warden_openid_bearer 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -1
- data/README.md +49 -6
- data/lib/warden_openid_bearer/version.rb +1 -1
- data/warden_openid_bearer.gemspec +2 -0
- metadata +29 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1762ecf69f78605db0e0637a503c41a5b76a05235e0ad227386d919dc0ec1d56
|
|
4
|
+
data.tar.gz: b91459c148bc168db2c523d26558342232df3d59c1ef1b0259285001a87870ff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 636a5c94bd0070680997434e9cfd424b9fa7ac98126b0013b5c5c6fd28d2991ab32c2f8978d776b24e4e2e45d71c1fb61b2e6c5184fcd70f2db1d0c014f1e0fa
|
|
7
|
+
data.tar.gz: 722fb3766472b6045374c9eeeac3d094a5d4ddf2796976b2dcf9a6e581296a2ab5b2cf28e1ea7de724360abc546d30b49dc86815c0f742608e07b2e6e915a021
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -1,8 +1,55 @@
|
|
|
1
1
|
# WardenOpenidBearer
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[Warden](https://github.com/wardencommunity/warden) strategy for authentication with OpenID-Connect JWT bearer tokens.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
This gem is like
|
|
6
|
+
[the `warden_openid_auth gem`](https://rubygems.org/gems/warden_openid_auth),
|
|
7
|
+
except that it only provides support for the very last step of
|
|
8
|
+
the OAuth code flow, i.e. when the resource server / relying party
|
|
9
|
+
(your Ruby Web app) validates and decodes the JWT token.
|
|
10
|
+
|
|
11
|
+
Use this gem if your client-side Web (or mobile) app will be taking
|
|
12
|
+
care of the rest of the OAuth2 motions, such as redirecting (or
|
|
13
|
+
opening a popup window) to the authentication server at login time,
|
|
14
|
+
managing and refreshing tokens, doing all these unspeakable things
|
|
15
|
+
with iframes, etc.
|
|
16
|
+
|
|
17
|
+
## Usage
|
|
18
|
+
|
|
19
|
+
### In a Rails application
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
1. Add the [`rails_warden` gem](https://rubygems.org/gems/rails_warden) into your application
|
|
23
|
+
1. Add the following to e.g. `config/initializers/authentication.rb`:
|
|
24
|
+
```ruby
|
|
25
|
+
Rails.application.config.middleware.use RailsWarden::Manager do |manager|
|
|
26
|
+
manager.default_strategies WardenOpenidBearer::Strategy.register!
|
|
27
|
+
WardenOpenidBearer.configure do |oidc|
|
|
28
|
+
oidc.openid_metadata_url = "https://example.com/.well-known/openid-configuration"
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
manager.failure_app = Proc.new { |_env|
|
|
32
|
+
['401', {'Content-Type' => 'application/json'}, [{ error: 'Unauthorized' }.to_json]]
|
|
33
|
+
}
|
|
34
|
+
end
|
|
35
|
+
```
|
|
36
|
+
1. Access control must be explicitly added to your controllers, e.g.
|
|
37
|
+
```ruby
|
|
38
|
+
class MyController < ApplicationController
|
|
39
|
+
before_action do
|
|
40
|
+
authenticate!
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Subclassing
|
|
46
|
+
|
|
47
|
+
Subclassing `WardenOpenidBearer::Strategy` is the recommended way to
|
|
48
|
+
- support more than one authentication server (overriding `metadata_url` and/or `cache_timeout`),
|
|
49
|
+
- provide user hydration into the class of your choice (overriding `user_of_claims`).
|
|
50
|
+
|
|
51
|
+
More details available in the rubydoc comments of
|
|
52
|
+
[`lib/warden_openid_bearer/strategy.rb`](lib/warden_openid_bearer/strategy.rb).
|
|
6
53
|
|
|
7
54
|
## Installation
|
|
8
55
|
|
|
@@ -14,10 +61,6 @@ If bundler is not being used to manage dependencies, install the gem by executin
|
|
|
14
61
|
|
|
15
62
|
$ gem install warden_openid_bearer
|
|
16
63
|
|
|
17
|
-
## Usage
|
|
18
|
-
|
|
19
|
-
TODO: Write usage instructions here
|
|
20
|
-
|
|
21
64
|
## Development
|
|
22
65
|
|
|
23
66
|
After checking out the Git repository, run `bin/setup` to install dependencies. Then, run `bundle exec rake` to run the test suite and linter checks. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warden_openid_bearer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dominique Quatravaux
|
|
@@ -38,6 +38,34 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: 0.15.0
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: net-http
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 0.2.2
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 0.2.2
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: jwt
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: '2.5'
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: '2.5'
|
|
41
69
|
description: |2+
|
|
42
70
|
|
|
43
71
|
This gem is like the `warden_openid_auth` gem, except that it only
|