apple_id 1.3.0 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/apple_id.gemspec +1 -1
- data/lib/apple_id/event_token/event.rb +35 -0
- data/lib/apple_id/event_token.rb +60 -0
- data/lib/apple_id/id_token.rb +1 -1
- data/lib/apple_id.rb +4 -0
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2fee18e5a9878a0458806d26573fc4434ced6d9cec92700189c8f31077874280
|
|
4
|
+
data.tar.gz: 18bbca83bb744fe286e908785418eb0583fa3f3b3f059dbba56f4166be3bb496
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3d01d0cf6e69b4146b58c9d2a5354bdf235bd836b3778fcc90d89d2d760c40272182df367f665cf1e8137a397921867df7d3bfc4fec056bd3b48724773f8b371
|
|
7
|
+
data.tar.gz: 8d2410bbd7134dde8a58ab157717d35880b397810c5769ab2bf673f1d6a1b4c11658f781f29e51f6f6d705d3bf8d9bc3763da8ce444969d1f7e6682918029a98
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.2
|
data/apple_id.gemspec
CHANGED
|
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
|
|
|
18
18
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
19
19
|
spec.require_paths = ['lib']
|
|
20
20
|
|
|
21
|
-
spec.add_runtime_dependency 'rack-oauth2', '~> 1.21'
|
|
21
|
+
spec.add_runtime_dependency 'rack-oauth2', '~> 1.21.2'
|
|
22
22
|
spec.add_runtime_dependency 'openid_connect', '~> 1.3.0'
|
|
23
23
|
spec.add_development_dependency 'bundler'
|
|
24
24
|
spec.add_development_dependency 'rake'
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class EventToken::Event < OpenIDConnect::ConnectObject
|
|
3
|
+
attr_required :type, :sub, :event_time
|
|
4
|
+
|
|
5
|
+
module Type
|
|
6
|
+
EMAIL_ENABLED = 'email-enabled'
|
|
7
|
+
EMAIL_DISABLED = 'email-disabled'
|
|
8
|
+
CONSENT_REVOKED = 'consent-revoked'
|
|
9
|
+
ACCOUNT_DELETED = 'account-delete'
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def email_enabled?
|
|
13
|
+
type == Type::EMAIL_ENABLED
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def email_disabled?
|
|
17
|
+
type == Type::EMAIL_DISABLED
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def consent_revoked?
|
|
21
|
+
type == Type::CONSENT_REVOKED
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def account_deleted?
|
|
25
|
+
type == Type::ACCOUNT_DELETED
|
|
26
|
+
end
|
|
27
|
+
alias_method :account_delete?, :account_deleted?
|
|
28
|
+
|
|
29
|
+
class << self
|
|
30
|
+
def decode(json_string)
|
|
31
|
+
new JSON.parse(json_string).with_indifferent_access
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class EventToken < OpenIDConnect::ConnectObject
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
|
+
|
|
5
|
+
attr_required :iss, :aud, :exp, :iat, :jti, :events
|
|
6
|
+
alias_method :original_jwt, :raw_attributes
|
|
7
|
+
alias_method :event, :events
|
|
8
|
+
|
|
9
|
+
def initialize(attributes = {})
|
|
10
|
+
super
|
|
11
|
+
@events = Event.decode attributes[:events]
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def verify!(verify_signature: true, client: nil)
|
|
15
|
+
verify_signature! if verify_signature
|
|
16
|
+
verify_claims! client
|
|
17
|
+
self
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
class << self
|
|
21
|
+
def decode(jwt_string)
|
|
22
|
+
new JSON::JWT.decode jwt_string, :skip_verification
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def verify_signature!
|
|
29
|
+
original_jwt.verify! JWKS.fetch(original_jwt.kid)
|
|
30
|
+
rescue
|
|
31
|
+
raise VerificationFailed, 'Signature Verification Failed'
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def verify_claims!(client)
|
|
35
|
+
aud = if client.respond_to?(:identifier)
|
|
36
|
+
client.identifier
|
|
37
|
+
else
|
|
38
|
+
client
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
failure_reasons = []
|
|
42
|
+
if self.iss != ISSUER
|
|
43
|
+
failure_reasons << :iss
|
|
44
|
+
end
|
|
45
|
+
if aud.present? && self.aud != aud
|
|
46
|
+
failure_reasons << :aud
|
|
47
|
+
end
|
|
48
|
+
if Time.now.to_i < iat
|
|
49
|
+
failure_reasons << :iat
|
|
50
|
+
end
|
|
51
|
+
if Time.now.to_i >= exp
|
|
52
|
+
failure_reasons << :exp
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
if failure_reasons.present?
|
|
56
|
+
raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
data/lib/apple_id/id_token.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module AppleID
|
|
2
2
|
class IdToken < OpenIDConnect::ResponseObject::IdToken
|
|
3
|
-
class VerificationFailed <
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
4
|
|
|
5
5
|
attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
|
|
6
6
|
attr_accessor :original_jwt_string
|
data/lib/apple_id.rb
CHANGED
|
@@ -8,6 +8,8 @@ module AppleID
|
|
|
8
8
|
::File.join(::File.dirname(__FILE__), '../VERSION')
|
|
9
9
|
).chomp
|
|
10
10
|
|
|
11
|
+
class Error < StandardError; end
|
|
12
|
+
|
|
11
13
|
def self.logger
|
|
12
14
|
@@logger
|
|
13
15
|
end
|
|
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
|
|
|
56
58
|
require 'apple_id/id_token'
|
|
57
59
|
require 'apple_id/id_token/real_user_status'
|
|
58
60
|
require 'apple_id/jwks'
|
|
61
|
+
require 'apple_id/event_token'
|
|
62
|
+
require 'apple_id/event_token/event'
|
|
59
63
|
require 'apple_id/api/user_migration'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apple_id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-07-
|
|
11
|
+
date: 2022-07-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rack-oauth2
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 1.21.2
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 1.21.2
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: openid_connect
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -146,6 +146,8 @@ files:
|
|
|
146
146
|
- lib/apple_id/access_token.rb
|
|
147
147
|
- lib/apple_id/api/user_migration.rb
|
|
148
148
|
- lib/apple_id/client.rb
|
|
149
|
+
- lib/apple_id/event_token.rb
|
|
150
|
+
- lib/apple_id/event_token/event.rb
|
|
149
151
|
- lib/apple_id/id_token.rb
|
|
150
152
|
- lib/apple_id/id_token/real_user_status.rb
|
|
151
153
|
- lib/apple_id/jwks.rb
|