ms-id-token-validator 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.rubocop.yml +4 -0
- data/CHANGELOG.md +7 -0
- data/Gemfile +1 -1
- data/README.md +10 -2
- data/Rakefile +1 -1
- data/bin/console +2 -2
- data/lib/ms-id-token-validator/version.rb +1 -1
- data/lib/ms-id-token-validator.rb +26 -14
- data/ms-id-token-validator.gemspec +19 -19
- metadata +29 -14
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a434fe166e7af9f4c10c78fc9fb9bf8047df57673d1b2bc91f4f4d06a68b4bf8
|
4
|
+
data.tar.gz: 061c860e68095470942e74adf545c3b25442c7b8d56bd0809c7298c938d6ad67
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b3df19025a9236f9ff177ec01d3dc6fca20906cc92b54f1a1faf4a13b71b127b5926d4af052eff820163d7223e3004ec59efb158e15165f71ab8d46d13121145
|
7
|
+
data.tar.gz: b5542ac26df5ce03ba3299af299c1fd17b4f14b5979ae668a1f5889a3b76e66c1f290f617269b925ae74dbde20be8949b22e4bb401fe6660dccd3919fdfcd66f
|
data/.rubocop.yml
ADDED
data/CHANGELOG.md
ADDED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -24,7 +24,7 @@ Or install it yourself as:
|
|
24
24
|
$ gem install ms-id-token-validator
|
25
25
|
|
26
26
|
## Usage
|
27
|
-
|
27
|
+
|
28
28
|
```ruby
|
29
29
|
validator = MsIdToken::Validator.new
|
30
30
|
|
@@ -37,6 +37,14 @@ end
|
|
37
37
|
|
38
38
|
```
|
39
39
|
|
40
|
+
By default, the public keys fetched from Microsoft are cached in one hour. Microsoft [state that](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens) their public key should be updated within 24 hours, so our default value is more than enough.
|
41
|
+
|
42
|
+
To change the cached expiry, for example, 6 hours, we can pass the value at the time creating the validator.
|
43
|
+
|
44
|
+
```ruby
|
45
|
+
validator = MsIdToken::Validator.new({expiry: 6 * 3600})
|
46
|
+
```
|
47
|
+
|
40
48
|
## References
|
41
49
|
|
42
50
|
[Certificate credentials for application authentication](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials)
|
@@ -55,7 +63,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
55
63
|
|
56
64
|
## Contributing
|
57
65
|
|
58
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
66
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/QQism/ms-id-token-validator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
59
67
|
|
60
68
|
## License
|
61
69
|
|
data/Rakefile
CHANGED
data/bin/console
CHANGED
@@ -1,30 +1,39 @@
|
|
1
|
-
require
|
2
|
-
require
|
1
|
+
require "net/http"
|
2
|
+
require "json/jwt"
|
3
3
|
|
4
4
|
module MsIdToken
|
5
5
|
class BadIdTokenFormat < StandardError; end
|
6
|
+
|
6
7
|
class BadIdTokenHeaderFormat < StandardError; end
|
8
|
+
|
7
9
|
class BadIdTokenPayloadFormat < StandardError; end
|
10
|
+
|
8
11
|
class UnableToFetchMsConfig < StandardError; end
|
12
|
+
|
9
13
|
class UnableToFetchMsCerts < StandardError; end
|
14
|
+
|
10
15
|
class BadPublicKeysFormat < StandardError; end
|
16
|
+
|
11
17
|
class UnableToFindMsCertsUri < StandardError; end
|
18
|
+
|
12
19
|
class InvalidAudience < StandardError; end
|
20
|
+
|
13
21
|
class IdTokenExpired < StandardError; end
|
22
|
+
|
14
23
|
class IdTokenNotYetValid < StandardError; end
|
15
24
|
|
16
25
|
class Validator
|
17
|
-
MS_CONFIG_URI =
|
26
|
+
MS_CONFIG_URI = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration".freeze
|
18
27
|
CACHED_CERTS_EXPIRY = 3600
|
19
|
-
TOKEN_TYPE =
|
20
|
-
TOKEN_ALGORITHM =
|
28
|
+
TOKEN_TYPE = "JWT".freeze
|
29
|
+
TOKEN_ALGORITHM = "RS256".freeze
|
21
30
|
|
22
|
-
def initialize(options={})
|
31
|
+
def initialize(options = {})
|
23
32
|
@cached_certs_expiry = options.fetch(:expiry, CACHED_CERTS_EXPIRY)
|
24
33
|
end
|
25
34
|
|
26
35
|
def check(id_token, audience)
|
27
|
-
encoded_header, encoded_payload, signature = id_token.split(
|
36
|
+
encoded_header, encoded_payload, signature = id_token.split(".")
|
28
37
|
|
29
38
|
raise BadIdTokenFormat if encoded_payload.nil? || signature.nil?
|
30
39
|
|
@@ -51,13 +60,16 @@ module MsIdToken
|
|
51
60
|
|
52
61
|
def verify_payload(payload, audience)
|
53
62
|
if payload[:aud].nil? ||
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
63
|
+
payload[:exp].nil? ||
|
64
|
+
payload[:nbf].nil? ||
|
65
|
+
payload[:sub].nil? ||
|
66
|
+
payload[:iss].nil? ||
|
67
|
+
payload[:iat].nil? ||
|
68
|
+
payload[:tid].nil? ||
|
69
|
+
(
|
70
|
+
payload[:iss].match(/https:\/\/login\.microsoftonline\.com\/(.+)\/v2\.0/).nil? &&
|
71
|
+
payload[:iss].match(/https:\/\/sts\.windows\.net\/(.+)\//).nil?
|
72
|
+
)
|
61
73
|
raise BadIdTokenPayloadFormat
|
62
74
|
end
|
63
75
|
|
@@ -1,41 +1,41 @@
|
|
1
|
-
# coding: utf-8
|
2
1
|
lib = File.expand_path("../lib", __FILE__)
|
3
2
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
3
|
require "ms-id-token-validator/version"
|
5
4
|
|
6
5
|
Gem::Specification.new do |spec|
|
7
|
-
spec.name
|
8
|
-
spec.version
|
9
|
-
spec.authors
|
10
|
-
spec.email
|
6
|
+
spec.name = "ms-id-token-validator"
|
7
|
+
spec.version = MsIdToken::Validator::VERSION
|
8
|
+
spec.authors = ["QQ"]
|
9
|
+
spec.email = ["me@quang.be"]
|
11
10
|
|
12
|
-
spec.summary
|
13
|
-
spec.description
|
14
|
-
spec.homepage
|
15
|
-
spec.license
|
11
|
+
spec.summary = "Validate the Microsoft Oauth2 ID token"
|
12
|
+
spec.description = "Validate the id token from Microsoft oauth2 service"
|
13
|
+
spec.homepage = "https://github.com/QQism/ms-id-token-validator"
|
14
|
+
spec.license = "MIT"
|
16
15
|
|
17
16
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
18
17
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
19
18
|
if spec.respond_to?(:metadata)
|
20
|
-
spec.metadata["allowed_push_host"] =
|
19
|
+
spec.metadata["allowed_push_host"] = "https://rubygems.org"
|
21
20
|
else
|
22
21
|
raise "RubyGems 2.0 or newer is required to protect against " \
|
23
22
|
"public gem pushes."
|
24
23
|
end
|
25
24
|
|
26
|
-
spec.files
|
25
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
27
26
|
f.match(%r{^(test|spec|features)/})
|
28
27
|
end
|
29
|
-
spec.bindir
|
30
|
-
spec.executables
|
28
|
+
spec.bindir = "exe"
|
29
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
31
30
|
spec.require_paths = ["lib"]
|
32
31
|
|
33
|
-
spec.add_runtime_dependency(
|
32
|
+
spec.add_runtime_dependency("json-jwt", "~> 1.7")
|
34
33
|
|
35
|
-
spec.add_development_dependency "bundler", "~>
|
36
|
-
spec.add_development_dependency "rake", "
|
34
|
+
spec.add_development_dependency "bundler", "~> 2.2.33"
|
35
|
+
spec.add_development_dependency "rake", ">= 12.3.3"
|
37
36
|
spec.add_development_dependency "rspec", "~> 3.0"
|
38
|
-
spec.add_development_dependency(
|
39
|
-
spec.add_development_dependency(
|
40
|
-
spec.add_development_dependency(
|
37
|
+
spec.add_development_dependency("pry", "~> 0")
|
38
|
+
spec.add_development_dependency("pry-doc", "~> 0")
|
39
|
+
spec.add_development_dependency("timecop", "~> 0")
|
40
|
+
spec.add_development_dependency("standard", "~> 0")
|
41
41
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ms-id-token-validator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- QQ
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json-jwt
|
@@ -30,28 +30,28 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 2.2.33
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 2.2.33
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rake
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
45
|
+
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version:
|
47
|
+
version: 12.3.3
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
|
-
- - "
|
52
|
+
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
54
|
+
version: 12.3.3
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rspec
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,6 +108,20 @@ dependencies:
|
|
108
108
|
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: standard
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
description: Validate the id token from Microsoft oauth2 service
|
112
126
|
email:
|
113
127
|
- me@quang.be
|
@@ -117,7 +131,9 @@ extra_rdoc_files: []
|
|
117
131
|
files:
|
118
132
|
- ".gitignore"
|
119
133
|
- ".rspec"
|
134
|
+
- ".rubocop.yml"
|
120
135
|
- ".travis.yml"
|
136
|
+
- CHANGELOG.md
|
121
137
|
- Gemfile
|
122
138
|
- LICENSE.txt
|
123
139
|
- README.md
|
@@ -127,12 +143,12 @@ files:
|
|
127
143
|
- lib/ms-id-token-validator.rb
|
128
144
|
- lib/ms-id-token-validator/version.rb
|
129
145
|
- ms-id-token-validator.gemspec
|
130
|
-
homepage: https://github.com/
|
146
|
+
homepage: https://github.com/QQism/ms-id-token-validator
|
131
147
|
licenses:
|
132
148
|
- MIT
|
133
149
|
metadata:
|
134
150
|
allowed_push_host: https://rubygems.org
|
135
|
-
post_install_message:
|
151
|
+
post_install_message:
|
136
152
|
rdoc_options: []
|
137
153
|
require_paths:
|
138
154
|
- lib
|
@@ -147,9 +163,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
147
163
|
- !ruby/object:Gem::Version
|
148
164
|
version: '0'
|
149
165
|
requirements: []
|
150
|
-
|
151
|
-
|
152
|
-
signing_key:
|
166
|
+
rubygems_version: 3.2.26
|
167
|
+
signing_key:
|
153
168
|
specification_version: 4
|
154
169
|
summary: Validate the Microsoft Oauth2 ID token
|
155
170
|
test_files: []
|