authing_ruby 1.0.7 → 1.0.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9696561d3570ff70b28f75570767136805742ba70e403511539139a51b598a5a
|
|
4
|
+
data.tar.gz: 7101d107a8f6717caf1a6673ce4639c6b957048a7bb386cc353ca677bcd9a548
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: feb6dc9d637c783f968d251a5200ed5c4a5b372552e4395c5cad69ac5cfc170c1ddfa4f624ec0ebe3abb2489ca5afef7fb723658d1607d4655c7181a7bd4d431
|
|
7
|
+
data.tar.gz: ff0bce0012f356dc37ac21f9b5be1924684ab865b35b156ba8d2683273e839ad10ac363c2e69b6a00bbddbfb2bbb9e43546b2a11c07ece760c6417ba9a5c534f
|
|
@@ -252,9 +252,6 @@ module AuthingRuby
|
|
|
252
252
|
return json
|
|
253
253
|
end
|
|
254
254
|
|
|
255
|
-
def checkLoginStatus
|
|
256
|
-
end
|
|
257
|
-
|
|
258
255
|
# 发送邮件
|
|
259
256
|
# a = AuthingRuby::AuthenticationClient.new({appHost: "https://rails-demo.authing.cn", appId: "60800b9151d040af9016d60b"})
|
|
260
257
|
# a.sendEmail('guokrfans@gmail.com', "VERIFY_EMAIL")
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
require "base64"
|
|
3
|
+
require 'jwt'
|
|
3
4
|
|
|
4
5
|
module AuthingRuby
|
|
5
6
|
class Utils
|
|
@@ -36,5 +37,41 @@ module AuthingRuby
|
|
|
36
37
|
return result
|
|
37
38
|
end
|
|
38
39
|
|
|
40
|
+
# verifyIDTokenHS256 函数用于验证 HS256 id_token
|
|
41
|
+
|
|
42
|
+
# 文档:使用指南 -> 常见问题 -> 如何验证用户身份凭证(token) -> 使用应用密钥验证 HS256 算法签名的 Token
|
|
43
|
+
# https://docs.authing.cn/v2/guides/faqs/how-to-validate-user-token.html#%E4%BD%BF%E7%94%A8%E5%BA%94%E7%94%A8%E5%AF%86%E9%92%A5%E9%AA%8C%E8%AF%81-hs256-%E7%AE%97%E6%B3%95%E7%AD%BE%E5%90%8D%E7%9A%84-token
|
|
44
|
+
|
|
45
|
+
# 官方文档目前(2021-5-13)是让用户自己处理 HS256 的 token,自己进行验证,但这样比较麻烦,我在 Ruby SDK 这边写一个方便的方法。
|
|
46
|
+
# verifyIDTokenHS256 返回 Boolean, true 代表 token 有效,false 代表无效
|
|
47
|
+
|
|
48
|
+
# 注意: 可以在 "应用 -> 授权 -> id_token 签名算法" 这里看到,选的是不是 HS256
|
|
49
|
+
# 如果是 HS256 才应该用这个方法来验证
|
|
50
|
+
|
|
51
|
+
# 参数 id_token 就是登录返回的 "token"
|
|
52
|
+
# 参数 appSecret 就是 Authing 里某个应用的 appSecret
|
|
53
|
+
def self.verifyIDTokenHS256(id_token, appSecret)
|
|
54
|
+
# 如果解码出错,直接返回 false
|
|
55
|
+
begin
|
|
56
|
+
hmac_secret = appSecret
|
|
57
|
+
decoded = JWT.decode id_token, hmac_secret, true, { algorithm: 'HS256' }
|
|
58
|
+
rescue => error
|
|
59
|
+
puts error.message
|
|
60
|
+
return false
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
payload = decoded[0]
|
|
64
|
+
header = decoded[1]
|
|
65
|
+
|
|
66
|
+
# 从 payload 获得过期时间,然后判断是否过期
|
|
67
|
+
exp = payload["exp"] # 过期时间
|
|
68
|
+
current_timestamp = Time.now.to_i
|
|
69
|
+
if current_timestamp < exp
|
|
70
|
+
return true # 没过期
|
|
71
|
+
else
|
|
72
|
+
return false # 过期了
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
39
76
|
end
|
|
40
77
|
end
|
data/lib/authing_ruby/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authing_ruby
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- 郑诚(Zheng Cheng)
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-05-
|
|
11
|
+
date: 2021-05-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|