Current section

44 Versions

Jump to

Compare versions

27 files changed
+479 additions
-37 deletions
  @@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
5 5 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
6 6 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7 7
8 + ## [2.1.0] - 2022-04-29
9 +
10 + ### Added
11 +
12 + - OpenID Connect jwks endpoint domain and application layer generation
13 + - OpenID Connect userinfo endpoint domain and application layer generation
14 +
15 + ### Fixed
16 +
17 + - OpenID Connect prompt=none login_required errors in domain
18 +
8 19 ## [2.0.1] - 2022-04-12
9 20
10 21 ### Added
  @@ -10,8 +10,8 @@
10 10 <<"lib/boruta.ex">>,<<"lib/mix">>,<<"lib/mix/tasks">>,
11 11 <<"lib/mix/tasks/boruta.gen.migration.ex">>,
12 12 <<"lib/mix/tasks/boruta.gen.controllers.ex">>,<<"lib/boruta">>,
13 - <<"lib/boruta/application.ex">>,<<"lib/boruta/oauth">>,
14 - <<"lib/boruta/oauth/requests">>,
13 + <<"lib/boruta/openid.ex">>,<<"lib/boruta/application.ex">>,
14 + <<"lib/boruta/oauth">>,<<"lib/boruta/oauth/requests">>,
15 15 <<"lib/boruta/oauth/requests/token_request.ex">>,
16 16 <<"lib/boruta/oauth/requests/refresh_token_resquest.ex">>,
17 17 <<"lib/boruta/oauth/requests/authorization_code_request.ex">>,
  @@ -31,7 +31,7 @@
31 31 <<"lib/boruta/oauth/responses/authorize.ex">>,
32 32 <<"lib/boruta/oauth/responses/token.ex">>,
33 33 <<"lib/boruta/oauth/responses/introspect.ex">>,
34 - <<"lib/boruta/oauth/authorization">>,
34 + <<"lib/boruta/oauth/bearer_token.ex">>,<<"lib/boruta/oauth/authorization">>,
35 35 <<"lib/boruta/oauth/authorization/nonce.ex">>,
36 36 <<"lib/boruta/oauth/authorization/scope.ex">>,
37 37 <<"lib/boruta/oauth/authorization/code.ex">>,
  @@ -59,7 +59,11 @@
59 59 <<"lib/boruta/oauth/request/token.ex">>,
60 60 <<"lib/boruta/oauth/request/introspect.ex">>,
61 61 <<"lib/boruta/oauth/request/revoke.ex">>,
62 - <<"lib/boruta/oauth/authorization.ex">>,<<"lib/boruta/oauth.ex">>,
62 + <<"lib/boruta/oauth/authorization.ex">>,<<"lib/boruta/openid">>,
63 + <<"lib/boruta/openid/applications">>,
64 + <<"lib/boruta/openid/applications/userinfo_application.ex">>,
65 + <<"lib/boruta/openid/applications/jwks_application.ex">>,
66 + <<"lib/boruta/openid/application.ex">>,<<"lib/boruta/oauth.ex">>,
63 67 <<"lib/boruta/config.ex">>,<<"lib/boruta/repo.ex">>,<<"lib/boruta/utils">>,
64 68 <<"lib/boruta/utils/basic_auth.ex">>,
65 69 <<"lib/boruta/utils/token_generator.ex">>,<<"lib/boruta/adapters">>,
  @@ -124,6 +128,8 @@
124 128 <<"priv/templates/boruta.gen.controllers/unit/openid">>,
125 129 <<"priv/templates/boruta.gen.controllers/unit/openid/controllers">>,
126 130 <<"priv/templates/boruta.gen.controllers/unit/openid/controllers/token_controller_test.exs.eex">>,
131 + <<"priv/templates/boruta.gen.controllers/unit/openid/controllers/jwks_controller_test.exs.eex">>,
132 + <<"priv/templates/boruta.gen.controllers/unit/openid/controllers/userinfo_controller_test.exs.eex">>,
127 133 <<"priv/templates/boruta.gen.controllers/unit/openid/controllers/authorize_controller_test.exs.eex">>,
128 134 <<"priv/templates/boruta.gen.controllers/controllers">>,
129 135 <<"priv/templates/boruta.gen.controllers/controllers/oauth">>,
  @@ -132,11 +138,14 @@
132 138 <<"priv/templates/boruta.gen.controllers/controllers/oauth/authorize_controller.ex.eex">>,
133 139 <<"priv/templates/boruta.gen.controllers/controllers/oauth/revoke_controller.ex.eex">>,
134 140 <<"priv/templates/boruta.gen.controllers/controllers/openid">>,
141 + <<"priv/templates/boruta.gen.controllers/controllers/openid/jwks_controller.ex.eex">>,
142 + <<"priv/templates/boruta.gen.controllers/controllers/openid/userinfo_controller.ex.eex">>,
135 143 <<"priv/templates/boruta.gen.controllers/controllers/openid/authorize_controller.ex.eex">>,
136 144 <<"priv/templates/boruta.gen.controllers/templates">>,
137 145 <<"priv/templates/boruta.gen.controllers/templates/oauth">>,
138 146 <<"priv/templates/boruta.gen.controllers/templates/oauth/error.html.eex">>,
139 147 <<"priv/templates/boruta.gen.controllers/views">>,
148 + <<"priv/templates/boruta.gen.controllers/views/openid_view.ex.eex">>,
140 149 <<"priv/templates/boruta.gen.controllers/views/oauth_view.ex.eex">>,
141 150 <<".formatter.exs">>,<<"mix.exs">>,<<"README.md">>,<<"LICENSE">>,
142 151 <<"CHANGELOG.md">>]}.
  @@ -199,4 +208,4 @@
199 208 {<<"optional">>,false},
200 209 {<<"repository">>,<<"hexpm">>},
201 210 {<<"requirement">>,<<"~> 1.0">>}]]}.
202 - {<<"version">>,<<"2.0.1">>}.
211 + {<<"version">>,<<"2.1.0">>}.
  @@ -9,4 +9,5 @@ defmodule Boruta.ClientsAdapter do
9 9
10 10 def get_client(id), do: clients().get_client(id)
11 11 def authorized_scopes(params), do: clients().authorized_scopes(params)
12 + def list_clients_jwk, do: clients().list_clients_jwk()
12 13 end
  @@ -39,6 +39,17 @@ defmodule Boruta.Ecto.Clients do
39 39 end
40 40 end
41 41
42 + @impl Boruta.Oauth.Clients
43 + def list_clients_jwk do
44 + clients = repo().all(Ecto.Client)
45 +
46 + Enum.map(clients, fn %Ecto.Client{id: client_id, public_key: public_key} ->
47 + {_type, jwk} = public_key |> :jose_jwk.from_pem() |> :jose_jwk.to_map()
48 +
49 + Map.put(jwk, "kid", client_id)
50 + end)
51 + end
52 +
42 53 defp authorized_scopes(:from_database, %Oauth.Client{id: id}) do
43 54 case repo().get_by(Ecto.Client, id: id) do
44 55 %Ecto.Client{} = client ->
  @@ -62,7 +62,7 @@ defmodule Boruta.Oauth do
62 62 end
63 63
64 64 @doc """
65 - Process an authorize request as stated in [RFC 6749 - The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749).
65 + Check success of an authorize request as stated in [RFC 6749 - The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749) and [OpenID Connect Core 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth).
66 66
67 67 Triggers `preauthorize_success` in case of success and `preauthorize_error` in case of failure from the given `module`. Those functions are described in `Boruta.Oauth.Application` behaviour.
68 68 """
  @@ -88,7 +88,7 @@ defmodule Boruta.Oauth do
88 88 end
89 89
90 90 @doc """
91 - Process an authorize and hybrid requests as respectively stated in [RFC 6749 - The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749) and [OpenID Connect Core 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth).
91 + Process an authorize request as stated in [RFC 6749 - The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749) and [OpenID Connect Core 1.0 incorporating errata set 1](https://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth).
92 92
93 93 Triggers `authorize_success` in case of success and `authorize_error` in case of failure from the given `module`. Those functions are described in `Boruta.Oauth.Application` behaviour.
94 94 """
Loading more files…