Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into h2w/nhs_strategy-…
Browse files Browse the repository at this point in the history 
…0.4.0

* upstream/master: (32 commits)
  Fix date in CHANGELOG.md
  Fixes rubocop issues
  Setup Coveralls.io as Github Action
  Fix rubocop errors
  Replace deprecated rubocop_linter_action
  Update README.md
  Fix date on CHANGELOG.md
  Update VERSION to v0.4.0
  Update CHANGELOG.md for v0.4.0
  Support dynamic parameters to the authorize URI (omniauth#90)
  Upgrade Faker and replace Travis with Github Actions (omniauth#102)
  Try to fix rubocop documentation_url not round error.
  Make `omniauth_openid_connect` gem compatible with `omniauth v2.0` (omniauth#95)
  Fall back to the discovered jwks when no key specified (omniauth#97)
  Allow to update omniauth to 2 (omniauth#88)
  Update README.md
  Bump version to 0.3.5
  bugfix: info from decoded id_token is not exposed (omniauth#61)
  bugfix: NoMethodError (undefined method `count' for #<OpenIDConnect::ResponseObject::IdToken:0x0000000008d9dde0>): (omniauth#60)
  Bump version to 0.3.4
  ...
  • Loading branch information
@papayaah
papayaah committed Oct 7, 2022
2 parents 6424f3c + ec03912 commit fefb5d0
Show file tree
Hide file tree
Showing 15 changed files with 327 additions and 94 deletions.
17 changes: 17 additions & 0 deletions .github/stale.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
# Number of days of inactivity before an issue becomes stale
daysUntilStale: 60
# Number of days of inactivity before a stale issue is closed
daysUntilClose: 7
# Issues with these labels will never be considered stale
exemptLabels:
- pinned
- security
# Label to use when marking an issue as stale
staleLabel: wontfix
# Comment to post when marking an issue as stale. Set to `false` to disable
markComment: >
This issue has been automatically marked as stale because it has not had
recent activity. It will be closed if no further activity occurs. Thank you
for your contributions.
# Comment to post when closing a stale issue. Set to `false` to disable
closeComment: false
63 changes: 63 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Main
on:
push:
branches:
- main
- master

pull_request:
types: [opened, synchronize, reopened]

jobs:
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
ruby: ["2.5", "2.6", "2.7", "3.0"]
name: Ruby ${{ matrix.ruby }}

steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ matrix.ruby }}
bundler-cache: true

- name: Run tests
run: bundle exec rake

- name: Coveralls Parallel
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
flag-name: ruby-${{ matrix.ruby }}
parallel: true

finish:
needs: test
runs-on: ubuntu-latest
steps:
- name: Coveralls Finished
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.github_token }}
parallel-finished: true

rubocop:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2

- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
ruby-version: "2.7"

- name: rubocop
run: bundle exec rubocop --parallel
13 changes: 8 additions & 5 deletions .rubocop.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
Gemspec/RequiredRubyVersion:
Enabled: false

LineLength:
Description: 'Limit lines to 130 characters.'
Max: 130
Expand Down Expand Up @@ -36,7 +39,10 @@ Documentation:
Enabled: false

Metrics/AbcSize:
Max: 50
Max: 60

Metrics/ClassLength:
Max: 300

Metrics/CyclomaticComplexity:
Max: 50
Expand All @@ -52,7 +58,4 @@ Metrics/MethodLength:

AllCops:
Exclude:
- bin/**/*
- Rakefile
- config/**/*
- test/**/*
- vendor/bundle/**/*
5 changes: 0 additions & 5 deletions .travis.yml
View file

This file was deleted.

22 changes: 22 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,25 @@
# v0.4.0 (06.02.2022)

- Support dynamic parameters to the authorize URI [#90](https://github.com/omniauth/omniauth_openid_connect/pull/90)
- Upgrade Faker and replace Travis with Github Actions [#102](https://github.com/omniauth/omniauth_openid_connect/pull/102)
- Make `omniauth_openid_connect` gem compatible with `omniauth v2.0` [#95](https://github.com/omniauth/omniauth_openid_connect/pull/95)
- Fall back to the discovered jwks when no key specified [#97](https://github.com/omniauth/omniauth_openid_connect/pull/97)
- Allow updating to omniauth v2 [#88](https://github.com/omniauth/omniauth_openid_connect/pull/88)

# v0.3.5 (07.06.2020)

- bugfix: Info from decoded id_token is not exposed into `request.env['omniauth.auth']` [#61](https://github.com/m0n9oose/omniauth_openid_connect/pull/61)
- bugfix: NoMethodError (`undefined method 'count' for #<OpenIDConnect::ResponseObject::IdToken>`) [#60](https://github.com/m0n9oose/omniauth_openid_connect/pull/60)

# v0.3.4 (21.05.2020)

- Try to verify id_token when response_type is code [#44](https://github.com/m0n9oose/omniauth_openid_connect/pull/44)
- Provide more information on error [#49](https://github.com/m0n9oose/omniauth_openid_connect/pull/49)
- Update configuration documentation [#53](https://github.com/m0n9oose/omniauth_openid_connect/pull/53)
- Add documentation about the send_scope_to_token_endpoint config property [#52](https://github.com/m0n9oose/omniauth_openid_connect/pull/52)
- refactor: take uid_field from raw_attributes [#54](https://github.com/m0n9oose/omniauth_openid_connect/pull/54)
- chore(ci): add 2.7, ruby-head and jruby-head [#55](https://github.com/m0n9oose/omniauth_openid_connect/pull/55)

# v0.3.3 (09.11.2019)

- Pass `acr_values` to authorize url [#43](https://github.com/m0n9oose/omniauth_openid_connect/pull/43)
Expand Down
2 changes: 1 addition & 1 deletion Guardfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

guard 'minitest' do
# with Minitest::Unit
watch(%r{^test/(.*)\/(.*)_test\.rb})
watch(%r{^test/(.*)/(.*)_test\.rb})
watch(%r{^lib/(.*)\.rb}) { |m| "test/lib/#{m[1]}_test.rb" }
watch(%r{^test/test_helper\.rb}) { 'test' }
end
Expand Down
52 changes: 50 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,8 @@ Originally was [omniauth-openid-connect](https://github.com/jjbohn/omniauth-open

I've forked this repository and launch as separate gem because maintaining of original was dropped.

[![Build Status](https://travis-ci.org/m0n9oose/omniauth_openid_connect.png?branch=master)](https://travis-ci.org/m0n9oose/omniauth_openid_connect)
[![Build Status](https://github.com/omniauth/omniauth_openid_connect/actions/workflows/main.yml/badge.svg)](https://github.com/omniauth/omniauth_openid_connect/actions/workflows/main.yml)
[![Coverage Status](https://coveralls.io/repos/github/omniauth/omniauth_openid_connect/badge.svg)](https://coveralls.io/github/omniauth/omniauth_openid_connect)

## Installation

Expand All @@ -20,6 +21,10 @@ Or install it yourself as:

$ gem install omniauth_openid_connect

## Supported Ruby Versions

OmniAuth::OpenIDConnect is tested under 2.4, 2.5, 2.6, 2.7

## Usage

Example configuration
Expand All @@ -40,7 +45,46 @@ config.omniauth :openid_connect, {
}
```

Configuration details:
### Options Overview

| Field | Description | Required | Default | Example/Options |
|------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|----------------------------|-----------------------------------------------------|
| name | Arbitrary string to identify connection and identify it from other openid_connect providers | no | String: openid_connect | :my_idp |
| issuer | Root url for the authorization server | yes | | https://myprovider.com |
| discovery | Should OpenID discovery be used. This is recommended if the IDP provides a discovery endpoint. See client config for how to manually enter discovered values. | no | false | one of: true, false |
| client_auth_method | Which authentication method to use to authenticate your app with the authorization server | no | Sym: basic | "basic", "jwks" |
| scope | Which OpenID scopes to include (:openid is always required) | no | Array<sym> [:openid] | [:openid, :profile, :email] |
| response_type | Which OAuth2 response type to use with the authorization request | no | String: code | one of: 'code', 'id_token' |
| state | A value to be used for the OAuth2 state parameter on the authorization request. Can be a proc that generates a string. | no | Random 16 character string | Proc.new { SecureRandom.hex(32) } |
| response_mode | The response mode per [spec](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html) | no | nil | one of: :query, :fragment, :form_post, :web_message |
| display | An optional parameter to the authorization request to determine how the authorization and consent page | no | nil | one of: :page, :popup, :touch, :wap |
| prompt | An optional parameter to the authrization request to determine what pages the user will be shown | no | nil | one of: :none, :login, :consent, :select_account |
| send_scope_to_token_endpoint | Should the scope parameter be sent to the authorization token endpoint? | no | true | one of: true, false |
| post_logout_redirect_uri | The logout redirect uri to use per the [session management draft](https://openid.net/specs/openid-connect-session-1_0.html) | no | empty | https://myapp.com/logout/callback |
| uid_field | The field of the user info response to be used as a unique id | no | 'sub' | "sub", "preferred_username" |
| extra_authorize_params | A hash of extra fixed parameters that will be merged to the authorization request | no | Hash | {"tenant" => "common"} |
| allow_authorize_params | A list of allowed dynamic parameters that will be merged to the authorization request | no | Array | [:screen_name] |
| client_options | A hash of client options detailed in its own section | yes | | |

### Client Config Options

These are the configuration options for the client_options hash of the configuration.

| Field | Description | Default | Replaced by discovery? |
|------------------------|-----------------------------------------------------------------|------------|------------------------|
| identifier | The OAuth2 client_id | | |
| secret | The OAuth2 client secret | | |
| redirect_uri | The OAuth2 authorization callback url in your app | | |
| scheme | The http scheme to use | https | |
| host | The host of the authorization server | nil | |
| port | The port for the authorization server | 443 | |
| authorization_endpoint | The authorize endpoint on the authorization server | /authorize | yes |
| token_endpoint | The token endpoint on the authorization server | /token | yes |
| userinfo_endpoint | The user info endpoint on the authorization server | /userinfo | yes |
| jwks_uri | The jwks_uri on the authorization server | /jwk | yes |
| end_session_endpoint | The url to call to log the user out at the authorization server | nil | yes |

### Additional Configuration Notes
* `name` is arbitrary, I recommend using the name of your provider. The name
configuration exists because you could be using multiple OpenID Connect
providers in a single app.
Expand All @@ -67,6 +111,10 @@ Configuration details:
that appears in the `user_info` details.
* The `issuer` property should exactly match the provider's issuer link.
* The `response_mode` option is optional and specifies how the result of the authorization request is formatted.
* Some OpenID Connect providers require the `scope` attribute in requests to the token endpoint, even if
this is not in the protocol specifications. In those cases, the `send_scope_to_token_endpoint`
property can be used to add the attribute to the token request. Initial value is `true`, which means that the
scope attribute is included by default.

For the full low down on OpenID Connect, please check out
[the spec](http://openid.net/specs/openid-connect-core-1_0.html).
Expand Down
2 changes: 2 additions & 0 deletions Rakefile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'bundler/gem_tasks'
require 'rake/testtask'

Expand Down
2 changes: 2 additions & 0 deletions lib/omniauth/openid_connect/errors.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@
module OmniAuth
module OpenIDConnect
class Error < RuntimeError; end

class MissingCodeError < Error; end

class MissingIdTokenError < Error; end
end
end
2 changes: 1 addition & 1 deletion lib/omniauth/openid_connect/version.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

module OmniAuth
module OpenIDConnect
VERSION = '0.3.6'
VERSION = '0.4.0'
end
end
Loading

0 comments on commit fefb5d0

Please sign in to comment.