authrocket 2.1.1 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 25c9714d9a8a39ba10d25bce51b378d643bb2a86
-  data.tar.gz: f6590ea8aed5079f41ddfe62d17c0095188efffb
+  metadata.gz: d4e2ae503388f1035ae5d360035105fd1c1c0162
+  data.tar.gz: 779c34257db659c28b824352e3275c0a9b152c32
 SHA512:
-  metadata.gz: ca3ea43ae527d665af2ffd02ade85e8dac33d895a9d879fa425f13a6b6d0399819c06ea99368189601d7fd80155393d32ddf730788142be2d1b3ab6afe6a4783
-  data.tar.gz: 00183ddbe8d5b9d65da316118da31618dfa57892aa993ba7930470495d08a4d03d66a4b5219bc2807068667072ab67940c9bee667e90a3a6ac591ad0b818a1ba
+  metadata.gz: 9c7a1981b30a3e9b8c841c1a8cb0becf1cf1fb3b1a5157703a946d49e2a845b8004e4832d06619bb3a690970a84070bd59b343ab8abaa8d21b1d1022d7e8e965
+  data.tar.gz: e99d4229fc89e8a6f516998004d72bc678a0554a02533b0a9db98a6ae8a09aae6bf48d6f3ffdc5e8235e76700d0e5133863aac1690e2a18ec1105c3d6ea1f25f

data/CHANGELOG.md

@@ -1,16 +1,27 @@
+#### 2.2.0
+
+- Add Realm#jwt_algo
+- Deprecate Realm#jwt_secret - replaced with Realm#jwt_key
+- Add JwtKey resource
+- Support RS256 signed tokens
+
 #### 2.1.1
+
 - Add Realm#jwt_fields
 - Deprecate Realm#jwt_data - replaced by #jwt_fields
 - Parse custom attributes from JWT when available
 
 #### 2.1.0
+
 - AuthProvider.authorize, #authorize_token can now return a UserToken
 - Add UserToken#credential_type
 
 #### 2.0.3
+
 - Fix error handling for missing jwt_secret
 
 #### 2.0.2
+
 - Add Realm#resource_links
 
 #### 2.0.1

data/lib/authrocket.rb

@@ -5,7 +5,7 @@ require 'jwt'
   require "authrocket/api/#{f}"
 end
 
-%w(app_hook auth_provider credential event login_policy membership notification org realm session user user_token).each do |f|
+%w(app_hook auth_provider credential event jwt_key login_policy membership notification org realm session user user_token).each do |f|
   require "authrocket/#{f}"
 end
 

data/lib/authrocket/api/api_config.rb

@@ -30,7 +30,7 @@ module AuthRocket
 
     self.instrument_key = 'request.authrocket'
 
-    self.status_page = 'http://status.notioneer.com/'
+    self.status_page = 'http://status.authrocket.com/'
 
     self.auth_header_prefix = 'X-Authrocket'
 

data/lib/authrocket/api/version.rb

@@ -1,3 +1,3 @@
 module AuthRocket
-  VERSION = '2.1.1'
+  VERSION = '2.2.0'
 end

data/lib/authrocket/jwt_key.rb

@@ -0,0 +1,11 @@
+module AuthRocket
+  class JwtKey < Resource
+    crud :all, :find, :create, :delete
+
+    belongs_to :realm
+
+    attr :algo, :key, :use
+    attr :expired # readonly
+
+  end
+end

data/lib/authrocket/realm.rb

@@ -5,6 +5,7 @@ module AuthRocket
     has_many :app_hooks
     has_many :auth_providers
     has_many :events
+    has_many :jwt_keys
     has_many :login_policies
     has_many :orgs
     has_many :users
@@ -12,7 +13,8 @@ module AuthRocket
     attr :api_key_minutes, :api_key_policy, :api_key_prefix, :custom, :name
     attr :jwt_fields, :require_unique_emails, :resource_links, :session_minutes
     attr :session_type, :state, :username_validation_human
-    attr :jwt_secret # readonly
+    attr :jwt_key # readonly
+    attr :jwt_secret # readonly, deprecated
     attr :jwt_data # deprecated
 
 

data/lib/authrocket/session.rb

@@ -1,3 +1,6 @@
+require 'openssl'
+require 'jwt'
+
 module AuthRocket
   class Session < Resource
     crud :all, :find, :create, :delete
@@ -13,12 +16,21 @@ module AuthRocket
 
 
     # options - :within - (in seconds) Maximum time since the token was originally issued
+    #         - credentials: {jwt_secret: StringOrKey} - used to verify the token
+    #         - :algo - one of HS256, RS256 (default: auto-detect based on :jwt_secret)
     def self.from_token(token, options={})
       secret = (options[:credentials]||credentials||{})[:jwt_secret]
       raise Error, "missing :jwt_secret (or AUTHROCKET_JWT_SECRET)" unless secret
       return unless token
 
-      jwt, _ = JWT.decode token, secret, true, algorithm: 'HS256'
+      algo = options[:algo]
+      if secret.is_a?(String) && secret.length > 256
+        secret = OpenSSL::PKey.read secret
+      end
+      algo ||= 'RS256' if secret.is_a?(OpenSSL::PKey::RSA)
+      algo ||= 'HS256'
+
+      jwt, _ = JWT.decode token, secret, true, algorithm: algo
 
       if within = options.delete(:within)
         return if jwt['iat'] < Time.now.to_i - within

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: authrocket
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.2.0
 platform: ruby
 authors:
 - AuthRocket Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-07 00:00:00.000000000 Z
+date: 2017-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ncore
@@ -90,6 +90,7 @@ files:
 - lib/authrocket/auth_provider.rb
 - lib/authrocket/credential.rb
 - lib/authrocket/event.rb
+- lib/authrocket/jwt_key.rb
 - lib/authrocket/login_policy.rb
 - lib/authrocket/membership.rb
 - lib/authrocket/notification.rb
@@ -118,7 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: AuthRocket client for Ruby