+  # Use by calling AuthenticationRequest.generate to generate a new
+  # authentication request via the Verify Service Provider
+  class AuthenticationRequest
+    attr_reader :saml_request, :request_id, :sso_location
+
+    def initialize(saml_request:, request_id:, sso_location:)
+      @saml_request = saml_request
+      @request_id = request_id
+      @sso_location = sso_location
+    end
+
+    def self.generate
+      request = VerifyVspClient::ServiceProvider.new.generate_request
+
+      new(
+        saml_request: request["samlRequest"],
+        request_id: request["requestId"],
+        sso_location: request["ssoLocation"]
+      )
+    end
+  end
+end

data/lib/verify_vsp_client/fake_sso.rb

@@ -0,0 +1,32 @@
+module VerifyVspClient
+  # A Rack application that can be used in the test suite to simulate the GOV.UK
+  # Verify SSO process.
+  #
+  # The Rack app responds with a form that when submitted will POST back to
+  # `callback_path` with a `SAMLResponse` parameter set to
+  # `FakeSso::IDENTITY_VERIFIED_SAML_RESPONSE`.
+  class FakeSso
+    IDENTITY_VERIFIED_SAML_RESPONSE = "IDENTITY_VERIFIED_SAML"
+
+    def initialize(callback_path)
+      @callback_path = callback_path
+    end
+
+    def call(env)
+      [200, {"Content-Type" => "text/html"}, [identity_verified_form]]
+    end
+
+    private
+
+    def identity_verified_form
+      <<~HEREDOC
+        <html><body>
+          <form action="#{@callback_path}" method="POST" id="verify_auth_request">
+            <input type="hidden" name="SAMLResponse" value="#{IDENTITY_VERIFIED_SAML_RESPONSE}">
+            <input type="submit" value="Perform identity check">
+          </form>
+        </body></html>
+      HEREDOC
+    end
+  end
+end

data/lib/verify_vsp_client/redacted_response.rb

@@ -0,0 +1,42 @@
+module VerifyVspClient
+  # Used to report a response from Verify without revealing any Personally
+  # Identifiable Information by replacing any string "values" with the "X"
+  # character. For example:
+  #
+  #   VerifyVspClient::RedactedResponse.new({"value" => "Secret"}).parameters
+  #   => {"value" => "XXXXXX"}
+  #
+  class RedactedResponse
+    KEYS_TO_REDACT = %w[value postCode from].freeze
+
+    attr_reader :parameters
+
+    def initialize(parameters)
+      @parameters = redact_values(parameters.deep_dup)
+    end
+
+    private
+
+    def redact_values(input)
+      if input.is_a?(String)
+        redact_string(input)
+      else
+        input.tap do |hash_to_redact|
+          hash_to_redact.each do |key, value|
+            if value.is_a?(Hash)
+              hash_to_redact[key] = redact_values(value)
+            elsif value.is_a?(Array)
+              hash_to_redact[key].each_with_index { |nested_value, nested_key| hash_to_redact[key][nested_key] = redact_values(nested_value) }
+            elsif value.is_a?(String) && KEYS_TO_REDACT.include?(key)
+              hash_to_redact[key] = redact_string(value)
+            end
+          end
+        end
+      end
+    end
+
+    def redact_string(string)
+      "X" * string.length
+    end
+  end
+end

data/lib/verify_vsp_client/response.rb

@@ -0,0 +1,30 @@
+module VerifyVspClient
+  # Represents a Response from a Verify authentication attempt.
+  #
+  # Use by calling VerifyVspClient::Response.translate to translate a SAML response using
+  # the Verify Service Provider, for example:
+  #
+  #   VerifyVspClient::Response.translate(saml_response: "SOME SAML", request_id: "REQUEST_ID", level_of_assurance: "LEVEL_2")
+  #
+  class Response
+    class MissingResponseAttribute < StandardError; end
+    attr_reader :parameters
+
+    def initialize(parameters)
+      @parameters = parameters
+    end
+
+    def self.translate(saml_response:, request_id:, level_of_assurance:)
+      parameters = VerifyVspClient::ServiceProvider.new.translate_response(saml_response, request_id, level_of_assurance)
+      new(parameters)
+    end
+
+    def verified?
+      scenario == VerifyVspClient::IDENTITY_VERIFIED_SCENARIO
+    end
+
+    def scenario
+      @scenario ||= parameters["scenario"]
+    end
+  end
+end

data/lib/verify_vsp_client/response_error.rb

@@ -0,0 +1,10 @@
+module VerifyVspClient
+  class ResponseError < StandardError
+    attr_reader :code
+
+    def initialize(message, code)
+      @code = code
+      super(message)
+    end
+  end
+end

data/lib/verify_vsp_client/service_provider.rb

@@ -0,0 +1,84 @@
+require "net/http"
+
+module VerifyVspClient
+  # Interface for interacting with an instance of a Verify Service Provider.
+  #
+  # Make sure the VSP host is configured, for example:
+  #
+  #   VerifyVspClient.configuration.vsp_host= "https://vsp.host:50300"
+  class ServiceProvider
+    def self.generate_request_url
+      "#{VerifyVspClient.configuration.vsp_host}/generate-request"
+    end
+
+    def self.translate_response_url
+      "#{VerifyVspClient.configuration.vsp_host}/translate-response"
+    end
+
+    # Makes a request to the Verify Service Provider to generate an
+    # authentication request, as described here:
+    #
+    #   https://www.docs.verify.service.gov.uk/get-started/set-up-successful-verification-journey/#generate-an-authentication-request
+    #
+    # The authentication request is used to start the identity assurance process
+    # with Verify.
+    #
+    # Returns the authentication request as a Hash, for example:
+    #
+    #   {
+    #     "samlRequest" => "PD94bWwgdmVyc2lvbj0iMS4wIiBlb...",
+    #     "requestId" => "_f43aa274-9395-45dd-aaef-25f56fe",
+    #     "ssoLocation" => "https://compliance-tool-reference.ida.digital.cabinet-office.gov.uk/SAML2/SSO"
+    #   }
+    #
+    # Raises VerifyVspClient::ResponseError if the VSP responds with an error response.
+    def generate_request
+      uri = URI(self.class.generate_request_url)
+      request = Net::HTTP::Post.new(uri, {})
+      request.content_type = "application/json"
+      response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri_uses_ssl?(uri)) { |http| http.request(request) }
+
+      handle_response response.body
+    end
+
+    # Makes a request to the Verify Service Provider to translate a SAML
+    # response returned by Verify, as described here:
+    #
+    #   https://www.docs.verify.service.gov.uk/get-started/set-up-successful-verification-journey/#request-to-translate-the-saml-response
+    #
+    # The SAML response is the payload representing the result of the Verify
+    # identity assurance attempt by the user.
+    #
+    # Returns the translated response as a Hash, for example:
+    #
+    #   {
+    #       "scenario" => "IDENTITY_VERIFIED",
+    #       "pid" => "etikgj3ewowe",
+    #       "levelOfAssurance" => "LEVEL_2",
+    #       "attributes" => {...}
+    #   }
+    #
+    # Raises VerifyVspClient::ResponseError if the VSP responds with an error response.
+    def translate_response(saml_response, request_id, level_of_assurance)
+      uri = URI(self.class.translate_response_url)
+      request = Net::HTTP::Post.new(uri)
+      request.body = {"samlResponse" => saml_response, "requestId" => request_id, "levelOfAssurance" => level_of_assurance}.to_json
+      request.content_type = "application/json"
+      response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri_uses_ssl?(uri)) { |http| http.request(request) }
+
+      handle_response response.body
+    end
+
+    private
+
+    def handle_response(json_response)
+      JSON.parse(json_response).tap do |parameters|
+        raise ResponseError.new(parameters["message"], parameters["code"]) if parameters.key?("code")
+      end
+    end
+
+    def uri_uses_ssl?(uri)
+      uri.default_port == 443
+    end
+  end
+end

data/lib/verify_vsp_client/version.rb

@@ -0,0 +1,3 @@
+module VerifyVspClient
+  VERSION = "0.1.0"
+end

data/verify_vsp_client.gemspec

@@ -0,0 +1,47 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "verify_vsp_client/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "verify_vsp_client"
+  spec.version = VerifyVspClient::VERSION
+  spec.authors = ["Robbie Paul"]
+  spec.email = ["robbie.paul@dxw.com"]
+
+  spec.summary = "Write a short summary, because RubyGems requires one."
+  spec.description = "Write a longer description or delete this line."
+  spec.homepage = "https://github.com/dxw"
+  spec.license = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  #
+  #   spec.metadata["homepage_uri"] = spec.homepage
+  #   spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  #   spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against " \
+  #     "public gem pushes."
+  # end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path("..", __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport", ">= 5.0", "< 6.1"
+  spec.add_dependency "json", "~> 2.2"
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rack-test", "~> 1.1"
+  spec.add_development_dependency "webmock", "~> 3.7"
+  spec.add_development_dependency "standard", "~> 0.1"
+end

metadata

@@ -0,0 +1,184 @@
+--- !ruby/object:Gem::Specification
+name: verify_vsp_client
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Robbie Paul
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-09-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6.1'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: Write a longer description or delete this line.
+email:
+- robbie.paul@dxw.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/setup-rubygems.sh"
+- ".github/workflows/build.yml"
+- ".github/workflows/publish.yml"
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/verify_vsp_client.rb
+- lib/verify_vsp_client/authentication_request.rb
+- lib/verify_vsp_client/fake_sso.rb
+- lib/verify_vsp_client/redacted_response.rb
+- lib/verify_vsp_client/response.rb
+- lib/verify_vsp_client/response_error.rb
+- lib/verify_vsp_client/service_provider.rb
+- lib/verify_vsp_client/version.rb
+- verify_vsp_client.gemspec
+homepage: https://github.com/dxw
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Write a short summary, because RubyGems requires one.
+test_files: []