automatic json encoding & decoding, and remove legacy token support

Author: nov

lib/rack/oauth2.rb

@@ -44,6 +44,7 @@ def self.http_client(agent_name = "Rack::OAuth2 (#{VERSION})", &local_http_confi
       Faraday.new(headers: {user_agent: agent_name}) do |faraday|
         faraday.request :url_encoded
         faraday.request :json
+        faraday.response :json
         faraday.response :logger, Rack::OAuth2.logger, {bodies: true} if debugging?
         faraday.adapter Faraday.default_adapter
         local_http_config&.call(faraday)

lib/rack/oauth2/access_token.rb

@@ -39,5 +39,4 @@ def token_response(options = {})
 
 require 'rack/oauth2/access_token/authenticator'
 require 'rack/oauth2/access_token/bearer'
-require 'rack/oauth2/access_token/legacy'
 require 'rack/oauth2/access_token/mtls'

lib/rack/oauth2/access_token/legacy.rb

@@ -213,24 +213,19 @@ def handle_revocation_response
       end
 
       def handle_success_response(response)
-        token_hash = JSON.parse(response.body).with_indifferent_access
+        token_hash = response.body.with_indifferent_access
         case (@forced_token_type || token_hash[:token_type])&.downcase
         when 'bearer'
           AccessToken::Bearer.new(token_hash)
-        when nil
-          AccessToken::Legacy.new(token_hash)
         else
           raise 'Unknown Token Type'
         end
-      rescue JSON::ParserError
-        # NOTE: Facebook support (They don't use JSON as token response)
-        AccessToken::Legacy.new Rack::Utils.parse_nested_query(response.body).with_indifferent_access
       end
 
       def handle_error_response(response)
-        error = JSON.parse(response.body).with_indifferent_access
+        error = response.body.with_indifferent_access
         raise Error.new(response.status, error)
-      rescue JSON::ParserError
+      rescue Faraday::ParsingError, NoMethodError
         raise Error.new(response.status, error: 'Unknown', error_description: response.body)
       end
     end

lib/rack/oauth2/client.rb

@@ -28,7 +28,13 @@ def request_for(method, options = {})
 
   def response_for(response_file, options = {})
     response = {}
-    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', response_file))
+    format = options[:format] || :json
+    if format == :json
+      response[:headers] = {
+        'Content-Type': 'application/json'
+      }
+    end
+    response[:body] = File.new(File.join(File.dirname(__FILE__), '../mock_response', "#{response_file}.#{format}"))
     if options[:status]
       response[:status] = options[:status]
     end

spec/helpers/webmock_helper.rb

@@ -12,15 +12,6 @@
     end
   end
 
-  context 'when Legacy token is given' do
-    let(:token) do
-      Rack::OAuth2::AccessToken::Legacy.new(
-        access_token: 'access_token'
-      )
-    end
-    it_behaves_like :authenticator
-  end
-
   context 'when Bearer token is given' do
     let(:token) do
       Rack::OAuth2::AccessToken::Bearer.new(

spec/mock_response/blank renamed to spec/mock_response/blank.txt

@@ -93,7 +93,7 @@
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             request_header: {
               'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ='
             }
@@ -109,7 +109,7 @@
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 request_header: {
                   'Authorization' => 'Basic aHR0cHMlM0ElMkYlMkZjbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                 }
@@ -127,7 +127,7 @@
                mock_response(
                  :post,
                  'https://server.example.com/oauth2/token',
-                 'tokens/bearer.json',
+                 'tokens/bearer',
                  request_header: {
                    'Authorization' => 'Basic aHR0cHM6Ly9jbGllbnQuZXhhbXBsZS5jb206Y2xpZW50X3NlY3JldA=='
                  }
@@ -143,7 +143,7 @@
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9\..+/, # NOTE: HS256
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -171,7 +171,7 @@
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9\..+/, # NOTE: RS256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -198,7 +198,7 @@
                 mock_response(
                   :post,
                   'https://server.example.com/oauth2/token',
-                  'tokens/bearer.json',
+                  'tokens/bearer',
                   params: {
                     client_assertion: /^eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9\..+/, # NOTE: ES256
                     client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -225,7 +225,7 @@
               mock_response(
                 :post,
                 'https://server.example.com/oauth2/token',
-                'tokens/bearer.json',
+                'tokens/bearer',
                 params: {
                   client_assertion: 'any.jwt.assertion',
                   client_assertion_type: Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER,
@@ -244,7 +244,7 @@
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -262,7 +262,7 @@
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 client_id: 'client_id',
                 client_secret: 'client_secret',
@@ -282,7 +282,7 @@
             mock_response(
               :post,
               'https://server.example.com/oauth2/token',
-              'tokens/bearer.json',
+              'tokens/bearer',
               params: {
                 grant_type: 'client_credentials',
                 scope: 'a b'
@@ -298,7 +298,7 @@
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/bearer.json',
+            'tokens/bearer',
             params: {
               grant_type: 'client_credentials',
               resource: 'something'
@@ -314,7 +314,7 @@
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/bearer.json',
+          'tokens/bearer',
           request_header: {
             'Authorization' => 'Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=',
             'X-Foo' => 'bar'
@@ -332,7 +332,7 @@
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/bearer.json'
+          'tokens/bearer'
         )
       end
       it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
@@ -347,70 +347,21 @@
           mock_response(
             :post,
             'https://server.example.com/oauth2/token',
-            'tokens/_Bearer.json'
+            'tokens/_Bearer'
           )
         end
         it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
         its(:token_type) { should == :bearer }
       end
     end
 
-    context 'when no-type token is given (JSON)' do
-      before do
-        client.authorization_code = 'code'
-        mock_response(
-          :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/legacy.json'
-        )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
-      its(:access_token) { should == 'access_token' }
-      its(:refresh_token) { should == 'refresh_token' }
-      its(:expires_in) { should == 3600 }
-
-      context 'when token_type is forced' do
-        before do
-          client.force_token_type! :bearer
-        end
-        it { should be_instance_of Rack::OAuth2::AccessToken::Bearer }
-        its(:token_type) { should == :bearer }
-      end
-    end
-
-    context 'when no-type token is given (key-value)' do
-      before do
-        mock_response(
-          :post,
-          'https://server.example.com/oauth2/token',
-          'tokens/legacy.txt'
-        )
-      end
-      it { should be_instance_of Rack::OAuth2::AccessToken::Legacy }
-      its(:token_type) { should == :legacy }
-      its(:access_token) { should == 'access_token' }
-      its(:expires_in) { should == 3600 }
-
-      context 'when expires_in is not given' do
-        before do
-          mock_response(
-            :post,
-            'https://server.example.com/oauth2/token',
-            'tokens/legacy_without_expires_in.txt'
-          )
-        end
-        its(:expires_in) { should be_nil }
-      end
-    end
-
     context 'when unknown-type token is given' do
       before do
         client.authorization_code = 'code'
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'tokens/unknown.json'
+          'tokens/unknown'
         )
       end
       it do
@@ -423,7 +374,7 @@
         mock_response(
           :post,
           'https://server.example.com/oauth2/token',
-          'errors/invalid_request.json',
+          'errors/invalid_request',
           status: 400
         )
       end
@@ -439,6 +390,7 @@
             :post,
             'https://server.example.com/oauth2/token',
             'blank',
+            format: 'txt',
             status: 400
           )
         end
@@ -456,6 +408,7 @@
           :post,
           'https://server.example.com/oauth2/revoke',
           'blank',
+          format: 'txt',
           status: 200,
           body: {
             token: 'access_token',
@@ -478,6 +431,7 @@
           :post,
           'https://server.example.com/oauth2/revoke',
           'blank',
+          format: 'txt',
           status: 200,
           body: {
             token: 'access_token',
@@ -496,6 +450,7 @@
           :post,
           'https://server.example.com/oauth2/revoke',
           'blank',
+          format: 'txt',
           status: 200,
           body: {
             token: 'refresh_token',
@@ -523,7 +478,7 @@
         mock_response(
           :post,
           'https://server.example.com/oauth2/revoke',
-          'errors/invalid_request.json',
+          'errors/invalid_request',
           status: 400
         )
       end