jwt 2.9.3 → 3.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +108 -47
- data/CODE_OF_CONDUCT.md +14 -14
- data/CONTRIBUTING.md +9 -10
- data/README.md +273 -234
- data/UPGRADING.md +47 -0
- data/lib/jwt/base64.rb +4 -10
- data/lib/jwt/claims/audience.rb +10 -0
- data/lib/jwt/claims/crit.rb +35 -0
- data/lib/jwt/claims/decode_verifier.rb +3 -3
- data/lib/jwt/claims/expiration.rb +10 -0
- data/lib/jwt/claims/issued_at.rb +7 -0
- data/lib/jwt/claims/issuer.rb +10 -0
- data/lib/jwt/claims/jwt_id.rb +10 -0
- data/lib/jwt/claims/not_before.rb +10 -0
- data/lib/jwt/claims/numeric.rb +9 -19
- data/lib/jwt/claims/required.rb +10 -0
- data/lib/jwt/claims/subject.rb +10 -0
- data/lib/jwt/claims/verifier.rb +6 -7
- data/lib/jwt/claims.rb +4 -19
- data/lib/jwt/configuration/container.rb +20 -1
- data/lib/jwt/configuration/decode_configuration.rb +24 -0
- data/lib/jwt/configuration/jwk_configuration.rb +1 -0
- data/lib/jwt/configuration.rb +8 -0
- data/lib/jwt/decode.rb +42 -79
- data/lib/jwt/encode.rb +17 -56
- data/lib/jwt/encoded_token.rb +236 -0
- data/lib/jwt/error.rb +32 -1
- data/lib/jwt/json.rb +1 -1
- data/lib/jwt/jwa/ecdsa.rb +31 -13
- data/lib/jwt/jwa/hmac.rb +2 -7
- data/lib/jwt/jwa/none.rb +1 -0
- data/lib/jwt/jwa/ps.rb +3 -3
- data/lib/jwt/jwa/rsa.rb +6 -6
- data/lib/jwt/jwa/signing_algorithm.rb +3 -1
- data/lib/jwt/jwa/unsupported.rb +1 -0
- data/lib/jwt/jwa.rb +77 -24
- data/lib/jwt/jwk/ec.rb +54 -65
- data/lib/jwt/jwk/hmac.rb +5 -6
- data/lib/jwt/jwk/key_base.rb +16 -1
- data/lib/jwt/jwk/key_finder.rb +35 -8
- data/lib/jwt/jwk/kid_as_key_digest.rb +1 -0
- data/lib/jwt/jwk/rsa.rb +7 -4
- data/lib/jwt/jwk/set.rb +2 -0
- data/lib/jwt/jwk.rb +1 -1
- data/lib/jwt/token.rb +131 -0
- data/lib/jwt/version.rb +24 -19
- data/lib/jwt.rb +17 -7
- data/ruby-jwt.gemspec +2 -0
- metadata +36 -16
- data/lib/jwt/claims_validator.rb +0 -16
- data/lib/jwt/deprecations.rb +0 -48
- data/lib/jwt/jwa/compat.rb +0 -29
- data/lib/jwt/jwa/eddsa.rb +0 -34
- data/lib/jwt/jwa/hmac_rbnacl.rb +0 -49
- data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +0 -46
- data/lib/jwt/jwa/wrapper.rb +0 -43
- data/lib/jwt/jwk/okp_rbnacl.rb +0 -110
- data/lib/jwt/verify.rb +0 -34
data/lib/jwt/jwk/okp_rbnacl.rb
DELETED
|
@@ -1,110 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module JWT
|
|
4
|
-
module JWK
|
|
5
|
-
class OKPRbNaCl < KeyBase
|
|
6
|
-
KTY = 'OKP'
|
|
7
|
-
KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
|
|
8
|
-
OKP_PUBLIC_KEY_ELEMENTS = %i[kty n x].freeze
|
|
9
|
-
OKP_PRIVATE_KEY_ELEMENTS = %i[d].freeze
|
|
10
|
-
|
|
11
|
-
def initialize(key, params = nil, options = {})
|
|
12
|
-
params ||= {}
|
|
13
|
-
|
|
14
|
-
# For backwards compatibility when kid was a String
|
|
15
|
-
params = { kid: params } if params.is_a?(String)
|
|
16
|
-
|
|
17
|
-
key_params = extract_key_params(key)
|
|
18
|
-
|
|
19
|
-
params = params.transform_keys(&:to_sym)
|
|
20
|
-
check_jwk_params!(key_params, params)
|
|
21
|
-
super(options, key_params.merge(params))
|
|
22
|
-
end
|
|
23
|
-
|
|
24
|
-
def verify_key
|
|
25
|
-
return @verify_key if defined?(@verify_key)
|
|
26
|
-
|
|
27
|
-
@verify_key = verify_key_from_parameters
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def signing_key
|
|
31
|
-
return @signing_key if defined?(@signing_key)
|
|
32
|
-
|
|
33
|
-
@signing_key = signing_key_from_parameters
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
def key_digest
|
|
37
|
-
Thumbprint.new(self).to_s
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
def private?
|
|
41
|
-
!signing_key.nil?
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
def members
|
|
45
|
-
OKP_PUBLIC_KEY_ELEMENTS.each_with_object({}) { |i, h| h[i] = self[i] }
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
def export(options = {})
|
|
49
|
-
exported = parameters.clone
|
|
50
|
-
exported.reject! { |k, _| OKP_PRIVATE_KEY_ELEMENTS.include?(k) } unless private? && options[:include_private] == true
|
|
51
|
-
exported
|
|
52
|
-
end
|
|
53
|
-
|
|
54
|
-
private
|
|
55
|
-
|
|
56
|
-
def extract_key_params(key)
|
|
57
|
-
case key
|
|
58
|
-
when JWT::JWK::KeyBase
|
|
59
|
-
key.export(include_private: true)
|
|
60
|
-
when RbNaCl::Signatures::Ed25519::SigningKey
|
|
61
|
-
@signing_key = key
|
|
62
|
-
@verify_key = key.verify_key
|
|
63
|
-
parse_okp_key_params(@verify_key, @signing_key)
|
|
64
|
-
when RbNaCl::Signatures::Ed25519::VerifyKey
|
|
65
|
-
@signing_key = nil
|
|
66
|
-
@verify_key = key
|
|
67
|
-
parse_okp_key_params(@verify_key)
|
|
68
|
-
when Hash
|
|
69
|
-
key.transform_keys(&:to_sym)
|
|
70
|
-
else
|
|
71
|
-
raise ArgumentError, 'key must be of type RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey or Hash with key parameters'
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
def check_jwk_params!(key_params, _given_params)
|
|
76
|
-
raise JWT::JWKError, "Incorrect 'kty' value: #{key_params[:kty]}, expected #{KTY}" unless key_params[:kty] == KTY
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
def parse_okp_key_params(verify_key, signing_key = nil)
|
|
80
|
-
params = {
|
|
81
|
-
kty: KTY,
|
|
82
|
-
crv: 'Ed25519',
|
|
83
|
-
x: ::JWT::Base64.url_encode(verify_key.to_bytes)
|
|
84
|
-
}
|
|
85
|
-
|
|
86
|
-
if signing_key
|
|
87
|
-
params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes)
|
|
88
|
-
end
|
|
89
|
-
|
|
90
|
-
params
|
|
91
|
-
end
|
|
92
|
-
|
|
93
|
-
def verify_key_from_parameters
|
|
94
|
-
RbNaCl::Signatures::Ed25519::VerifyKey.new(::JWT::Base64.url_decode(self[:x]))
|
|
95
|
-
end
|
|
96
|
-
|
|
97
|
-
def signing_key_from_parameters
|
|
98
|
-
return nil unless self[:d]
|
|
99
|
-
|
|
100
|
-
RbNaCl::Signatures::Ed25519::SigningKey.new(::JWT::Base64.url_decode(self[:d]))
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
class << self
|
|
104
|
-
def import(jwk_data)
|
|
105
|
-
new(jwk_data)
|
|
106
|
-
end
|
|
107
|
-
end
|
|
108
|
-
end
|
|
109
|
-
end
|
|
110
|
-
end
|
data/lib/jwt/verify.rb
DELETED
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require_relative 'error'
|
|
4
|
-
|
|
5
|
-
module JWT
|
|
6
|
-
class Verify
|
|
7
|
-
DEFAULTS = { leeway: 0 }.freeze
|
|
8
|
-
METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
|
|
9
|
-
|
|
10
|
-
class << self
|
|
11
|
-
METHODS.each do |method_name|
|
|
12
|
-
define_method(method_name) do |payload, options|
|
|
13
|
-
new(payload, options).send(method_name)
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def verify_claims(payload, options)
|
|
18
|
-
::JWT::Claims.verify!(payload, options)
|
|
19
|
-
true
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def initialize(payload, options)
|
|
24
|
-
@payload = payload
|
|
25
|
-
@options = DEFAULTS.merge(options)
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
METHODS.each do |method_name|
|
|
29
|
-
define_method(method_name) do
|
|
30
|
-
::JWT::Claims.verify!(@payload, @options.merge(method_name => true))
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
end
|
|
34
|
-
end
|