google-id-token 1.2.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google-id-token.rb +20 -14
- metadata +19 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 65d747323f11a45f8a50cf6a4fc7c08de0bba49a
|
|
4
|
+
data.tar.gz: aee5256465f70b690d83fcaee93a0036e3444e7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5cf39a389110be3cdd99482fcb25840d7fcb8de85569a91eba39e54d83dc321ea9a64e162fd7f8b081ce50a82b799ad8ec0229a4d9cbd89faab323efbb10f901
|
|
7
|
+
data.tar.gz: df6376c1d08aee4f11943920d56ba358293991302747ba5b45a238e654ce0b8bf108b09aefb05d6f4fa71c3c985070359120830e0ab259d50389e2bc1ccf094c
|
data/lib/google-id-token.rb
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
# you may not use this file except in compliance with the License.
|
|
6
6
|
# You may obtain a copy of the License at
|
|
7
|
-
#
|
|
7
|
+
#
|
|
8
8
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
9
9
|
#
|
|
10
10
|
# Unless required by applicable law or agreed to in writing, software
|
|
@@ -47,7 +47,7 @@ module GoogleIDToken
|
|
|
47
47
|
@certs_mode = :old_skool
|
|
48
48
|
@certs = {}
|
|
49
49
|
end
|
|
50
|
-
|
|
50
|
+
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
##
|
|
@@ -89,34 +89,40 @@ module GoogleIDToken
|
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
|
-
|
|
92
|
+
|
|
93
93
|
private
|
|
94
94
|
|
|
95
95
|
# tries to validate the token against each cached cert.
|
|
96
96
|
# Returns :valid (sets @token) or :problem (sets @problem) or
|
|
97
97
|
# nil, which means none of the certs validated.
|
|
98
98
|
def check_cached_certs(token, aud, cid)
|
|
99
|
-
@problem = @token = nil
|
|
99
|
+
@problem = @token = @tokens = nil
|
|
100
100
|
|
|
101
101
|
# find first public key that validates this token
|
|
102
102
|
@certs.detect do |key, cert|
|
|
103
103
|
begin
|
|
104
104
|
public_key = cert.public_key
|
|
105
|
-
@
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
105
|
+
@tokens = JWT.decode(token, public_key, !!public_key)
|
|
106
|
+
@tokens.each do |currtoken|
|
|
107
|
+
# in Feb 2013, the 'cid' claim became the 'azp' claim per changes
|
|
108
|
+
# in the OIDC draft. At some future point we can go all-azp, but
|
|
109
|
+
# this should keep everything running for a while
|
|
110
|
+
if currtoken['azp']
|
|
111
|
+
currtoken['cid'] = currtoken['azp']
|
|
112
|
+
if(currtoken.has_key?('aud') && (currtoken['aud'] == aud) &&
|
|
113
|
+
currtoken.has_key?('cid') && (currtoken['cid'] == cid))
|
|
114
|
+
# If we find a valid token, save it for further verification.
|
|
115
|
+
@token = currtoken
|
|
116
|
+
end
|
|
117
|
+
elsif currtoken['cid']
|
|
118
|
+
currtoken['azp'] = currtoken['cid']
|
|
119
|
+
end
|
|
114
120
|
end
|
|
115
121
|
rescue JWT::DecodeError
|
|
116
122
|
nil # go on, try the next cert
|
|
117
123
|
end
|
|
118
124
|
end
|
|
119
|
-
|
|
125
|
+
|
|
120
126
|
if @token
|
|
121
127
|
if !(@token.has_key?('aud') && (@token['aud'] == aud))
|
|
122
128
|
@problem = 'Token audience mismatch'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-id-token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Bray
|
|
@@ -9,90 +9,90 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2015-12-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: multi_json
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
|
-
- -
|
|
18
|
+
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
20
|
version: '0'
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
|
-
- -
|
|
25
|
+
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
27
|
version: '0'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: jwt
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- -
|
|
32
|
+
- - ">="
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
34
|
version: '0'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- -
|
|
39
|
+
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: fakeweb
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
45
45
|
requirements:
|
|
46
|
-
- -
|
|
46
|
+
- - ">="
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
48
|
version: '0'
|
|
49
49
|
type: :development
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
|
-
- -
|
|
53
|
+
- - ">="
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
55
|
version: '0'
|
|
56
56
|
- !ruby/object:Gem::Dependency
|
|
57
57
|
name: rake
|
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
|
59
59
|
requirements:
|
|
60
|
-
- -
|
|
60
|
+
- - ">="
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: '0'
|
|
63
63
|
type: :development
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
|
-
- -
|
|
67
|
+
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
69
|
version: '0'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
71
|
name: rspec
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
73
73
|
requirements:
|
|
74
|
-
- -
|
|
74
|
+
- - ">="
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: '0'
|
|
77
77
|
type: :development
|
|
78
78
|
prerelease: false
|
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
|
-
- -
|
|
81
|
+
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
83
|
version: '0'
|
|
84
84
|
- !ruby/object:Gem::Dependency
|
|
85
85
|
name: openssl
|
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
|
87
87
|
requirements:
|
|
88
|
-
- -
|
|
88
|
+
- - ">="
|
|
89
89
|
- !ruby/object:Gem::Version
|
|
90
90
|
version: '0'
|
|
91
91
|
type: :development
|
|
92
92
|
prerelease: false
|
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
|
94
94
|
requirements:
|
|
95
|
-
- -
|
|
95
|
+
- - ">="
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
97
|
version: '0'
|
|
98
98
|
description: Google ID Token utilities; currently just a parser/checker
|
|
@@ -103,8 +103,9 @@ extra_rdoc_files: []
|
|
|
103
103
|
files:
|
|
104
104
|
- README.rdoc
|
|
105
105
|
- lib/google-id-token.rb
|
|
106
|
-
homepage: https://
|
|
107
|
-
licenses:
|
|
106
|
+
homepage: https://github.com/google/google-id-token/
|
|
107
|
+
licenses:
|
|
108
|
+
- Apache-2.0
|
|
108
109
|
metadata: {}
|
|
109
110
|
post_install_message:
|
|
110
111
|
rdoc_options: []
|
|
@@ -112,12 +113,12 @@ require_paths:
|
|
|
112
113
|
- lib
|
|
113
114
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
114
115
|
requirements:
|
|
115
|
-
- -
|
|
116
|
+
- - ">="
|
|
116
117
|
- !ruby/object:Gem::Version
|
|
117
118
|
version: '0'
|
|
118
119
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
119
120
|
requirements:
|
|
120
|
-
- -
|
|
121
|
+
- - ">="
|
|
121
122
|
- !ruby/object:Gem::Version
|
|
122
123
|
version: '0'
|
|
123
124
|
requirements: []
|