lib/openid_connect/discovery/provider/config/response.rb in openid_connect-1.0.2 vs lib/openid_connect/discovery/provider/config/response.rb in openid_connect-1.0.3
- old
+ new
@@ -5,10 +5,11 @@
class Response
include ActiveModel::Validations, AttrRequired, AttrOptional
cattr_accessor :metadata_attributes
attr_reader :raw
+ attr_accessor :expected_issuer
uri_attributes = {
required: [
:issuer,
:authorization_endpoint,
:jwks_uri
@@ -53,10 +54,11 @@
:require_request_uri_registration
])
validates *required_attributes, presence: true
validates *uri_attributes.values.flatten, url: true, allow_nil: true
+ validates :issuer, with: :validate_issuer_matching
def initialize(hash)
(required_attributes + optional_attributes).each do |key|
self.send "#{key}=", hash[key]
end
@@ -71,13 +73,11 @@
hash
end
end
def validate!(expected_issuer = nil)
- valid? && (
- expected_issuer.blank? || issuer == expected_issuer
- ) or raise ValidationFailed.new(self)
+ valid? or raise ValidationFailed.new(self)
end
def jwks
@jwks ||= JSON.parse(
OpenIDConnect.http_client.get_content(jwks_uri)
@@ -85,9 +85,17 @@
JSON::JWK::Set.new @jwks[:keys]
end
def public_keys
@public_keys ||= jwks.collect(&:to_key)
+ end
+
+ private
+
+ def validate_issuer_matching
+ if expected_issuer.present? && issuer != expected_issuer
+ errors.add :issuer, 'mismatch'
+ end
end
end
end
end
end
\ No newline at end of file