apple_id 0.5.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -3
- data/VERSION +1 -1
- data/apple_id.gemspec +1 -1
- data/lib/apple_id.rb +3 -0
- data/lib/apple_id/access_token.rb +1 -0
- data/lib/apple_id/api/user_migration.rb +36 -0
- data/lib/apple_id/client.rb +1 -1
- data/lib/apple_id/id_token.rb +9 -9
- data/lib/apple_id/id_token/real_user_status.rb +27 -0
- data/lib/apple_id/jwks.rb +27 -0
- metadata +7 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8aec97bdb69637466419df18f24c42dce5ac8fd9fdb87439c71838461c66fdc2
|
|
4
|
+
data.tar.gz: 185267b0bc10970a1932885a4778ca18ec93249c5d12ad8a4c960775cfb0bfc8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0d6bfd4581f452e9f7a34dfd7f184dc5444f926a74a06ed3c24a302cc0a6ef5a0c63d18dd68f72bce7e50c26ad35ed1da694b9b5776725a05cde4ad9ce9dc270
|
|
7
|
+
data.tar.gz: 563cb61bf4dc6550b0df458b6518efe0956b09e7fcbef456b670e71228d50f3d8e92a3c0c105bdbaee2d3f7b056a22025b1824dc0c830c936a58de67e877ffe2
|
data/.travis.yml
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
1.1.1
|
data/apple_id.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
19
19
|
spec.require_paths = ['lib']
|
|
20
20
|
|
|
21
|
-
spec.add_runtime_dependency 'rack-oauth2', '~> 1.
|
|
21
|
+
spec.add_runtime_dependency 'rack-oauth2', '~> 1.12'
|
|
22
22
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.7'
|
|
23
23
|
spec.add_development_dependency 'bundler'
|
|
24
24
|
spec.add_development_dependency 'rake'
|
data/lib/apple_id.rb
CHANGED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
module API
|
|
3
|
+
module UserMigration
|
|
4
|
+
def transfer_from!(transfer_sub:)
|
|
5
|
+
resource_request do
|
|
6
|
+
post(
|
|
7
|
+
user_migration_endpoint,
|
|
8
|
+
transfer_sub: transfer_sub,
|
|
9
|
+
client_id: client.identifier,
|
|
10
|
+
client_secret: client.secret
|
|
11
|
+
)
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def transfer_to!(sub:, target:)
|
|
16
|
+
resource_request do
|
|
17
|
+
post(
|
|
18
|
+
user_migration_endpoint,
|
|
19
|
+
sub: sub,
|
|
20
|
+
target: client.team_id,
|
|
21
|
+
client_id: client.identifier,
|
|
22
|
+
client_secret: client.secret
|
|
23
|
+
)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def user_migration_endpoint
|
|
30
|
+
File.join(ISSUER, '/auth/usermigrationinfo')
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
AccessToken.include UserMigration
|
|
35
|
+
end
|
|
36
|
+
end
|
data/lib/apple_id/client.rb
CHANGED
|
@@ -40,7 +40,7 @@ module AppleID
|
|
|
40
40
|
|
|
41
41
|
def handle_success_response(response)
|
|
42
42
|
token_hash = JSON.parse(response.body).with_indifferent_access
|
|
43
|
-
AccessToken.new token_hash.delete(:access_token), token_hash
|
|
43
|
+
AccessToken.new token_hash.delete(:access_token), token_hash.merge(client: self)
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def handle_error_response(response)
|
data/lib/apple_id/id_token.rb
CHANGED
|
@@ -2,7 +2,7 @@ module AppleID
|
|
|
2
2
|
class IdToken < OpenIDConnect::ResponseObject::IdToken
|
|
3
3
|
class VerificationFailed < StandardError; end
|
|
4
4
|
|
|
5
|
-
attr_optional :email, :email_verified, :is_private_email, :nonce_supported
|
|
5
|
+
attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
|
|
6
6
|
attr_accessor :original_jwt_string
|
|
7
7
|
alias_method :original_jwt, :raw_attributes
|
|
8
8
|
|
|
@@ -18,6 +18,13 @@ module AppleID
|
|
|
18
18
|
end
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
def initialize(attributes = {})
|
|
22
|
+
super
|
|
23
|
+
unless self.real_user_status.nil?
|
|
24
|
+
self.real_user_status = RealUserStatus.new(self.real_user_status)
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
21
28
|
def verify!(verify_signature: true, client: nil, nonce: nil, state: nil, access_token: nil, code: nil)
|
|
22
29
|
verify_signature! if verify_signature
|
|
23
30
|
verify_claims! client, nonce, state, access_token, code
|
|
@@ -34,15 +41,8 @@ module AppleID
|
|
|
34
41
|
|
|
35
42
|
private
|
|
36
43
|
|
|
37
|
-
def jwks
|
|
38
|
-
@jwks ||= JSON.parse(
|
|
39
|
-
OpenIDConnect.http_client.get_content(JWKS_URI)
|
|
40
|
-
).with_indifferent_access
|
|
41
|
-
JSON::JWK::Set.new @jwks[:keys]
|
|
42
|
-
end
|
|
43
|
-
|
|
44
44
|
def verify_signature!
|
|
45
|
-
original_jwt.verify!
|
|
45
|
+
original_jwt.verify! JWKS.fetch(original_jwt.kid)
|
|
46
46
|
rescue
|
|
47
47
|
raise VerificationFailed, 'Signature Verification Failed'
|
|
48
48
|
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class IdToken::RealUserStatus
|
|
3
|
+
class UndefinedStatus < StandardError; end
|
|
4
|
+
|
|
5
|
+
attr_accessor :value
|
|
6
|
+
|
|
7
|
+
STATUSES = [
|
|
8
|
+
:unsupported,
|
|
9
|
+
:unknown,
|
|
10
|
+
:likely_real
|
|
11
|
+
]
|
|
12
|
+
|
|
13
|
+
def initialize(value)
|
|
14
|
+
self.value = value
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
STATUSES.each do |expected_status|
|
|
18
|
+
define_method :"#{expected_status}?" do
|
|
19
|
+
send(:status) == expected_status
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def status
|
|
24
|
+
STATUSES[value] or raise UndefinedStatus
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class JWKS < JSON::JWK::Set
|
|
3
|
+
class Cache
|
|
4
|
+
def fetch(cache_key)
|
|
5
|
+
yield
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def self.cache=(cache)
|
|
10
|
+
@@cache = cache
|
|
11
|
+
end
|
|
12
|
+
def self.cache
|
|
13
|
+
@@cache
|
|
14
|
+
end
|
|
15
|
+
self.cache = Cache.new
|
|
16
|
+
|
|
17
|
+
def self.fetch(cache_key)
|
|
18
|
+
jwks = cache.fetch("apple_id:jwks:#{cache_key}") do
|
|
19
|
+
new(
|
|
20
|
+
JSON.parse(
|
|
21
|
+
OpenIDConnect.http_client.get_content(JWKS_URI)
|
|
22
|
+
).with_indifferent_access[:keys]
|
|
23
|
+
)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apple_id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-
|
|
11
|
+
date: 2020-07-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack-oauth2
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.
|
|
19
|
+
version: '1.12'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1.
|
|
26
|
+
version: '1.12'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: openid_connect
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -143,8 +143,11 @@ files:
|
|
|
143
143
|
- bin/setup
|
|
144
144
|
- lib/apple_id.rb
|
|
145
145
|
- lib/apple_id/access_token.rb
|
|
146
|
+
- lib/apple_id/api/user_migration.rb
|
|
146
147
|
- lib/apple_id/client.rb
|
|
147
148
|
- lib/apple_id/id_token.rb
|
|
149
|
+
- lib/apple_id/id_token/real_user_status.rb
|
|
150
|
+
- lib/apple_id/jwks.rb
|
|
148
151
|
homepage: https://github.com/nov/apple_id
|
|
149
152
|
licenses:
|
|
150
153
|
- MIT
|