iap-jwt-assertion 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/iap_jwt_assertion.rb +59 -0
  3. metadata +57 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: f92e00d10a48d3cc3accc01e5ec87ed669b792d2acbae3ee1a5659b7b54909cf
4
+ data.tar.gz: 327b5e961e2fc7b1a4dd0919659c5ab44053cd1feaf1cdb88c8cf56ade9992be
5
+ SHA512:
6
+ metadata.gz: 77c266b5c5d30f1c33ba9be067d6f7f0c511351c55dd8ec72fca06fef915d7a042b661baffa50d41f8cfbdf904cf6c9ff324533b1858958d0d4edbdfb461f38f
7
+ data.tar.gz: f06836111caead675a8eac07c7fd4e1f7e4fd2b4ef09467ca20291fc7ef8eb972856a7372038fe556c1c0912218cd53751e5d78c9cbe707212051f59eaffe93d
data/lib/iap_jwt_assertion.rb ADDED
@@ -0,0 +1,59 @@
1
+ require 'net/http'
2
+ require 'json'
3
+ require 'jwt'
4
+
5
+ module IapJwtAssertion
6
+ ALGORITHM = 'ES256'
7
+ PUBLIC_KEYS_URL = 'https://www.gstatic.com/iap/verify/public_key'
8
+
9
+ module_function
10
+
11
+ def authenticate? token, aud:
12
+ kid = get_kid(token)
13
+ pubkey = get_key(kid)
14
+
15
+ begin
16
+ payload, header = JWT.decode(token, pubkey, true, {algorithm: ALGORITHM})
17
+
18
+ if payload['aud'] != aud
19
+ return false
20
+ end
21
+ rescue => e
22
+ return false
23
+ end
24
+
25
+ return true
26
+ end
27
+
28
+ def decode token
29
+ kid = get_kid(token)
30
+ pubkey = get_key(kid)
31
+
32
+ return JWT.decode(token, pubkey, false, {algorithm: ALGORITHM})
33
+ end
34
+
35
+ def get_kid token
36
+ payload, header = JWT.decode(token, nil, false)
37
+ return header['kid']
38
+ end
39
+
40
+ def get_key kid
41
+ if @public_keys.nil? || !@public_keys.has_key?(kid)
42
+ @public_keys = fetch_public_keys
43
+
44
+ if !@public_keys.has_key?(kid)
45
+ raise "kid was not found in the list of public keys."
46
+ end
47
+ end
48
+
49
+ return @public_keys[kid]
50
+ end
51
+
52
+ def fetch_public_keys
53
+ response = Net::HTTP.get(URI(PUBLIC_KEYS_URL))
54
+ response_hash = JSON.parse(response)
55
+ public_keys = response_hash.map {|kid, pubkey| [kid, OpenSSL::PKey::EC.new(pubkey)]}.to_h
56
+
57
+ return public_keys
58
+ end
59
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: iap-jwt-assertion
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - shinkbr
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2021-05-21 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: jwt
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '2.2'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.2'
27
+ description:
28
+ email: shinkbr@gmail.com
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - lib/iap_jwt_assertion.rb
34
+ homepage: https://rubygems.org/gems/iap-jwt-assertion
35
+ licenses:
36
+ - MIT
37
+ metadata: {}
38
+ post_install_message:
39
+ rdoc_options: []
40
+ require_paths:
41
+ - lib
42
+ required_ruby_version: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ">="
50
+ - !ruby/object:Gem::Version
51
+ version: '0'
52
+ requirements: []
53
+ rubygems_version: 3.1.2
54
+ signing_key:
55
+ specification_version: 4
56
+ summary: A Ruby gem for handling Google Identity Aware Proxy's signed JWT header.
57
+ test_files: []