jwt_signed_request 1.0.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 427fe8633c579541cd1e42bdf573b3e3d4017ad0
-  data.tar.gz: 393611e2bd664892a8485c9a012ed6640b4c2f04
+  metadata.gz: 63ee8746247f0608359ddce429288ffdc221c557
+  data.tar.gz: 287faa1a7791c0dbe34594b18f64107ac55b52d0
 SHA512:
-  metadata.gz: '0081e1187e16f6e38a8ef7dbe0acd95388c4111f0097acea9319b9b271e88d6ddcc882513b9945eb469d0ce3d5644829d12cbd7f49181fc67d5de1d6e5551c98'
-  data.tar.gz: c5020b652569207bfe5bd9f8c40cc28f04f646003c8bd57f5133202f17d99d9ac6fe7895da978c3ef3a774e48473d772aaa77d043184f795e8d130700e8c3269
+  metadata.gz: 585079a4bde041f67d87d0209d18bdc3912b9d282947b3d258c02ae152beabc85bd7da6306b5ddb657e7f9f0f7432f833aa455f3817d1737eac67648798e6290
+  data.tar.gz: 6e08fcfcb59f449c7745c0d4b17ad16b316edfb0db78e1fea73bb0ff7abaea047ca9e2fe66b6a7637601655ca8faae34d472e1a7fe2a7c6ba3d3fdd2eef1086a

data/README.md

@@ -136,6 +136,14 @@ exDdlmXEjHYaixzYIduluGXd3cjg4H2gjqsY/NCpJ9nM8/AAINSrq+qPuA==
 end
 ```
 
+### Increasing Expiry leeway
+
+JWT tokens contain an expiry timestamp. If communication delays are large (or system clocks are sufficiently out of synch), you may need to increase the 'leeway' when verifying. For example:
+
+```ruby
+  JWTSignedRequest.verify(request: request, secret_key: 'my_public_key', leeway: 55)
+```
+
 ## Using Rack Middleware
 
 ```ruby

data/lib/jwt_signed_request.rb

@@ -11,7 +11,11 @@ module JWTSignedRequest
   JWTDecodeError = Class.new(UnauthorizedRequestError)
   RequestVerificationFailedError = Class.new(UnauthorizedRequestError)
 
-  def self.sign(method:, path:, body: EMPTY_BODY, headers:, secret_key:, algorithm: DEFAULT_ALGORITHM, key_id: nil, issuer: nil, additional_headers_to_sign: Claims::EMPTY_HEADERS)
+  def self.sign(method:, path:,
+                body: EMPTY_BODY, headers:,
+                secret_key:, algorithm: DEFAULT_ALGORITHM,
+                key_id: nil, issuer: nil,
+                additional_headers_to_sign: Claims::EMPTY_HEADERS)
     additional_jwt_headers = key_id ? {kid: key_id} : {}
     JWT.encode(
       Claims.generate(
@@ -28,16 +32,24 @@ module JWTSignedRequest
     )
   end
 
-  def self.verify(request:, secret_key:, algorithm: nil)
+  def self.verify(request:, secret_key:, algorithm: nil, leeway: nil)
+    # TODO: algorithm is deprecated and will be removed in future
+    verify = true
+    options = {}
+    if leeway
+      # TODO: Once JWT v2.0.0 has been released, we should upgrade to it and start using `exp_leeway` instead
+      #  'leeway' will still work, but 'exp_leeway' is more explicit and is the documented way to do it.
+      #  see https://github.com/jwt/ruby-jwt/pull/187
+      options[:leeway] = leeway.to_i
+    end
     jwt_token = Headers.fetch('Authorization', request)
-    algorithm ||= DEFAULT_ALGORITHM
 
     if jwt_token.nil?
       raise MissingAuthorizationHeaderError, "Missing Authorization header in the request"
     end
 
     begin
-      claims = JWT.decode(jwt_token, secret_key, algorithm)[0]
+      claims = JWT.decode(jwt_token, secret_key, verify, options)[0]
       unless verified_request?(request: request, claims: claims)
         raise RequestVerificationFailedError, "Request failed verification"
       end

data/lib/jwt_signed_request/version.rb

@@ -1,3 +1,3 @@
 module JWTSignedRequest
-  VERSION = "1.0.2".freeze
+  VERSION = "1.2.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt_signed_request
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Toan Nguyen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-04 00:00:00.000000000 Z
+date: 2017-03-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: JWT request signing and verification for Internal APIs