apple_id 1.2.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f1661521a859bf390a20f26adc70587b74e8443d11af6f887d44b72a858423e
-  data.tar.gz: 883584d2104c9de4d4ccbb2fe82501d24a08a299f0b9c64dc9f7c3358cf4f96c
+  metadata.gz: 535212dfcb103a30e0977d80a0d5b8bd21d8ce25ccd0d13bf450542ba706473b
+  data.tar.gz: df08efbc2cc0de63e9645e8d4aa9a63c5f7a632b3b61fcd27f30c47cab52c673
 SHA512:
-  metadata.gz: 61905204b8ae74d331a34ae379993a8d0c2de9419c65893adc76386bb8253dda24fb5dedda5fda73c090e6b65d4e522622849565de9912d2c28777d96898793c
-  data.tar.gz: cc07894558b23bb8fdd453d35069d69af2cd31eeda3465b57cd5efd654962cc1a978af2da942dae33ff009018a9340412b8e5c10376afae8ca670cbbb1677f67
+  metadata.gz: 067b35d844a7e2a2c802d0823c5ef2572e4b2d1515b7b9756c3b6393ebc0633074708656fc42d89ed7522acd69fb0d377102e770e643fe31ad6eb0cc394c0d64
+  data.tar.gz: 13439c70fc5982bd0576645b1411979f74b2adf4df0252e05fe03c55a691a218f2d0d63ae363a0e27c434abcf26dd9a9450c42e5ffb15e5388deb2344987ede9

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: nov

data/.travis.yml

@@ -6,4 +6,5 @@ before_install: gem install bundler
 rvm:
   - 2.5.8
   - 2.6.6
-  - 2.7.2
+  - 2.7.2
+  - 3.0.2

data/README.md

@@ -36,7 +36,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/apple_id. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/nov/apple_id. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 
@@ -44,4 +44,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the AppleID project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/apple_id/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the AppleID project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/nov/apple_id/blob/master/CODE_OF_CONDUCT.md).

data/VERSION

@@ -1 +1 @@
-1.2.0
+1.4.1

data/apple_id.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_runtime_dependency 'rack-oauth2', '~> 1.19'
+  spec.add_runtime_dependency 'rack-oauth2', '~> 1.21'
   spec.add_runtime_dependency 'openid_connect', '~> 1.3.0'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'

data/lib/apple_id/client.rb

@@ -7,7 +7,8 @@ module AppleID
     def initialize(attributes)
       attributes_with_default = {
         authorization_endpoint: File.join(ISSUER, '/auth/authorize'),
-        token_endpoint: File.join(ISSUER, '/auth/token')
+        token_endpoint:         File.join(ISSUER, '/auth/token'),
+        revocation_endpoint:    File.join(ISSUER, '/auth/revoke'),
       }.merge(attributes)
       super attributes_with_default
     end
@@ -17,6 +18,11 @@ module AppleID
       super :body, options
     end
 
+    def revoke!(options = {})
+      self.secret = client_secret_jwt
+      super :body, options
+    end
+
     private
 
     def client_secret_jwt

data/lib/apple_id/event_token/event.rb

@@ -0,0 +1,11 @@
+module AppleID
+  class EventToken::Event < OpenIDConnect::ConnectObject
+    attr_required :type, :sub, :event_time
+
+    class << self
+      def decode(json_string)
+        new JSON.parse(json_string).with_indifferent_access
+      end
+    end
+  end
+end

data/lib/apple_id/event_token.rb

@@ -0,0 +1,60 @@
+module AppleID
+  class EventToken < OpenIDConnect::ConnectObject
+    class VerificationFailed < Error; end
+
+    attr_required :iss, :aud, :exp, :iat, :jti, :events
+    alias_method :original_jwt, :raw_attributes
+    alias_method :event, :events
+
+    def initialize(attributes = {})
+      super
+      @events = Event.decode attributes[:events]
+    end
+
+    def verify!(verify_signature: true, client: nil)
+      verify_signature! if verify_signature
+      verify_claims! client
+      self
+    end
+
+    class << self
+      def decode(jwt_string)
+        new JSON::JWT.decode jwt_string, :skip_verification
+      end
+    end
+
+    private
+
+    def verify_signature!
+      original_jwt.verify! JWKS.fetch(original_jwt.kid)
+    rescue
+      raise VerificationFailed, 'Signature Verification Failed'
+    end
+
+    def verify_claims!(client)
+      aud = if client.respond_to?(:identifier)
+        client.identifier
+      else
+        client
+      end
+
+      failure_reasons = []
+      if self.iss != ISSUER
+        failure_reasons << :iss
+      end
+      if aud.present? && self.aud != aud
+        failure_reasons << :aud
+      end
+      if Time.now.to_i < iat
+        failure_reasons << :iat
+      end
+      if Time.now.to_i >= exp
+        failure_reasons << :exp
+      end
+
+      if failure_reasons.present?
+        raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
+      end
+    end
+  end
+end

data/lib/apple_id/id_token.rb

@@ -1,6 +1,6 @@
 module AppleID
   class IdToken < OpenIDConnect::ResponseObject::IdToken
-    class VerificationFailed < StandardError; end
+    class VerificationFailed < Error; end
 
     attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
     attr_accessor :original_jwt_string

data/lib/apple_id.rb

@@ -8,6 +8,8 @@ module AppleID
     ::File.join(::File.dirname(__FILE__), '../VERSION')
   ).chomp
 
+  class Error < StandardError; end
+
   def self.logger
     @@logger
   end
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
 require 'apple_id/id_token'
 require 'apple_id/id_token/real_user_status'
 require 'apple_id/jwks'
+require 'apple_id/event_token'
+require 'apple_id/event_token/event'
 require 'apple_id/api/user_migration'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: apple_id
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.1
 platform: ruby
 authors:
 - nov
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-10-01 00:00:00.000000000 Z
+date: 2022-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack-oauth2
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.19'
+        version: '1.21'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.19'
+        version: '1.21'
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -129,6 +129,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -145,6 +146,8 @@ files:
 - lib/apple_id/access_token.rb
 - lib/apple_id/api/user_migration.rb
 - lib/apple_id/client.rb
+- lib/apple_id/event_token.rb
+- lib/apple_id/event_token/event.rb
 - lib/apple_id/id_token.rb
 - lib/apple_id/id_token/real_user_status.rb
 - lib/apple_id/jwks.rb
@@ -167,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Sign-in with Apple Backend