RubyGems - devise_auth0_jwt_strategy - Versions diffs - 0.0.11 → 0.0.12 - Mend

devise_auth0_jwt_strategy 0.0.11 → 0.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

checksums.yaml +4 -4
data/lib/devise_auth0_jwt_strategy/strategy.rb +15 -2
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f2a582447f88910fffd0f71dd4c6b96575a2d4deb48e30bd37002ec9cc30bc4
-  data.tar.gz: 26298442d7793594b3d08f0ce5a831afb0c2be7bb7fe6dac4ee5385ea83a8e46
+  metadata.gz: addef3a62f8cab3e6bce4d6c204766c2376ca6b8039ca78a3a67c45168248f8e
+  data.tar.gz: f314586b7b4c7c2e854906d0ae0eed283897d6637ddf3187755c60ad9111abbb
 SHA512:
-  metadata.gz: e80eba69ba50b0d93ed017721347dc106aec812dfe6f05b2a18c6575ef7f7d88e35a67d46e3c3e9800cf4b5bc87819bbba4b094214c1cbc288e6004163d9fb82
-  data.tar.gz: 61ef056a21ddcbd48d45e222061594c3144b9e7fe1afc95de977ccd83f6872b7bcd5f8bd2ea962154c53e58d1baba362a35c9ec542ebdab700d5b781ffd072d0
+  metadata.gz: 9104971155ab7a783893dab28c456169455629b9bcd823137efd7bbfeb5b34609bdcf994a25c5a76aaaca0bed79953d60dffd1617088e1ea153e8d2db375f2e1
+  data.tar.gz: f8ebbd0fe7baa394f396870afa1fd2cacb95c813f221bbb4239253f35baf73b8e682d33267239573b914557425d3c19a726b0d40d1bd8cbf8318b97facae068e

data/lib/devise_auth0_jwt_strategy/strategy.rb CHANGED Viewed

@@ -66,6 +66,19 @@ module Devise
         return false
       end
+      def decode_options
+        # We will continue doing our own claim checks just for backwards compatibility
+        {
+          verify_expiration: false,
+          verify_iat: false,
+          verify_iss: false,
+          verify_aud: false,
+          verify_jti: false,
+          verify_subj: false,
+          verify_not_before: false
+        }
+      end
       def authenticate!
         if ENV['DEBUG_AUTH0_JWT']
@@ -75,9 +88,9 @@ module Devise
         end
         if valid?
+          # Passing true will cause #decode to verify the token signature
           # This will throw JWT::DecodeError if it fails
-          payload, header = ::JWT.decode(@jwt_token,
-          ::JWT::Base64.url_decode(auth0_client_secret))
+          payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
           STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: devise_auth0_jwt_strategy
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.12
 platform: ruby
 authors:
 - Patrick McGraw