doorkeeper-jwt_assertion 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 27fd53398a97014fdf2e15738c0a3e8b614fe9c9
+  data.tar.gz: 122d76d1dfee424e13f85983aaf6e3bbfb69b142
+SHA512:
+  metadata.gz: 1f58e5c6f1ca803e953c95567729a1aba332173560c27a9c339426f2346603430c60e78f17d3088a8a650e7a79a5db1f893319f66dce708a5a93417a713d0623
+  data.tar.gz: 57f040de3c1bd245eb7ea76db943003320eade8a2dc8126e3c379def4b499c74c6e5b53417919fa857313d59931c7040ae89ea819a41eb4cf6e74bf3da2237ea

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in doorkeeper-jwt_assertion.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Omac
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# Doorkeeper JWT Assertion
+
+## Description
+
+Extending (Doorkeeper)[https://github.com/doorkeeper-gem/doorkeeper] to support JWT Assertion grant type using a secret or a private key file.
+
+**This library is in alpha. Future incompatible changes may be necessary.**
+
+## Install
+
+Add the gem to the Gemfile
+
+```ruby
+gem 'doorkeeper-jwt_assertion'
+```
+
+## Configuration
+
+Inside your doorkeeper configuration file add the one of the fallowing:
+
+``` ruby
+Doorkeeper.configure do
+	
+	jwt_private_key Rails.root.join('config', 'keys', 'private.key')
+
+	jwt_secret 'notasecret'
+end
+```
+
+This will automatically push `assertion` into the Doorkeeper's grant_types configuration attribute.
+
+You can also use the `resource_owner_authenticator` in the configuration to identify the owner based on the JWT claim values.
+If the client request a token with an invalid assertion, an error will be raised. So you can rely on the `jwt` getter if an assertion grant was requested.
+
+``` ruby
+Doorkeeper.configure do
+	
+	resource_owner_authenticator do
+
+		if jwt
+			head :unauthorized unless user = User.where(:email => jwt['prn']).first
+			return user
+		end
+
+	end
+
+end
+
+```
+
+## Client Usage
+
+Generate an assertion request token using a private key file or a secret:
+
+``` ruby
+client = OAuth2::Client.new('client_id', 'client_secret', :site => 'http://my-site.com')
+
+p12 = OpenSSL::PKCS12.new( Rails.root.join('config', 'keys', 'private.p12').open )
+
+params = { :private_key => p12.key,
+           :aud => 'audience',
+           :prn => 'person', # or :sub => 'subject', not suported on OAuth2 1.0.0 yet.
+           :iss => 'issuer',
+           :scope => 'scope',
+           :exp => Time.now.utc.to_i + 5.minutes }
+
+token = client.assertion.get_token(params)
+```
+
+## TO DO
+
+* Better error handling
+* Testing

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/doorkeeper-jwt_assertion.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'doorkeeper/jwt_assertion/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "doorkeeper-jwt_assertion"
+	spec.version       = Doorkeeper::JwtAssertion::VERSION
+	spec.authors       = ["Omac"]
+	spec.email         = ["omar@kioru.com"]
+	spec.summary       = 'OAuth JWT assertion extension for Doorkeeper'
+	spec.description   = 'Extend your Doorkeeper implementation adding a new grant type: assertion. And decoding JWT claim messages to generate access tokens.'
+	spec.homepage      = 'https://github.com/kioru/doorkeeper-jwt_assertion'
+	spec.license       = "MIT"
+
+	spec.files         = `git ls-files -z`.split("\x0")
+	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+	spec.require_paths = ["lib"]
+
+	spec.add_dependency "doorkeeper", '~> 2.1'
+	spec.add_dependency "jwt", '~> 1.4'
+
+	spec.add_development_dependency "bundler", "~> 1.7"
+	spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/doorkeeper/jwt_assertion.rb

@@ -0,0 +1,71 @@
+require "doorkeeper/jwt_assertion/version"
+require "doorkeeper/request/assertion"
+require "doorkeeper/jwt_assertion/railtie"
+
+require 'jwt'
+
+module Doorkeeper
+	module JWTAssertion
+		
+		attr_reader :jwt
+
+	end
+end
+
+module Doorkeeper
+	class Server
+		
+		attr_reader :jwt
+
+		def jwt=(jwt)
+			@jwt = jwt
+			context.instance_variable_set('@jwt', jwt)
+		end
+
+
+	end
+end
+
+module Doorkeeper
+	class Config
+
+		option :jwt_key
+
+		class Builder
+
+			def jwt_secret( key )
+				set_jwt(key)
+			end
+
+			def jwt_private_key ( key_file, passphrase = nil )
+				key = OpenSSL::PKey::RSA.new( File.open(key_file), passphrase )
+				set_jwt(key)
+			end
+
+			private
+
+				def set_jwt( key )
+
+					Config.class_eval do
+						alias_method :remember_calculate_token_grant_types, :calculate_token_grant_types
+
+						define_method :calculate_token_grant_types do
+							remember_calculate_token_grant_types << 'assertion'
+						end
+					end
+
+					jwt_key key
+
+				end
+
+		end
+		
+	end
+end
+
+module Doorkeeper
+	module Errors
+		class ExpiredSignature < DoorkeeperError
+		end
+	end
+end

data/lib/doorkeeper/jwt_assertion/railtie.rb

@@ -0,0 +1,9 @@
+module Doorkeeper
+	module JWTAssertion
+		class Railtie < ::Rails::Railtie
+			initializer "doorkeeper.jwt_assertion" do
+				Doorkeeper::Helpers::Controller.send :include, Doorkeeper::JWTAssertion
+			end
+		end
+	end
+end

data/lib/doorkeeper/jwt_assertion/version.rb

@@ -0,0 +1,5 @@
+module Doorkeeper
+  module JwtAssertion
+    VERSION = "0.0.1"
+  end
+end

data/lib/doorkeeper/request/assertion.rb

@@ -0,0 +1,39 @@
+module Doorkeeper
+	module Request
+
+		class Assertion
+			def self.build(server)
+				assertion = server.parameters[:assertion]
+				begin
+					jwt = JWT.decode(assertion, Doorkeeper.configuration.jwt_key)
+				rescue JWT::ExpiredSignature => e
+					raise Errors::ExpiredSignature
+				end
+				server.jwt = jwt.is_a?(Array) ? jwt.first : jwt
+
+				new(server.credentials, server.current_resource_owner, server)
+			end
+
+			attr_accessor :credentials, :resource_owner, :server
+
+			def initialize(credentials, resource_owner, server)
+				@credentials = credentials
+				@resource_owner = resource_owner
+				@server = server
+			end
+
+			def request
+				@request ||= OAuth::PasswordAccessTokenRequest.new(
+					Doorkeeper.configuration,
+					credentials,
+					resource_owner,
+					server.parameters)
+			end
+
+			def authorize
+				request.authorize
+			end
+		end
+
+	end
+end

metadata

@@ -0,0 +1,112 @@
+--- !ruby/object:Gem::Specification
+name: doorkeeper-jwt_assertion
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Omac
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-04-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: doorkeeper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: 'Extend your Doorkeeper implementation adding a new grant type: assertion.
+  And decoding JWT claim messages to generate access tokens.'
+email:
+- omar@kioru.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- doorkeeper-jwt_assertion.gemspec
+- lib/doorkeeper/jwt_assertion.rb
+- lib/doorkeeper/jwt_assertion/railtie.rb
+- lib/doorkeeper/jwt_assertion/version.rb
+- lib/doorkeeper/request/assertion.rb
+homepage: https://github.com/kioru/doorkeeper-jwt_assertion
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: OAuth JWT assertion extension for Doorkeeper
+test_files: []
+has_rdoc: