devise_auth0_jwt_strategy 0.0.11 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7f2a582447f88910fffd0f71dd4c6b96575a2d4deb48e30bd37002ec9cc30bc4
4
- data.tar.gz: 26298442d7793594b3d08f0ce5a831afb0c2be7bb7fe6dac4ee5385ea83a8e46
3
+ metadata.gz: b945dfd4f00f183a9cbf6d091a651941e304d38520a1851e907c1c00434411a2
4
+ data.tar.gz: 89c0ff7716a6fe7d4a2bbc91f6c00a405766eee84b3a91749c53523c3f48ec0e
5
5
  SHA512:
6
- metadata.gz: e80eba69ba50b0d93ed017721347dc106aec812dfe6f05b2a18c6575ef7f7d88e35a67d46e3c3e9800cf4b5bc87819bbba4b094214c1cbc288e6004163d9fb82
7
- data.tar.gz: 61ef056a21ddcbd48d45e222061594c3144b9e7fe1afc95de977ccd83f6872b7bcd5f8bd2ea962154c53e58d1baba362a35c9ec542ebdab700d5b781ffd072d0
6
+ metadata.gz: ea0c8c17e24a9c66cc8530cb6f4041298cec10c9016ebcd23940bb9563c6593754398681c7150a9711c37f71dc7da46ea8e881debb9fe8dd662c81b4767ccf28
7
+ data.tar.gz: cbcfab32439577ae133339190fce651061cf8324a9c5ca2d25f4b1d428777f6b0da6bc234a608d07fe80539139c8ad97cfdedbac6a9d76c451d9a012bb085978
@@ -66,6 +66,19 @@ module Devise
66
66
  return false
67
67
  end
68
68
 
69
+ def decode_options
70
+ # We will continue doing our own claim checks just for backwards compatibility
71
+ {
72
+ verify_expiration: false,
73
+ verify_iat: false,
74
+ verify_iss: false,
75
+ verify_aud: false,
76
+ verify_jti: false,
77
+ verify_subj: false,
78
+ verify_not_before: false
79
+ }
80
+ end
81
+
69
82
  def authenticate!
70
83
 
71
84
  if ENV['DEBUG_AUTH0_JWT']
@@ -75,9 +88,9 @@ module Devise
75
88
  end
76
89
 
77
90
  if valid?
91
+ # Passing true will cause #decode to verify the token signature
78
92
  # This will throw JWT::DecodeError if it fails
79
- payload, header = ::JWT.decode(@jwt_token,
80
- ::JWT::Base64.url_decode(auth0_client_secret))
93
+ payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)
81
94
 
82
95
  STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']
83
96
 
metadata CHANGED
@@ -1,10 +1,11 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_auth0_jwt_strategy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Patrick McGraw
8
+ - Michael Oliver
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
@@ -58,30 +59,30 @@ dependencies:
58
59
  requirements:
59
60
  - - ">="
60
61
  - !ruby/object:Gem::Version
61
- version: 5.0.0
62
+ version: 7.1.0
62
63
  type: :development
63
64
  prerelease: false
64
65
  version_requirements: !ruby/object:Gem::Requirement
65
66
  requirements:
66
67
  - - ">="
67
68
  - !ruby/object:Gem::Version
68
- version: 5.0.0
69
+ version: 7.1.0
69
70
  - !ruby/object:Gem::Dependency
70
71
  name: rspec-rails
71
72
  requirement: !ruby/object:Gem::Requirement
72
73
  requirements:
73
74
  - - "~>"
74
75
  - !ruby/object:Gem::Version
75
- version: '3.7'
76
+ version: '4.0'
76
77
  type: :development
77
78
  prerelease: false
78
79
  version_requirements: !ruby/object:Gem::Requirement
79
80
  requirements:
80
81
  - - "~>"
81
82
  - !ruby/object:Gem::Version
82
- version: '3.7'
83
+ version: '4.0'
83
84
  description: Authenticate requests using an Auth0 JWT passed by HTTP header
84
- email: pat@bloodhub.com
85
+ email: support@bloodhub.com
85
86
  executables: []
86
87
  extensions: []
87
88
  extra_rdoc_files: []
@@ -108,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
108
109
  - !ruby/object:Gem::Version
109
110
  version: '0'
110
111
  requirements: []
111
- rubygems_version: 3.0.6
112
+ rubygems_version: 3.2.33
112
113
  signing_key:
113
114
  specification_version: 4
114
115
  summary: Authenticate requests using an Auth0 JWT passed by HTTP header