apiphobic-tokens 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 065e265c8b0c9ab81b420ba7d8d39c7483300d65634915d4b3c863b816033917
+  data.tar.gz: 611ffbb6939685eae93124f327505a963f09a7d4f703cb1824e6eb2dcad4ba5f
+SHA512:
+  metadata.gz: 7a34c1d2b67a73efc7a5c4bf345083e9684cffa7accbc951d263b06d18aea57fd1f4af4108e458127b7699f44bdb3337949064fbdfab703831e212cf01c3a44b
+  data.tar.gz: 5e16c64ef6ed70afd1d50cbd9ac2c0785ddd7a8bcce11ade799d23d6951e63bb2990029a9a1a0ba2e6548e7c2e1c7763aa7e39c05bb46f8614de393908112637

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c) 2010-2016 The Kompanee, Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,35 @@
+# Tokens
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/tokens`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'tokens'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install tokens
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/jfelchner/tokens.

data/lib/apiphobic-tokens.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/version'

data/lib/apiphobic/errors/expired.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'erratum/errors/authentication/invalid_token'
+
+module  Apiphobic
+module  Errors
+class   Expired < ::Erratum::Errors::InvalidToken
+  attr_accessor :expired_at
+
+  def title
+    'Token Is Expired'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      This token has already expired.  It expired on '#{expired_at.iso8601}'.
+    HEREDOC
+  end
+
+  def source
+    {
+      'expired_at' => expired_at.iso8601,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/errors/future_issuance.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'erratum/errors/authentication/invalid_token'
+
+module  Apiphobic
+module  Errors
+class   FutureIssuance < ::Erratum::Errors::InvalidToken
+  attr_accessor :issued_at
+
+  def title
+    'Invalid Issuance'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      The date at which this token was issued (#{issued_at.iso8601}) is
+      invalid.
+    HEREDOC
+  end
+
+  def source
+    {
+      'issued_at' => issued_at,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/errors/invalid_attribute.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'erratum/errors/authentication/invalid_token'
+
+module  Apiphobic
+module  Errors
+class   InvalidAttribute < ::Erratum::Errors::InvalidToken
+  attr_accessor :attribute_name,
+                :attribute_value,
+                :additional_message
+
+  def title
+    'Invalid Issuance'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      The #{attribute_name} listed in your token (#{attribute_value}) is not
+      valid for this application. #{additional_message}
+    HEREDOC
+  end
+
+  def source
+    {
+      attribute_name => attribute_value,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/errors/unavailable.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'erratum/errors/authentication/invalid_token'
+
+module  Apiphobic
+module  Errors
+class   Unavailable < ::Erratum::Errors::InvalidToken
+  attr_accessor :available_at
+
+  def title
+    'Token Is Unavailable'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      The token you passed is not yet usable. Please wait until
+      '#{available_at.iso8601}' to try again.
+    HEREDOC
+  end
+
+  def source
+    {
+      'available_at' => available_at,
+    }
+  end
+end
+end
+end

data/lib/apiphobic/tokens/base64.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'erratum/errors/authentication/invalid_token'
+require 'apiphobic/tokens/base64s/null'
+
+module  Apiphobic
+module  Tokens
+class   Base64
+  attr_accessor :token
+
+  def initialize(token:)
+    self.token = token
+  end
+
+  def valid?
+    true
+  end
+
+  def validate!
+    true
+  end
+
+  def blank?
+    false
+  end
+
+  def to_h
+    [
+      {
+        'token' => token,
+      },
+      {
+        'typ' => 'base64',
+      },
+    ]
+  end
+
+  def self.convert(raw_token:)
+    return Base64s::Null.instance if raw_token.to_s == ''
+
+    ::Base64.strict_decode64(raw_token)
+
+    new(token: raw_token)
+  rescue ArgumentError
+    raise Erratum::Errors::InvalidToken
+  end
+end
+end
+end

data/lib/apiphobic/tokens/base64s/invalid.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/invalid'
+
+module  Apiphobic
+module  Tokens
+module  Base64s
+class   Invalid < Tokens::Invalid
+end
+end
+end
+end

data/lib/apiphobic/tokens/base64s/null.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/null'
+
+module  Apiphobic
+module  Tokens
+module  Base64s
+class   Null < Tokens::Null
+end
+end
+end
+end

data/lib/apiphobic/tokens/configurable.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/configuration'
+
+module  Apiphobic
+module  Tokens
+module  Configurable
+  module ClassMethods
+    def configure
+      yield configuration
+    end
+
+    def configuration
+      ::Apiphobic::Tokens::Configuration.instance
+    end
+  end
+
+  def self.included(base)
+    base.extend(ClassMethods)
+  end
+
+  def configuration
+    ::Apiphobic::Tokens::Configuration.instance
+  end
+end
+end
+end

data/lib/apiphobic/tokens/configuration.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'singleton'
+require 'openssl'
+
+module  Apiphobic
+module  Tokens
+  class Configuration
+    include Singleton
+
+    attr_writer :available_audiences,
+                :available_issuers,
+                :available_roles,
+                :available_subjects,
+                :default_audience,
+                :default_availability_leeway_in_seconds,
+                :default_expiration_in_minutes,
+                :default_expiration_leeway_in_seconds,
+                :default_issuer,
+                :default_roles,
+                :default_subject,
+                :private_key,
+                :type
+
+    def available_audiences
+      @available_audiences || []
+    end
+
+    def available_issuers
+      @available_issuers || []
+    end
+
+    def available_roles
+      @available_roles || []
+    end
+
+    def available_subjects
+      @available_subjects || []
+    end
+
+    def default_audience
+      @default_audience || 'public'
+    end
+
+    def default_availability_leeway_in_seconds
+      @default_availability_leeway_in_seconds || 5
+    end
+
+    def default_expiration_in_minutes
+      @default_expiration_in_minutes || (7 * 24 * 60)
+    end
+
+    def default_expiration_leeway_in_seconds
+      @default_expiration_leeway_in_seconds || 5
+    end
+
+    def default_issuer
+      @default_issuer || 'apiphobic'
+    end
+
+    def default_roles
+      @default_roles || %w{standard}
+    end
+
+    def default_subject
+      @default_subject || 'User'
+    end
+
+    def private_key
+      return unless @private_key
+      return @private_key if @private_key.respond_to?(:sign)
+
+      OpenSSL::PKey::RSA.new(@private_key)
+    end
+
+    def to_h
+      {
+        available_audiences:                    available_audiences,
+        available_issuers:                      available_issuers,
+        available_roles:                        available_roles,
+        available_subjects:                     available_subjects,
+        default_audience:                       default_audience,
+        default_availability_leeway_in_seconds: default_availability_leeway_in_seconds,
+        default_expiration_in_minutes:          default_expiration_in_minutes,
+        default_expiration_leeway_in_seconds:   default_expiration_leeway_in_seconds,
+        default_issuer:                         default_issuer,
+        default_roles:                          default_roles,
+        default_subject:                        default_subject,
+        private_key:                            private_key,
+        type:                                   type,
+      }
+    end
+
+    def type
+      @type || 'JWE'
+    end
+  end
+
+  def self.configure
+    yield configuration
+  end
+
+  def self.configuration
+    Configuration.instance
+  end
+end
+end

data/lib/apiphobic/tokens/invalid.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'singleton'
+require 'erratum/errors/authentication/invalid_token'
+
+module  Apiphobic
+module  Tokens
+class   Invalid
+  include Singleton
+
+  def valid?
+    false
+  end
+
+  def blank?
+    false
+  end
+
+  def validate!
+    fail Erratum::Errors::InvalidToken
+  end
+
+  def to_h
+    [{}, {}]
+  end
+
+  def to_s
+    ''
+  end
+end
+end
+end

data/lib/apiphobic/tokens/json_web_token.rb

@@ -0,0 +1,328 @@
+# frozen_string_literal: true
+
+require 'erratum'
+require 'json/jwt'
+require 'apiphobic/errors/expired'
+require 'apiphobic/errors/future_issuance'
+require 'apiphobic/errors/invalid_attribute'
+require 'apiphobic/errors/unavailable'
+require 'apiphobic/tokens/configurable'
+require 'apiphobic/tokens/json_web_tokens/null'
+require 'apiphobic/tokens/role_predicable'
+
+# rubocop:disable Metrics/ClassLength
+module  Apiphobic
+module  Tokens
+class   JsonWebToken
+  include Configurable
+  include RolePredicable
+
+  TRANSFORMATION_EXCEPTIONS = [
+                                JSON::JWT::Exception,
+                                JSON::JWT::InvalidFormat,
+                                JSON::JWT::VerificationFailed,
+                                JSON::JWT::UnexpectedAlgorithm,
+                                OpenSSL::PKey::RSAError,
+                                OpenSSL::Cipher::CipherError,
+                              ].freeze
+
+  attr_accessor :data,
+                :headers,
+                :private_key
+
+  def initialize(data:,
+                 headers:     {},
+                 private_key: configuration.private_key)
+
+    self.data        = data
+    self.headers     = headers
+    self.private_key = private_key
+  end
+
+  def self.build_from_request(request_token)
+    return Tokens::JsonWebTokens::Null.instance unless request_token
+
+    data, headers = *request_token
+
+    new(data: data, headers: headers)
+  end
+
+  # rubocop:disable Metrics/ParameterLists, Metrics/LineLength
+  def self.build(id:                SecureRandom.uuid,
+                 audience:          configuration.default_audience,
+                 expiration:        Time.now.utc.to_i + (60 * configuration.default_expiration_in_minutes),
+                 issuer:            configuration.default_issuer,
+                 issued_at:         Time.now.utc,
+                 not_before:        Time.now.utc,
+                 owner:             nil,
+                 roles:             configuration.default_roles,
+                 subject:           configuration.default_subject,
+                 subject_id:,
+                 token_private_key: configuration.private_key)
+
+    owner ||= subject_id
+
+    new(
+      private_key: token_private_key,
+      data:        {
+        'aud' => audience,
+        'exp' => expiration.to_i,
+        'iat' => issued_at.to_i,
+        'iss' => issuer,
+        'jti' => id,
+        'nbf' => not_before.to_i,
+        'own' => owner,
+        'rol' => roles.join(','),
+        'sid' => subject_id,
+        'sub' => subject,
+      },
+    )
+  end
+  # rubocop:enable Metrics/ParameterLists, Metrics/LineLength
+
+  def available?
+    not_before <= (Time.now.to_i + configuration.default_availability_leeway_in_seconds)
+  end
+
+  def blank?
+    data.empty?
+  end
+
+  def present?
+    data.any?
+  end
+
+  def empty?
+    data.empty?
+  end
+
+  def expired?
+    expiration <= (Time.now.to_i - configuration.default_expiration_leeway_in_seconds)
+  end
+
+  def future_issuance?
+    issued_at > Time.now.to_f
+  end
+
+  def valid?
+    validate!
+  rescue Erratum::Errors::InvalidToken
+    false
+  end
+
+  def valid_audience?
+    configuration.available_audiences.empty? ||
+    configuration.available_audiences.include?(audience)
+  end
+
+  def valid_id?
+    id =~ /[a-f0-9]{8}\-[a-f0-9]{4}\-[a-f0-9]{4}\-[a-f0-9]{4}\-[a-f0-9]{12}/i
+  end
+
+  def valid_issuer?
+    configuration.available_issuers.empty? ||
+    configuration.available_issuers.include?(issuer)
+  end
+
+  def valid_role?
+    roles.empty?                         ||
+    configuration.available_roles.empty? ||
+    (configuration.available_roles & roles).any?
+  end
+
+  def valid_subject?
+    configuration.available_subjects.empty? ||
+    configuration.available_subjects.include?(subject)
+  end
+
+  def validate!
+    validate_id!
+    validate_availability!
+    validate_expiration!
+    validate_issuance!
+    validate_issuer!
+    validate_role!
+    validate_subject!
+
+    true
+  end
+
+  def audience
+    data['aud']
+  end
+
+  def issued_at
+    data['iat']
+  end
+
+  def issuer
+    data['iss']
+  end
+
+  def expiration
+    data['exp']
+  end
+
+  def expiration_date
+    Time.at(expiration)
+  end
+
+  def id
+    data['jti']
+  end
+
+  def not_before
+    data['nbf']
+  end
+
+  def not_before_date
+    Time.at(not_before)
+  end
+
+  def owner_id
+    data['own']
+  end
+
+  def subject_id
+    data['sid']
+  end
+
+  def subject
+    data['sub']
+  end
+
+  def roles
+    @roles ||= data.fetch('rol', '').split(',')
+  end
+
+  def to_h
+    [data, headers]
+  end
+
+  def to_jwt
+    @to_jwt ||= JSON::JWT.new(data)
+  end
+
+  def to_jwt_s
+    @to_jwt_s ||= to_jwt.to_s
+  end
+
+  def to_jws
+    @to_jws ||= to_jwt.sign(private_key, 'RS256')
+  end
+
+  def to_jws_s
+    @to_jws_s ||= to_jws.to_s
+  end
+
+  def to_jwe
+    @to_jwe ||= to_jws.encrypt(private_key, 'RSA-OAEP', 'A256GCM')
+  end
+
+  def to_jwe_s
+    @to_jwe_s ||= to_jwe.to_s
+  end
+
+  def self.from_jwe(encrypted_token,
+                    private_key: configuration.private_key)
+
+    return JsonWebTokens::Null.instance if encrypted_token.to_s == ''
+
+    decrypted_token = JSON::JWT
+                        .decode(encrypted_token, private_key)
+                        .plain_text
+
+    from_jws(decrypted_token, private_key: private_key)
+  rescue *TRANSFORMATION_EXCEPTIONS => error
+    raise ::Erratum::Errors::InvalidToken.wrap(error)
+  end
+
+  def self.from_jws(signed_token,
+                    private_key: configuration.private_key)
+
+    return JsonWebTokens::Null.instance if signed_token.to_s == ''
+
+    decoded = JSON::JWT.decode(signed_token, private_key)
+
+    new(data:        decoded.to_h,
+        headers:     decoded.header,
+        private_key: private_key)
+  rescue *TRANSFORMATION_EXCEPTIONS => error
+    raise ::Erratum::Errors::InvalidToken.wrap(error)
+  end
+
+  private
+
+  def validate_audience!
+    return true unless audience
+    return true if     valid_audience?
+
+    Erratum.fail Errors::InvalidAttribute,
+                 attribute_name:  'audience',
+                 attribute_value: audience
+  end
+
+  def validate_availability!
+    return true unless not_before
+    return true if     available?
+
+    Erratum.fail Errors::Unavailable,
+                 available_at: not_before_date
+  end
+
+  def validate_expiration!
+    return true unless expiration
+    return true unless expired?
+
+    Erratum.fail Errors::Expired,
+                 expired_at: expiration_date
+  end
+
+  def validate_id!
+    return true unless id
+    return true if     valid_id?
+
+    Erratum.fail Errors::InvalidAttribute,
+                 attribute_name:     'id',
+                 attribute_value:    id,
+                 additional_message: 'It must be in the form of a UUID.'
+  end
+
+  def validate_issuance!
+    return true unless issued_at
+    return true unless future_issuance?
+
+    Erratum.fail Errors::FutureIssuance,
+                 issued_at: issued_at_date
+  end
+
+  def validate_issuer!
+    return true unless issuer
+    return true if     valid_issuer?
+
+    Erratum.fail Errors::InvalidAttribute,
+                 attribute_name:  'issuer',
+                 attribute_value: issuer
+  end
+
+  def validate_role!
+    return true unless roles
+    return true if     valid_role?
+
+    Erratum.fail Errors::InvalidAttribute,
+                 attribute_name:  'roles',
+                 attribute_value: roles
+  end
+
+  def validate_subject!
+    return true unless subject
+    return true if     valid_subject?
+
+    Erratum.fail Errors::InvalidAttribute,
+                 attribute_name:  'subject',
+                 attribute_value: subject
+  end
+end
+end
+end
+# rubocop:enable Metrics/ClassLength

data/lib/apiphobic/tokens/json_web_tokens/invalid.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/invalid'
+
+module  Apiphobic
+module  Tokens
+module  JsonWebTokens
+class   Invalid < Tokens::Invalid
+end
+end
+end
+end

data/lib/apiphobic/tokens/json_web_tokens/null.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/configurable'
+require 'apiphobic/tokens/role_predicable'
+require 'apiphobic/tokens/null'
+
+module  Apiphobic
+module  Tokens
+module  JsonWebTokens
+class   Null < Tokens::Null
+  include Configurable
+  include RolePredicable
+
+  def audience
+    nil
+  end
+
+  def issued_at
+    nil
+  end
+
+  def issuer
+    nil
+  end
+
+  def expiration
+    nil
+  end
+
+  def id
+    nil
+  end
+
+  def not_before
+    nil
+  end
+
+  def owner_id
+    nil
+  end
+
+  def subject_id
+    nil
+  end
+
+  def subject
+    nil
+  end
+
+  def roles
+    []
+  end
+end
+end
+end
+end

data/lib/apiphobic/tokens/json_web_tokens/password_reset.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'apiphobic/tokens/json_web_token'
+
+module  Apiphobic
+module  Tokens
+module  JsonWebTokens
+class   PasswordReset < JsonWebToken
+  def self.build(expiration: Time.now.utc.to_i + (30 * 60),
+                 roles:      %w{password_reset},
+                 **attrs)
+
+    super(expiration: expiration, roles: roles, **attrs)
+  end
+end
+end
+end
+end

data/lib/apiphobic/tokens/null.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+require 'singleton'
+
+module  Apiphobic
+module  Tokens
+class   Null
+  include Singleton
+
+  def valid?
+    true
+  end
+
+  def validate!
+    true
+  end
+
+  def blank?
+    true
+  end
+
+  def to_h
+    [{}, {}]
+  end
+
+  def to_s
+    ''
+  end
+end
+end
+end

data/lib/apiphobic/tokens/role_predicable.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Tokens
+module  RolePredicable
+  def method_missing(name, *args)
+    if role_predicates.include?(name)
+      roles.map(&:to_s).include?(name.to_s.gsub(/\?\z/, ''))
+    else
+      super
+    end
+  end
+
+  def respond_to_missing?(name, include_all)
+    role_predicates.include?(name) || super
+  end
+
+  private
+
+  def role_predicates
+    configuration.available_roles.map { |r| "#{r}?".to_sym }
+  end
+end
+end
+end

data/lib/apiphobic/tokens/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Apiphobic
+module Tokens
+  VERSION = '1.0.0'
+end
+end

metadata

@@ -0,0 +1,158 @@
+--- !ruby/object:Gem::Specification
+name: apiphobic-tokens
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- thegranddesign
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMREwDwYDVQQDDAhydWJ5
+  Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hvbnRoZWJsb2cxEzARBgoJ
+  kiaJk/IsZAEZFgNjb20wHhcNMTcwODAyMjI1OTM1WhcNMTgwODAyMjI1OTM1WjBN
+  MREwDwYDVQQDDAhydWJ5Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hv
+  bnRoZWJsb2cxEzARBgoJkiaJk/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDtLa7+7p49gW15OgOyRZad/F92iZcMdDjZ2kAxZlviXgVe
+  PCtjfdURobH+YMdt++6eRkE25utIFqHyN51Shxfdc21T3fPQe/ZEoMyiJK4tYzbh
+  7VjNJG4ldvKKpS1p7iVz9imnyTxNwb0JaIOsOFCA04T0u6aCQi2acNvAPLviXk0q
+  xJ/CKjI4QUTZKVrBt8Q1Egrp2yzmEnSNftDuTbBb8m4vDR+w325CwbKCgycHJ1/g
+  YZ3FO76TzJuRVbsYS/bU5XKHVEpkeFmWBqEXsk4DuUIWLa6WZEJcoZf+YP+1pycG
+  7YqSbydpINtEdopD+EEI+g+zNJ4nSI8/eQcQyEjBAgMBAAGjgZQwgZEwCQYDVR0T
+  BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFDWuVrg4ve0vLu71kqiGdyBnzJGV
+  MCsGA1UdEQQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMCsG
+  A1UdEgQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMA0GCSqG
+  SIb3DQEBBQUAA4IBAQDJIpHjbBPGiaY4wOHcXlltQ+BMmhWQNh+1fZtyajQd+7Ay
+  fv23mO7Mf25Q38gopQlpaODkfxq54Jt8FvQbr5RYRS4j+JEKb75NgrAtehd8USUd
+  CiJJGH+yvGNWug9IGZCGX91HIbTsLQ5IUUWQasC5jGP8nxXufUr9xgAJZZenewny
+  B2qKu8q1A/kj6cw62RCY7yBmUXxlcJBj8g+JKYAFbYYKUdQSzf50k9IiWLWunJM+
+  Y2GAoHKstmfIVhc4XHOPpmTd2o/C29O9oaRgjrkfQEhF/KvJ/PhoV5hvokzsCyI5
+  iUeXPfvrGD/itYIBCgk+fnzyQQ4QtE5hTQaWQ3o2
+  -----END CERTIFICATE-----
+date: 2018-05-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: erratum
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rspeckled
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+description: ''
+email:
+- rubygems@livinghighontheblog.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/apiphobic-tokens.rb
+- lib/apiphobic/errors/expired.rb
+- lib/apiphobic/errors/future_issuance.rb
+- lib/apiphobic/errors/invalid_attribute.rb
+- lib/apiphobic/errors/unavailable.rb
+- lib/apiphobic/tokens/base64.rb
+- lib/apiphobic/tokens/base64s/invalid.rb
+- lib/apiphobic/tokens/base64s/null.rb
+- lib/apiphobic/tokens/configurable.rb
+- lib/apiphobic/tokens/configuration.rb
+- lib/apiphobic/tokens/invalid.rb
+- lib/apiphobic/tokens/json_web_token.rb
+- lib/apiphobic/tokens/json_web_tokens/invalid.rb
+- lib/apiphobic/tokens/json_web_tokens/null.rb
+- lib/apiphobic/tokens/json_web_tokens/password_reset.rb
+- lib/apiphobic/tokens/null.rb
+- lib/apiphobic/tokens/role_predicable.rb
+- lib/apiphobic/tokens/version.rb
+homepage: ''
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: API Tokens
+test_files: []