omniauth-authentiq-0.3.3/0000755000004100000410000000000013321375167015401 5ustar www-datawww-dataomniauth-authentiq-0.3.3/README.md0000644000004100000410000000305113321375167016657 0ustar www-datawww-data# OmniAuth Authentiq Official [OmniAuth](https://github.com/omniauth/omniauth/wiki) strategy for authenticating with an Authentiq ID mobile app ([iOS](https://itunes.apple.com/us/app/authentiq-id/id964932341), [Android](https://play.google.com/store/apps/details?id=com.authentiq.authentiqid)). Application credentials (YOUR_CLIENT_ID and YOUR_CLIENT_SECRET below) can be obtained [at Authentiq](https://www.authentiq.com/developers/?utm_source=github&utm_medium=readme&utm_campaign=omniauth-authentiq). ## Installation Add this line to your application's Gemfile ```ruby gem 'omniauth-authentiq', '~> 0.3.0' ``` Then bundle: $ bundle install # Basic Usage with Rails ```ruby use OmniAuth::Builder do provider :authentiq, ENV['AUTHENTIQ_KEY'], ENV['AUTHENTIQ_SECRET'], scope: 'aq:name email~rs aq:push' end ``` You can read the wiki for more extensive information on how to use the Authentiq Omniauth strategy for your rails application * [Homepage](https://github.com/AuthentiqID/omniauth-authentiq/wiki) * [Installation and basic usage](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Installation-and-basic-usage) * [Scopes, redirect uri configuration and response data](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Scopes,-callback-url-configuration-and-responses) * [Remote Logout (Backchannel-logout)](https://github.com/AuthentiqID/omniauth-authentiq/wiki/Remote-logout) ## Tests Tests are coming soon. ## Contributing Bug reports and pull requests are welcome [here](https://github.com/AuthentiqID/omniauth-authentiq) omniauth-authentiq-0.3.3/.gitignore0000644000004100000410000000027713321375167017377 0ustar www-datawww-data/.bundle/ .idea/ /_yardoc/ /coverage/ /doc/ /pkg/ /spec/reports/ /tmp/ /test/ /bin/ /.yardoc /Gemfile.lock *.rbc .config InstalledFiles lib/bundler/man rdoc omniauth-authentiq-* .ruby-versionomniauth-authentiq-0.3.3/CODE_OF_CONDUCT.md0000644000004100000410000000453313321375167020205 0ustar www-datawww-data# Contributor Code of Conduct As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities. We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality. Examples of unacceptable behavior by participants include: * The use of sexualized language or imagery * Personal attacks * Trolling or insulting/derogatory comments * Public or private harassment * Publishing other's private information, such as physical or electronic addresses, without explicit permission * Other unethical or unprofessional conduct Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team. This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting a project maintainer at dev.alexkeramidas@gmail.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. Maintainers are obligated to maintain confidentiality with regard to the reporter of an incident. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.3.0, available at [http://contributor-covenant.org/version/1/3/0/][version] [homepage]: http://contributor-covenant.org [version]: http://contributor-covenant.org/version/1/3/0/omniauth-authentiq-0.3.3/LICENSE0000644000004100000410000000205513321375167016410 0ustar www-datawww-dataMIT License Copyright (c) 2016 Authentiq BV Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. omniauth-authentiq-0.3.3/Rakefile0000644000004100000410000000006313321375167017045 0ustar www-datawww-datarequire "bundler/gem_tasks" task :default => :spec omniauth-authentiq-0.3.3/lib/0000755000004100000410000000000013321375167016147 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/0000755000004100000410000000000013321375167017773 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/authentiq/0000755000004100000410000000000013321375167021775 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/authentiq/version.rb0000644000004100000410000000010313321375167024001 0ustar www-datawww-datamodule OmniAuth module Authentiq VERSION = "0.3.3" end end omniauth-authentiq-0.3.3/lib/omniauth/strategies/0000755000004100000410000000000013321375167022145 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/strategies/oidc/0000755000004100000410000000000013321375167023063 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/strategies/oidc/back_channel_logout_request.rb0000644000004100000410000000712313321375167031144 0ustar www-datawww-datarequire 'jwt' require_relative '../helpers/helpers' module OmniAuth module Strategies class Authentiq class BackChannelLogoutRequest def initialize(strategy, request) @strategy, @request = strategy, request end def call(options = {}) @options = options begin result = sign_out_callback.call(*back_channel_logout_request) rescue StandardError, ArgumentError, NotImplementedError => err if err.class.equal?(ArgumentError) result = back_channel_logout_response(400, [err.to_s]) elsif err.class.equal?(NotImplementedError) result = back_channel_logout_response(501, [err.to_s]) else result = back_channel_logout_response(400, [err.to_s]) end else if result result = back_channel_logout_response(200, ['Logout succeeded']) else result = back_channel_logout_response(404, ['Unknown session']) end ensure return unless result return result.finish end end private def back_channel_logout_request @logout_request || begin decode_logout_token(@request.params['logout_token']) @request end end def decode_logout_token(logout_token) begin logout_jwt = JWT.decode( logout_token, @options.client_secret, true, :algorithm => helpers.algorithm(@options), :iss => @options.client_options.site, :verify_iss => true, :aud => @options.client_id, :verify_aud => true, :verify_iat => true, :verify_jti => true, :verify_sub => true, :leeway => 60 ) if validate_events(logout_jwt.first) && validate_nonce(logout_jwt.first) && validate_sid(logout_jwt.first) @request.update_param('sid', logout_jwt[0]['sid']) else raise(ArgumentError, 'Logout JWT validation failed. Missing session, events claim or nonce claim is present') end end end def validate_events(logout_jwt) logout_jwt.key?('events') && logout_jwt['events'].key?('http://schemas.openid.net/event/backchannel-logout') end def validate_nonce(logout_jwt) !logout_jwt.key?('nonce') end def sign_out_callback if @options.has_key?(:remote_sign_out_handler) && (@options[:remote_sign_out_handler].respond_to? :call) @options[:remote_sign_out_handler] else OmniAuth::logger.send(:warn, 'It looks like remote logout is configured on your Authentiq client but \':remote_sign_out_handler\' is not implemented on devise or omniauth') raise(NotImplementedError, 'Remote sign out failed because the client\'s \':remote_sign_out_handler\' is not implemented on devise or omniauth') end end def validate_sid(logout_jwt) logout_jwt.key?('sid') end def back_channel_logout_response(code, body) response = Rack::Response.new response.status = code response['Cache-Control'] = 'no-cache, no-store' response['Pragma'] = 'no-cache' response.headers['Content-Type'] = 'text/plain; charset=utf-8' response.body = body response end def helpers Helpers end end end end end omniauth-authentiq-0.3.3/lib/omniauth/strategies/helpers/0000755000004100000410000000000013321375167023607 5ustar www-datawww-dataomniauth-authentiq-0.3.3/lib/omniauth/strategies/helpers/helpers.rb0000644000004100000410000000040313321375167025573 0ustar www-datawww-dataclass Helpers def self.algorithm(options = {}) @options = options if @options.algorithm != nil && (%w(HS256 RS256 ES256).include? @options.client_signed_response_alg) @options.client_signed_response_alg else 'HS256' end end endomniauth-authentiq-0.3.3/lib/omniauth/strategies/authentiq.rb0000644000004100000410000000675413321375167024510 0ustar www-datawww-datarequire 'jwt' require 'omniauth-oauth2' require_relative 'helpers/helpers' module OmniAuth module Strategies class Authentiq < OmniAuth::Strategies::OAuth2 autoload :BackChannelLogoutRequest, 'omniauth/strategies/oidc/back_channel_logout_request' option :name, 'authentiq' option :client_options, { :site => 'https://connect.authentiq.io/', :authorize_url => 'https://connect.authentiq.io/authorize', :token_url => 'https://connect.authentiq.io/token' } # These are called after authentication has succeeded. If # possible, you should try to set the UID without making # additional calls (if the user id is returned with the # token or as a URI parameter). This may not be possible # with all providers. uid { raw_info['sub'] } info do { :name => (@raw_info['name'] unless @raw_info['name'].nil?), :first_name => (@raw_info['given_name'] unless @raw_info['given_name'].nil?), :last_name => (@raw_info['family_name'] unless @raw_info['family_name'].nil?), :email => (@raw_info['email'] unless @raw_info['email'].nil?), :phone => (@raw_info['phone_number'] unless @raw_info['phone_number'].nil?), :address => (@raw_info['address'] unless @raw_info['address'].nil?), :location => (@raw_info['aq:location'] unless @raw_info['aq:location'].nil?) }.reject { |k, v| v.nil? } end extra do { :middle_name => (@raw_info['middle_name'] unless @raw_info['middle_name'].nil?), :email_verified => (@raw_info['email_verified'] unless @raw_info['email_verified'].nil?), :phone_type => (@raw_info['phone_type'] unless @raw_info['phone_type'].nil?), :phone_number_verified => (@raw_info['phone_number_verified'] unless @raw_info['phone_number_verified'].nil?), :locale => (@raw_info['locale'] unless @raw_info['locale'].nil?), :zoneinfo => (@raw_info['zoneinfo'] unless @raw_info['zoneinfo'].nil?) }.reject { |k, v| v.nil? } end def request_phase add_openid super end def raw_info @raw_info ||= decode_idtoken(access_token.params['id_token']) request.update_param('sid', @raw_info['sid']) @raw_info end def callback_url options[:callback_url] || (full_host + script_name + callback_path) end def callback_phase should_sign_out? ? sign_out_phase : super end def add_openid unless options.scope.split.include? 'openid' options.scope = options.scope.split.push('openid').join(' ') end end def decode_idtoken(idtoken) ::JWT.decode( idtoken, @options.client_secret, true, algorithm: helpers.algorithm(@options), iss: @options.client_options.site, verify_iss: true, aud: @options.client_id, verify_aud: true, verify_iat: true, verify_jti: false, verify_sub: true, leeway: 60 ).first end def should_sign_out? request.post? && request.params.has_key?('logout_token') end def sign_out_phase backchannel_logout_request.new(self, request).call(options) end private def backchannel_logout_request BackChannelLogoutRequest end def helpers Helpers end end end end omniauth-authentiq-0.3.3/lib/omniauth/authentiq.rb0000644000004100000410000000011413321375167022316 0ustar www-datawww-datarequire 'omniauth/strategies/authentiq' require 'omniauth/authentiq/version'omniauth-authentiq-0.3.3/lib/omniauth-authentiq.rb0000644000004100000410000000003413321375167022315 0ustar www-datawww-datarequire 'omniauth/authentiq'omniauth-authentiq-0.3.3/omniauth-authentiq.gemspec0000644000004100000410000000177213321375167022601 0ustar www-datawww-data# coding: utf-8 lib = File.expand_path('../lib', __FILE__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'omniauth/authentiq/version' Gem::Specification.new do |spec| spec.name = "omniauth-authentiq" spec.version = OmniAuth::Authentiq::VERSION spec.authors = ["Alexandros Keramidas"] spec.email = ["alex@authentiq.com", "support@authentiq.com"] spec.summary = %q{Authentiq strategy for OmniAuth} spec.description = %q{Strategy to enable passwordless authentication in OmniAuth via Authentiq.} spec.homepage = "https://github.com/AuthentiqID/omniauth-authentiq" spec.licenses = %w(MIT) spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) } spec.bindir = "exe" spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ["lib"] spec.add_runtime_dependency 'jwt', '>= 1.5' spec.add_runtime_dependency 'omniauth-oauth2', '>= 1.5' end omniauth-authentiq-0.3.3/Gemfile0000644000004100000410000000036613321375167016701 0ustar www-datawww-datasource 'https://rubygems.org' # Specify your gem's dependencies in authentiq.gemspec gemspec gem 'rake' group :development, :test do gem 'guard' gem 'guard-rspec' gem 'guard-bundler' gem 'rb-fsevent' gem 'growl' gem 'simplecov' end