keratin-authn 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cd721f9643e56fe9e7f8a79594c2a517fff1b98d
+  data.tar.gz: c6c3d8da3e3e5042ceb3d2d0c6ea7fdca13c8107
+SHA512:
+  metadata.gz: 6208ff81103201526dc98410d29b14a389115c5375a7e8ad1a83c89101147b0627b49a82f861f22e093ef3b877860476d13ff983b901f0ab56921d03147720d0
+  data.tar.gz: 37c75b814f22d5af864bfcfd3d0e78c3431c2671c67d0f1ff0ebb7f095d86327166ac440cba9b5536ee8fb0b9f4332a73243e07c0b27f5d55f0bd9d36fd27a2a

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+before_install: gem install bundler -v 1.13.6

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at lance@cainlevy.net. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in auth-rb.gemspec
+gemspec

data/LICENSE-LGPLv3

@@ -0,0 +1,165 @@
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+  This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+  0. Additional Definitions.
+
+  As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+  "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+  An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+  A "Combined Work" is a work produced by combining or linking an
+Application with the Library.  The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+  The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+  The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+  1. Exception to Section 3 of the GNU GPL.
+
+  You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+  2. Conveying Modified Versions.
+
+  If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+   a) under this License, provided that you make a good faith effort to
+   ensure that, in the event an Application does not supply the
+   function or data, the facility still operates, and performs
+   whatever part of its purpose remains meaningful, or
+
+   b) under the GNU GPL, with none of the additional permissions of
+   this License applicable to that copy.
+
+  3. Object Code Incorporating Material from Library Header Files.
+
+  The object code form of an Application may incorporate material from
+a header file that is part of the Library.  You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+   a) Give prominent notice with each copy of the object code that the
+   Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the object code with a copy of the GNU GPL and this license
+   document.
+
+  4. Combined Works.
+
+  You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+   a) Give prominent notice with each copy of the Combined Work that
+   the Library is used in it and that the Library and its use are
+   covered by this License.
+
+   b) Accompany the Combined Work with a copy of the GNU GPL and this license
+   document.
+
+   c) For a Combined Work that displays copyright notices during
+   execution, include the copyright notice for the Library among
+   these notices, as well as a reference directing the user to the
+   copies of the GNU GPL and this license document.
+
+   d) Do one of the following:
+
+       0) Convey the Minimal Corresponding Source under the terms of this
+       License, and the Corresponding Application Code in a form
+       suitable for, and under terms that permit, the user to
+       recombine or relink the Application with a modified version of
+       the Linked Version to produce a modified Combined Work, in the
+       manner specified by section 6 of the GNU GPL for conveying
+       Corresponding Source.
+
+       1) Use a suitable shared library mechanism for linking with the
+       Library.  A suitable mechanism is one that (a) uses at run time
+       a copy of the Library already present on the user's computer
+       system, and (b) will operate properly with a modified version
+       of the Library that is interface-compatible with the Linked
+       Version.
+
+   e) Provide Installation Information, but only if you would otherwise
+   be required to provide such information under section 6 of the
+   GNU GPL, and only to the extent that such information is
+   necessary to install and execute a modified version of the
+   Combined Work produced by recombining or relinking the
+   Application with a modified version of the Linked Version. (If
+   you use option 4d0, the Installation Information must accompany
+   the Minimal Corresponding Source and Corresponding Application
+   Code. If you use option 4d1, you must provide the Installation
+   Information in the manner specified by section 6 of the GNU GPL
+   for conveying Corresponding Source.)
+
+  5. Combined Libraries.
+
+  You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+   a) Accompany the combined library with a copy of the same work based
+   on the Library, uncombined with any other library facilities,
+   conveyed under the terms of this License.
+
+   b) Give prominent notice with the combined library that part of it
+   is a work based on the Library, and explaining where to find the
+   accompanying uncombined form of the same work.
+
+  6. Revised Versions of the GNU Lesser General Public License.
+
+  The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+  Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+  If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

data/README.md

@@ -0,0 +1,86 @@
+# Keratin AuthN
+
+Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.
+
+This gem provides utilities to help integrate with a Ruby application. You may also be interested in keratin/authn-js for frontend integration.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'keratin-authn'
+```
+
+## Usage
+
+Configure your integration from a file such as `config/initializers/keratin.rb`:
+
+```ruby
+Keratin::AuthN.config.tap do |config|
+  # The base URL of your Keratin AuthN service
+  config.issuer = 'https://authn.myapp.com'
+
+  # The domain of your application
+  config.audience = 'myapp.com'
+end
+```
+
+Use `Keratin::AuthN.subject_from(params[:id_token])` to validate tokens and fetch an `account_id` during signup, login, and session verification.
+
+Send users to `Keratin::AuthN.logout_url(return_to: some_path)` to log them out from the AuthN server.
+
+### Example: Signup
+
+```ruby
+class UsersController
+  def create
+    @user = User.new(params.require(:user).permit(:name, :email))
+    @user.account_id = Keratin::AuthN.subject_from(params[:user][:id_token])
+
+    # ...
+  end
+end
+```
+
+### Example: Login
+
+```ruby
+class SessionsController
+  def create
+    @user = User.find_by_account_id(Keratin::AuthN.subject_from(cookies[:id_token]))
+
+    # ...
+  end
+end
+```
+
+### Example: Sessions
+
+You should store the token in a cookie and continue using it to verify a logged-in session:
+
+```ruby
+class ApplicationController
+  private
+
+  def logged_in?
+    !! Keratin::AuthN.subject_from(cookies[:id_token])
+  end
+
+  def current_user
+    return @current_user if defined? @current_user
+    @current_user = User.find_by_account_id(Keratin::AuthN.subject_from(cookies[:id_token])
+  end
+end
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/keratin/authn-rb. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+  t.warning = false
+end
+
+task :default => :test

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "auth/rb"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/keratin-authn.gemspec

@@ -0,0 +1,40 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'keratin/authn/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "keratin-authn"
+  spec.version       = Keratin::AuthN::VERSION
+  spec.authors       = ["Lance Ivy"]
+  spec.email         = ["lance@cainlevy.net"]
+  spec.license       = "LGPL-3.0"
+
+  spec.summary       = %q{Client gem for keratin/authn service.}
+  # spec.description   = %q{}
+  # spec.homepage      = ""
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    # spec.metadata['allowed_push_host'] = "TODO: Set to 'http://mygemserver.com'"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "json-jwt"
+  spec.add_dependency "webmock"
+  spec.add_dependency "lru_redux"
+
+  spec.add_development_dependency "bundler", "~> 1.13"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest", "~> 5.0"
+  spec.add_development_dependency "timecop"
+end

data/lib/keratin/authn.rb

@@ -0,0 +1,57 @@
+require_relative 'authn/version'
+require_relative 'authn/engine' if defined?(Rails)
+require_relative 'authn/id_token_verifier'
+require_relative 'authn/issuer'
+
+require 'lru_redux'
+require 'json/jwt'
+
+module Keratin::AuthN
+  class Config
+    # the domain (host) of the main application.
+    # e.g. "audience.tech"
+    attr_accessor :audience
+
+    # the base url of the service handling authentication
+    # e.g. "https://issuer.tech"
+    attr_accessor :issuer
+
+    # the path where we can fetch configuration from our issuer.
+    #
+    # default: "/configuration"
+    attr_accessor :configuration_path
+
+    # how long (in seconds) to keep keys in the keychain before refreshing.
+    # default: 3600
+    attr_accessor :keychain_ttl
+  end
+
+  def self.config
+    @config ||= Config.new.tap do |config|
+      config.configuration_path = '/configuration'
+      config.keychain_ttl = 3600
+    end
+  end
+
+  def self.keychain
+    @keychain ||= LruRedux::TTL::ThreadSafeCache.new(25, config.keychain_ttl)
+  end
+
+  class << self
+    # safely fetches a subject from the id token after checking relevant claims and
+    # verifying the signature.
+    #
+    # this may involve HTTP requests to fetch the issuer's configuration and JWKs.
+    def subject_from(id_token)
+      verifier = IDTokenVerifier.new(id_token, keychain)
+      verifier.subject if verifier.verified?
+    end
+
+    def logout_url(return_to: nil)
+      query = {redirect_uri: return_to}.to_param if return_to
+
+      "#{config.issuer}/sessions/logout#{?? if query}#{query}"
+    end
+  end
+
+end

data/lib/keratin/authn/engine.rb

@@ -0,0 +1,7 @@
+module Keratin::AuthN
+  class Engine < ::Rails::Engine
+    initializer 'auth.testing' do
+      require 'auth/testing' if Rails.env.test?
+    end
+  end
+end

data/lib/keratin/authn/id_token_verifier.rb

@@ -0,0 +1,41 @@
+module Keratin::AuthN
+  class IDTokenVerifier
+    def initialize(str, keychain)
+      @id_token = str
+      @keychain = keychain
+      @time = Time.now.to_i
+    end
+
+    def subject
+      jwt['sub']
+    end
+
+    def verified?
+      jwt.present? &&
+        token_for_us? &&
+        !token_expired? &&
+        token_intact?
+    end
+
+    def token_for_us?
+      jwt[:aud] == Keratin::AuthN.config.audience
+    end
+
+    def token_expired?
+      jwt[:exp] < @time
+    end
+
+    def token_intact?
+      jwt.verify!(@keychain.getset(jwt['iss']){ Issuer.new(jwt['iss']).signing_key })
+    rescue JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm
+      false
+    end
+
+    private def jwt
+      return @jwt if defined? @jwt
+      @jwt = JSON::JWT.decode(@id_token || '', :skip_verification)
+    rescue JSON::JWT::InvalidFormat
+      @jwt = nil
+    end
+  end
+end

data/lib/keratin/authn/issuer.rb

@@ -0,0 +1,26 @@
+module Keratin::AuthN
+  class Issuer
+    def initialize(str)
+      @uri = str
+      @config_uri = @uri + Keratin::AuthN.config.configuration_path
+    end
+
+    def signing_key
+      keys.find{|k| k['use'] == 'sig' }
+    end
+
+    def configuration
+      @configuration ||= JSON.parse(
+        Net::HTTP.get(URI.parse(@config_uri))
+      )
+    end
+
+    def keys
+      @keys ||= JSON::JWK::Set.new(
+        JSON.parse(
+          Net::HTTP.get(URI.parse(configuration['jwks_uri']))
+        )
+      )
+    end
+  end
+end

data/lib/keratin/authn/test/helpers.rb

@@ -0,0 +1,47 @@
+require 'webmock/minitest'
+
+module Keratin::AuthN
+  module Test
+    module Helpers
+      JWS_ALGORITHM = 'RS256'
+
+      # a factory for JWT id_tokens
+      private def id_token_for(subject)
+        JSON::JWT.new(
+          iss: Keratin::AuthN.config.issuer,
+          aud: Keratin::AuthN.config.audience,
+          sub: subject,
+          iat: 10.seconds.ago,
+          exp: 1.hour.from_now
+        ).sign(jws_keypair, JWS_ALGORITHM).to_s
+      end
+
+      # a temporary RSA key for our test suite.
+      #
+      # generates the smallest (fastest) key possible for RS256
+      private def jws_keypair
+        @keypair ||= OpenSSL::PKey::RSA.new(512)
+      end
+
+      # stubs the endpoints necessary to validate a signed JWT
+      private def stub_auth_server
+        stub_request(:get, "#{Keratin::AuthN.config.issuer}#{Keratin::AuthN.config.configuration_path}").to_return(
+          status: 200,
+          body: {'jwks_uri' => "#{Keratin::AuthN.config.issuer}/jwks"}.to_json
+        )
+        stub_request(:get, "#{Keratin::AuthN.config.issuer}/jwks").to_return(
+          status: 200,
+          body: {
+            keys: [
+              jws_keypair.public_key.to_jwk.slice(:kty, :kid, :e, :n).merge(
+                use: 'sig',
+                alg: JWS_ALGORITHM
+              )
+            ]
+          }.to_json
+        )
+      end
+
+    end
+  end
+end

data/lib/keratin/authn/testing.rb

@@ -0,0 +1 @@
+require_relative 'test/helpers'

data/lib/keratin/authn/version.rb

@@ -0,0 +1,5 @@
+module Keratin
+  module AuthN
+    VERSION = "0.1.0"
+  end
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: keratin-authn
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Lance Ivy
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2016-11-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: lru_redux
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- lance@cainlevy.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE-LGPLv3
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- keratin-authn.gemspec
+- lib/keratin/authn.rb
+- lib/keratin/authn/engine.rb
+- lib/keratin/authn/id_token_verifier.rb
+- lib/keratin/authn/issuer.rb
+- lib/keratin/authn/test/helpers.rb
+- lib/keratin/authn/testing.rb
+- lib/keratin/authn/version.rb
+homepage: 
+licenses:
+- LGPL-3.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Client gem for keratin/authn service.
+test_files: []