authing_ruby 1.0.7 → 1.0.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9696561d3570ff70b28f75570767136805742ba70e403511539139a51b598a5a
|
|
4
|
+
data.tar.gz: 7101d107a8f6717caf1a6673ce4639c6b957048a7bb386cc353ca677bcd9a548
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: feb6dc9d637c783f968d251a5200ed5c4a5b372552e4395c5cad69ac5cfc170c1ddfa4f624ec0ebe3abb2489ca5afef7fb723658d1607d4655c7181a7bd4d431
|
|
7
|
+
data.tar.gz: ff0bce0012f356dc37ac21f9b5be1924684ab865b35b156ba8d2683273e839ad10ac363c2e69b6a00bbddbfb2bbb9e43546b2a11c07ece760c6417ba9a5c534f
|
|
@@ -252,9 +252,6 @@ module AuthingRuby
|
|
|
252
252
|
return json
|
|
253
253
|
end
|
|
254
254
|
|
|
255
|
-
def checkLoginStatus
|
|
256
|
-
end
|
|
257
|
-
|
|
258
255
|
# 发送邮件
|
|
259
256
|
# a = AuthingRuby::AuthenticationClient.new({appHost: "https://rails-demo.authing.cn", appId: "60800b9151d040af9016d60b"})
|
|
260
257
|
# a.sendEmail('guokrfans@gmail.com', "VERIFY_EMAIL")
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
require "base64"
|
|
3
|
+
require 'jwt'
|
|
3
4
|
|
|
4
5
|
module AuthingRuby
|
|
5
6
|
class Utils
|
|
@@ -36,5 +37,41 @@ module AuthingRuby
|
|
|
36
37
|
return result
|
|
37
38
|
end
|
|
38
39
|
|
|
40
|
+
# verifyIDTokenHS256 函数用于验证 HS256 id_token
|
|
41
|
+
|
|
42
|
+
# 文档:使用指南 -> 常见问题 -> 如何验证用户身份凭证(token) -> 使用应用密钥验证 HS256 算法签名的 Token
|
|
43
|
+
# https://docs.authing.cn/v2/guides/faqs/how-to-validate-user-token.html#%E4%BD%BF%E7%94%A8%E5%BA%94%E7%94%A8%E5%AF%86%E9%92%A5%E9%AA%8C%E8%AF%81-hs256-%E7%AE%97%E6%B3%95%E7%AD%BE%E5%90%8D%E7%9A%84-token
|
|
44
|
+
|
|
45
|
+
# 官方文档目前(2021-5-13)是让用户自己处理 HS256 的 token,自己进行验证,但这样比较麻烦,我在 Ruby SDK 这边写一个方便的方法。
|
|
46
|
+
# verifyIDTokenHS256 返回 Boolean, true 代表 token 有效,false 代表无效
|
|
47
|
+
|
|
48
|
+
# 注意: 可以在 "应用 -> 授权 -> id_token 签名算法" 这里看到,选的是不是 HS256
|
|
49
|
+
# 如果是 HS256 才应该用这个方法来验证
|
|
50
|
+
|
|
51
|
+
# 参数 id_token 就是登录返回的 "token"
|
|
52
|
+
# 参数 appSecret 就是 Authing 里某个应用的 appSecret
|
|
53
|
+
def self.verifyIDTokenHS256(id_token, appSecret)
|
|
54
|
+
# 如果解码出错,直接返回 false
|
|
55
|
+
begin
|
|
56
|
+
hmac_secret = appSecret
|
|
57
|
+
decoded = JWT.decode id_token, hmac_secret, true, { algorithm: 'HS256' }
|
|
58
|
+
rescue => error
|
|
59
|
+
puts error.message
|
|
60
|
+
return false
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
payload = decoded[0]
|
|
64
|
+
header = decoded[1]
|
|
65
|
+
|
|
66
|
+
# 从 payload 获得过期时间,然后判断是否过期
|
|
67
|
+
exp = payload["exp"] # 过期时间
|
|
68
|
+
current_timestamp = Time.now.to_i
|
|
69
|
+
if current_timestamp < exp
|
|
70
|
+
return true # 没过期
|
|
71
|
+
else
|
|
72
|
+
return false # 过期了
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
39
76
|
end
|
|
40
77
|
end
|
data/lib/authing_ruby/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authing_ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 郑诚(Zheng Cheng)
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|