apple_id 1.3.0 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/apple_id/event_token/event.rb +11 -0
- data/lib/apple_id/event_token.rb +61 -0
- data/lib/apple_id/id_token.rb +1 -1
- data/lib/apple_id.rb +4 -0
- metadata +3 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4447d024e910da0480e07d58164eefce5daa78c1389ecb8a571ad20bf969c291
|
|
4
|
+
data.tar.gz: 9ad9be586a2c3e96e7fc3d35eb07c2c6360cde0736b705c7584bdd0fc5a6aac1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8655e9f56f4ba8e4e71b5048be8d637bb9e798acd48a5cccd979f6f55ef1d73cb1b7a2cf9e84c46a6d95727b8cf749f5b4e4a8bc7fe7a28170acea05e7581e5
|
|
7
|
+
data.tar.gz: a097b0398ac8da49da3874a6c073abbe844339773b638761a6f33a204c9c0207a72fdab38d2eb10cf5c0edddddb4562dfd7189ad8b2e7bc8d5dfec9064903eeb
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.4.0
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
module AppleID
|
|
2
|
+
class EventToken < OpenIDConnect::ConnectObject
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
|
+
|
|
5
|
+
# NOTE: Apple uses `events` for the JWT key, but this gem uses `event` since it's always a single JSON Object.
|
|
6
|
+
# Once they start returning an array of events, this gem might use `events` as the attribute name.
|
|
7
|
+
attr_required :iss, :aud, :exp, :iat, :jti, :event
|
|
8
|
+
alias_method :original_jwt, :raw_attributes
|
|
9
|
+
|
|
10
|
+
def initialize(attributes = {})
|
|
11
|
+
super
|
|
12
|
+
@event = Event.decode attributes[:events]
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def verify!(verify_signature: true, client: nil)
|
|
16
|
+
verify_signature! if verify_signature
|
|
17
|
+
verify_claims! client, nonce, state, access_token, code
|
|
18
|
+
self
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
class << self
|
|
22
|
+
def decode(jwt_string)
|
|
23
|
+
new JSON::JWT.decode jwt_string, :skip_verification
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def verify_signature!
|
|
30
|
+
original_jwt.verify! JWKS.fetch(original_jwt.kid)
|
|
31
|
+
rescue
|
|
32
|
+
raise VerificationFailed, 'Signature Verification Failed'
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def verify_claims!(client, nonce, state, access_token, code)
|
|
36
|
+
aud = if client.respond_to?(:identifier)
|
|
37
|
+
client.identifier
|
|
38
|
+
else
|
|
39
|
+
client
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
failure_reasons = []
|
|
43
|
+
if self.iss != ISSUER
|
|
44
|
+
failure_reasons << :iss
|
|
45
|
+
end
|
|
46
|
+
if aud.present? && self.aud != aud
|
|
47
|
+
failure_reasons << :aud
|
|
48
|
+
end
|
|
49
|
+
if Time.now.to_i < iat
|
|
50
|
+
failure_reasons << :iat
|
|
51
|
+
end
|
|
52
|
+
if Time.now.to_i >= exp
|
|
53
|
+
failure_reasons << :exp
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
if failure_reasons.present?
|
|
57
|
+
raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
data/lib/apple_id/id_token.rb
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module AppleID
|
|
2
2
|
class IdToken < OpenIDConnect::ResponseObject::IdToken
|
|
3
|
-
class VerificationFailed <
|
|
3
|
+
class VerificationFailed < Error; end
|
|
4
4
|
|
|
5
5
|
attr_optional :email, :email_verified, :is_private_email, :nonce_supported, :real_user_status
|
|
6
6
|
attr_accessor :original_jwt_string
|
data/lib/apple_id.rb
CHANGED
|
@@ -8,6 +8,8 @@ module AppleID
|
|
|
8
8
|
::File.join(::File.dirname(__FILE__), '../VERSION')
|
|
9
9
|
).chomp
|
|
10
10
|
|
|
11
|
+
class Error < StandardError; end
|
|
12
|
+
|
|
11
13
|
def self.logger
|
|
12
14
|
@@logger
|
|
13
15
|
end
|
|
@@ -56,4 +58,6 @@ require 'apple_id/access_token'
|
|
|
56
58
|
require 'apple_id/id_token'
|
|
57
59
|
require 'apple_id/id_token/real_user_status'
|
|
58
60
|
require 'apple_id/jwks'
|
|
61
|
+
require 'apple_id/event_token'
|
|
62
|
+
require 'apple_id/event_token/event'
|
|
59
63
|
require 'apple_id/api/user_migration'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: apple_id
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nov
|
|
@@ -146,6 +146,8 @@ files:
|
|
|
146
146
|
- lib/apple_id/access_token.rb
|
|
147
147
|
- lib/apple_id/api/user_migration.rb
|
|
148
148
|
- lib/apple_id/client.rb
|
|
149
|
+
- lib/apple_id/event_token.rb
|
|
150
|
+
- lib/apple_id/event_token/event.rb
|
|
149
151
|
- lib/apple_id/id_token.rb
|
|
150
152
|
- lib/apple_id/id_token/real_user_status.rb
|
|
151
153
|
- lib/apple_id/jwks.rb
|