Use new auth URIs (#147)

This commit is contained in:
Thea Flowers 2018-08-01 13:42:29 -07:00 committed by Daniel Azuma
parent 5f714d44c5
commit af69fc5347
7 changed files with 30 additions and 30 deletions

View File

@ -38,8 +38,8 @@ module Google
# This class is intended to be inherited by API-specific classes # This class is intended to be inherited by API-specific classes
# which overrides the SCOPE constant. # which overrides the SCOPE constant.
class Credentials class Credentials
TOKEN_CREDENTIAL_URI = 'https://accounts.google.com/o/oauth2/token'.freeze TOKEN_CREDENTIAL_URI = 'https://oauth2.googleapis.com/token'.freeze
AUDIENCE = 'https://accounts.google.com/o/oauth2/token'.freeze AUDIENCE = 'https://oauth2.googleapis.com/token'.freeze
SCOPE = [].freeze SCOPE = [].freeze
PATH_ENV_VARS = [].freeze PATH_ENV_VARS = [].freeze
JSON_ENV_VARS = [].freeze JSON_ENV_VARS = [].freeze

View File

@ -46,9 +46,9 @@ module Google
# #
# cf [Application Default Credentials](http://goo.gl/mkAHpZ) # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
class UserRefreshCredentials < Signet::OAuth2::Client class UserRefreshCredentials < Signet::OAuth2::Client
TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze TOKEN_CRED_URI = 'https://oauth2.googleapis.com/token'.freeze
AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
REVOKE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/revoke'.freeze REVOKE_TOKEN_URI = 'https://oauth2.googleapis.com/revoke'.freeze
extend CredentialsLoader extend CredentialsLoader
# Create a UserRefreshCredentials. # Create a UserRefreshCredentials.

View File

@ -49,8 +49,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq([]) expect(options[:scope]).to eq([])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -66,8 +66,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -98,8 +98,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -130,8 +130,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -161,8 +161,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -193,8 +193,8 @@ describe Google::Auth::Credentials, :private do
allow(mocked_signet).to receive(:fetch_access_token!).and_return(true) allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
allow(mocked_signet).to receive(:client_id) allow(mocked_signet).to receive(:client_id)
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
@ -231,8 +231,8 @@ describe Google::Auth::Credentials, :private do
default_keyfile_hash default_keyfile_hash
end end
allow(Signet::OAuth2::Client).to receive(:new) do |options| allow(Signet::OAuth2::Client).to receive(:new) do |options|
expect(options[:token_credential_uri]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:token_credential_uri]).to eq('https://oauth2.googleapis.com/token')
expect(options[:audience]).to eq('https://accounts.google.com/o/oauth2/token') expect(options[:audience]).to eq('https://oauth2.googleapis.com/token')
expect(options[:scope]).to eq(['http://example.com/scope']) expect(options[:scope]).to eq(['http://example.com/scope'])
expect(options[:issuer]).to eq(default_keyfile_hash['client_email']) expect(options[:issuer]).to eq(default_keyfile_hash['client_email'])
expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA) expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)

View File

@ -41,10 +41,10 @@ describe Signet::OAuth2::Client do
before(:example) do before(:example) do
@key = OpenSSL::PKey::RSA.new(2048) @key = OpenSSL::PKey::RSA.new(2048)
@client = Signet::OAuth2::Client.new( @client = Signet::OAuth2::Client.new(
token_credential_uri: 'https://accounts.google.com/o/oauth2/token', token_credential_uri: 'https://oauth2.googleapis.com/token',
scope: 'https://www.googleapis.com/auth/userinfo.profile', scope: 'https://www.googleapis.com/auth/userinfo.profile',
issuer: 'app@example.com', issuer: 'app@example.com',
audience: 'https://accounts.google.com/o/oauth2/token', audience: 'https://oauth2.googleapis.com/token',
signing_key: @key signing_key: @key
) )
end end
@ -60,7 +60,7 @@ describe Signet::OAuth2::Client do
@key.public_key, true, @key.public_key, true,
algorithm: 'RS256') algorithm: 'RS256')
end end
stub_request(:post, 'https://accounts.google.com/o/oauth2/token') stub_request(:post, 'https://oauth2.googleapis.com/token')
.with(body: hash_including( .with(body: hash_including(
'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer' 'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer'
), &blk) ), &blk)

View File

@ -242,7 +242,7 @@ describe Google::Auth::UserAuthorizer do
end end
before(:example) do before(:example) do
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token') stub_request(:post, 'https://oauth2.googleapis.com/token')
.to_return(body: token_json, status: 200, headers: { .to_return(body: token_json, status: 200, headers: {
'Content-Type' => 'application/json' 'Content-Type' => 'application/json'
}) })
@ -270,7 +270,7 @@ describe Google::Auth::UserAuthorizer do
context 'with invalid authorization code' do context 'with invalid authorization code' do
before(:example) do before(:example) do
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token') stub_request(:post, 'https://oauth2.googleapis.com/token')
.to_return(status: 400) .to_return(status: 400)
end end
@ -300,7 +300,7 @@ describe Google::Auth::UserAuthorizer do
before(:example) do before(:example) do
token_store.store('user1', token_json) token_store.store('user1', token_json)
stub_request( stub_request(
:get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken' :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
) )
.to_return(status: 200) .to_return(status: 200)
end end
@ -308,7 +308,7 @@ describe Google::Auth::UserAuthorizer do
it 'should revoke the grant' do it 'should revoke the grant' do
authorizer.revoke_authorization('user1') authorizer.revoke_authorization('user1')
expect(a_request( expect(a_request(
:get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken' :get, 'https://oauth2.googleapis.com/revoke?token=refreshtoken'
)) ))
.to have_been_made .to have_been_made
end end

View File

@ -68,7 +68,7 @@ describe Google::Auth::UserRefreshCredentials do
body = MultiJson.dump('access_token' => access_token, body = MultiJson.dump('access_token' => access_token,
'token_type' => 'Bearer', 'token_type' => 'Bearer',
'expires_in' => 3600) 'expires_in' => 3600)
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token') stub_request(:post, 'https://oauth2.googleapis.com/token')
.with(body: hash_including('grant_type' => 'refresh_token')) .with(body: hash_including('grant_type' => 'refresh_token'))
.to_return(body: body, .to_return(body: body,
status: 200, status: 200,
@ -246,7 +246,7 @@ describe Google::Auth::UserRefreshCredentials do
describe 'when revoking a refresh token' do describe 'when revoking a refresh token' do
let(:stub) do let(:stub) do
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \ stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
'?token=refreshtoken') '?token=refreshtoken')
.to_return(status: 200, .to_return(status: 200,
headers: { 'Content-Type' => 'application/json' }) headers: { 'Content-Type' => 'application/json' })
@ -262,7 +262,7 @@ describe Google::Auth::UserRefreshCredentials do
describe 'when revoking an access token' do describe 'when revoking an access token' do
let(:stub) do let(:stub) do
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \ stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
'?token=accesstoken') '?token=accesstoken')
.to_return(status: 200, .to_return(status: 200,
headers: { 'Content-Type' => 'application/json' }) headers: { 'Content-Type' => 'application/json' })
@ -280,7 +280,7 @@ describe Google::Auth::UserRefreshCredentials do
describe 'when revoking an invalid token' do describe 'when revoking an invalid token' do
let(:stub) do let(:stub) do
stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \ stub_request(:get, 'https://oauth2.googleapis.com/revoke' \
'?token=refreshtoken') '?token=refreshtoken')
.to_return(status: 400, .to_return(status: 400,
headers: { 'Content-Type' => 'application/json' }) headers: { 'Content-Type' => 'application/json' })

View File

@ -107,7 +107,7 @@ describe Google::Auth::WebUserAuthorizer do
end end
before(:example) do before(:example) do
stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token') stub_request(:post, 'https://oauth2.googleapis.com/token')
.to_return(body: token_json, .to_return(body: token_json,
status: 200, status: 200,
headers: { 'Content-Type' => 'application/json' }) headers: { 'Content-Type' => 'application/json' })