fb-jwt-auth 0.2.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Changelog.md +15 -0
- data/README.md +10 -0
- data/lib/fb/jwt/auth.rb +18 -5
- data/lib/fb/jwt/auth/service_access_token.rb +43 -0
- data/lib/fb/jwt/auth/service_token_client.rb +9 -2
- data/lib/fb/jwt/auth/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b59f53cd27dd33a8d92b5f6da18f04909dbb6b311db0ff02f939f650666c8ee
|
|
4
|
+
data.tar.gz: fe95f4ca52683b62e23ff75eb388fd5093c8721b0ce28cd72f989da9a464ec67
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 11f34bdd3e26da22500f7bd5c31389c415547beb38a61e06fa59b802e577243768582cf542e7c8d26e0f15ab94550d938fb6197e31839ca806183c44cfd116a5
|
|
7
|
+
data.tar.gz: c7f37479606d260d9ae764558e4430067bdab0ef2cfd0d60735f9a4323f5cb70da77a8806b9299a9ac37fece8ad1477a58742f6f9d5278db7b9f7d8f864068a8
|
data/.gitignore
CHANGED
data/Changelog.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
# 0.6.0
|
|
2
|
+
* Supplier issuer to service token client
|
|
3
|
+
|
|
4
|
+
# 0.5.0
|
|
5
|
+
* Do not base64 decode private key
|
|
6
|
+
|
|
7
|
+
# 0.4.0
|
|
8
|
+
* Generate the access token
|
|
9
|
+
|
|
10
|
+
# 0.3.0
|
|
11
|
+
* Request non cached version of public key if first validition fails
|
|
12
|
+
|
|
13
|
+
# v0.2.2
|
|
14
|
+
* Add token not present exception when token is empty
|
|
15
|
+
|
|
1
16
|
# v0.2.1
|
|
2
17
|
* Add better error messages
|
|
3
18
|
|
data/README.md
CHANGED
|
@@ -25,6 +25,16 @@ Fb::Jwt::Auth.configure do |config|
|
|
|
25
25
|
config.service_token_cache_root_url = ENV['SERVICE_TOKEN_CACHE_ROOT_URL']
|
|
26
26
|
end
|
|
27
27
|
```
|
|
28
|
+
In order to generate the service access token we need to use `Fb::Jwt::Auth::ServiceAccessToken.new.generate` or if you require a subject, `Fb::Jwt::Auth::ServiceAccessToken.new(subject: subject).generate`
|
|
29
|
+
|
|
30
|
+
In the case you need to configure the service access token as a client
|
|
31
|
+
```ruby
|
|
32
|
+
Fb::Jwt::Auth.configure do |config|
|
|
33
|
+
config.issuer = 'fb-editor'
|
|
34
|
+
config.namespace = 'formbuilder-saas-test'
|
|
35
|
+
config.encoded_private_key = 'base64 encoded private key'
|
|
36
|
+
end
|
|
37
|
+
```
|
|
28
38
|
|
|
29
39
|
### Using other endpoint versions
|
|
30
40
|
|
data/lib/fb/jwt/auth.rb
CHANGED
|
@@ -1,18 +1,23 @@
|
|
|
1
1
|
require 'fb/jwt/auth/version'
|
|
2
2
|
require 'openssl'
|
|
3
3
|
require 'jwt'
|
|
4
|
-
require 'active_support/
|
|
4
|
+
require 'active_support/all'
|
|
5
5
|
|
|
6
6
|
module Fb
|
|
7
7
|
module Jwt
|
|
8
8
|
class Auth
|
|
9
|
-
cattr_accessor :service_token_cache_root_url,
|
|
9
|
+
cattr_accessor :service_token_cache_root_url,
|
|
10
|
+
:service_token_cache_api_version,
|
|
11
|
+
:encoded_private_key,
|
|
12
|
+
:issuer,
|
|
13
|
+
:namespace
|
|
10
14
|
|
|
11
15
|
def self.configure(&block)
|
|
12
16
|
yield self
|
|
13
17
|
end
|
|
14
18
|
|
|
15
19
|
autoload :ServiceTokenClient, 'fb/jwt/auth/service_token_client'
|
|
20
|
+
autoload :ServiceAccessToken, 'fb/jwt/auth/service_access_token'
|
|
16
21
|
|
|
17
22
|
class TokenNotPresentError < StandardError
|
|
18
23
|
end
|
|
@@ -39,13 +44,12 @@ module Fb
|
|
|
39
44
|
end
|
|
40
45
|
|
|
41
46
|
def verify!
|
|
42
|
-
raise TokenNotPresentError.new('Token is not present') if token.
|
|
47
|
+
raise TokenNotPresentError.new('Token is not present') if token.blank?
|
|
43
48
|
|
|
44
49
|
application_details = find_application_info
|
|
45
50
|
|
|
46
51
|
begin
|
|
47
|
-
|
|
48
|
-
payload, _header = decode(hmac_secret: hmac_secret)
|
|
52
|
+
payload, _header = retrieve_and_decode_public_key(application_details)
|
|
49
53
|
rescue StandardError => e
|
|
50
54
|
error_message = "Token is not valid: error #{e}"
|
|
51
55
|
logger.debug(error_message)
|
|
@@ -67,6 +71,15 @@ module Fb
|
|
|
67
71
|
payload
|
|
68
72
|
end
|
|
69
73
|
|
|
74
|
+
def retrieve_and_decode_public_key(application_details)
|
|
75
|
+
hmac_secret = public_key(application_details)
|
|
76
|
+
decode(hmac_secret: hmac_secret)
|
|
77
|
+
rescue JWT::VerificationError
|
|
78
|
+
logger.debug('First validation failed. Requesting non cached public key')
|
|
79
|
+
hmac_secret = public_key(application_details.merge(ignore_cache: true))
|
|
80
|
+
decode(hmac_secret: hmac_secret)
|
|
81
|
+
end
|
|
82
|
+
|
|
70
83
|
def decode(verify: true, hmac_secret: nil)
|
|
71
84
|
JWT.decode(
|
|
72
85
|
token,
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
module Fb
|
|
2
|
+
module Jwt
|
|
3
|
+
class Auth
|
|
4
|
+
class ServiceAccessToken
|
|
5
|
+
attr_reader :encoded_private_key,
|
|
6
|
+
:issuer,
|
|
7
|
+
:subject,
|
|
8
|
+
:namespace
|
|
9
|
+
|
|
10
|
+
def initialize(subject: nil, issuer: nil)
|
|
11
|
+
@subject = subject
|
|
12
|
+
@encoded_private_key = Fb::Jwt::Auth.encoded_private_key
|
|
13
|
+
@namespace = Fb::Jwt::Auth.namespace
|
|
14
|
+
@issuer = issuer || Fb::Jwt::Auth.issuer
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def generate
|
|
18
|
+
return '' if encoded_private_key.blank?
|
|
19
|
+
|
|
20
|
+
private_key = OpenSSL::PKey::RSA.new(encoded_private_key.chomp)
|
|
21
|
+
|
|
22
|
+
JWT.encode(
|
|
23
|
+
token,
|
|
24
|
+
private_key,
|
|
25
|
+
'RS256'
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def token
|
|
32
|
+
payload = {
|
|
33
|
+
iss: issuer,
|
|
34
|
+
iat: Time.current.to_i
|
|
35
|
+
}
|
|
36
|
+
payload[:sub] = subject if subject.present?
|
|
37
|
+
payload[:namespace] = namespace if namespace.present?
|
|
38
|
+
payload
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -12,9 +12,10 @@ class Fb::Jwt::Auth::ServiceTokenClient
|
|
|
12
12
|
|
|
13
13
|
attr_accessor :application, :namespace, :root_url, :api_version
|
|
14
14
|
|
|
15
|
-
def initialize(application:, namespace: nil)
|
|
15
|
+
def initialize(application:, namespace: nil, ignore_cache: false)
|
|
16
16
|
@application = application
|
|
17
17
|
@namespace = namespace
|
|
18
|
+
@ignore_cache = ignore_cache
|
|
18
19
|
@root_url = Fb::Jwt::Auth.service_token_cache_root_url
|
|
19
20
|
@api_version = Fb::Jwt::Auth.service_token_cache_api_version || :v2
|
|
20
21
|
end
|
|
@@ -38,8 +39,14 @@ class Fb::Jwt::Auth::ServiceTokenClient
|
|
|
38
39
|
|
|
39
40
|
private
|
|
40
41
|
|
|
42
|
+
attr_reader :ignore_cache
|
|
43
|
+
|
|
41
44
|
def public_key_uri
|
|
42
|
-
URI.join(root_url, version_url)
|
|
45
|
+
URI.join(root_url, "#{version_url}#{query_param}")
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def query_param
|
|
49
|
+
ignore_cache ? '?ignore_cache=true' : ''
|
|
43
50
|
end
|
|
44
51
|
|
|
45
52
|
def version_url
|
data/lib/fb/jwt/auth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fb-jwt-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Form builder developers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -73,6 +73,7 @@ files:
|
|
|
73
73
|
- bin/setup
|
|
74
74
|
- fb-jwt-auth.gemspec
|
|
75
75
|
- lib/fb/jwt/auth.rb
|
|
76
|
+
- lib/fb/jwt/auth/service_access_token.rb
|
|
76
77
|
- lib/fb/jwt/auth/service_token_client.rb
|
|
77
78
|
- lib/fb/jwt/auth/version.rb
|
|
78
79
|
homepage: https://github.com/ministryofjustice/fb-jwt-auth
|