auth0 5.10.0 → 5.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +2 -2
- data/.devcontainer/devcontainer.json +1 -1
- data/CHANGELOG.md +11 -0
- data/DEVELOPMENT.md +35 -0
- data/EXAMPLES.md +220 -0
- data/Gemfile.lock +52 -60
- data/README.md +68 -253
- data/auth0.gemspec +0 -2
- data/examples/ruby-api/Gemfile.lock +5 -4
- data/examples/ruby-on-rails-api/README.md +0 -2
- data/lib/auth0/api/authentication_endpoints.rb +70 -13
- data/lib/auth0/api/v2/clients.rb +42 -0
- data/lib/auth0/client_assertion.rb +45 -0
- data/lib/auth0/mixins/initializer.rb +2 -0
- data/lib/auth0/mixins/token_management.rb +1 -1
- data/lib/auth0/version.rb +1 -1
- data/opslevel.yml +5 -0
- data/spec/lib/auth0/api/authentication_endpoints_spec.rb +632 -0
- data/spec/lib/auth0/api/v2/clients_spec.rb +51 -0
- data/spec/lib/auth0/mixins/initializer_spec.rb +79 -25
- data/spec/lib/auth0/mixins/token_management_spec.rb +45 -30
- data/spec/spec_helper.rb +0 -1
- data/spec/support/dummy_class_for_tokens.rb +2 -0
- metadata +8 -31
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'jwt'
|
|
4
|
+
|
|
5
|
+
module Auth0
|
|
6
|
+
module ClientAssertion
|
|
7
|
+
CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'.freeze
|
|
8
|
+
|
|
9
|
+
# Adds keys into the supplied hash for either the client secret, or client assertion. If `client_assertion_signing_key` is not nil,
|
|
10
|
+
# it takes precedence over `client_secret`.
|
|
11
|
+
# @param [hash] The hash to add the keys to
|
|
12
|
+
# @param client_id [string] The client ID
|
|
13
|
+
# @param client_secret [string] The client secret
|
|
14
|
+
# @param client_assertion_signing_key [PKey] The key used to sign the client assertion JWT
|
|
15
|
+
# @param client_assertion_signing_alg [string] The algorithm used when signing the client assertion JWT
|
|
16
|
+
def populate_client_assertion_or_secret(hash,
|
|
17
|
+
domain: @domain,
|
|
18
|
+
client_id: @client_id,
|
|
19
|
+
client_secret: @client_secret,
|
|
20
|
+
client_assertion_signing_key: @client_assertion_signing_key,
|
|
21
|
+
client_assertion_signing_alg: @client_assertion_signing_alg)
|
|
22
|
+
|
|
23
|
+
if !client_assertion_signing_key.nil?
|
|
24
|
+
# Create JWT
|
|
25
|
+
now = Time.now.to_i
|
|
26
|
+
|
|
27
|
+
payload = {
|
|
28
|
+
iss: client_id,
|
|
29
|
+
sub: client_id,
|
|
30
|
+
aud: "https://#{domain}/",
|
|
31
|
+
iat: now,
|
|
32
|
+
exp: now + 180,
|
|
33
|
+
jti: SecureRandom.uuid
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
jwt = JWT.encode payload, client_assertion_signing_key, client_assertion_signing_alg
|
|
37
|
+
|
|
38
|
+
hash[:client_assertion] = jwt
|
|
39
|
+
hash[:client_assertion_type] = Auth0::ClientAssertion::CLIENT_ASSERTION_TYPE
|
|
40
|
+
else
|
|
41
|
+
hash[:client_secret] = client_secret
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -16,6 +16,8 @@ module Auth0
|
|
|
16
16
|
@headers = client_headers
|
|
17
17
|
@timeout = options[:timeout] || 10
|
|
18
18
|
@retry_count = options[:retry_count]
|
|
19
|
+
@client_assertion_signing_key = options[:client_assertion_signing_key]
|
|
20
|
+
@client_assertion_signing_alg = options[:client_assertion_signing_alg] || 'RS256';
|
|
19
21
|
extend Auth0::Api::AuthenticationEndpoints
|
|
20
22
|
@client_id = options[:client_id]
|
|
21
23
|
@client_secret = options[:client_secret]
|
|
@@ -17,7 +17,7 @@ module Auth0
|
|
|
17
17
|
# pp @token_expires_at
|
|
18
18
|
has_expired = @token && @token_expires_at ? @token_expires_at < (Time.now.to_i + 10) : false
|
|
19
19
|
|
|
20
|
-
if (@token.nil? || has_expired) && @client_id && @client_secret
|
|
20
|
+
if (@token.nil? || has_expired) && @client_id && (@client_secret || @client_assertion_signing_key)
|
|
21
21
|
response = api_token(audience: @audience)
|
|
22
22
|
@token = response.token
|
|
23
23
|
@token_expires_at = response.expires_in ? Time.now.to_i + response.expires_in : nil
|
data/lib/auth0/version.rb
CHANGED