chore: Release version 1.1.0

doorkeeper-gem · Nov 30, 2016 · 107eaf6 · 107eaf6
1 parent fc2b1b1
commit 107eaf6
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,24 @@
+<a name="v1.1.0"></a>
+### v1.1.0 (2016-11-30)
+
+This release is a general clean-up and adds support for some advanced OpenID Connect features.
+Make sure to check the updated [README.md](README.md), especially the [configuration](README.md#configuration) section.
+
+#### Features
+
+* Respect scope grants in UserInfo response	 ([25f2170](/../../commit/25f2170))
+* Support max_age parameter	 ([aabe3aa](/../../commit/aabe3aa))
+* Add generator for initializer	 ([80399fd](/../../commit/80399fd))
+* Store and return nonces in IdToken responses	 ([d28ca8c](/../../commit/d28ca8c))
+* Support prompt=none parameter	 ([c775d8b](/../../commit/c775d8b))
+* Add supported claims to discovery response	 ([1d8f9ea](/../../commit/1d8f9ea))
+* Add webfinger and keys endpoints for discovery	 ([f70898b](/../../commit/f70898b))
+* Add discovery endpoint	 ([a16caa8](/../../commit/a16caa8))
+
+#### Bug Fixes
+
+* Work around response_body issue on Rails 5, fix specs	 ([bc4ac76](/../../commit/bc4ac76))
+* Return auth_time in ID token claims	 ([490f756](/../../commit/490f756))
+* Don't require nonce	 ([d2945da](/../../commit/d2945da))
+* Also support POST requests to userinfo	 ([87a6577](/../../commit/87a6577))
+* Add openid scope to Doorkeeper configuration	 ([8169c2d](/../../commit/8169c2d))
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -63,3 +63,10 @@ feat: create initial CONTRIBUTING.md
 
 This closes #73
 ```
+
+## Release process
+
+- Bump version in `lib/doorkeeper/openid_connect/version.rb`
+- Update `CHANGELOG.md`
+- Commit all changes
+- Tag release and publish gem with `rake release`
diff --git a/README.md b/README.md
@@ -12,16 +12,16 @@ This library implements [OpenID Connect](http://openid.net/connect/) for Rails a
 - [Status](#status)
 - [Installation](#installation)
 - [Configuration](#configuration)
-  - [OAuth Scopes](#oauth-scopes)
+  - [Scopes](#scopes)
+  - [Claims](#claims)
   - [Routes](#routes)
+  - [Nonces](#nonces)
 - [Development](#development)
 - [License](#license)
 - [Sponsors](#sponsors)
 
 ## Status
 
-The library is usable but still a bit rough around the edges. Please refer to the [v1.0.1 README](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/blob/v1.0.1/README.md) until the next version is released.
-
 The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html) are currently supported:
 - [Authentication using the Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
 - [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
@@ -81,7 +81,7 @@ The following settings are required in `config/initializers/doorkeeper_openid_co
 - `jws_private_key`, `jws_public_key`
   - Private and public RSA key pair for [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31).
   - You can generate these with the `openssl` command, see e.g. [Generate a keypair using OpenSSL](https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL).
-  - You should not commit these keys to your repository, but use external files (in combination with `File.read`) or the [dotenv-rails](https://github.com/bkeepers/dotenv) gem (in combination with `ENV[...]`).
+  - You should not commit these keys to your repository, but use external files (in combination with `File.read`) and/or the [dotenv-rails](https://github.com/bkeepers/dotenv) gem (in combination with `ENV[...]`).
 - `resource_owner_from_access_token`
   - Defines how to translate the Doorkeeper access token to a resource owner model.
 
@@ -100,20 +100,33 @@ The following settings are optional:
   - Expiration time after which the ID Token must not be accepted for processing by clients.
   - The default is 120 seconds
 
-Custom claims can optionally be specified in a `claims` block. The following claim types are currently supported:
+### Scopes
+
+To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
 
-- `normal_claim`
-  - Specify claim name and a block which is called with `resource_owner` to determine the claim value.
+> Note that any application defining its own scopes won't inherit the scopes defined in the initializer, so you might have to update existing applications as well.
+>
+> See [Using Scopes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes) in the Doorkeeper wiki for more information.
 
-You can pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) as defined by OpenID Connect will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims), and any other claims will by default use the `profile` scope.
+### Claims
 
-### OAuth Scopes
+Claims can be defined in a `claims` block inside `config/initializers/doorkeeper_openid_connect.rb`:
 
-To authenticate using OpenID Connect, clients need to request the `openid` scope. You can either enable this for all applications using `optional_scopes` in `config/initializers/doorkeeper.rb`, or add them to any Doorkeeper application's `scope` attribute. Note that any application defining its own scopes won't inherit the scopes defined in the initializer.
+```ruby
+Doorkeeper::OpenidConnect.configure do
+  claims do
+    claim :email do |resource_owner|
+      resource_owner.email
+    end
 
-The specification also defines the optional scopes `profile`, `email`, `address` and `phone` to grant access to groups of Standard Claims, as mentioned above.
+    claim :full_name do |resource_owner|
+      "#{resource_owner.first_name} #{resource_owner.last_name}"
+    end
+  end
+end
+```
 
-See [Using Scopes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes) in the Doorkeeper wiki for more information.
+You can pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. If you define any of the defined [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) they will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) (`profile`, `email`, `address` and `phone`), and any other claims will by default use the `profile` scope. Again, to use any of these scopes you need to enable them as described above.
 
 ### Routes
 
@@ -136,6 +149,39 @@ GET   /.well-known/openid-configuration
 GET   /.well-known/webfinger
 ```
 
+### Nonces
+
+To support clients who send nonces you have to tweak Doorkeeper's authorization view so the parameter is passed on.
+
+If you don't already have custom templates, run this generator in your Rails application to add them:
+
+```sh
+rails generate doorkeeper:views
+```
+
+Then tweak the template as follows:
+
+```patch
+--- i/app/views/doorkeeper/authorizations/new.html.erb
++++ w/app/views/doorkeeper/authorizations/new.html.erb
+@@ -26,6 +26,7 @@
+       <%= hidden_field_tag :state, @pre_auth.state %>
+       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+       <%= hidden_field_tag :scope, @pre_auth.scope %>
++      <%= hidden_field_tag :nonce, @pre_auth.nonce %>
+       <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
+     <% end %>
+     <%= form_tag oauth_authorization_path, method: :delete do %>
+@@ -34,6 +35,7 @@
+       <%= hidden_field_tag :state, @pre_auth.state %>
+       <%= hidden_field_tag :response_type, @pre_auth.response_type %>
+       <%= hidden_field_tag :scope, @pre_auth.scope %>
++      <%= hidden_field_tag :nonce, @pre_auth.nonce %>
+       <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
+     <% end %>
+   </div>
+```
+
 ## Development
 
 Run `bundle install` to setup all development dependencies.

diff --git a/doorkeeper-openid_connect.gemspec b/doorkeeper-openid_connect.gemspec
@@ -1,15 +1,14 @@
-# coding: utf-8
 $:.push File.expand_path('../lib', __FILE__)
 require 'doorkeeper/openid_connect/version'
 
 Gem::Specification.new do |spec|
   spec.name          = 'doorkeeper-openid_connect'
   spec.version       = Doorkeeper::OpenidConnect::VERSION
-  spec.authors       = ['Sam Dengler']
-  spec.email         = ['sam.dengler@playonsports.com']
-  spec.homepage      = 'https://github.com/playon/doorkeeper-openid_connect'
-  spec.summary       = %q{OpenID Connect extension to Doorkeeper.}
-  spec.description   = %q{OpenID Connect extension to Doorkeeper.}
+  spec.authors       = ['Sam Dengler', 'Markus Koller']
+  spec.email         = ['sam.dengler@playonsports.com', 'markus-koller@gmx.ch']
+  spec.homepage      = 'https://github.com/doorkeeper-gem/doorkeeper-openid_connect'
+  spec.summary       = %q{OpenID Connect extension for Doorkeeper.}
+  spec.description   = %q{OpenID Connect extension for Doorkeeper.}
   spec.license       = %q{MIT}
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
@@ -27,4 +26,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'factory_girl'
   spec.add_development_dependency 'sqlite3'
   spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'conventional-changelog', '~> 1.2'
 end
diff --git a/lib/doorkeeper/openid_connect/version.rb b/lib/doorkeeper/openid_connect/version.rb
@@ -1,5 +1,5 @@
 module Doorkeeper
   module OpenidConnect
-    VERSION = '1.0.3'.freeze
+    VERSION = '1.1.0'.freeze
   end
 end