omniauth · pboling · Nov 4, 2025 · Nov 4, 2025
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
@@ -1,28 +1,24 @@
 {
-  "README.md:3434634895": [
-    [68, 14, 2, "Lint/Syntax: unexpected token tASSOC\n(Using Ruby 2.0 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859494],
-    [69, 15, 2, "Lint/Syntax: unexpected token tASSOC\n(Using Ruby 2.0 parser; configure using `TargetRubyVersion` parameter, under `AllCops`)", 5859494]
-  ],
-  "lib/omniauth-ldap/adaptor.rb:3734330877": [
+  "lib/omniauth-ldap/adaptor.rb:2352927785": [
     [36, 7, 413, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 105664470],
     [86, 17, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
     [86, 30, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
     [86, 37, 1, "Lint/AssignmentInCondition: Wrap assignment in parentheses if intentional", 177560]
   ],
-  "lib/omniauth/strategies/ldap.rb:3702989656": [
+  "lib/omniauth/strategies/ldap.rb:3246704443": [
     [48, 9, 53, "Lint/RescueException: Avoid rescuing the `Exception` class. Perhaps you meant to rescue `StandardError`?", 4018396070],
     [54, 27, 3, "Style/AndOr: Use `&&` instead of `and`.", 193409806],
     [71, 7, 970, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3995669691]
   ],
-  "spec/omniauth-ldap/adaptor_spec.rb:3490841684": [
+  "spec/omniauth-ldap/adaptor_spec.rb:3624298807": [
     [72, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
     [73, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
     [74, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
     [80, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
     [81, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310],
     [82, 7, 26, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 1924417310]
   ],
-  "spec/omniauth/strategies/ldap_spec.rb:2669791786": [
+  "spec/omniauth/strategies/ldap_spec.rb:3760791626": [
     [13, 3, 54, "RSpec/LeakyConstantDeclaration: Stub class constant instead of declaring explicitly.", 2419068710],
     [76, 13, 9, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1130140517],
     [101, 17, 28, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 3444838747],

diff --git a/.yard_gfm_support.rb b/.yard_gfm_support.rb
@@ -18,5 +18,5 @@ def initialize(source, options = {})
 # - https://github.com/lsegal/yard/blob/main/lib/yard/templates/helpers/markup_helper.rb
 YARD::Templates::Helpers::MarkupHelper::MARKUP_PROVIDERS[:markdown].insert(
   0,
-  {:const => "KramdownGfmDocument"},
+  {const: "KramdownGfmDocument"},
 )
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -258,8 +258,8 @@ GEM
       parallel (~> 1.10)
       rainbow (>= 2.2.2, < 4.0)
       rubocop (~> 1.0)
-    rubocop-lts (0.1.1)
-      rubocop-ruby1_8 (>= 1.0.5, < 2)
+    rubocop-lts (4.1.1)
+      rubocop-ruby2_0 (>= 2.0.3, < 3)
       standard-rubocop-lts (>= 1.0.3, < 3)
       version_gem (>= 1.1.2, < 3)
     rubocop-md (1.2.4)
@@ -282,7 +282,7 @@ GEM
     rubocop-rspec (3.7.0)
       lint_roller (~> 1.1)
       rubocop (~> 1.72, >= 1.72.1)
-    rubocop-ruby1_8 (1.0.7)
+    rubocop-ruby2_0 (2.0.5)
       rubocop-gradual (~> 0.3, >= 0.3.1)
       rubocop-md (~> 1.2)
       rubocop-rake (~> 0.6)
@@ -399,11 +399,11 @@ DEPENDENCIES
   rdoc (~> 6.11)
   reek (~> 6.5)
   require_bench (~> 1.0, >= 1.0.4)
-  rubocop-lts (~> 0.1)
+  rubocop-lts (~> 4.0)
   rubocop-on-rbs (~> 1.8)
   rubocop-packaging (~> 0.6, >= 0.6.0)
   rubocop-rspec (~> 3.6)
-  rubocop-ruby1_8
+  rubocop-ruby2_0
   ruby-progressbar (~> 1.13)
   standard (>= 1.50)
   stone_checksums (~> 1.0, >= 1.0.2)

diff --git a/Guardfile b/Guardfile
@@ -1,4 +1,4 @@
-guard "rspec", :version => 2 do
+guard "rspec", version: 2 do
   watch(%r{^spec/.+_spec\.rb$})
   watch(%r{^lib/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
   watch("spec/spec_helper.rb") { "spec" }

diff --git a/README.md b/README.md
@@ -51,16 +51,16 @@
 Use the LDAP strategy as a middleware in your application:
 
 ```ruby
-use OmniAuth::Strategies::LDAP, 
-    :title => "My LDAP",
-    :host => '10.101.10.1',
-    :port => 389,
-    :method => :plain,
-    :base => 'dc=intridea,dc=com',
-    :uid => 'sAMAccountName',
-    :name_proc => Proc.new { |name| name.gsub(/@.*$/, '') },
-    :bind_dn => 'default_bind_dn',
-    :password => 'password'
+use OmniAuth::Strategies::LDAP,
+  title: "My LDAP",
+  host: "10.101.10.1",
+  port: 389,
+  method: :plain,
+  base: "dc=intridea,dc=com",
+  uid: "sAMAccountName",
+  name_proc: proc { |name| name.gsub(/@.*$/, "") },
+  bind_dn: "default_bind_dn",
+  password: "password"
 # Or, alternatively:
 # use OmniAuth::Strategies::LDAP, filter: '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))'
 ```
@@ -86,11 +86,26 @@ All of the listed options are required, with the exception of `:title`, `:name_p
 
 ### Compatibility
 
-Compatible with MRI Ruby 0+, and concordant releases of JRuby, and TruffleRuby.
+Compatible with MRI Ruby 2.0+, and concordant releases of JRuby, and TruffleRuby.
 
+| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚             |
 |------------------------------------------------|--------------------------------------------------------|
 | 👟 Check it out!                               | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ |
 
+### Ruby 3.4
+
+nkf/kconv has been part of Ruby since long ago.
+Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
+In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
+encoding support provided by String#encode, String#force_encoding, and similar methods.
+But this gem has not yet been updated to remove its dependency on nkf/kconv.
+
+As a result of all this you should add `nkf` to your Gemfile if you are using Ruby 3.4 or later.
+
+```ruby
+gem "nkf", "~> 0.1"
+```
+
 ### Enterprise Support [![Tidelift](https://tidelift.com/badges/package/rubygems/omniauth-ldap)](https://tidelift.com/subscription/pkg/rubygems-omniauth-ldap?utm_source=rubygems-omniauth-ldap&utm_medium=referral&utm_campaign=readme)
 
 Available as part of the Tidelift Subscription.
@@ -197,48 +212,48 @@ Below are several concrete examples to get you started.
 
 ```ruby
 # config.ru
-require 'rack'
-require 'omniauth-ldap'
+require "rack"
+require "omniauth-ldap"
 
-use Rack::Session::Cookie, secret: 'change_me'
+use Rack::Session::Cookie, secret: "change_me"
 use OmniAuth::Builder do
   provider :ldap,
-    host: 'ldap.example.com',
+    host: "ldap.example.com",
     port: 389,
     method: :plain,
-    base: 'dc=example,dc=com',
-    uid: 'uid',
-    title: 'Example LDAP'
+    base: "dc=example,dc=com",
+    uid: "uid",
+    title: "Example LDAP"
 end
 
-run lambda { |env| [404, {'Content-Type' => 'text/plain'}, [env.key?('omniauth.auth').to_s]] }
+run lambda { |env| [404, {"Content-Type" => "text/plain"}, [env.key?("omniauth.auth").to_s]] }
 ```
 
 Visit `GET /auth/ldap` to initiate authentication (the middleware will render a login form unless you POST to `/auth/ldap`).
 
 ### Sinatra example
 
 ```ruby
-require 'sinatra'
-require 'omniauth-ldap'
+require "sinatra"
+require "omniauth-ldap"
 
-use Rack::Session::Cookie, secret: 'change_me'
+use Rack::Session::Cookie, secret: "change_me"
 use OmniAuth::Builder do
   provider :ldap,
-    title: 'Company LDAP',
-    host: 'ldap.company.internal',
-    base: 'dc=company,dc=local',
-    uid: 'sAMAccountName',
-    name_proc: proc { |username| username.gsub(/@.*$/, '') }
+    title: "Company LDAP",
+    host: "ldap.company.internal",
+    base: "dc=company,dc=local",
+    uid: "sAMAccountName",
+    name_proc: proc { |username| username.gsub(/@.*$/, "") }
 end
 
-get '/' do
+get "/" do
   '<a href="/auth/ldap">Sign in with LDAP</a>'
 end
 
-get '/auth/ldap/callback' do
-  auth = request.env['omniauth.auth']
-  "Hello, #{auth.info['name']}"
+get "/auth/ldap/callback" do
+  auth = request.env["omniauth.auth"]
+  "Hello, #{auth.info["name"]}"
 end
 ```
 
@@ -247,16 +262,16 @@ end
 Create `config/initializers/omniauth.rb`:
 
 ```ruby
-Rails.application.config.middleware.use OmniAuth::Builder do
+Rails.application.config.middleware.use(OmniAuth::Builder) do
   provider :ldap,
-    title: 'Acme LDAP',
-    host: 'ldap.acme.internal',
+    title: "Acme LDAP",
+    host: "ldap.acme.internal",
     port: 389,
-    base: 'dc=acme,dc=corp',
-    uid: 'uid',
-    bind_dn: 'cn=search,dc=acme,dc=corp',
-    password: ENV['LDAP_SEARCH_PASSWORD'],
-    name_proc: proc { |n| n.split('@').first }
+    base: "dc=acme,dc=corp",
+    uid: "uid",
+    bind_dn: "cn=search,dc=acme,dc=corp",
+    password: ENV["LDAP_SEARCH_PASSWORD"],
+    name_proc: proc { |n| n.split("@").first }
 end
 ```
 
@@ -268,11 +283,11 @@ If you need to restrict authentication to a group or use a more complex lookup,
 
 ```ruby
 provider :ldap,
-  host: 'ldap.example.com',
-  base: 'dc=example,dc=com',
-  filter: '(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))',
-  bind_dn: 'cn=search,dc=example,dc=com',
-  password: ENV['LDAP_SEARCH_PASSWORD']
+  host: "ldap.example.com",
+  base: "dc=example,dc=com",
+  filter: "(&(uid=%{username})(memberOf=cn=myapp-users,ou=groups,dc=example,dc=com))",
+  bind_dn: "cn=search,dc=example,dc=com",
+  password: ENV["LDAP_SEARCH_PASSWORD"]
 ```
 
 ### SASL (advanced)
@@ -281,11 +296,11 @@ SASL enables alternative bind mechanisms. Only enable if you understand the serv
 
 ```ruby
 provider :ldap,
-  host: 'ldap.example.com',
-  base: 'dc=example,dc=com',
+  host: "ldap.example.com",
+  base: "dc=example,dc=com",
   try_sasl: true,
-  sasl_mechanisms: ['DIGEST-MD5'],
-  uid: 'uid'
+  sasl_mechanisms: ["DIGEST-MD5"],
+  uid: "uid"
 ```
 
 Supported mechanisms include `"DIGEST-MD5"` and `"GSS-SPNEGO"` depending on your environment and gems.
@@ -296,10 +311,10 @@ If users log in with an email but LDAP expects a short username, use `:name_proc
 
 ```ruby
 provider :ldap,
-  host: 'ldap.example.com',
-  base: 'dc=example,dc=com',
-  uid: 'sAMAccountName',
-  name_proc: proc { |name| name.gsub(/@.*$/, '') }
+  host: "ldap.example.com",
+  base: "dc=example,dc=com",
+  uid: "sAMAccountName",
+  name_proc: proc { |name| name.gsub(/@.*$/, "") }
 ```
 
 This trims `alice@example.com` to `alice` before searching.

diff --git a/gemfiles/audit.gemfile b/gemfiles/audit.gemfile
@@ -2,6 +2,6 @@
 
 source "https://gem.coop"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/x_std_libs.gemfile")
diff --git a/gemfiles/coverage.gemfile b/gemfiles/coverage.gemfile
@@ -2,7 +2,7 @@
 
 source "https://gem.coop"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/omniauth/r3/v2.1.gemfile")
 

diff --git a/gemfiles/current.gemfile b/gemfiles/current.gemfile
@@ -2,7 +2,7 @@
 
 source "https://gem.coop"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/omniauth/r3/v2.1.gemfile")
 

diff --git a/gemfiles/dep_heads.gemfile b/gemfiles/dep_heads.gemfile
@@ -2,7 +2,7 @@
 
 source "https://gem.coop"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/omniauth/vHEAD.gemfile")
 

diff --git a/gemfiles/head.gemfile b/gemfiles/head.gemfile
@@ -4,7 +4,7 @@ source "https://gem.coop"
 
 gem "benchmark", "~> 0.4", ">= 0.4.1"
 
-gemspec :path => "../"
+gemspec path: "../"
 
 eval_gemfile("modular/omniauth/vHEAD.gemfile")
 

diff --git a/gemfiles/modular/coverage.gemfile b/gemfiles/modular/coverage.gemfile
@@ -3,4 +3,4 @@
 # We run code coverage on the latest version of Ruby only.
 
 # Coverage
-gem "kettle-soup-cover", "~> 1.0", ">= 1.0.10", :require => false
+gem "kettle-soup-cover", "~> 1.0", ">= 1.0.10", require: false
diff --git a/gemfiles/modular/documentation.gemfile b/gemfiles/modular/documentation.gemfile
@@ -3,8 +3,8 @@
 # Documentation
 gem "kramdown", "~> 2.5", ">= 2.5.1" # Ruby >= 2.5
 gem "kramdown-parser-gfm", "~> 1.1" # Ruby >= 2.3
-gem "yard", "~> 0.9", ">= 0.9.37", :require => false
-gem "yard-junk", "~> 0.0", ">= 0.0.10", :github => "pboling/yard-junk", :branch => "next", :require => false
+gem "yard", "~> 0.9", ">= 0.9.37", require: false
+gem "yard-junk", "~> 0.0", ">= 0.0.10", github: "pboling/yard-junk", branch: "next", require: false
 gem "yard-relative_markdown_links", "~> 0.5.0"
 
 # Std Lib extractions

diff --git a/gemfiles/modular/erb/vHEAD.gemfile b/gemfiles/modular/erb/vHEAD.gemfile
@@ -1,2 +1,2 @@
 # Ruby >= 3.2 (dependency of kettle-dev)
-gem "erb", :github => "ruby/erb", :branch => "master"
+gem "erb", github: "ruby/erb", branch: "master"
diff --git a/gemfiles/modular/logger/vHEAD.gemfile b/gemfiles/modular/logger/vHEAD.gemfile
@@ -1,2 +1,2 @@
 # Ruby >= 2.5 (dependency of omniauth)
-gem "logger", :github => "ruby/logger", :branch => "master"
+gem "logger", github: "ruby/logger", branch: "master"
diff --git a/gemfiles/modular/mutex_m/vHEAD.gemfile b/gemfiles/modular/mutex_m/vHEAD.gemfile
@@ -1,2 +1,2 @@
 # Ruby >= 2.5 (dependency of omniauth)
-gem "mutex_m", :github => "ruby/mutex_m", :branch => "master"
+gem "mutex_m", github: "ruby/mutex_m", branch: "master"
diff --git a/gemfiles/modular/omniauth/vHEAD.gemfile b/gemfiles/modular/omniauth/vHEAD.gemfile
@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 
 # Ruby >= 2.2
-gem "omniauth", :github => "omniauth/omniauth", :branch => "master"
+gem "omniauth", github: "omniauth/omniauth", branch: "master"
diff --git a/gemfiles/modular/optional.gemfile b/gemfiles/modular/optional.gemfile
@@ -5,7 +5,7 @@
 gem "addressable", ">= 2.8", "< 3" # ruby >= 2.2
 
 # nkf/kconv has been part of Ruby since long ago.
-# Eventually it became a standard gem, but was removed from stdlib in Ruby 3.4.
+# Eventually it became a standard gem, but was changed to a bundled gem in Ruby 3.4.
 # In general, kconv and iconv have been superseded since Ruby 1.9 by the built-in
 #   encoding support provided by String#encode, String#force_encoding, and similar methods.
 gem "nkf"                        # ruby >= 2.3
diff --git a/gemfiles/modular/rack/vHEAD.gemfile b/gemfiles/modular/rack/vHEAD.gemfile
@@ -1 +1 @@
-gem "rack", :github => "rack/rack", :branch => "main"
+gem "rack", github: "rack/rack", branch: "main"
diff --git a/gemfiles/modular/runtime_heads.gemfile b/gemfiles/modular/runtime_heads.gemfile
@@ -3,7 +3,7 @@
 # Test against HEAD of runtime dependencies so we can proactively file bugs
 
 # Ruby >= 2.2
-gem "version_gem", :github => "ruby-oauth/version_gem", :branch => "main"
+gem "version_gem", github: "ruby-oauth/version_gem", branch: "main"
 
 eval_gemfile("rack/vHEAD.gemfile")
 

diff --git a/gemfiles/modular/stringio/vHEAD.gemfile b/gemfiles/modular/stringio/vHEAD.gemfile
@@ -1,2 +1,2 @@
 # Ruby >= 2.5 (dependency of omniauth)
-gem "stringio", :github => "ruby/stringio", :branch => "master"
+gem "stringio", github: "ruby/stringio", branch: "master"
diff --git a/gemfiles/modular/style.gemfile b/gemfiles/modular/style.gemfile
@@ -14,12 +14,12 @@ gem "benchmark", "~> 0.4", ">= 0.4.1" # Removed from Std Lib in Ruby 3.5
 
 if ENV.fetch("RUBOCOP_LTS_LOCAL", "false").casecmp("true").zero?
   home = ENV["HOME"]
-  gem "rubocop-lts", :path => "#{home}/src/rubocop-lts/rubocop-lts"
-  gem "rubocop-lts-rspec", :path => "#{home}/src/rubocop-lts/rubocop-lts-rspec"
-  gem "rubocop-ruby1_8", :path => "#{home}/src/rubocop-lts/rubocop-ruby1_8"
-  gem "standard-rubocop-lts", :path => "#{home}/src/rubocop-lts/standard-rubocop-lts"
+  gem "rubocop-lts", path: "#{home}/src/rubocop-lts/rubocop-lts"
+  gem "rubocop-lts-rspec", path: "#{home}/src/rubocop-lts/rubocop-lts-rspec"
+  gem "rubocop-ruby2_0", path: "#{home}/src/rubocop-lts/rubocop-ruby2_0"
+  gem "standard-rubocop-lts", path: "#{home}/src/rubocop-lts/standard-rubocop-lts"
 else
-  gem "rubocop-lts", "~> 0.1"
-  gem "rubocop-ruby1_8"
+  gem "rubocop-lts", "~> 4.0"
+  gem "rubocop-ruby2_0"
   gem "rubocop-rspec", "~> 3.6"
 end
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		gem "rack", :github => "rack/rack", :branch => "main"
		gem "rack", github: "rack/rack", branch: "main"