json-jwt 1.2.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of json-jwt might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/json/jws.rb +10 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c3ab6ed0771c53b02dec00aeaeba90587345d6b6
|
4
|
+
data.tar.gz: 487f5389dd2e3591344735f5a2d51ba73b4dcea8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e8dcc581bc77d01c02f44f5f22e5620f41c4d06028e934dddee955b6fe3d8c29795238be515c96a06d9a32779cae3926f85274199ed5db104c30df3f95ad3beb
|
7
|
+
data.tar.gz: 0f2a3b0c5352c016514600668100ddf6bc86dc521848fe6d2ccf689f99cb13fcee9498e578f3fe882bd7de6549164887a5094358e3246945f1e81cbf8d9b89c3
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.1
|
data/lib/json/jws.rb
CHANGED
@@ -100,6 +100,16 @@ module JSON
|
|
100
100
|
end
|
101
101
|
|
102
102
|
def valid?(signature_base_string, public_key_or_secret)
|
103
|
+
public_key_or_secret = case public_key_or_secret
|
104
|
+
when JSON::JWK
|
105
|
+
public_key_or_secret.to_key
|
106
|
+
when JSON::JWK::Set
|
107
|
+
public_key_or_secret.detect do |jwk|
|
108
|
+
jwk[:kid] && jwk[:kid] == header[:kid]
|
109
|
+
end.try(:to_key)
|
110
|
+
else
|
111
|
+
public_key_or_secret
|
112
|
+
end
|
103
113
|
case
|
104
114
|
when hmac?
|
105
115
|
secure_compare sign(signature_base_string, public_key_or_secret), signature
|