jwt 2.10.2 → 3.0.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +23 -4
- data/README.md +44 -54
- data/UPGRADING.md +46 -0
- data/lib/jwt/base64.rb +1 -10
- data/lib/jwt/claims/numeric.rb +0 -32
- data/lib/jwt/claims.rb +0 -7
- data/lib/jwt/configuration/container.rb +0 -1
- data/lib/jwt/decode.rb +5 -8
- data/lib/jwt/encoded_token.rb +71 -4
- data/lib/jwt/jwa/ecdsa.rb +3 -7
- data/lib/jwt/jwa/hmac.rb +0 -4
- data/lib/jwt/jwa/ps.rb +1 -0
- data/lib/jwt/jwa/rsa.rb +4 -3
- data/lib/jwt/jwa/signing_algorithm.rb +0 -1
- data/lib/jwt/jwa.rb +1 -26
- data/lib/jwt/jwk/ec.rb +0 -4
- data/lib/jwt/jwk/hmac.rb +2 -2
- data/lib/jwt/jwk/key_finder.rb +14 -1
- data/lib/jwt/jwk/rsa.rb +3 -0
- data/lib/jwt/jwk.rb +0 -1
- data/lib/jwt/token.rb +22 -3
- data/lib/jwt/version.rb +5 -21
- data/lib/jwt.rb +1 -7
- data/ruby-jwt.gemspec +0 -1
- metadata +5 -28
- data/lib/jwt/claims/verification_methods.rb +0 -20
- data/lib/jwt/claims_validator.rb +0 -18
- data/lib/jwt/deprecations.rb +0 -49
- data/lib/jwt/jwa/compat.rb +0 -32
- data/lib/jwt/jwa/eddsa.rb +0 -35
- data/lib/jwt/jwa/hmac_rbnacl.rb +0 -50
- data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +0 -47
- data/lib/jwt/jwa/wrapper.rb +0 -44
- data/lib/jwt/jwk/okp_rbnacl.rb +0 -109
- data/lib/jwt/verify.rb +0 -40
data/lib/jwt/jwk/okp_rbnacl.rb
DELETED
|
@@ -1,109 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module JWT
|
|
4
|
-
module JWK
|
|
5
|
-
# JSON Web Key (JWK) representation for Ed25519 keys
|
|
6
|
-
class OKPRbNaCl < KeyBase
|
|
7
|
-
KTY = 'OKP'
|
|
8
|
-
KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
|
|
9
|
-
OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
|
|
10
|
-
OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
|
|
11
|
-
|
|
12
|
-
def initialize(key, params = nil, options = {})
|
|
13
|
-
params ||= {}
|
|
14
|
-
Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
|
|
15
|
-
# For backwards compatibility when kid was a String
|
|
16
|
-
params = { kid: params } if params.is_a?(String)
|
|
17
|
-
|
|
18
|
-
key_params = extract_key_params(key)
|
|
19
|
-
|
|
20
|
-
params = params.transform_keys(&:to_sym)
|
|
21
|
-
check_jwk_params!(key_params, params)
|
|
22
|
-
super(options, key_params.merge(params))
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def verify_key
|
|
26
|
-
return @verify_key if defined?(@verify_key)
|
|
27
|
-
|
|
28
|
-
@verify_key = verify_key_from_parameters
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
def signing_key
|
|
32
|
-
return @signing_key if defined?(@signing_key)
|
|
33
|
-
|
|
34
|
-
@signing_key = signing_key_from_parameters
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def key_digest
|
|
38
|
-
Thumbprint.new(self).to_s
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
def private?
|
|
42
|
-
!signing_key.nil?
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def members
|
|
46
|
-
OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
def export(options = {})
|
|
50
|
-
exported = parameters.clone
|
|
51
|
-
exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
|
|
52
|
-
exported
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
private
|
|
56
|
-
|
|
57
|
-
def extract_key_params(key)
|
|
58
|
-
case key
|
|
59
|
-
when JWT::JWK::KeyBase
|
|
60
|
-
key.export(include_private: true)
|
|
61
|
-
when RbNaCl::Signatures::Ed25519::SigningKey
|
|
62
|
-
@signing_key = key
|
|
63
|
-
@verify_key = key.verify_key
|
|
64
|
-
parse_okp_key_params(@verify_key, @signing_key)
|
|
65
|
-
when RbNaCl::Signatures::Ed25519::VerifyKey
|
|
66
|
-
@signing_key = nil
|
|
67
|
-
@verify_key = key
|
|
68
|
-
parse_okp_key_params(@verify_key)
|
|
69
|
-
when Hash
|
|
70
|
-
key.transform_keys(&:to_sym)
|
|
71
|
-
else
|
|
72
|
-
raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
|
|
76
|
-
def check_jwk_params!(key_params, _given_params)
|
|
77
|
-
raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
|
|
78
|
-
end
|
|
79
|
-
|
|
80
|
-
def parse_okp_key_params(verify_key, signing_key = nil)
|
|
81
|
-
params = {
|
|
82
|
-
kty: KTY,
|
|
83
|
-
crv: 'Ed25519',
|
|
84
|
-
x: ::JWT::Base64.url_encode(verify_key.to_bytes)
|
|
85
|
-
}
|
|
86
|
-
|
|
87
|
-
params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
|
|
88
|
-
|
|
89
|
-
params
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
def verify_key_from_parameters
|
|
93
|
-
RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
def signing_key_from_parameters
|
|
97
|
-
return nil unless self[:d]
|
|
98
|
-
|
|
99
|
-
RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
|
|
100
|
-
end
|
|
101
|
-
|
|
102
|
-
class << self
|
|
103
|
-
def import(jwk_data)
|
|
104
|
-
new(jwk_data)
|
|
105
|
-
end
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
|
-
end
|
|
109
|
-
end
|
data/lib/jwt/verify.rb
DELETED
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative 'error'
|
|
4
|
-
|
|
5
|
-
module JWT
|
|
6
|
-
# @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
|
|
7
|
-
class Verify
|
|
8
|
-
DEFAULTS = { leeway: 0 }.freeze
|
|
9
|
-
METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
|
|
10
|
-
|
|
11
|
-
private_constant(:DEFAULTS, :METHODS)
|
|
12
|
-
class << self
|
|
13
|
-
METHODS.each do |method_name|
|
|
14
|
-
define_method(method_name) do |payload, options|
|
|
15
|
-
new(payload, options).send(method_name)
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
# @deprecated This method is deprecated and will be removed in the next major version of ruby-jwt.
|
|
20
|
-
def verify_claims(payload, options)
|
|
21
|
-
Deprecations.warning('The ::JWT::Verify.verify_claims method is deprecated and will be removed in the next major version of ruby-jwt')
|
|
22
|
-
::JWT::Claims.verify!(payload, options)
|
|
23
|
-
true
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
# @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
|
|
28
|
-
def initialize(payload, options)
|
|
29
|
-
Deprecations.warning('The ::JWT::Verify class is deprecated and will be removed in the next major version of ruby-jwt')
|
|
30
|
-
@payload = payload
|
|
31
|
-
@options = DEFAULTS.merge(options)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
METHODS.each do |method_name|
|
|
35
|
-
define_method(method_name) do
|
|
36
|
-
::JWT::Claims.verify!(@payload, @options.merge(method_name => true))
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|