keratin-authn 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 675c925f05dfabe4bd0f21df787374d84656bb54
-  data.tar.gz: 6707f4d2b665485192152bf7a59c5a1d62800e7d
+  metadata.gz: 6da81c6e1e1cfff24bdf967c5c639bf965a6bd36
+  data.tar.gz: 16b387f8a34beb746cd96c5bcecbc6a0e2df3578
 SHA512:
-  metadata.gz: 9c539082ff017a26237d848342769115ca0ad978ec470505e516fcb91879499fc7bb27d0f43601a434b480e70acfbb55ec2c124686e6b8bc3319e2d38a197d13
-  data.tar.gz: d41c0567fd3f85b164c82a8c0bb5237d4f0e0e9865fb3a0bfe6d2a5e6996381b55cb1c3658713be50525cdafce31480e34d1d73a4d0523a1530104f207ad8129
+  metadata.gz: 04788a20f670dd537bc463b1d818b7b39626c6745750f3ea3e70b481b8f04f1b3e6215c064165face2508e0d40a967c5ed98507807cb05cff98d20e9d5781f58
+  data.tar.gz: b7c68b8969f1bbbc3f4b00df843245c66ef4620a42c748082bb5a6c8edcd8ff18094dc942bd78a3f5a308f24887c0d91b508f8d1127ee39d87e6c2381be7db92

data/README.md

@@ -2,7 +2,8 @@
 
 Keratin AuthN is an authentication service that keeps you in control of the experience without forcing you to be an expert in web security.
 
-This gem provides utilities to help integrate with a Ruby application. You may also be interested in keratin/authn-js for frontend integration.
+This gem provides utilities to help integrate with the backend of a Ruby application. You will also
+need a client for your frontend, such as [keratin/authn-js](https://github.com/keratin/authn-js).
 
 [![Gem Version](https://badge.fury.io/rb/keratin-authn.svg)](http://badge.fury.io/rb/keratin-authn) [![Build Status](https://travis-ci.org/keratin/authn-rb.svg?branch=master)](https://travis-ci.org/keratin/authn-rb) [![Coverage Status](https://coveralls.io/repos/github/keratin/authn/badge.svg?branch=master)](https://coveralls.io/github/keratin/authn?branch=master)
 
@@ -20,21 +21,27 @@ Configure your integration from a file such as `config/initializers/keratin.rb`:
 
 ```ruby
 Keratin::AuthN.config.tap do |config|
-  # The base URL of your Keratin AuthN service
+  # The AUTHN_URL of your Keratin AuthN server. This will be used to verify tokens created by AuthN,
+  # and will also be used for API calls unless `config.authn_url` is also set (see below).
   config.issuer = 'https://authn.myapp.com'
 
-  # The domain of your application (no protocol)
+  # The domain of your application (no protocol). This domain should be listed in the APP_DOMAINS of
+  # your Keratin AuthN server.
   config.audience = 'myapp.com'
 
-  # HTTP basic auth for using AuthN's private endpoints
+  # Credentials for AuthN's private endpoints. These will be used to execute admin actions using the
+  # `Keratin.authn` client provided by this library.
+  #
+  # TIP: make them extra secure in production!
   config.username = 'secret'
   config.password = 'secret'
 
   # OPTIONAL: enables debugging for the JWT verification process
-  config.logger   = Rails.logger
+  # config.logger   = Rails.logger
 
-  # OPTIONAL: allows private API calls to use private network routing
-  config.authn_url = 'https://authn.internal.dns/
+  # OPTIONAL: Send private API calls to AuthN using private network routing. This can be necessary
+  # if your environment has a firewall to limit public endpoints.
+  # config.authn_url = 'https://authn.internal.dns/
 end
 ```
 
@@ -144,8 +151,8 @@ In your `test/test_helper.rb` or equivalent:
 
 ```ruby
 # Configuring AuthN to use the MockKeychain will stop your tests from attempting to connect to the
-# remote issuer during tests.
-Keratin::AuthN.signature_verifier = Keratin::AuthN::MockKeychain.new
+# remote issuer during tests. The MockKeychain creates a single weak key, for speedy tests.
+Keratin::AuthN.keychain = Keratin::AuthN::MockKeychain.new
 
 # Including the Test::Helpers module grants access to `id_token_for(user.account_id)`, so that you
 # can test your system with real tokens.

data/lib/keratin/authn/mock_keychain.rb

@@ -1,7 +1,18 @@
 module Keratin::AuthN
   class MockKeychain
-    def [](kid)
-      true
+    # a temporary RSA key for the test suite.
+    #
+    # generates the smallest (fastest) key possible for RS256
+    def initialize
+      @keypair ||= OpenSSL::PKey::RSA.new(512).to_jwk
+    end
+
+    def key
+      @keypair
+    end
+
+    def [](_)
+      key
     end
   end
 end

data/lib/keratin/authn/test/helpers.rb

@@ -10,14 +10,7 @@ module Keratin::AuthN::Test
         sub: subject,
         iat: 10.seconds.ago,
         exp: 1.hour.from_now
-      ).sign(jws_keypair.to_jwk, JWS_ALGORITHM).to_s
-    end
-
-    # a temporary RSA key for the test suite.
-    #
-    # generates the smallest (fastest) key possible for RS256
-    private def jws_keypair
-      @keypair ||= OpenSSL::PKey::RSA.new(512)
+      ).sign(Keratin::AuthN.keychain.key, JWS_ALGORITHM).to_s
     end
   end
 end

data/lib/keratin/authn/version.rb

@@ -1,5 +1,5 @@
 module Keratin # rubocop:disable Style/ClassAndModuleChildren
   module AuthN
-    VERSION = '1.0.0'
+    VERSION = '1.0.1'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keratin-authn
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Lance Ivy
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-12-02 00:00:00.000000000 Z
+date: 2017-12-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json-jwt