google-id-token 1.2.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google-id-token.rb +20 -14
- metadata +19 -18
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 65d747323f11a45f8a50cf6a4fc7c08de0bba49a
|
|
4
|
+
data.tar.gz: aee5256465f70b690d83fcaee93a0036e3444e7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5cf39a389110be3cdd99482fcb25840d7fcb8de85569a91eba39e54d83dc321ea9a64e162fd7f8b081ce50a82b799ad8ec0229a4d9cbd89faab323efbb10f901
|
|
7
|
+
data.tar.gz: df6376c1d08aee4f11943920d56ba358293991302747ba5b45a238e654ce0b8bf108b09aefb05d6f4fa71c3c985070359120830e0ab259d50389e2bc1ccf094c
|
data/lib/google-id-token.rb
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
# you may not use this file except in compliance with the License.
|
|
6
6
|
# You may obtain a copy of the License at
|
|
7
|
-
#
|
|
7
|
+
#
|
|
8
8
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
9
9
|
#
|
|
10
10
|
# Unless required by applicable law or agreed to in writing, software
|
|
@@ -47,7 +47,7 @@ module GoogleIDToken
|
|
|
47
47
|
@certs_mode = :old_skool
|
|
48
48
|
@certs = {}
|
|
49
49
|
end
|
|
50
|
-
|
|
50
|
+
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
##
|
|
@@ -89,34 +89,40 @@ module GoogleIDToken
|
|
|
89
89
|
end
|
|
90
90
|
end
|
|
91
91
|
end
|
|
92
|
-
|
|
92
|
+
|
|
93
93
|
private
|
|
94
94
|
|
|
95
95
|
# tries to validate the token against each cached cert.
|
|
96
96
|
# Returns :valid (sets @token) or :problem (sets @problem) or
|
|
97
97
|
# nil, which means none of the certs validated.
|
|
98
98
|
def check_cached_certs(token, aud, cid)
|
|
99
|
-
@problem = @token = nil
|
|
99
|
+
@problem = @token = @tokens = nil
|
|
100
100
|
|
|
101
101
|
# find first public key that validates this token
|
|
102
102
|
@certs.detect do |key, cert|
|
|
103
103
|
begin
|
|
104
104
|
public_key = cert.public_key
|
|
105
|
-
@
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
105
|
+
@tokens = JWT.decode(token, public_key, !!public_key)
|
|
106
|
+
@tokens.each do |currtoken|
|
|
107
|
+
# in Feb 2013, the 'cid' claim became the 'azp' claim per changes
|
|
108
|
+
# in the OIDC draft. At some future point we can go all-azp, but
|
|
109
|
+
# this should keep everything running for a while
|
|
110
|
+
if currtoken['azp']
|
|
111
|
+
currtoken['cid'] = currtoken['azp']
|
|
112
|
+
if(currtoken.has_key?('aud') && (currtoken['aud'] == aud) &&
|
|
113
|
+
currtoken.has_key?('cid') && (currtoken['cid'] == cid))
|
|
114
|
+
# If we find a valid token, save it for further verification.
|
|
115
|
+
@token = currtoken
|
|
116
|
+
end
|
|
117
|
+
elsif currtoken['cid']
|
|
118
|
+
currtoken['azp'] = currtoken['cid']
|
|
119
|
+
end
|
|
114
120
|
end
|
|
115
121
|
rescue JWT::DecodeError
|
|
116
122
|
nil # go on, try the next cert
|
|
117
123
|
end
|
|
118
124
|
end
|
|
119
|
-
|
|
125
|
+
|
|
120
126
|
if @token
|
|
121
127
|
if !(@token.has_key?('aud') && (@token['aud'] == aud))
|
|
122
128
|
@problem = 'Token audience mismatch'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-id-token
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tim Bray
|
|
@@ -9,90 +9,90 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2015-12-11 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: multi_json
|
|
16
16
|
requirement: !ruby/object:Gem::Requirement
|
|
17
17
|
requirements:
|
|
18
|
-
- -
|
|
18
|
+
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
20
|
version: '0'
|
|
21
21
|
type: :runtime
|
|
22
22
|
prerelease: false
|
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
24
|
requirements:
|
|
25
|
-
- -
|
|
25
|
+
- - ">="
|
|
26
26
|
- !ruby/object:Gem::Version
|
|
27
27
|
version: '0'
|
|
28
28
|
- !ruby/object:Gem::Dependency
|
|
29
29
|
name: jwt
|
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
|
31
31
|
requirements:
|
|
32
|
-
- -
|
|
32
|
+
- - ">="
|
|
33
33
|
- !ruby/object:Gem::Version
|
|
34
34
|
version: '0'
|
|
35
35
|
type: :runtime
|
|
36
36
|
prerelease: false
|
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
|
38
38
|
requirements:
|
|
39
|
-
- -
|
|
39
|
+
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
42
|
- !ruby/object:Gem::Dependency
|
|
43
43
|
name: fakeweb
|
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
|
45
45
|
requirements:
|
|
46
|
-
- -
|
|
46
|
+
- - ">="
|
|
47
47
|
- !ruby/object:Gem::Version
|
|
48
48
|
version: '0'
|
|
49
49
|
type: :development
|
|
50
50
|
prerelease: false
|
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
|
52
52
|
requirements:
|
|
53
|
-
- -
|
|
53
|
+
- - ">="
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
55
|
version: '0'
|
|
56
56
|
- !ruby/object:Gem::Dependency
|
|
57
57
|
name: rake
|
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
|
59
59
|
requirements:
|
|
60
|
-
- -
|
|
60
|
+
- - ">="
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: '0'
|
|
63
63
|
type: :development
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
|
-
- -
|
|
67
|
+
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
69
|
version: '0'
|
|
70
70
|
- !ruby/object:Gem::Dependency
|
|
71
71
|
name: rspec
|
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
|
73
73
|
requirements:
|
|
74
|
-
- -
|
|
74
|
+
- - ">="
|
|
75
75
|
- !ruby/object:Gem::Version
|
|
76
76
|
version: '0'
|
|
77
77
|
type: :development
|
|
78
78
|
prerelease: false
|
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
|
81
|
-
- -
|
|
81
|
+
- - ">="
|
|
82
82
|
- !ruby/object:Gem::Version
|
|
83
83
|
version: '0'
|
|
84
84
|
- !ruby/object:Gem::Dependency
|
|
85
85
|
name: openssl
|
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
|
87
87
|
requirements:
|
|
88
|
-
- -
|
|
88
|
+
- - ">="
|
|
89
89
|
- !ruby/object:Gem::Version
|
|
90
90
|
version: '0'
|
|
91
91
|
type: :development
|
|
92
92
|
prerelease: false
|
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
|
94
94
|
requirements:
|
|
95
|
-
- -
|
|
95
|
+
- - ">="
|
|
96
96
|
- !ruby/object:Gem::Version
|
|
97
97
|
version: '0'
|
|
98
98
|
description: Google ID Token utilities; currently just a parser/checker
|
|
@@ -103,8 +103,9 @@ extra_rdoc_files: []
|
|
|
103
103
|
files:
|
|
104
104
|
- README.rdoc
|
|
105
105
|
- lib/google-id-token.rb
|
|
106
|
-
homepage: https://
|
|
107
|
-
licenses:
|
|
106
|
+
homepage: https://github.com/google/google-id-token/
|
|
107
|
+
licenses:
|
|
108
|
+
- Apache-2.0
|
|
108
109
|
metadata: {}
|
|
109
110
|
post_install_message:
|
|
110
111
|
rdoc_options: []
|
|
@@ -112,12 +113,12 @@ require_paths:
|
|
|
112
113
|
- lib
|
|
113
114
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
114
115
|
requirements:
|
|
115
|
-
- -
|
|
116
|
+
- - ">="
|
|
116
117
|
- !ruby/object:Gem::Version
|
|
117
118
|
version: '0'
|
|
118
119
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
119
120
|
requirements:
|
|
120
|
-
- -
|
|
121
|
+
- - ">="
|
|
121
122
|
- !ruby/object:Gem::Version
|
|
122
123
|
version: '0'
|
|
123
124
|
requirements: []
|