warden_openid_bearer 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +49 -6
- data/lib/warden_openid_bearer/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9783cc4309a4ebdd46af9ba25ac4f503778b90cca7cf2e9024bbca1f7e1a8f05
|
|
4
|
+
data.tar.gz: 407df835c53bcb051ff8f088da057185675b568079e0ba9cebcb750644a990b4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1f263483de3ea8ba723041a1ac2262a6b5a9bf6c14ca458e6db0c3f5e16edeb38f48f0a316e841c72e959d26ce05b676079f18a604549b83ce4eccdfead73237
|
|
7
|
+
data.tar.gz: b7ac91b59d75793872e6ce809a3f7fb0f27a0e4a8305080815ae52ed0c437d017a26acc9877939319dc0310206da777e41ffeed0669c5be67a35afe1e69ec37d
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,8 +1,55 @@
|
|
|
1
1
|
# WardenOpenidBearer
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[Warden](https://github.com/wardencommunity/warden) strategy for authentication with OpenID-Connect JWT bearer tokens.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
This gem is like
|
|
6
|
+
[the `warden_openid_auth gem`](https://rubygems.org/gems/warden_openid_auth),
|
|
7
|
+
except that it only provides support for the very last step of
|
|
8
|
+
the OAuth code flow, i.e. when the resource server / relying party
|
|
9
|
+
(your Ruby Web app) validates and decodes the JWT token.
|
|
10
|
+
|
|
11
|
+
Use this gem if your client-side Web (or mobile) app will be taking
|
|
12
|
+
care of the rest of the OAuth2 motions, such as redirecting (or
|
|
13
|
+
opening a popup window) to the authentication server at login time,
|
|
14
|
+
managing and refreshing tokens, doing all these unspeakable things
|
|
15
|
+
with iframes, etc.
|
|
16
|
+
|
|
17
|
+
## Usage
|
|
18
|
+
|
|
19
|
+
### In a Rails application
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
1. Add the [`rails_warden` gem](https://rubygems.org/gems/rails_warden) into your application
|
|
23
|
+
1. Add the following to e.g. `config/initializers/authentication.rb`:
|
|
24
|
+
```ruby
|
|
25
|
+
Rails.application.config.middleware.use RailsWarden::Manager do |manager|
|
|
26
|
+
manager.default_strategies WardenOpenidBearer::Strategy.register!
|
|
27
|
+
WardenOpenidBearer.configure do |oidc|
|
|
28
|
+
oidc.openid_metadata_url = "https://example.com/.well-known/openid-configuration"
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
manager.failure_app = Proc.new { |_env|
|
|
32
|
+
['401', {'Content-Type' => 'application/json'}, [{ error: 'Unauthorized' }.to_json]]
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
```
|
|
36
|
+
1. Access control must be explicitly added to your controllers, e.g.
|
|
37
|
+
```ruby
|
|
38
|
+
class MyController < ApplicationController
|
|
39
|
+
before_action do
|
|
40
|
+
authenticate!
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Subclassing
|
|
46
|
+
|
|
47
|
+
Subclassing `WardenOpenidBearer::Strategy` is the recommended way to
|
|
48
|
+
- support more than one authentication server (overriding `metadata_url` and/or `cache_timeout`),
|
|
49
|
+
- provide user hydration into the class of your choice (overriding `user_of_claims`).
|
|
50
|
+
|
|
51
|
+
More details available in the rubydoc comments of
|
|
52
|
+
[`lib/warden_openid_bearer/strategy.rb`](lib/warden_openid_bearer/strategy.rb).
|
|
6
53
|
|
|
7
54
|
## Installation
|
|
8
55
|
|
|
@@ -14,10 +61,6 @@ If bundler is not being used to manage dependencies, install the gem by executin
|
|
|
14
61
|
|
|
15
62
|
$ gem install warden_openid_bearer
|
|
16
63
|
|
|
17
|
-
## Usage
|
|
18
|
-
|
|
19
|
-
TODO: Write usage instructions here
|
|
20
|
-
|
|
21
64
|
## Development
|
|
22
65
|
|
|
23
66
|
After checking out the Git repository, run `bin/setup` to install dependencies. Then, run `bundle exec rake` to run the test suite and linter checks. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|