apple_id 1.1.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +3 -0
- data/.travis.yml +2 -1
- data/README.md +2 -2
- data/VERSION +1 -1
- data/apple_id.gemspec +2 -2
- data/lib/apple_id/client.rb +7 -1
- data/lib/apple_id/event_token/event.rb +11 -0
- data/lib/apple_id/event_token.rb +61 -0
- data/lib/apple_id/id_token.rb +1 -1
- data/lib/apple_id.rb +4 -0
- metadata +10 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4447d024e910da0480e07d58164eefce5daa78c1389ecb8a571ad20bf969c291
|
|
4
|
+
data.tar.gz: 9ad9be586a2c3e96e7fc3d35eb07c2c6360cde0736b705c7584bdd0fc5a6aac1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8655e9f56f4ba8e4e71b5048be8d637bb9e798acd48a5cccd979f6f55ef1d73cb1b7a2cf9e84c46a6d95727b8cf749f5b4e4a8bc7fe7a28170acea05e7581e5
|
|
7
|
+
data.tar.gz: a097b0398ac8da49da3874a6c073abbe844339773b638761a6f33a204c9c0207a72fdab38d2eb10cf5c0edddddb4562dfd7189ad8b2e7bc8d5dfec9064903eeb
|
data/.github/FUNDING.yml
ADDED
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -36,7 +36,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
36
36
|
|
|
37
37
|
## Contributing
|
|
38
38
|
|
|
39
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
39
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/nov/apple_id. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
|
40
40
|
|
|
41
41
|
## License
|
|
42
42
|
|
|
@@ -44,4 +44,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
|
|
|
44
44
|
|
|
45
45
|
## Code of Conduct
|
|
46
46
|
|
|
47
|
-
Everyone interacting in the AppleID project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/
|
|
47
|
+
Everyone interacting in the AppleID project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/nov/apple_id/blob/master/CODE_OF_CONDUCT.md).
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.0
|
data/apple_id.gemspec
CHANGED
|
@@ -18,8 +18,8 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
19
19
|
spec.require_paths = ['lib']
|
|
20
20
|
|
|
21
|
-
spec.add_runtime_dependency 'rack-oauth2', '~> 1.
|
|
22
|
-
spec.add_runtime_dependency 'openid_connect', '~> 1.
|
|
21
|
+
spec.add_runtime_dependency 'rack-oauth2', '~> 1.21'
|
|
22
|
+
spec.add_runtime_dependency 'openid_connect', '~> 1.3.0'
|
|
23
23
|
spec.add_development_dependency 'bundler'
|
|
24
24
|
spec.add_development_dependency 'rake'
|
|
25
25
|
spec.add_development_dependency 'rspec'
|
data/lib/apple_id/client.rb
CHANGED
|
@@ -7,7 +7,8 @@ module AppleID
|
|
|
7
7
|
def initialize(attributes)
|
|
8
8
|
attributes_with_default = {
|
|
9
9
|
authorization_endpoint: File.join(ISSUER, '/auth/authorize'),
|
|
10
|
-
token_endpoint:
|
|
10
|
+
token_endpoint: File.join(ISSUER, '/auth/token'),
|
|
11
|
+
revocation_endpoint: File.join(ISSUER, '/auth/revoke'),
|
|
11
12
|
}.merge(attributes)
|
|
12
13
|
super attributes_with_default
|
|
13
14
|
end
|
|
@@ -17,6 +18,11 @@ module AppleID
|
|
|
17
18
|
super :body, options
|
|
18
19
|
end
|
|
19
20
|
|
|
21
|
+
def revoke!(options = {})
|
|
22
|
+
self.secret = client_secret_jwt
|
|
23
|
+
super :body, options
|
|
24
|
+
end
|
|
25
|
+
|
|
20
26
|
private
|
|
21
27
|
|
|
22
28
|
def client_secret_jwt
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class EventToken < OpenIDConnect::ConnectObject
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
|
+
|
|
5
|
+
# NOTE: Apple uses `events` for the JWT key, but this gem uses `event` since it's always a single JSON Object.
|
|
6
|
+
# Once they start returning an array of events, this gem might use `events` as the attribute name.
|
|
7
|
+
attr_required :iss, :aud, :exp, :iat, :jti, :event
|
|
8
|
+
alias_method :original_jwt, :raw_attributes
|
|
9
|
+
|
|
10
|
+
def initialize(attributes = {})
|
|
11
|
+
super
|
|
12
|
+
@event = Event.decode attributes[:events]
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def verify!(verify_signature: true, client: nil)
|
|
16
|
+
verify_signature! if verify_signature
|
|
17
|
+
verify_claims! client, nonce, state, access_token, code
|
|
18
|
+
self
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
class << self
|
|
22
|
+
def decode(jwt_string)
|
|
23
|
+
new JSON::JWT.decode jwt_string, :skip_verification
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def verify_signature!
|
|
30
|
+
original_jwt.verify! JWKS.fetch(original_jwt.kid)
|
|
31
|
+
rescue
|
|
32
|
+
raise VerificationFailed, 'Signature Verification Failed'
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def verify_claims!(client, nonce, state, access_token, code)
|
|
36
|
+
aud = if client.respond_to?(:identifier)
|
|
37
|
+
client.identifier
|
|
38
|
+
else
|
|
39
|
+
client
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
failure_reasons = []
|
|
43
|
+
if self.iss != ISSUER
|
|
44
|
+
failure_reasons << :iss
|
|
45
|
+
end
|
|
46
|
+
if aud.present? && self.aud != aud
|
|
47
|
+
failure_reasons << :aud
|
|
48
|
+
end
|
|
49
|
+
if Time.now.to_i < iat
|
|
50
|
+
failure_reasons << :iat
|
|
51
|
+
end
|
|
52
|
+
if Time.now.to_i >= exp
|
|
53
|
+
failure_reasons << :exp
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
if failure_reasons.present?
|
|
57
|
+
raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
data/lib/apple_id/id_token.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module AppleID
|
|
2
2
|
class IdToken < OpenIDConnect::ResponseObject::IdToken
|
|
3
|
-
class VerificationFailed <
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
4
|
|
|
5
5
|
attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
|
|
6
6
|
attr_accessor :original_jwt_string
|
data/lib/apple_id.rb
CHANGED
|
@@ -8,6 +8,8 @@ module AppleID
|
|
|
8
8
|
::File.join(::File.dirname(__FILE__), '../VERSION')
|
|
9
9
|
).chomp
|
|
10
10
|
|
|
11
|
+
class Error < StandardError; end
|
|
12
|
+
|
|
11
13
|
def self.logger
|
|
12
14
|
@@logger
|
|
13
15
|
end
|
|
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
|
|
|
56
58
|
require 'apple_id/id_token'
|
|
57
59
|
require 'apple_id/id_token/real_user_status'
|
|
58
60
|
require 'apple_id/jwks'
|
|
61
|
+
require 'apple_id/event_token'
|
|
62
|
+
require 'apple_id/event_token/event'
|
|
59
63
|
require 'apple_id/api/user_migration'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apple_id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-07-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack-oauth2
|
|
@@ -16,28 +16,28 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '1.
|
|
19
|
+
version: '1.21'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '1.
|
|
26
|
+
version: '1.21'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: openid_connect
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 1.
|
|
33
|
+
version: 1.3.0
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 1.
|
|
40
|
+
version: 1.3.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: bundler
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -129,6 +129,7 @@ executables: []
|
|
|
129
129
|
extensions: []
|
|
130
130
|
extra_rdoc_files: []
|
|
131
131
|
files:
|
|
132
|
+
- ".github/FUNDING.yml"
|
|
132
133
|
- ".gitignore"
|
|
133
134
|
- ".rspec"
|
|
134
135
|
- ".travis.yml"
|
|
@@ -145,6 +146,8 @@ files:
|
|
|
145
146
|
- lib/apple_id/access_token.rb
|
|
146
147
|
- lib/apple_id/api/user_migration.rb
|
|
147
148
|
- lib/apple_id/client.rb
|
|
149
|
+
- lib/apple_id/event_token.rb
|
|
150
|
+
- lib/apple_id/event_token/event.rb
|
|
148
151
|
- lib/apple_id/id_token.rb
|
|
149
152
|
- lib/apple_id/id_token/real_user_status.rb
|
|
150
153
|
- lib/apple_id/jwks.rb
|
|
@@ -167,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
167
170
|
- !ruby/object:Gem::Version
|
|
168
171
|
version: '0'
|
|
169
172
|
requirements: []
|
|
170
|
-
rubygems_version: 3.
|
|
173
|
+
rubygems_version: 3.1.6
|
|
171
174
|
signing_key:
|
|
172
175
|
specification_version: 4
|
|
173
176
|
summary: Sign-in with Apple Backend
|