devise_auth0_jwt_strategy 0.0.11 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7f2a582447f88910fffd0f71dd4c6b96575a2d4deb48e30bd37002ec9cc30bc4
4
- data.tar.gz: 26298442d7793594b3d08f0ce5a831afb0c2be7bb7fe6dac4ee5385ea83a8e46
3
+ metadata.gz: addef3a62f8cab3e6bce4d6c204766c2376ca6b8039ca78a3a67c45168248f8e
4
+ data.tar.gz: f314586b7b4c7c2e854906d0ae0eed283897d6637ddf3187755c60ad9111abbb
5
5
  SHA512:
6
- metadata.gz: e80eba69ba50b0d93ed017721347dc106aec812dfe6f05b2a18c6575ef7f7d88e35a67d46e3c3e9800cf4b5bc87819bbba4b094214c1cbc288e6004163d9fb82
7
- data.tar.gz: 61ef056a21ddcbd48d45e222061594c3144b9e7fe1afc95de977ccd83f6872b7bcd5f8bd2ea962154c53e58d1baba362a35c9ec542ebdab700d5b781ffd072d0
6
+ metadata.gz: 9104971155ab7a783893dab28c456169455629b9bcd823137efd7bbfeb5b34609bdcf994a25c5a76aaaca0bed79953d60dffd1617088e1ea153e8d2db375f2e1
7
+ data.tar.gz: f8ebbd0fe7baa394f396870afa1fd2cacb95c813f221bbb4239253f35baf73b8e682d33267239573b914557425d3c19a726b0d40d1bd8cbf8318b97facae068e
@@ -66,6 +66,19 @@ module Devise
66
66
  return false
67
67
  end
68
68
 
69
+ def decode_options
70
+ # We will continue doing our own claim checks just for backwards compatibility
71
+ {
72
+ verify_expiration: false,
73
+ verify_iat: false,
74
+ verify_iss: false,
75
+ verify_aud: false,
76
+ verify_jti: false,
77
+ verify_subj: false,
78
+ verify_not_before: false
79
+ }
80
+ end
81
+
69
82
  def authenticate!
70
83
 
71
84
  if ENV['DEBUG_AUTH0_JWT']
@@ -75,9 +88,9 @@ module Devise
75
88
  end
76
89
 
77
90
  if valid?
91
+ # Passing true will cause #decode to verify the token signature
78
92
  # This will throw JWT::DecodeError if it fails
79
- payload, header = ::JWT.decode(@jwt_token,
80
- ::JWT::Base64.url_decode(auth0_client_secret))
93
+ payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
81
94
 
82
95
  STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']
83
96
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_auth0_jwt_strategy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Patrick McGraw