Fix tests

.devcontainer/devcontainer.json

@@ -0,0 +1,18 @@
+{
+	"name": "Ruby",
+	"image": "mcr.microsoft.com/devcontainers/ruby:3.1",
+	"features": {
+		"ghcr.io/devcontainers/features/node:1": {
+			"version": "lts"
+		}
+	},
+
+	// Use 'forwardPorts' to make a list of ports inside the container available locally.
+	// "forwardPorts": [],
+
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "ruby --version",
+
+	// Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "vscode"
+}

Gemfile

@@ -22,4 +22,5 @@ group :test do
   gem 'rspec', '~> 3.5'
   gem 'simplecov-cobertura'
   gem 'webmock', '>= 3.12.2'
+  gem 'multi_json', '~> 1.15.0'
 end

Gemfile.lock

@@ -49,6 +49,7 @@ GEM
       rb-inotify (~> 0.9, >= 0.9.10)
     lumberjack (1.2.8)
     method_source (1.0.0)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
@@ -150,6 +151,7 @@ GEM
       hashdiff (>= 0.4.0, < 2.0.0)
 
 PLATFORMS
+  aarch64-linux
   arm64-darwin-21
   x86_64-darwin-20
   x86_64-darwin-21
@@ -162,6 +164,7 @@ DEPENDENCIES
   guard-rspec
   jwt
   listen (~> 3)
+  multi_json (~> 1.15.0)
   omniauth-auth0!
   pry
   rack-test (>= 2.0.0)

lib/omniauth/strategies/auth0.rb

@@ -94,7 +94,7 @@ def authorize_params
         params[:leeway] = 60 unless params[:leeway]
 
         # Store authorize params in the session for token verification
-        session['authorize_params'] = params.to_hash
+        session['authorize_params'] = params
 
         params
       end

spec/omniauth/auth0/jwt_validator_spec.rb

@@ -476,7 +476,7 @@
       expect(id_token['auth_time']).to eq(auth_time)
     end
 
-    it 'should fail when authorize params has organization but org_id is missing in the token', focus: true do
+    it 'should fail when authorize params has organization but org_id is missing in the token' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -493,7 +493,7 @@
       }))
     end
 
-    it 'should fail when authorize params has organization but token org_id does not match', focus: true do
+    it 'should fail when authorize params has organization but token org_id does not match' do
       payload = {
         iss: "https://#{domain}/",
         sub: 'sub',
@@ -544,7 +544,7 @@
       expect do
         verified_token = make_jwt_validator(opt_domain: domain).verify(token)
       end.to raise_error(an_instance_of(JWT::VerificationError).and having_attributes({
-        message: "Signature verification raised"
+        message: "Signature verification failed"
       }))
     end
 

spec/omniauth/strategies/auth0_spec.rb

@@ -2,6 +2,7 @@
 
 require 'spec_helper'
 require 'jwt'
+require 'multi_json'
 
 OmniAuth.config.allowed_request_methods = [:get, :post]
 

spec/spec_helper.rb

@@ -1,6 +1,7 @@
 $LOAD_PATH.unshift File.expand_path(__dir__)
 $LOAD_PATH.unshift File.expand_path('../lib', __dir__)
 
+require 'multi_json'
 require 'simplecov'
 SimpleCov.start
 
@@ -22,6 +23,8 @@
   config.include WebMock::API
   config.include Rack::Test::Methods
   config.extend OmniAuth::Test::StrategyMacros, type: :strategy
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
 
   def app
     @app || make_application
@@ -39,7 +42,7 @@ def make_application(options = {})
       configure do
         enable :sessions
         set :show_exceptions, false
-        set :session_secret, 'TEST'
+        set :session_secret, '9771aff2c634257053c62ba072c54754bd2cc92739b37e81c3eda505da48c2ec'
       end
 
       use OmniAuth::Builder do