devise_auth0_jwt_strategy 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/devise_auth0_jwt_strategy.rb +3 -0
- data/lib/devise_auth0_jwt_strategy/railtie.rb +26 -0
- data/lib/devise_auth0_jwt_strategy/strategy.rb +78 -0
- metadata +144 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: fe3473e73c106f5b16f8d0763b9ee7ad8f0803ce
|
|
4
|
+
data.tar.gz: ccf3e456e17b969d76d960eafb2e39e0c81e9fc6
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 68cc319504aba4e87159065fd4091a09734b9512320050d5424fd57e8ae64657e092297613b1663870abf41da23d7fe0dcc2e6fd2f7e385b442c4cca88c014ff
|
|
7
|
+
data.tar.gz: ab89c4dcecbd259986798fbe9ecaa5eeec40617d2994bff08b001b04ea802e9d6a72f787c2cfa66662ec5d4c423fbca35e04d7614440f9d3ef8909d3255ac0dd
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
module DeviseAuth0JwtStrategy
|
|
2
|
+
class Railtie < Rails::Railtie
|
|
3
|
+
#initializer "devise_auth0_jwt_strategy.configure_rails_initialization" do
|
|
4
|
+
config.after_initialize do
|
|
5
|
+
print "Wiring up Auth0 JWT Devise Strategy..."
|
|
6
|
+
if ENV['AUTH0_CLIENT_SECRET']
|
|
7
|
+
|
|
8
|
+
::Devise.setup do |config|
|
|
9
|
+
|
|
10
|
+
config.warden do |manager|
|
|
11
|
+
manager.strategies.add(:auth0jwt, Devise::Strategies::Auth0Jwt)
|
|
12
|
+
manager.default_strategies(:scope => :user).unshift :auth0jwt
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
print "done.\n"
|
|
18
|
+
|
|
19
|
+
else
|
|
20
|
+
print " no Auth0 Secret Found. Skipping...\n"
|
|
21
|
+
puts ENV.inspect
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
require 'jwt'
|
|
2
|
+
require 'devise'
|
|
3
|
+
|
|
4
|
+
module Devise
|
|
5
|
+
module Strategies
|
|
6
|
+
class Auth0Jwt < Base
|
|
7
|
+
|
|
8
|
+
class ClaimInvalid < StandardError; end
|
|
9
|
+
|
|
10
|
+
def auth0_client_secret
|
|
11
|
+
( ENV['AUTH0_CLIENT_SECRET'] || 0 )
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def auth0_client_secret?
|
|
15
|
+
( !auth0_client_secret.nil? && auth0_client_secret != 0 )
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def auth0_client_id
|
|
19
|
+
( ENV['AUTH0_CLIENT_ID'] || 0 )
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def auth0_client_id?
|
|
23
|
+
( !auth0_client_id.nil? && auth0_client_id != 0 )
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def valid_jwt_auth_header?(header_split)
|
|
27
|
+
header_split.length == 2 &&
|
|
28
|
+
header_split[0] == 'Bearer'
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def jwt_from_auth_header
|
|
32
|
+
return nil unless request.authorization
|
|
33
|
+
|
|
34
|
+
authorization_split = request.authorization.split(' ')
|
|
35
|
+
return nil unless valid_jwt_auth_header?(authorization_split)
|
|
36
|
+
|
|
37
|
+
return authorization_split.last
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def jwt_token
|
|
41
|
+
# Check for params['jwt'] or token = request.headers['Authorization'].split(' ').last
|
|
42
|
+
@jwt_token ||= ( params['jwt'] || jwt_from_auth_header )
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def valid?
|
|
46
|
+
( auth0_client_secret? and auth0_client_id? and !!jwt_token )
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def authenticate!
|
|
50
|
+
|
|
51
|
+
if valid?
|
|
52
|
+
# This will throw JWT::DecodeError if it fails
|
|
53
|
+
payload, header = ::JWT.decode(@jwt_token,
|
|
54
|
+
::JWT.base64url_decode(auth0_client_secret))
|
|
55
|
+
|
|
56
|
+
raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
|
|
57
|
+
raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i
|
|
58
|
+
|
|
59
|
+
u = ::User.find_by_email(payload['email'])
|
|
60
|
+
|
|
61
|
+
u.nil? ? fail!("Could not log in") : success!(u)
|
|
62
|
+
|
|
63
|
+
else
|
|
64
|
+
fail("No JWT token passed in")
|
|
65
|
+
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
rescue ClaimInvalid => e
|
|
69
|
+
fail! e.message
|
|
70
|
+
|
|
71
|
+
rescue ::JWT::DecodeError => e
|
|
72
|
+
puts "JWT::DecodeError -- #{e.message}"
|
|
73
|
+
fail!("JWT token is invalid. Please get a new token and try again.")
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,144 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: devise_auth0_jwt_strategy
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Patrick McGraw
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2015-03-10 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rest-client
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: 1.7.2
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - "~>"
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: 1.7.2
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: json
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - "~>"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: 1.8.1
|
|
34
|
+
type: :runtime
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - "~>"
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: 1.8.1
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: jwt
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 1.0.0
|
|
48
|
+
type: :runtime
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 1.0.0
|
|
55
|
+
- !ruby/object:Gem::Dependency
|
|
56
|
+
name: devise
|
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
|
58
|
+
requirements:
|
|
59
|
+
- - "~>"
|
|
60
|
+
- !ruby/object:Gem::Version
|
|
61
|
+
version: 3.4.1
|
|
62
|
+
type: :runtime
|
|
63
|
+
prerelease: false
|
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
65
|
+
requirements:
|
|
66
|
+
- - "~>"
|
|
67
|
+
- !ruby/object:Gem::Version
|
|
68
|
+
version: 3.4.1
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: rails
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - ">="
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: 4.0.0
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - ">="
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: 4.0.0
|
|
83
|
+
- !ruby/object:Gem::Dependency
|
|
84
|
+
name: rspec-rails
|
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - "~>"
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '3.0'
|
|
90
|
+
type: :development
|
|
91
|
+
prerelease: false
|
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
+
requirements:
|
|
94
|
+
- - "~>"
|
|
95
|
+
- !ruby/object:Gem::Version
|
|
96
|
+
version: '3.0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: sqlite3
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '1.0'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '1.0'
|
|
111
|
+
description: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
112
|
+
email: patrick@mcgraw-tech.com
|
|
113
|
+
executables: []
|
|
114
|
+
extensions: []
|
|
115
|
+
extra_rdoc_files: []
|
|
116
|
+
files:
|
|
117
|
+
- lib/devise_auth0_jwt_strategy.rb
|
|
118
|
+
- lib/devise_auth0_jwt_strategy/railtie.rb
|
|
119
|
+
- lib/devise_auth0_jwt_strategy/strategy.rb
|
|
120
|
+
homepage: http://rubygems.org/gems/devise_auth0_jwt_strategy
|
|
121
|
+
licenses:
|
|
122
|
+
- MIT
|
|
123
|
+
metadata: {}
|
|
124
|
+
post_install_message:
|
|
125
|
+
rdoc_options: []
|
|
126
|
+
require_paths:
|
|
127
|
+
- lib
|
|
128
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
129
|
+
requirements:
|
|
130
|
+
- - ">="
|
|
131
|
+
- !ruby/object:Gem::Version
|
|
132
|
+
version: '0'
|
|
133
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
134
|
+
requirements:
|
|
135
|
+
- - ">="
|
|
136
|
+
- !ruby/object:Gem::Version
|
|
137
|
+
version: '0'
|
|
138
|
+
requirements: []
|
|
139
|
+
rubyforge_project:
|
|
140
|
+
rubygems_version: 2.4.5
|
|
141
|
+
signing_key:
|
|
142
|
+
specification_version: 4
|
|
143
|
+
summary: Authenticate requests using an Auth0 JWT passed by HTTP header
|
|
144
|
+
test_files: []
|