jwt_signed_request 1.0.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +8 -0
- data/lib/jwt_signed_request.rb +16 -4
- data/lib/jwt_signed_request/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 63ee8746247f0608359ddce429288ffdc221c557
|
|
4
|
+
data.tar.gz: 287faa1a7791c0dbe34594b18f64107ac55b52d0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 585079a4bde041f67d87d0209d18bdc3912b9d282947b3d258c02ae152beabc85bd7da6306b5ddb657e7f9f0f7432f833aa455f3817d1737eac67648798e6290
|
|
7
|
+
data.tar.gz: 6e08fcfcb59f449c7745c0d4b17ad16b316edfb0db78e1fea73bb0ff7abaea047ca9e2fe66b6a7637601655ca8faae34d472e1a7fe2a7c6ba3d3fdd2eef1086a
|
data/README.md
CHANGED
|
@@ -136,6 +136,14 @@ exDdlmXEjHYaixzYIduluGXd3cjg4H2gjqsY/NCpJ9nM8/AAINSrq+qPuA==
|
|
|
136
136
|
end
|
|
137
137
|
```
|
|
138
138
|
|
|
139
|
+
### Increasing Expiry leeway
|
|
140
|
+
|
|
141
|
+
JWT tokens contain an expiry timestamp. If communication delays are large (or system clocks are sufficiently out of synch), you may need to increase the 'leeway' when verifying. For example:
|
|
142
|
+
|
|
143
|
+
```ruby
|
|
144
|
+
JWTSignedRequest.verify(request: request, secret_key: 'my_public_key', leeway: 55)
|
|
145
|
+
```
|
|
146
|
+
|
|
139
147
|
## Using Rack Middleware
|
|
140
148
|
|
|
141
149
|
```ruby
|
data/lib/jwt_signed_request.rb
CHANGED
|
@@ -11,7 +11,11 @@ module JWTSignedRequest
|
|
|
11
11
|
JWTDecodeError = Class.new(UnauthorizedRequestError)
|
|
12
12
|
RequestVerificationFailedError = Class.new(UnauthorizedRequestError)
|
|
13
13
|
|
|
14
|
-
def self.sign(method:, path:,
|
|
14
|
+
def self.sign(method:, path:,
|
|
15
|
+
body: EMPTY_BODY, headers:,
|
|
16
|
+
secret_key:, algorithm: DEFAULT_ALGORITHM,
|
|
17
|
+
key_id: nil, issuer: nil,
|
|
18
|
+
additional_headers_to_sign: Claims::EMPTY_HEADERS)
|
|
15
19
|
additional_jwt_headers = key_id ? {kid: key_id} : {}
|
|
16
20
|
JWT.encode(
|
|
17
21
|
Claims.generate(
|
|
@@ -28,16 +32,24 @@ module JWTSignedRequest
|
|
|
28
32
|
)
|
|
29
33
|
end
|
|
30
34
|
|
|
31
|
-
def self.verify(request:, secret_key:, algorithm: nil)
|
|
35
|
+
def self.verify(request:, secret_key:, algorithm: nil, leeway: nil)
|
|
36
|
+
# TODO: algorithm is deprecated and will be removed in future
|
|
37
|
+
verify = true
|
|
38
|
+
options = {}
|
|
39
|
+
if leeway
|
|
40
|
+
# TODO: Once JWT v2.0.0 has been released, we should upgrade to it and start using `exp_leeway` instead
|
|
41
|
+
# 'leeway' will still work, but 'exp_leeway' is more explicit and is the documented way to do it.
|
|
42
|
+
# see https://github.com/jwt/ruby-jwt/pull/187
|
|
43
|
+
options[:leeway] = leeway.to_i
|
|
44
|
+
end
|
|
32
45
|
jwt_token = Headers.fetch('Authorization', request)
|
|
33
|
-
algorithm ||= DEFAULT_ALGORITHM
|
|
34
46
|
|
|
35
47
|
if jwt_token.nil?
|
|
36
48
|
raise MissingAuthorizationHeaderError, "Missing Authorization header in the request"
|
|
37
49
|
end
|
|
38
50
|
|
|
39
51
|
begin
|
|
40
|
-
claims = JWT.decode(jwt_token, secret_key,
|
|
52
|
+
claims = JWT.decode(jwt_token, secret_key, verify, options)[0]
|
|
41
53
|
unless verified_request?(request: request, claims: claims)
|
|
42
54
|
raise RequestVerificationFailedError, "Request failed verification"
|
|
43
55
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: jwt_signed_request
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Toan Nguyen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-03-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jwt
|
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
141
141
|
version: '0'
|
|
142
142
|
requirements: []
|
|
143
143
|
rubyforge_project:
|
|
144
|
-
rubygems_version: 2.5.
|
|
144
|
+
rubygems_version: 2.4.5.1
|
|
145
145
|
signing_key:
|
|
146
146
|
specification_version: 4
|
|
147
147
|
summary: JWT request signing and verification for Internal APIs
|