Use new auth URIs (#147)
This commit is contained in:
Thea Flowers
Daniel Azuma
parent
5f714d44c5
commit
af69fc5347
|
|
@ -38,8 +38,8 @@ module Google
|
|||
# This class is intended to be inherited by API-specific classes
|
||||
# which overrides the SCOPE constant.
|
||||
class Credentials
|
||||
TOKEN_CREDENTIAL_URI = 'https://accounts.google.com/o/oauth2/token'.freeze
|
||||
AUDIENCE = 'https://accounts.google.com/o/oauth2/token'.freeze
|
||||
TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'.freeze
|
||||
AUDIENCE = 'https://oauth2.googleapis.com/token'.freeze
|
||||
SCOPE = [].freeze
|
||||
PATH_ENV_VARS = [].freeze
|
||||
JSON_ENV_VARS = [].freeze
|
||||
|
|
|
|||
|
|
@ -46,9 +46,9 @@ module Google
|
|||
#
|
||||
# cf [Application Default Credentials](http://goo.gl/mkAHpZ)
|
||||
class UserRefreshCredentials < Signet::OAuth2::Client
|
||||
TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
|
||||
TOKEN_CRED_URI = 'https://oauth2.googleapis.com/token'.freeze
|
||||
AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
|
||||
REVOKE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/revoke'.freeze
|
||||
REVOKE_TOKEN_URI = 'https://oauth2.googleapis.com/revoke'.freeze
|
||||
extend CredentialsLoader
|
||||
|
||||
# Create a UserRefreshCredentials.
|
||||
|
|
|
|||
|
|
@ -49,8 +49,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq([])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -66,8 +66,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -98,8 +98,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -130,8 +130,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -161,8 +161,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -193,8 +193,8 @@ describe Google::Auth::Credentials, :private do
|
|||
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
|
||||
allow(mocked_signet).to receive(:client_id)
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
@ -231,8 +231,8 @@ describe Google::Auth::Credentials, :private do
|
|||
default_keyfile_hash
|
||||
end
|
||||
allow(Signet::OAuth2::Client).to receive(:new) do |options|
|
||||
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token')
|
||||
expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
|
||||
expect(options[:scope]).to eq(['http://example.com/scope'])
|
||||
expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
|
||||
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
|
||||
|
|
|
|||
|
|
@ -41,10 +41,10 @@ describe Signet::OAuth2::Client do
|
|||
before(:example) do
|
||||
@key = OpenSSL::PKey::RSA.new(2048)
|
||||
@client = Signet::OAuth2::Client.new(
|
||||
token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
|
||||
token_credential_uri: 'https://oauth2.googleapis.com/token',
|
||||
scope: 'https://www.googleapis.com/auth/userinfo.profile',
|
||||
issuer: 'app@example.com',
|
||||
audience: 'https://accounts.google.com/o/oauth2/token',
|
||||
audience: 'https://oauth2.googleapis.com/token',
|
||||
signing_key: @key
|
||||
)
|
||||
end
|
||||
|
|
@ -60,7 +60,7 @@ describe Signet::OAuth2::Client do
|
|||
@key.public_key, true,
|
||||
algorithm: 'RS256')
|
||||
end
|
||||
stub_request(:post, 'https://accounts.google.com/o/oauth2/token')
|
||||
stub_request(:post, 'https://oauth2.googleapis.com/token')
|
||||
.with(body: hash_including(
|
||||
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer'
|
||||
), &blk)
|
||||
|
|
|
|||
|
|
@ -242,7 +242,7 @@ describe Google::Auth::UserAuthorizer do
|
|||
end
|
||||
|
||||
before(:example) do
|
||||
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
|
||||
stub_request(:post, 'https://oauth2.googleapis.com/token')
|
||||
.to_return(body: token_json, status: 200, headers: {
|
||||
'Content-Type' => 'application/json'
|
||||
})
|
||||
|
|
@ -270,7 +270,7 @@ describe Google::Auth::UserAuthorizer do
|
|||
|
||||
context 'with invalid authorization code' do
|
||||
before(:example) do
|
||||
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
|
||||
stub_request(:post, 'https://oauth2.googleapis.com/token')
|
||||
.to_return(status: 400)
|
||||
end
|
||||
|
||||
|
|
@ -300,7 +300,7 @@ describe Google::Auth::UserAuthorizer do
|
|||
before(:example) do
|
||||
token_store.store('user1', token_json)
|
||||
stub_request(
|
||||
:get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken'
|
||||
:get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
|
||||
)
|
||||
.to_return(status: 200)
|
||||
end
|
||||
|
|
@ -308,7 +308,7 @@ describe Google::Auth::UserAuthorizer do
|
|||
it 'should revoke the grant' do
|
||||
authorizer.revoke_authorization('user1')
|
||||
expect(a_request(
|
||||
:get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken'
|
||||
:get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
|
||||
))
|
||||
.to have_been_made
|
||||
end
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|||
body = MultiJson.dump('access_token' => access_token,
|
||||
'token_type' => 'Bearer',
|
||||
'expires_in' => 3600)
|
||||
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
|
||||
stub_request(:post, 'https://oauth2.googleapis.com/token')
|
||||
.with(body: hash_including('grant_type' => 'refresh_token'))
|
||||
.to_return(body: body,
|
||||
status: 200,
|
||||
|
|
@ -246,7 +246,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|||
|
||||
describe 'when revoking a refresh token' do
|
||||
let(:stub) do
|
||||
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
|
||||
stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
|
||||
'?token=refreshtoken')
|
||||
.to_return(status: 200,
|
||||
headers: { 'Content-Type' => 'application/json' })
|
||||
|
|
@ -262,7 +262,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|||
|
||||
describe 'when revoking an access token' do
|
||||
let(:stub) do
|
||||
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
|
||||
stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
|
||||
'?token=accesstoken')
|
||||
.to_return(status: 200,
|
||||
headers: { 'Content-Type' => 'application/json' })
|
||||
|
|
@ -280,7 +280,7 @@ describe Google::Auth::UserRefreshCredentials do
|
|||
|
||||
describe 'when revoking an invalid token' do
|
||||
let(:stub) do
|
||||
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
|
||||
stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
|
||||
'?token=refreshtoken')
|
||||
.to_return(status: 400,
|
||||
headers: { 'Content-Type' => 'application/json' })
|
||||
|
|
|
|||
|
|
@ -107,7 +107,7 @@ describe Google::Auth::WebUserAuthorizer do
|
|||
end
|
||||
|
||||
before(:example) do
|
||||
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
|
||||
stub_request(:post, 'https://oauth2.googleapis.com/token')
|
||||
.to_return(body: token_json,
|
||||
status: 200,
|
||||
headers: { 'Content-Type' => 'application/json' })
|
||||
|
|
|
|||
Loading…
Reference in New Issue