apple_id 1.3.0 → 1.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/apple_id/event_token/event.rb +11 -0
  4. data/lib/apple_id/event_token.rb +61 -0
  5. data/lib/apple_id/id_token.rb +1 -1
  6. data/lib/apple_id.rb +4 -0
  7. metadata +3 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a849c5014ce8f45fc143ad955ef8ce22ff7639955dcce14ce58812cfa0e0a523
4
- data.tar.gz: 1b5dfa5e7179bf7102887e48f9870d510648fb6a5dbf246b15ba6ae7a0f8f76d
3
+ metadata.gz: 4447d024e910da0480e07d58164eefce5daa78c1389ecb8a571ad20bf969c291
4
+ data.tar.gz: 9ad9be586a2c3e96e7fc3d35eb07c2c6360cde0736b705c7584bdd0fc5a6aac1
5
5
  SHA512:
6
- metadata.gz: 220695160a1be005b4cfbd1e4e214966ab5b5fd7af1c9819eef95339a81fe2af2482ee9e30b595991c093bbd51505135d343b28ab2c74138abce3f9e311ca2ef
7
- data.tar.gz: 10bed7c9835616114fa2ac2929a515ba4fe30c2552c589ca2a15c207bfe57547cdc775dc543cae91dc20e6b04641240e50e303dc590f47ba67a6e255bab57913
6
+ metadata.gz: c8655e9f56f4ba8e4e71b5048be8d637bb9e798acd48a5cccd979f6f55ef1d73cb1b7a2cf9e84c46a6d95727b8cf749f5b4e4a8bc7fe7a28170acea05e7581e5
7
+ data.tar.gz: a097b0398ac8da49da3874a6c073abbe844339773b638761a6f33a204c9c0207a72fdab38d2eb10cf5c0edddddb4562dfd7189ad8b2e7bc8d5dfec9064903eeb
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.3.0
1
+ 1.4.0
data/lib/apple_id/event_token/event.rb ADDED
@@ -0,0 +1,11 @@
1
+ module AppleID
2
+ class EventToken::Event < OpenIDConnect::ConnectObject
3
+ attr_required :type, :sub, :event_time
4
+
5
+ class << self
6
+ def decode(json_string)
7
+ new JSON.parse(json_string).with_indifferent_access
8
+ end
9
+ end
10
+ end
11
+ end
data/lib/apple_id/event_token.rb ADDED
@@ -0,0 +1,61 @@
1
+ module AppleID
2
+ class EventToken < OpenIDConnect::ConnectObject
3
+ class VerificationFailed < Error; end
4
+
5
+ # NOTE: Apple uses `events` for the JWT key, but this gem uses `event` since it's always a single JSON Object.
6
+ # Once they start returning an array of events, this gem might use `events` as the attribute name.
7
+ attr_required :iss, :aud, :exp, :iat, :jti, :event
8
+ alias_method :original_jwt, :raw_attributes
9
+
10
+ def initialize(attributes = {})
11
+ super
12
+ @event = Event.decode attributes[:events]
13
+ end
14
+
15
+ def verify!(verify_signature: true, client: nil)
16
+ verify_signature! if verify_signature
17
+ verify_claims! client, nonce, state, access_token, code
18
+ self
19
+ end
20
+
21
+ class << self
22
+ def decode(jwt_string)
23
+ new JSON::JWT.decode jwt_string, :skip_verification
24
+ end
25
+ end
26
+
27
+ private
28
+
29
+ def verify_signature!
30
+ original_jwt.verify! JWKS.fetch(original_jwt.kid)
31
+ rescue
32
+ raise VerificationFailed, 'Signature Verification Failed'
33
+ end
34
+
35
+ def verify_claims!(client, nonce, state, access_token, code)
36
+ aud = if client.respond_to?(:identifier)
37
+ client.identifier
38
+ else
39
+ client
40
+ end
41
+
42
+ failure_reasons = []
43
+ if self.iss != ISSUER
44
+ failure_reasons << :iss
45
+ end
46
+ if aud.present? && self.aud != aud
47
+ failure_reasons << :aud
48
+ end
49
+ if Time.now.to_i < iat
50
+ failure_reasons << :iat
51
+ end
52
+ if Time.now.to_i >= exp
53
+ failure_reasons << :exp
54
+ end
55
+
56
+ if failure_reasons.present?
57
+ raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
58
+ end
59
+ end
60
+ end
61
+ end
data/lib/apple_id/id_token.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module AppleID
2
2
  class IdToken < OpenIDConnect::ResponseObject::IdToken
3
- class VerificationFailed < StandardError; end
3
+ class VerificationFailed < Error; end
4
4
 
5
5
  attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
6
6
  attr_accessor :original_jwt_string
data/lib/apple_id.rb CHANGED
@@ -8,6 +8,8 @@ module AppleID
8
8
  ::File.join(::File.dirname(__FILE__), '../VERSION')
9
9
  ).chomp
10
10
 
11
+ class Error < StandardError; end
12
+
11
13
  def self.logger
12
14
  @@logger
13
15
  end
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
56
58
  require 'apple_id/id_token'
57
59
  require 'apple_id/id_token/real_user_status'
58
60
  require 'apple_id/jwks'
61
+ require 'apple_id/event_token'
62
+ require 'apple_id/event_token/event'
59
63
  require 'apple_id/api/user_migration'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: apple_id
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.3.0
4
+ version: 1.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov
@@ -146,6 +146,8 @@ files:
146
146
  - lib/apple_id/access_token.rb
147
147
  - lib/apple_id/api/user_migration.rb
148
148
  - lib/apple_id/client.rb
149
+ - lib/apple_id/event_token.rb
150
+ - lib/apple_id/event_token/event.rb
149
151
  - lib/apple_id/id_token.rb
150
152
  - lib/apple_id/id_token/real_user_status.rb
151
153
  - lib/apple_id/jwks.rb