ruby-oauth
diff --git a/‎.gitlab-ci.yml‎
Lines changed: 36 additions & 3 deletions b/‎.gitlab-ci.yml‎
Lines changed: 36 additions & 3 deletions
diff --git a/‎.rspec‎
Lines changed: 1 addition & 1 deletion b/‎.rspec‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎spec/examples/google_spec.rb‎
Lines changed: 32 additions & 32 deletions b/‎spec/examples/google_spec.rb‎
Lines changed: 32 additions & 32 deletions
diff --git a/‎spec/ext/backports.rb‎
Lines changed: 1 addition & 1 deletion b/‎spec/ext/backports.rb‎
Lines changed: 1 addition & 1 deletion
@@ -1,6 +1,20 @@
 default:
   image: ruby:3.2
 
+variables:
+  BUNDLE_INSTALL_FLAGS: "--quiet --jobs=$(nproc) --retry=3"
+  BUNDLE_FROZEN: "false" # No lockfile!
+  BUNDLE_GEMFILE: gemfiles/omnibus.gemfile
+  K_SOUP_COV_DEBUG: true
+  K_SOUP_COV_DO: true
+  K_SOUP_COV_HARD: true
+  K_SOUP_COV_MIN_BRANCH: 46
+  K_SOUP_COV_MIN_LINE: 93
+  K_SOUP_COV_VERBOSE: true
+  K_SOUP_COV_FORMATTERS: "html,xml,rcov,lcov,json,tty"
+  K_SOUP_COV_MULTI_FORMATTERS: true
+  K_SOUP_COV_COMMAND_NAME: "RSpec Coverage"
+
 workflow:
   rules:
     # For merge requests, create a pipeline.
@@ -16,7 +30,20 @@ workflow:
   script:
     - gem update --system > /dev/null 2>&1
     - bundle config --local path vendor
-    - bundle install --quiet --jobs 4 --retry 3
+    - bundle install
+    - bundle exec rake test
+  cache:
+    key: ${CI_JOB_IMAGE}
+    paths:
+      - vendor/ruby
+
+.test_template-eol: &test_definition-eol
+  image: ruby:${RUBY_VERSION}
+  stage: test
+  script:
+    - gem update --system > /dev/null 2>&1
+    - bundle config --local path vendor
+    - bundle install
     - bundle exec rake test
   cache:
     key: ${CI_JOB_IMAGE}
@@ -32,7 +59,7 @@ workflow:
     # Actually updates both RubyGems and Bundler!
     - update_rubygems > /dev/null 2>&1
     - bundle config --local path vendor
-    - bundle install --quiet --jobs 4 --retry 3
+    - bundle install
     - bundle exec rake test
   cache:
     key: ${CI_JOB_IMAGE}
@@ -43,7 +70,13 @@ ruby-current:
   <<: *test_definition-current
   parallel:
     matrix:
-      - RUBY_VERSION: ["3.0", "3.1", "3.2"]
+      - RUBY_VERSION: ["3.1", "3.2", "3.3", "3.4"]
+
+ruby-eol:
+  <<: *test_definition-eol
+  parallel:
+    matrix:
+      - RUBY_VERSION: ["3.0"]
 
 ruby-legacy:
   <<: *test_definition-legacy
 
@@ -1,4 +1,4 @@
 --format documentation
---require spec_helper
 --color
+--require spec_helper
 --order random
@@ -1,59 +1,59 @@
 # frozen_string_literal: true
 
-require 'jwt'
+require "jwt"
 
-RSpec.describe 'using OAuth2 with Google' do
+RSpec.describe "using OAuth2 with Google" do
   # This describes authenticating to a Google API via a service account.
   # See their docs: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 
-  describe 'via 2-legged JWT assertion' do
+  describe "via 2-legged JWT assertion" do
     let(:client) do
       OAuth2::Client.new(
-        '',
-        '',
-        site: 'https://accounts.google.com',
-        authorize_url: '/o/oauth2/auth',
-        token_url: '/o/oauth2/token',
-        auth_scheme: :request_body
+        "",
+        "",
+        site: "https://accounts.google.com",
+        authorize_url: "/o/oauth2/auth",
+        token_url: "/o/oauth2/token",
+        auth_scheme: :request_body,
       )
     end
 
     # These are taken directly from Google's documentation example:
 
     let(:required_claims) do
       {
-        'iss' => '761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com',
+        "iss" => "761326798069-r5mljlln1rd4lrbhg75efgigp36m78j5@developer.gserviceaccount.com",
         # The email address of the service account.
 
-        'scope' => 'https://www.googleapis.com/auth/devstorage.readonly https://www.googleapis.com/auth/prediction',
+        "scope" => "https://www.googleapis.com/auth/devstorage.readonly https://www.googleapis.com/auth/prediction",
         # A space-delimited list of the permissions that the application requests.
 
-        'aud' => 'https://www.googleapis.com/oauth2/v4/token',
+        "aud" => "https://www.googleapis.com/oauth2/v4/token",
         # A descriptor of the intended target of the assertion. When making an access token request this value
         # is always https://www.googleapis.com/oauth2/v4/token.
 
-        'exp' => Time.now.to_i + 3600,
+        "exp" => Time.now.to_i + 3600,
         # The expiration time of the assertion, specified as seconds since 00:00:00 UTC, January 1, 1970. This value
         # has a maximum of 1 hour after the issued time.
 
-        'iat' => Time.now.to_i,
+        "iat" => Time.now.to_i,
         # The time the assertion was issued, specified as seconds since 00:00:00 UTC, January 1, 1970.
       }
     end
 
     let(:optional_claims) do
       {
-        'sub' => 'some.user@example.com',
+        "sub" => "some.user@example.com",
         # The email address of the user for which the application is requesting delegated access.
       }
     end
 
-    let(:algorithm) { 'RS256' }
+    let(:algorithm) { "RS256" }
     # Per Google: "Service accounts rely on the RSA SHA-256 algorithm"
 
     let(:key) do
       begin
-        OpenSSL::PKCS12.new(File.read('spec/fixtures/google_service_account_key.p12'), 'notasecret').key
+        OpenSSL::PKCS12.new(File.read("spec/fixtures/google_service_account_key.p12"), "notasecret").key
         # This simulates the .p12 file that Google gives you to download and keep somewhere.  This is meant to
         # illustrate extracting the key and using it to generate the JWT.
       rescue OpenSSL::PKCS12::PKCS12Error
@@ -73,39 +73,39 @@
       client.connection = Faraday.new(client.site, client.options[:connection_opts]) do |builder|
         builder.request :url_encoded
         builder.adapter :test do |stub|
-          stub.post('https://accounts.google.com/o/oauth2/token') do |token_request|
+          stub.post("https://accounts.google.com/o/oauth2/token") do |token_request|
             @request_body = Rack::Utils.parse_nested_query(token_request.body).transform_keys(&:to_sym)
 
             [
               200,
 
               {
-                'Content-Type' => 'application/json',
+                "Content-Type" => "application/json",
               },
 
               {
-                'access_token' => '1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M',
-                'token_type' => 'Bearer',
-                'expires_in' => 3600,
+                "access_token" => "1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M",
+                "token_type" => "Bearer",
+                "expires_in" => 3600,
               }.to_json,
             ]
           end
         end
       end
     end
 
-    context 'when passing the required claims' do
+    context "when passing the required claims" do
       let(:claims) { required_claims }
 
-      it 'sends a JWT with the 5 keys' do
+      it "sends a JWT with the 5 keys" do
         client.assertion.get_token(claims, encoding_options)
 
-        expect(@request_body).not_to be_nil, 'No access token request was made!'
-        expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer')
+        expect(@request_body).not_to be_nil, "No access token request was made!"
+        expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer")
         expect(@request_body[:assertion]).to be_a(String)
 
         payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm)
-        expect(header['alg']).to eq('RS256')
+        expect(header["alg"]).to eq("RS256")
         expect(payload.keys).to match_array(%w[iss scope aud exp iat])
 
         # Note that these specifically do _not_ include the 'sub' claim, which is indicated as being 'required'
@@ -118,18 +118,18 @@
       end
     end
 
-    context 'when including the optional `sub` claim' do
+    context "when including the optional `sub` claim" do
       let(:claims) { required_claims.merge(optional_claims) }
 
-      it 'sends a JWT with the 6 keys' do
+      it "sends a JWT with the 6 keys" do
         client.assertion.get_token(claims, encoding_options)
 
-        expect(@request_body).not_to be_nil, 'No access token request was made!'
-        expect(@request_body[:grant_type]).to eq('urn:ietf:params:oauth:grant-type:jwt-bearer')
+        expect(@request_body).not_to be_nil, "No access token request was made!"
+        expect(@request_body[:grant_type]).to eq("urn:ietf:params:oauth:grant-type:jwt-bearer")
         expect(@request_body[:assertion]).to be_a(String)
 
         payload, header = JWT.decode(@request_body[:assertion], key, true, algorithm: algorithm)
-        expect(header['alg']).to eq('RS256')
+        expect(header["alg"]).to eq("RS256")
         expect(payload.keys).to match_array(%w[iss scope aud exp iat sub])
 
         payload.each do |key, value|
 
@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'backports/2.5.0/hash/transform_keys'
+require "backports/2.5.0/hash/transform_keys"
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`# frozen_string_literal: true`
`2`	`2`
`3`		`-require 'backports/2.5.0/hash/transform_keys'`
	`3`	`+require "backports/2.5.0/hash/transform_keys"`