fb-jwt-auth 0.2.1 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/Changelog.md +15 -0
- data/README.md +10 -0
- data/lib/fb/jwt/auth.rb +18 -5
- data/lib/fb/jwt/auth/service_access_token.rb +43 -0
- data/lib/fb/jwt/auth/service_token_client.rb +9 -2
- data/lib/fb/jwt/auth/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b59f53cd27dd33a8d92b5f6da18f04909dbb6b311db0ff02f939f650666c8ee
|
|
4
|
+
data.tar.gz: fe95f4ca52683b62e23ff75eb388fd5093c8721b0ce28cd72f989da9a464ec67
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 11f34bdd3e26da22500f7bd5c31389c415547beb38a61e06fa59b802e577243768582cf542e7c8d26e0f15ab94550d938fb6197e31839ca806183c44cfd116a5
|
|
7
|
+
data.tar.gz: c7f37479606d260d9ae764558e4430067bdab0ef2cfd0d60735f9a4323f5cb70da77a8806b9299a9ac37fece8ad1477a58742f6f9d5278db7b9f7d8f864068a8
|
data/.gitignore
CHANGED
data/Changelog.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
# 0.6.0
|
|
2
|
+
* Supplier issuer to service token client
|
|
3
|
+
|
|
4
|
+
# 0.5.0
|
|
5
|
+
* Do not base64 decode private key
|
|
6
|
+
|
|
7
|
+
# 0.4.0
|
|
8
|
+
* Generate the access token
|
|
9
|
+
|
|
10
|
+
# 0.3.0
|
|
11
|
+
* Request non cached version of public key if first validition fails
|
|
12
|
+
|
|
13
|
+
# v0.2.2
|
|
14
|
+
* Add token not present exception when token is empty
|
|
15
|
+
|
|
1
16
|
# v0.2.1
|
|
2
17
|
* Add better error messages
|
|
3
18
|
|
data/README.md
CHANGED
|
@@ -25,6 +25,16 @@ Fb::Jwt::Auth.configure do |config|
|
|
|
25
25
|
config.service_token_cache_root_url = ENV['SERVICE_TOKEN_CACHE_ROOT_URL']
|
|
26
26
|
end
|
|
27
27
|
```
|
|
28
|
+
In order to generate the service access token we need to use `Fb::Jwt::Auth::ServiceAccessToken.new.generate` or if you require a subject, `Fb::Jwt::Auth::ServiceAccessToken.new(subject: subject).generate`
|
|
29
|
+
|
|
30
|
+
In the case you need to configure the service access token as a client
|
|
31
|
+
```ruby
|
|
32
|
+
Fb::Jwt::Auth.configure do |config|
|
|
33
|
+
config.issuer = 'fb-editor'
|
|
34
|
+
config.namespace = 'formbuilder-saas-test'
|
|
35
|
+
config.encoded_private_key = 'base64 encoded private key'
|
|
36
|
+
end
|
|
37
|
+
```
|
|
28
38
|
|
|
29
39
|
### Using other endpoint versions
|
|
30
40
|
|
data/lib/fb/jwt/auth.rb
CHANGED
|
@@ -1,18 +1,23 @@
|
|
|
1
1
|
require 'fb/jwt/auth/version'
|
|
2
2
|
require 'openssl'
|
|
3
3
|
require 'jwt'
|
|
4
|
-
require 'active_support/
|
|
4
|
+
require 'active_support/all'
|
|
5
5
|
|
|
6
6
|
module Fb
|
|
7
7
|
module Jwt
|
|
8
8
|
class Auth
|
|
9
|
-
cattr_accessor :service_token_cache_root_url,
|
|
9
|
+
cattr_accessor :service_token_cache_root_url,
|
|
10
|
+
:service_token_cache_api_version,
|
|
11
|
+
:encoded_private_key,
|
|
12
|
+
:issuer,
|
|
13
|
+
:namespace
|
|
10
14
|
|
|
11
15
|
def self.configure(&block)
|
|
12
16
|
yield self
|
|
13
17
|
end
|
|
14
18
|
|
|
15
19
|
autoload :ServiceTokenClient, 'fb/jwt/auth/service_token_client'
|
|
20
|
+
autoload :ServiceAccessToken, 'fb/jwt/auth/service_access_token'
|
|
16
21
|
|
|
17
22
|
class TokenNotPresentError < StandardError
|
|
18
23
|
end
|
|
@@ -39,13 +44,12 @@ module Fb
|
|
|
39
44
|
end
|
|
40
45
|
|
|
41
46
|
def verify!
|
|
42
|
-
raise TokenNotPresentError.new('Token is not present') if token.
|
|
47
|
+
raise TokenNotPresentError.new('Token is not present') if token.blank?
|
|
43
48
|
|
|
44
49
|
application_details = find_application_info
|
|
45
50
|
|
|
46
51
|
begin
|
|
47
|
-
|
|
48
|
-
payload, _header = decode(hmac_secret: hmac_secret)
|
|
52
|
+
payload, _header = retrieve_and_decode_public_key(application_details)
|
|
49
53
|
rescue StandardError => e
|
|
50
54
|
error_message = "Token is not valid: error #{e}"
|
|
51
55
|
logger.debug(error_message)
|
|
@@ -67,6 +71,15 @@ module Fb
|
|
|
67
71
|
payload
|
|
68
72
|
end
|
|
69
73
|
|
|
74
|
+
def retrieve_and_decode_public_key(application_details)
|
|
75
|
+
hmac_secret = public_key(application_details)
|
|
76
|
+
decode(hmac_secret: hmac_secret)
|
|
77
|
+
rescue JWT::VerificationError
|
|
78
|
+
logger.debug('First validation failed. Requesting non cached public key')
|
|
79
|
+
hmac_secret = public_key(application_details.merge(ignore_cache: true))
|
|
80
|
+
decode(hmac_secret: hmac_secret)
|
|
81
|
+
end
|
|
82
|
+
|
|
70
83
|
def decode(verify: true, hmac_secret: nil)
|
|
71
84
|
JWT.decode(
|
|
72
85
|
token,
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
module Fb
|
|
2
|
+
module Jwt
|
|
3
|
+
class Auth
|
|
4
|
+
class ServiceAccessToken
|
|
5
|
+
attr_reader :encoded_private_key,
|
|
6
|
+
:issuer,
|
|
7
|
+
:subject,
|
|
8
|
+
:namespace
|
|
9
|
+
|
|
10
|
+
def initialize(subject: nil, issuer: nil)
|
|
11
|
+
@subject = subject
|
|
12
|
+
@encoded_private_key = Fb::Jwt::Auth.encoded_private_key
|
|
13
|
+
@namespace = Fb::Jwt::Auth.namespace
|
|
14
|
+
@issuer = issuer || Fb::Jwt::Auth.issuer
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def generate
|
|
18
|
+
return '' if encoded_private_key.blank?
|
|
19
|
+
|
|
20
|
+
private_key = OpenSSL::PKey::RSA.new(encoded_private_key.chomp)
|
|
21
|
+
|
|
22
|
+
JWT.encode(
|
|
23
|
+
token,
|
|
24
|
+
private_key,
|
|
25
|
+
'RS256'
|
|
26
|
+
)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def token
|
|
32
|
+
payload = {
|
|
33
|
+
iss: issuer,
|
|
34
|
+
iat: Time.current.to_i
|
|
35
|
+
}
|
|
36
|
+
payload[:sub] = subject if subject.present?
|
|
37
|
+
payload[:namespace] = namespace if namespace.present?
|
|
38
|
+
payload
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -12,9 +12,10 @@ class Fb::Jwt::Auth::ServiceTokenClient
|
|
|
12
12
|
|
|
13
13
|
attr_accessor :application, :namespace, :root_url, :api_version
|
|
14
14
|
|
|
15
|
-
def initialize(application:, namespace: nil)
|
|
15
|
+
def initialize(application:, namespace: nil, ignore_cache: false)
|
|
16
16
|
@application = application
|
|
17
17
|
@namespace = namespace
|
|
18
|
+
@ignore_cache = ignore_cache
|
|
18
19
|
@root_url = Fb::Jwt::Auth.service_token_cache_root_url
|
|
19
20
|
@api_version = Fb::Jwt::Auth.service_token_cache_api_version || :v2
|
|
20
21
|
end
|
|
@@ -38,8 +39,14 @@ class Fb::Jwt::Auth::ServiceTokenClient
|
|
|
38
39
|
|
|
39
40
|
private
|
|
40
41
|
|
|
42
|
+
attr_reader :ignore_cache
|
|
43
|
+
|
|
41
44
|
def public_key_uri
|
|
42
|
-
URI.join(root_url, version_url)
|
|
45
|
+
URI.join(root_url, "#{version_url}#{query_param}")
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def query_param
|
|
49
|
+
ignore_cache ? '?ignore_cache=true' : ''
|
|
43
50
|
end
|
|
44
51
|
|
|
45
52
|
def version_url
|
data/lib/fb/jwt/auth/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fb-jwt-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Form builder developers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -73,6 +73,7 @@ files:
|
|
|
73
73
|
- bin/setup
|
|
74
74
|
- fb-jwt-auth.gemspec
|
|
75
75
|
- lib/fb/jwt/auth.rb
|
|
76
|
+
- lib/fb/jwt/auth/service_access_token.rb
|
|
76
77
|
- lib/fb/jwt/auth/service_token_client.rb
|
|
77
78
|
- lib/fb/jwt/auth/version.rb
|
|
78
79
|
homepage: https://github.com/ministryofjustice/fb-jwt-auth
|