cardmagic-omniauth-apple 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: aef005eeea3d8e53ea471785d87d1b26ecc53e7e03eb26816d95cb907d22c255
4
+ data.tar.gz: c78998f83815771d50a5f38a8cbe87326c468366ffae36ef0acea58dd189e8a6
5
+ SHA512:
6
+ metadata.gz: 6de6eefe7ae59178cf735c9994787398ddab5d2856405d43554179ba8d8741a8c035f3dd49948ade7146fd3e376580ae49547be4daadac573f4d3db9245df375
7
+ data.tar.gz: 140973ff3983d3ead4daced716224fe498a0a9df78b8b951c7fe12f6e272fce5ca0c2782f7de532f59a9c9133576154f85f8c97f1c168a8fe57b05e1b64b2d11
@@ -0,0 +1,26 @@
1
+ name: RSpec
2
+
3
+ on:
4
+ push:
5
+ branches:
6
+ - master
7
+ pull_request:
8
+
9
+ jobs:
10
+ build:
11
+ runs-on: ubuntu-latest
12
+ strategy:
13
+ fail-fast: false
14
+ matrix:
15
+ ruby: ['2.5', '2.6', '2.7']
16
+ steps:
17
+ - uses: actions/checkout@v2
18
+ - name: Set up Ruby ${{ matrix.ruby }}
19
+ uses: actions/setup-ruby@v1
20
+ with:
21
+ ruby-version: ${{ matrix.ruby }}
22
+ - name: Build and test with Rake on Ruby ${{ matrix.ruby }}
23
+ run: |
24
+ gem install bundler
25
+ bundle install --jobs 4 --retry 3
26
+ bundle exec rake spec
data/.gitignore ADDED
@@ -0,0 +1,51 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ # Used by dotenv library to load environment variables.
14
+ # .env
15
+
16
+ ## Specific to RubyMotion:
17
+ .dat*
18
+ .repl_history
19
+ build/
20
+ *.bridgesupport
21
+ build-iPhoneOS/
22
+ build-iPhoneSimulator/
23
+
24
+ ## Specific to RubyMotion (use of CocoaPods):
25
+ #
26
+ # We recommend against adding the Pods directory to your .gitignore. However
27
+ # you should judge for yourself, the pros and cons are mentioned at:
28
+ # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
29
+ #
30
+ # vendor/Pods/
31
+
32
+ ## Documentation cache and generated files:
33
+ /.yardoc/
34
+ /_yardoc/
35
+ /doc/
36
+ /rdoc/
37
+
38
+ ## Environment normalization:
39
+ /.bundle/
40
+ /vendor/bundle
41
+ /lib/bundler/man/
42
+
43
+ # for a library or gem, you might want to ignore these files since the code is
44
+ # intended to run in multiple environments; otherwise, check them in:
45
+ Gemfile.lock
46
+ .ruby-version
47
+ # .ruby-gemset
48
+
49
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
50
+ .rvmrc
51
+ .idea
data/CHANGELOG.md ADDED
@@ -0,0 +1,42 @@
1
+ ## [Unreleased]
2
+
3
+ ## [1.0.1] - 2020-12-03
4
+
5
+ ### Security
6
+
7
+ - Use only verified email address to prevent fake email address
8
+
9
+ ## [1.0.0] - 2020-06-26
10
+
11
+ ### Added
12
+
13
+ - [#26](https://github.com/nhosoya/omniauth-apple/pull/26) Support ID Token verification
14
+ - [#40](https://github.com/nhosoya/omniauth-apple/pull/40) Add rspec test cases
15
+ - [#42](https://github.com/nhosoya/omniauth-apple/pull/42) [#43](https://github.com/nhosoya/omniauth-apple/pull/43) Setup CI
16
+
17
+
18
+ ### Fixed
19
+
20
+ - [#31](https://github.com/nhosoya/omniauth-apple/pull/31) Stop relying on ActiveSupport
21
+ - [#37](https://github.com/nhosoya/omniauth-apple/pull/37) Fix nonce validation
22
+ - [#41](https://github.com/nhosoya/omniauth-apple/pull/41) Fix where the RoR extension is used
23
+ - [#46](https://github.com/nhosoya/omniauth-apple/pull/46) Fix naming of Omniauth module to OmniAuth
24
+ - [#48](https://github.com/nhosoya/omniauth-apple/pull/48) Remove .rakeTasks
25
+
26
+
27
+ ### Changed
28
+
29
+ - [#27](https://github.com/nhosoya/omniauth-apple/pull/27) Update development dependency
30
+ - [#28](https://github.com/nhosoya/omniauth-apple/pull/28) Update README.md
31
+ - [#38](https://github.com/nhosoya/omniauth-apple/pull/38) Refine AuthHash
32
+ - [#39](https://github.com/nhosoya/omniauth-apple/pull/39) Set the default scope to 'email name'
33
+
34
+ ## [0.0.3] - 2020-05-15
35
+
36
+ ## [0.0.2] - 2020-01-16
37
+
38
+ ## [0.0.1] - 2019-06-07
39
+
40
+ [Unreleased]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.0...master
41
+ [1.0.0]: https://github.com/nhosoya/omniauth-apple/compare/v0.0.3...v1.0.0
42
+ [1.0.1]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.0...v1.0.1
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source "https://rubygems.org"
2
+
3
+ # Specify your gem's dependencies in omniauth-apple.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2019 Naoki Hosoya
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,43 @@
1
+ ![build](https://github.com/nhosoya/omniauth-apple/workflows/RSpec/badge.svg?branch=master&event=push)
2
+
3
+ # OmniAuth::Apple
4
+
5
+ OmniAuth strategy for [Sign In with Apple](https://developer.apple.com/sign-in-with-apple/).
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'omniauth-apple'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install omniauth-apple
22
+
23
+ ## Usage
24
+
25
+ ```ruby
26
+ Rails.application.config.middleware.use OmniAuth::Builder do
27
+ provider :apple, ENV['CLIENT_ID'], '',
28
+ {
29
+ scope: 'email name',
30
+ team_id: ENV['TEAM_ID'],
31
+ key_id: ENV['KEY_ID'],
32
+ pem: ENV['PRIVATE_KEY']
33
+ }
34
+ end
35
+ ```
36
+
37
+ ## Contributing
38
+
39
+ Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.
40
+
41
+ ## License
42
+
43
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new
5
+
6
+ task :default => :spec
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "omniauth/apple"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,3 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth/apple'
@@ -0,0 +1,4 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth/apple/version'
4
+ require 'omniauth/strategies/apple'
@@ -0,0 +1,5 @@
1
+ module OmniAuth
2
+ module Apple
3
+ VERSION = "1.0.1"
4
+ end
5
+ end
@@ -0,0 +1,145 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'omniauth-oauth2'
4
+ require 'net/https'
5
+
6
+ module OmniAuth
7
+ module Strategies
8
+ class Apple < OmniAuth::Strategies::OAuth2
9
+ option :name, 'apple'
10
+
11
+ option :client_options,
12
+ site: 'https://appleid.apple.com',
13
+ authorize_url: '/auth/authorize',
14
+ token_url: '/auth/token'
15
+ option :authorize_params,
16
+ response_mode: 'form_post',
17
+ scope: 'email name'
18
+ option :authorized_client_ids, []
19
+
20
+ uid { id_info['sub'] }
21
+
22
+ info do
23
+ prune!(
24
+ sub: id_info['sub'],
25
+ email: email,
26
+ first_name: first_name,
27
+ last_name: last_name,
28
+ name: (first_name || last_name) ? [first_name, last_name].join(' ') : email,
29
+ )
30
+ end
31
+
32
+ extra do
33
+ id_token = request.params['id_token'] || access_token&.params&.dig('id_token')
34
+ prune!(raw_info: {id_info: id_info, user_info: user_info, id_token: id_token})
35
+ end
36
+
37
+ def client
38
+ ::OAuth2::Client.new(client_id, client_secret, deep_symbolize(options.client_options))
39
+ end
40
+
41
+ def authorize_params
42
+ super.merge(nonce: new_nonce)
43
+ end
44
+
45
+ def callback_url
46
+ options[:redirect_uri] || (full_host + script_name + callback_path)
47
+ end
48
+
49
+ private
50
+
51
+ def new_nonce
52
+ session['omniauth.nonce'] = SecureRandom.urlsafe_base64(16)
53
+ end
54
+
55
+ def stored_nonce
56
+ session.delete('omniauth.nonce')
57
+ end
58
+
59
+ def id_info
60
+ @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
61
+ id_token = request.params['id_token'] || access_token.params['id_token']
62
+ jwt_options = {
63
+ verify_iss: true,
64
+ iss: 'https://appleid.apple.com',
65
+ verify_iat: true,
66
+ verify_aud: true,
67
+ aud: [options.client_id].concat(options.authorized_client_ids),
68
+ algorithms: ['RS256'],
69
+ jwks: fetch_jwks
70
+ }
71
+ payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
72
+ verify_nonce!(payload)
73
+ payload
74
+ end
75
+ end
76
+
77
+ def fetch_jwks
78
+ http = Net::HTTP.new('appleid.apple.com', 443)
79
+ http.use_ssl = true
80
+ request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
81
+ response = http.request(request)
82
+ JSON.parse(response.body, symbolize_names: true)
83
+ end
84
+
85
+ def verify_nonce!(payload)
86
+ return unless payload['nonce_supported']
87
+
88
+ return if payload['nonce'] && payload['nonce'] == stored_nonce
89
+
90
+ fail!(:nonce_mismatch, CallbackError.new(:nonce_mismatch, 'nonce mismatch'))
91
+ end
92
+
93
+ def client_id
94
+ @client_id ||= if id_info.nil?
95
+ options.client_id
96
+ else
97
+ id_info['aud'] if options.authorized_client_ids.include? id_info['aud']
98
+ end
99
+ end
100
+
101
+ def user_info
102
+ user = request.params['user']
103
+ return {} if user.nil?
104
+
105
+ @user_info ||= JSON.parse(user)
106
+ end
107
+
108
+ def email
109
+ id_info['email']
110
+ end
111
+
112
+ def first_name
113
+ user_info.dig('name', 'firstName')
114
+ end
115
+
116
+ def last_name
117
+ user_info.dig('name', 'lastName')
118
+ end
119
+
120
+ def prune!(hash)
121
+ hash.delete_if do |_, v|
122
+ prune!(v) if v.is_a?(Hash)
123
+ v.nil? || (v.respond_to?(:empty?) && v.empty?)
124
+ end
125
+ end
126
+
127
+ def client_secret
128
+ payload = {
129
+ iss: options.team_id,
130
+ aud: 'https://appleid.apple.com',
131
+ sub: client_id,
132
+ iat: Time.now.to_i,
133
+ exp: Time.now.to_i + 60
134
+ }
135
+ headers = { kid: options.key_id }
136
+
137
+ ::JWT.encode(payload, private_key, 'ES256', headers)
138
+ end
139
+
140
+ def private_key
141
+ ::OpenSSL::PKey::EC.new(options.pem)
142
+ end
143
+ end
144
+ end
145
+ end
@@ -0,0 +1,46 @@
1
+
2
+ lib = File.expand_path("../lib", __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require "omniauth/apple/version"
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "cardmagic-omniauth-apple"
8
+ spec.version = OmniAuth::Apple::VERSION
9
+ spec.authors = ["nhosoya", "Fabian Jäger"]
10
+ spec.email = ["hnhnnhnh@gmail.com", "fabian@mailbutler.io"]
11
+
12
+ spec.summary = %q{OmniAuth strategy for Sign In with Apple}
13
+ spec.description = %q{OmniAuth strategy for Sign In with Apple}
14
+ spec.homepage = "https://github.com/nhosoya/omniauth-apple"
15
+ spec.license = "MIT"
16
+
17
+ # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
18
+ # to allow pushing to a single host or delete this section to allow pushing to any host.
19
+ # if spec.respond_to?(:metadata)
20
+ # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
21
+ #
22
+ # spec.metadata["homepage_uri"] = spec.homepage
23
+ # spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
24
+ # spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
25
+ # else
26
+ # raise "RubyGems 2.0 or newer is required to protect against " \
27
+ # "public gem pushes."
28
+ # end
29
+
30
+ # Specify which files should be added to the gem when it is released.
31
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
32
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
33
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
34
+ end
35
+ spec.bindir = "exe"
36
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
37
+ spec.require_paths = ["lib"]
38
+
39
+ spec.add_dependency 'omniauth-oauth2'
40
+ spec.add_dependency 'jwt'
41
+ spec.add_development_dependency "bundler", "~> 2.0"
42
+ spec.add_development_dependency "rake", "~> 13.0"
43
+ spec.add_development_dependency "rspec", "~> 3.9"
44
+ spec.add_development_dependency "webmock", "~> 3.8"
45
+ spec.add_development_dependency 'simplecov', "~> 0.18"
46
+ end
metadata ADDED
@@ -0,0 +1,157 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cardmagic-omniauth-apple
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.1
5
+ platform: ruby
6
+ authors:
7
+ - nhosoya
8
+ - Fabian Jäger
9
+ autorequire:
10
+ bindir: exe
11
+ cert_chain: []
12
+ date: 2021-03-26 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: omniauth-oauth2
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: jwt
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ type: :runtime
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
42
+ - !ruby/object:Gem::Dependency
43
+ name: bundler
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '2.0'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '2.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: rake
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '13.0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '13.0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: rspec
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '3.9'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '3.9'
84
+ - !ruby/object:Gem::Dependency
85
+ name: webmock
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - "~>"
89
+ - !ruby/object:Gem::Version
90
+ version: '3.8'
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - "~>"
96
+ - !ruby/object:Gem::Version
97
+ version: '3.8'
98
+ - !ruby/object:Gem::Dependency
99
+ name: simplecov
100
+ requirement: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - "~>"
103
+ - !ruby/object:Gem::Version
104
+ version: '0.18'
105
+ type: :development
106
+ prerelease: false
107
+ version_requirements: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - "~>"
110
+ - !ruby/object:Gem::Version
111
+ version: '0.18'
112
+ description: OmniAuth strategy for Sign In with Apple
113
+ email:
114
+ - hnhnnhnh@gmail.com
115
+ - fabian@mailbutler.io
116
+ executables: []
117
+ extensions: []
118
+ extra_rdoc_files: []
119
+ files:
120
+ - ".github/workflows/rspec.yml"
121
+ - ".gitignore"
122
+ - CHANGELOG.md
123
+ - Gemfile
124
+ - LICENSE
125
+ - README.md
126
+ - Rakefile
127
+ - bin/console
128
+ - bin/setup
129
+ - lib/omniauth-apple.rb
130
+ - lib/omniauth/apple.rb
131
+ - lib/omniauth/apple/version.rb
132
+ - lib/omniauth/strategies/apple.rb
133
+ - omniauth-apple.gemspec
134
+ homepage: https://github.com/nhosoya/omniauth-apple
135
+ licenses:
136
+ - MIT
137
+ metadata: {}
138
+ post_install_message:
139
+ rdoc_options: []
140
+ require_paths:
141
+ - lib
142
+ required_ruby_version: !ruby/object:Gem::Requirement
143
+ requirements:
144
+ - - ">="
145
+ - !ruby/object:Gem::Version
146
+ version: '0'
147
+ required_rubygems_version: !ruby/object:Gem::Requirement
148
+ requirements:
149
+ - - ">="
150
+ - !ruby/object:Gem::Version
151
+ version: '0'
152
+ requirements: []
153
+ rubygems_version: 3.2.3
154
+ signing_key:
155
+ specification_version: 4
156
+ summary: OmniAuth strategy for Sign In with Apple
157
+ test_files: []