RubyFlow The Ruby and Rails community linklog

×

The Ruby and Rails community linklog

Made a library? Written a blog post? Found a useful tutorial? Share it with the Ruby community here or just enjoy what everyone else has found!

Rodauth Oauth 0.8.0 (Device Code Grant, Client Assertion Framework)

by Tiago

https://honeyryderchuck.gitlab.io/rodauth-oauth/

0.8.0 (12/03/2022) Features
  • Device code grant

rodauth-oauth now supports the Device code grant RFC, via the oauth_device_grant feature.

  • OAuth Tokens Management

An OAuth Tokens Management Dashboard is now provided (via r.oauth_tokens call to enable the routes). It allows the logged in account to list and revoke OAuth Tokens which have been issued for its resources.

  • Assertion Framework (+ SAML and JWT Bearer Grant)

A new plugin, oauth_assertion_base, was introduced to provide a baseline for implementing custom Bearer Assertion as per the OAuth Client Assertion Framework RFC. This in turn was used to refactor and reintroduce the oauth_saml_bearer_grant and the oauth_jwt_bearer_grant features, which implement the respective and most recent version of the assertion RFCs.

(as a result, oauth_saml was removed, which implemented a very old draft version of the SAML Bearer spec).

Improvements

The OAuth functionality was refactored from 1 big feature, into several features:

  • oauth_base
  • oauth_authorization_code_grant
  • oauth_implicit_grant
  • oauth_device_grant
  • oauth_token_introspection
  • oauth_token_revocation
  • oauth_application_management
  • oauth_token_management
  • oauth_pkce

They’re still loaded together via the oauth feature for backwards compatibility. This will change in a major version.

Bugfixes
  • oauth_jwt integration with the json-jwt gem does proper claims validation now;

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in