From fd82bc3c297e49a17c788b66bcd5041ce8d96b74 Mon Sep 17 00:00:00 2001 From: Harm-Jan Blok Date: Tue, 21 Jun 2016 16:24:18 +0200 Subject: [PATCH] Added support for (optional) acr_values parameter in authorization request --- lib/omniauth/strategies/openid_connect.rb | 1 + test/lib/omniauth/strategies/openid_connect_test.rb | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/lib/omniauth/strategies/openid_connect.rb b/lib/omniauth/strategies/openid_connect.rb index e4705c90..64c1d67d 100644 --- a/lib/omniauth/strategies/openid_connect.rb +++ b/lib/omniauth/strategies/openid_connect.rb @@ -124,6 +124,7 @@ def authorize_uri state: new_state, nonce: (new_nonce if options.send_nonce), hd: options.hd, + acr_values: options.acr_values } client.authorization_uri(opts.reject{|k,v| v.nil?}) end diff --git a/test/lib/omniauth/strategies/openid_connect_test.rb b/test/lib/omniauth/strategies/openid_connect_test.rb index 0deda94d..d2af7b08 100644 --- a/test/lib/omniauth/strategies/openid_connect_test.rb +++ b/test/lib/omniauth/strategies/openid_connect_test.rb @@ -242,6 +242,16 @@ def test_option_send_nonce assert(!(strategy.authorize_uri =~ /nonce=/), "URI must not contain nonce") end + def test_option_acr_values + strategy.options.client_options[:host] = 'foobar.com' + + assert(!(strategy.authorize_uri =~ /acr_values=/), 'URI must not contain acr_values') + + strategy.options.acr_values = 'urn:mace:incommon:iap:silver' + assert(strategy.authorize_uri =~ /acr_values=/, 'URI must contain acr_values') + end + + def test_failure_endpoint_redirect OmniAuth.config.stubs(:failure_raise_out_environments).returns([]) strategy.stubs(:env).returns({})