devise_auth0_jwt_strategy 0.0.11 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/devise_auth0_jwt_strategy/strategy.rb +15 -2
- metadata +8 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b945dfd4f00f183a9cbf6d091a651941e304d38520a1851e907c1c00434411a2
|
4
|
+
data.tar.gz: 89c0ff7716a6fe7d4a2bbc91f6c00a405766eee84b3a91749c53523c3f48ec0e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ea0c8c17e24a9c66cc8530cb6f4041298cec10c9016ebcd23940bb9563c6593754398681c7150a9711c37f71dc7da46ea8e881debb9fe8dd662c81b4767ccf28
|
7
|
+
data.tar.gz: cbcfab32439577ae133339190fce651061cf8324a9c5ca2d25f4b1d428777f6b0da6bc234a608d07fe80539139c8ad97cfdedbac6a9d76c451d9a012bb085978
|
@@ -66,6 +66,19 @@ module Devise
|
|
66
66
|
return false
|
67
67
|
end
|
68
68
|
|
69
|
+
def decode_options
|
70
|
+
# We will continue doing our own claim checks just for backwards compatibility
|
71
|
+
{
|
72
|
+
verify_expiration: false,
|
73
|
+
verify_iat: false,
|
74
|
+
verify_iss: false,
|
75
|
+
verify_aud: false,
|
76
|
+
verify_jti: false,
|
77
|
+
verify_subj: false,
|
78
|
+
verify_not_before: false
|
79
|
+
}
|
80
|
+
end
|
81
|
+
|
69
82
|
def authenticate!
|
70
83
|
|
71
84
|
if ENV['DEBUG_AUTH0_JWT']
|
@@ -75,9 +88,9 @@ module Devise
|
|
75
88
|
end
|
76
89
|
|
77
90
|
if valid?
|
91
|
+
# Passing true will cause #decode to verify the token signature
|
78
92
|
# This will throw JWT::DecodeError if it fails
|
79
|
-
payload, header = ::JWT.decode(@jwt_token,
|
80
|
-
::JWT::Base64.url_decode(auth0_client_secret))
|
93
|
+
payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
|
81
94
|
|
82
95
|
STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']
|
83
96
|
|
metadata
CHANGED
@@ -1,10 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_auth0_jwt_strategy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Patrick McGraw
|
8
|
+
- Michael Oliver
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
@@ -58,30 +59,30 @@ dependencies:
|
|
58
59
|
requirements:
|
59
60
|
- - ">="
|
60
61
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
62
|
+
version: 7.1.0
|
62
63
|
type: :development
|
63
64
|
prerelease: false
|
64
65
|
version_requirements: !ruby/object:Gem::Requirement
|
65
66
|
requirements:
|
66
67
|
- - ">="
|
67
68
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
69
|
+
version: 7.1.0
|
69
70
|
- !ruby/object:Gem::Dependency
|
70
71
|
name: rspec-rails
|
71
72
|
requirement: !ruby/object:Gem::Requirement
|
72
73
|
requirements:
|
73
74
|
- - "~>"
|
74
75
|
- !ruby/object:Gem::Version
|
75
|
-
version: '
|
76
|
+
version: '4.0'
|
76
77
|
type: :development
|
77
78
|
prerelease: false
|
78
79
|
version_requirements: !ruby/object:Gem::Requirement
|
79
80
|
requirements:
|
80
81
|
- - "~>"
|
81
82
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
83
|
+
version: '4.0'
|
83
84
|
description: Authenticate requests using an Auth0 JWT passed by HTTP header
|
84
|
-
email:
|
85
|
+
email: support@bloodhub.com
|
85
86
|
executables: []
|
86
87
|
extensions: []
|
87
88
|
extra_rdoc_files: []
|
@@ -108,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
108
109
|
- !ruby/object:Gem::Version
|
109
110
|
version: '0'
|
110
111
|
requirements: []
|
111
|
-
rubygems_version: 3.
|
112
|
+
rubygems_version: 3.2.33
|
112
113
|
signing_key:
|
113
114
|
specification_version: 4
|
114
115
|
summary: Authenticate requests using an Auth0 JWT passed by HTTP header
|