jwt_signed_request 2.5.0 → 2.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +14 -1
- data/lib/jwt_signed_request/middlewares/faraday.rb +12 -3
- data/lib/jwt_signed_request/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 79cbd2415ebe2ccd5475a7dcce55816100def17b35e7e74b0f30e41062969f35
|
4
|
+
data.tar.gz: 8ca7449ac266884163f7cf73b9f89aebc463099ecc3193619b5199f5d1b185a4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bd580744d0f274948091f1424e34289c01c95a66027434dbbdc2eccdf7bc7a4aa0905ad19dc2574b86640f7035040a790b6bfb36d0006ecda156664e0498e48a
|
7
|
+
data.tar.gz: e607c1345c5293afb153bbc173590a785b4472366ba383d984be39de0c2f8ca6c64a19ce9627b9df54865d6988e6ac2e7c1c33ef91a5911bf7189065e0ffb2a1
|
data/README.md
CHANGED
@@ -108,7 +108,8 @@ conn = Faraday.new(url: URI.parse('http://example.com')) do |faraday|
|
|
108
108
|
faraday.use JWTSignedRequest::Middlewares::Faraday,
|
109
109
|
key_id: 'my-key-id',
|
110
110
|
issuer: 'my-issuer', # optional
|
111
|
-
additional_headers_to_sign: ['X-AUTH']
|
111
|
+
additional_headers_to_sign: ['X-AUTH'], # optional
|
112
|
+
bearer_schema: true # optional
|
112
113
|
|
113
114
|
faraday.adapter Faraday.default_adapter
|
114
115
|
end
|
@@ -119,6 +120,18 @@ conn.post do |req|
|
|
119
120
|
end
|
120
121
|
```
|
121
122
|
|
123
|
+
#### Additional options
|
124
|
+
|
125
|
+
##### bearer_schema (boolean)
|
126
|
+
|
127
|
+
Determines whether to use the [Bearer schema](https://auth0.com/docs/jwt#how-do-json-web-tokens-work-) when assigning the JWT token to the `Authorization` request header
|
128
|
+
|
129
|
+
| bearer_schema value | Authorization header value|
|
130
|
+
|---------------------|---------------------------|
|
131
|
+
| false (default) | `<jwt_token>` |
|
132
|
+
| true | `Bearer <jwt_token>` |
|
133
|
+
|
134
|
+
|
122
135
|
## Verifying Requests
|
123
136
|
|
124
137
|
Please make sure you have added your verification keys to the key store. Doing so will allow the server to verify requests signed by different signing keys.
|
@@ -12,7 +12,7 @@ module JWTSignedRequest
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def call(env)
|
15
|
-
jwt_token = ::JWTSignedRequest.sign(
|
15
|
+
@jwt_token = ::JWTSignedRequest.sign(
|
16
16
|
method: env[:method],
|
17
17
|
path: env[:url].request_uri,
|
18
18
|
headers: env[:request_headers],
|
@@ -20,13 +20,22 @@ module JWTSignedRequest
|
|
20
20
|
**optional_settings
|
21
21
|
)
|
22
22
|
|
23
|
-
env[:request_headers].store("Authorization",
|
23
|
+
env[:request_headers].store("Authorization", authorization_header)
|
24
|
+
|
24
25
|
app.call(env)
|
25
26
|
end
|
26
27
|
|
27
28
|
private
|
28
29
|
|
29
|
-
attr_reader :app, :env, :options
|
30
|
+
attr_reader :app, :env, :options, :jwt_token
|
31
|
+
|
32
|
+
def authorization_header
|
33
|
+
bearer_schema? ? "Bearer #{jwt_token}" : jwt_token
|
34
|
+
end
|
35
|
+
|
36
|
+
def bearer_schema?
|
37
|
+
options[:bearer_schema] == true
|
38
|
+
end
|
30
39
|
|
31
40
|
def optional_settings
|
32
41
|
{
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt_signed_request
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.5.
|
4
|
+
version: 2.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Envato
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jwt
|
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
154
|
version: '0'
|
155
155
|
requirements: []
|
156
156
|
rubyforge_project:
|
157
|
-
rubygems_version: 2.6
|
157
|
+
rubygems_version: 2.7.6
|
158
158
|
signing_key:
|
159
159
|
specification_version: 4
|
160
160
|
summary: JWT request signing and verification for Internal APIs
|