jwt_signed_request 1.0.2 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -0
- data/lib/jwt_signed_request.rb +16 -4
- data/lib/jwt_signed_request/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 63ee8746247f0608359ddce429288ffdc221c557
|
4
|
+
data.tar.gz: 287faa1a7791c0dbe34594b18f64107ac55b52d0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 585079a4bde041f67d87d0209d18bdc3912b9d282947b3d258c02ae152beabc85bd7da6306b5ddb657e7f9f0f7432f833aa455f3817d1737eac67648798e6290
|
7
|
+
data.tar.gz: 6e08fcfcb59f449c7745c0d4b17ad16b316edfb0db78e1fea73bb0ff7abaea047ca9e2fe66b6a7637601655ca8faae34d472e1a7fe2a7c6ba3d3fdd2eef1086a
|
data/README.md
CHANGED
@@ -136,6 +136,14 @@ exDdlmXEjHYaixzYIduluGXd3cjg4H2gjqsY/NCpJ9nM8/AAINSrq+qPuA==
|
|
136
136
|
end
|
137
137
|
```
|
138
138
|
|
139
|
+
### Increasing Expiry leeway
|
140
|
+
|
141
|
+
JWT tokens contain an expiry timestamp. If communication delays are large (or system clocks are sufficiently out of synch), you may need to increase the 'leeway' when verifying. For example:
|
142
|
+
|
143
|
+
```ruby
|
144
|
+
JWTSignedRequest.verify(request: request, secret_key: 'my_public_key', leeway: 55)
|
145
|
+
```
|
146
|
+
|
139
147
|
## Using Rack Middleware
|
140
148
|
|
141
149
|
```ruby
|
data/lib/jwt_signed_request.rb
CHANGED
@@ -11,7 +11,11 @@ module JWTSignedRequest
|
|
11
11
|
JWTDecodeError = Class.new(UnauthorizedRequestError)
|
12
12
|
RequestVerificationFailedError = Class.new(UnauthorizedRequestError)
|
13
13
|
|
14
|
-
def self.sign(method:, path:,
|
14
|
+
def self.sign(method:, path:,
|
15
|
+
body: EMPTY_BODY, headers:,
|
16
|
+
secret_key:, algorithm: DEFAULT_ALGORITHM,
|
17
|
+
key_id: nil, issuer: nil,
|
18
|
+
additional_headers_to_sign: Claims::EMPTY_HEADERS)
|
15
19
|
additional_jwt_headers = key_id ? {kid: key_id} : {}
|
16
20
|
JWT.encode(
|
17
21
|
Claims.generate(
|
@@ -28,16 +32,24 @@ module JWTSignedRequest
|
|
28
32
|
)
|
29
33
|
end
|
30
34
|
|
31
|
-
def self.verify(request:, secret_key:, algorithm: nil)
|
35
|
+
def self.verify(request:, secret_key:, algorithm: nil, leeway: nil)
|
36
|
+
# TODO: algorithm is deprecated and will be removed in future
|
37
|
+
verify = true
|
38
|
+
options = {}
|
39
|
+
if leeway
|
40
|
+
# TODO: Once JWT v2.0.0 has been released, we should upgrade to it and start using `exp_leeway` instead
|
41
|
+
# 'leeway' will still work, but 'exp_leeway' is more explicit and is the documented way to do it.
|
42
|
+
# see https://github.com/jwt/ruby-jwt/pull/187
|
43
|
+
options[:leeway] = leeway.to_i
|
44
|
+
end
|
32
45
|
jwt_token = Headers.fetch('Authorization', request)
|
33
|
-
algorithm ||= DEFAULT_ALGORITHM
|
34
46
|
|
35
47
|
if jwt_token.nil?
|
36
48
|
raise MissingAuthorizationHeaderError, "Missing Authorization header in the request"
|
37
49
|
end
|
38
50
|
|
39
51
|
begin
|
40
|
-
claims = JWT.decode(jwt_token, secret_key,
|
52
|
+
claims = JWT.decode(jwt_token, secret_key, verify, options)[0]
|
41
53
|
unless verified_request?(request: request, claims: claims)
|
42
54
|
raise RequestVerificationFailedError, "Request failed verification"
|
43
55
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_signed_request
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Toan Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-03-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -141,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
141
141
|
version: '0'
|
142
142
|
requirements: []
|
143
143
|
rubyforge_project:
|
144
|
-
rubygems_version: 2.5.
|
144
|
+
rubygems_version: 2.4.5.1
|
145
145
|
signing_key:
|
146
146
|
specification_version: 4
|
147
147
|
summary: JWT request signing and verification for Internal APIs
|