discourse-omniauth-jwt-xsolla 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -85
- data/lib/omniauth/jwt/version.rb +1 -1
- data/lib/omniauth/strategies/jwt.rb +5 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8923f38506b8bbf100624c7b766a75f0ca387140911a105d4e96bb61ac3829b8
|
4
|
+
data.tar.gz: 20a32280b8cd55875490bb7301397726b759b62df552bfefd39027af17c4ddf0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7a18fec04cdc14504639f260a0c2c52cca5c1d7be2fda5588e003aa284875f6587fa5d4468540442e50a8a1b75de359e2a54a04329b13b54f1ad1523cbd62718
|
7
|
+
data.tar.gz: 2f9e050894c520ea17b9d384676429e47b120aca3022c5032725811ad38218173bae1ec289cccfecab29c6a710dc9a1680b1544f2db381ffd5f87275d1ae614c
|
data/README.md
CHANGED
@@ -1,85 +0,0 @@
|
|
1
|
-
# OmniAuth::JWT
|
2
|
-
|
3
|
-
[![Build Status](https://travis-ci.org/mbleigh/omniauth-jwt.png)](https://travis-ci.org/mbleigh/omniauth-jwt)
|
4
|
-
|
5
|
-
[JSON Web Token](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) (JWT) is a simple
|
6
|
-
way to send verified information between two parties online. This can be useful as a mechanism for
|
7
|
-
providing Single Sign-On (SSO) to an application by allowing an authentication server to send a validated
|
8
|
-
claim and log the user in. This is how [Zendesk does SSO](https://support.zendesk.com/entries/23675367-Setting-up-single-sign-on-with-JWT-JSON-Web-Token-),
|
9
|
-
for example.
|
10
|
-
|
11
|
-
OmniAuth::JWT provides a clean, simple wrapper on top of JWT so that you can easily implement this kind
|
12
|
-
of SSO either between your own applications or allow third parties to delegate authentication.
|
13
|
-
|
14
|
-
## Installation
|
15
|
-
|
16
|
-
Add this line to your application's Gemfile:
|
17
|
-
|
18
|
-
gem 'omniauth-jwt'
|
19
|
-
|
20
|
-
And then execute:
|
21
|
-
|
22
|
-
$ bundle
|
23
|
-
|
24
|
-
Or install it yourself as:
|
25
|
-
|
26
|
-
$ gem install omniauth-jwt
|
27
|
-
|
28
|
-
## Usage
|
29
|
-
|
30
|
-
You use OmniAuth::JWT just like you do any other OmniAuth strategy:
|
31
|
-
|
32
|
-
```ruby
|
33
|
-
use OmniAuth::JWT, 'SHAREDSECRET', auth_url: 'http://example.com/login'
|
34
|
-
```
|
35
|
-
|
36
|
-
The first parameter is the shared secret that will be used by the external authenticator to verify
|
37
|
-
that. You must also specify the `auth_url` option to tell the strategy where to redirect to log
|
38
|
-
in. Other available options are:
|
39
|
-
|
40
|
-
* **algorithm:** the algorithm to use to decode the JWT token. This is `HS256` by default but can
|
41
|
-
be set to anything supported by [ruby-jwt](https://github.com/progrium/ruby-jwt)
|
42
|
-
* **uid_claim:** this determines which claim will be used to uniquely identify the user. Defaults
|
43
|
-
to `email`
|
44
|
-
* **required_claims:** array of claims that are required to make this a valid authentication call.
|
45
|
-
Defaults to `['name', 'email']`
|
46
|
-
* **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
|
47
|
-
to the same in the info hash.
|
48
|
-
* **valid_within:** integer of how many seconds of time skew you will allow. Defaults to `nil`. If this
|
49
|
-
is set, the `iat` claim becomes required and must be within the specified number of seconds of the
|
50
|
-
current time. This helps to prevent replay attacks.
|
51
|
-
|
52
|
-
### Authentication Process
|
53
|
-
|
54
|
-
When you authenticate through `omniauth-jwt` you can send users to `/auth/jwt` and it will redirect
|
55
|
-
them to the URL specified in the `auth_url` option. From there, the provider must generate a JWT
|
56
|
-
and send it to the `/auth/jwt/callback` URL as a "jwt" parameter:
|
57
|
-
|
58
|
-
/auth/jwt/callback?jwt=ENCODEDJWTGOESHERE
|
59
|
-
|
60
|
-
An example of how to do that in Sinatra:
|
61
|
-
|
62
|
-
```ruby
|
63
|
-
require 'jwt'
|
64
|
-
|
65
|
-
get '/login/sso/other-app' do
|
66
|
-
# assuming the user is already logged in and this is available as current_user
|
67
|
-
claims = {
|
68
|
-
id: current_user.id,
|
69
|
-
name: current_user.name,
|
70
|
-
email: current_user.email,
|
71
|
-
iat: Time.now.to_i
|
72
|
-
}
|
73
|
-
|
74
|
-
payload = JWT.encode(claims, ENV['SSO_SECRET'])
|
75
|
-
redirect "http://other-app.com/auth/jwt/callback?jwt=#{payload}"
|
76
|
-
end
|
77
|
-
```
|
78
|
-
|
79
|
-
## Contributing
|
80
|
-
|
81
|
-
1. Fork it
|
82
|
-
2. Create your feature branch (`git checkout -b my-new-feature`)
|
83
|
-
3. Commit your changes (`git commit -am 'Add some feature'`)
|
84
|
-
4. Push to the branch (`git push origin my-new-feature`)
|
85
|
-
5. Create new Pull Request
|
data/lib/omniauth/jwt/version.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'omniauth'
|
2
2
|
require 'jwt'
|
3
3
|
require 'net/http'
|
4
|
+
require 'json'
|
4
5
|
|
5
6
|
module OmniAuth
|
6
7
|
module Strategies
|
@@ -26,7 +27,10 @@ module OmniAuth
|
|
26
27
|
def decoded
|
27
28
|
@decoded ||= ::JWT.decode(request.params['token'], options.secret, false, {algorithm: options.algorithm})[0]
|
28
29
|
uri = URI('https://login.xsolla.com/api/token/validate')
|
29
|
-
|
30
|
+
|
31
|
+
req = Net::HTTP::Post.new(uri, 'Content-Type' => 'application/json')
|
32
|
+
req.body = {token: request.params['token']}.to_json
|
33
|
+
res = http.request(req)
|
30
34
|
raise ClaimInvalid.new("Token is not valid.") if res.code != '204'
|
31
35
|
|
32
36
|
(options.required_claims || []).each do |field|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: discourse-omniauth-jwt-xsolla
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Bleigh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2019-
|
13
|
+
date: 2019-07-24 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: bundler
|