ms-id-token-validator 0.1.0 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5ca3f629dd20506004d630d41dcce5d4ec5018df
-  data.tar.gz: f3659bc2b9d880e4bfbc0cd373ef39c65c9d0ac4
+SHA256:
+  metadata.gz: a434fe166e7af9f4c10c78fc9fb9bf8047df57673d1b2bc91f4f4d06a68b4bf8
+  data.tar.gz: 061c860e68095470942e74adf545c3b25442c7b8d56bd0809c7298c938d6ad67
 SHA512:
-  metadata.gz: ec2d3ea4a273a319f3e1673bd9e5544c6ce1ef664c205edc31311cbad2a7d46db6ad434256bc3a357a5d73a9c44fa55b2702234a16f74c7c9a9b1a9115cf9a1a
-  data.tar.gz: c41caeb2785fac8e38c70038df5f55c7fa581f777c0024dbbbee093dc23824923717ecec7dd8212c269a17dfd2bb1bc8b3132bbc8c5c716e2b4352ee3e42ec4f
+  metadata.gz: b3df19025a9236f9ff177ec01d3dc6fca20906cc92b54f1a1faf4a13b71b127b5926d4af052eff820163d7223e3004ec59efb158e15165f71ab8d46d13121145
+  data.tar.gz: b5542ac26df5ce03ba3299af299c1fd17b4f14b5979ae668a1f5889a3b76e66c1f290f617269b925ae74dbde20be8949b22e4bb401fe6660dccd3919fdfcd66f

data/.rubocop.yml

@@ -0,0 +1,4 @@
+require: standard
+
+inherit_gem:
+  standard: config/base.yml

data/CHANGELOG.md

@@ -0,0 +1,7 @@
+# 0.1.2
+
+* Support `sts` URLs in `iss` parameter ([@joseramonc](https://github.com/joseramonc) #1)
+
+# 0.1.0
+
+* First version

data/Gemfile

@@ -1,6 +1,6 @@
 source "https://rubygems.org"
 
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 # Specify your gem's dependencies in ms-id-token-validator.gemspec
 gemspec

data/README.md

@@ -24,7 +24,7 @@ Or install it yourself as:
     $ gem install ms-id-token-validator
 
 ## Usage
-    
+
 ```ruby
 validator = MsIdToken::Validator.new
 
@@ -37,6 +37,14 @@ end
 
 ```
 
+By default, the public keys fetched from Microsoft are cached in one hour. Microsoft [state that](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens) their public key should be updated within 24 hours, so our default value is more than enough.
+
+To change the cached expiry, for example, 6 hours, we can pass the value at the time creating the validator.
+
+```ruby
+validator = MsIdToken::Validator.new({expiry: 6 * 3600})
+```
+
 ## References
 
 [Certificate credentials for application authentication](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-certificate-credentials)
@@ -55,7 +63,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/quangquach/ms-id-token-validator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/QQism/ms-id-token-validator. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 

data/Rakefile

@@ -3,4 +3,4 @@ require "rspec/core/rake_task"
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/console

@@ -10,5 +10,5 @@ require "ms-id-token-validator"
 require "pry"
 Pry.start
 
-#require "irb"
-#IRB.start(__FILE__)
+# require "irb"
+# IRB.start(__FILE__)

data/lib/ms-id-token-validator/version.rb

@@ -1,5 +1,5 @@
 module MsIdToken
   class Validator
-    VERSION = "0.1.0"
+    VERSION = "0.1.2"
   end
 end

data/lib/ms-id-token-validator.rb

@@ -1,30 +1,39 @@
-require 'net/http'
-require 'json/jwt'
+require "net/http"
+require "json/jwt"
 
 module MsIdToken
   class BadIdTokenFormat < StandardError; end
+
   class BadIdTokenHeaderFormat < StandardError; end
+
   class BadIdTokenPayloadFormat < StandardError; end
+
   class UnableToFetchMsConfig < StandardError; end
+
   class UnableToFetchMsCerts < StandardError; end
+
   class BadPublicKeysFormat < StandardError; end
+
   class UnableToFindMsCertsUri < StandardError; end
+
   class InvalidAudience < StandardError; end
+
   class IdTokenExpired < StandardError; end
+
   class IdTokenNotYetValid < StandardError; end
 
   class Validator
-    MS_CONFIG_URI = 'https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration'.freeze
+    MS_CONFIG_URI = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration".freeze
     CACHED_CERTS_EXPIRY = 3600
-    TOKEN_TYPE = 'JWT'.freeze
-    TOKEN_ALGORITHM = 'RS256'.freeze
+    TOKEN_TYPE = "JWT".freeze
+    TOKEN_ALGORITHM = "RS256".freeze
 
-    def initialize(options={})
+    def initialize(options = {})
       @cached_certs_expiry = options.fetch(:expiry, CACHED_CERTS_EXPIRY)
     end
 
     def check(id_token, audience)
-      encoded_header, encoded_payload, signature = id_token.split('.')
+      encoded_header, encoded_payload, signature = id_token.split(".")
 
       raise BadIdTokenFormat if encoded_payload.nil? || signature.nil?
 
@@ -51,13 +60,16 @@ module MsIdToken
 
     def verify_payload(payload, audience)
       if payload[:aud].nil? ||
-         payload[:exp].nil? ||
-         payload[:nbf].nil? ||
-         payload[:sub].nil? ||
-         payload[:iss].nil? ||
-         payload[:iat].nil? ||
-         payload[:tid].nil? ||
-         payload[:iss].match(/https:\/\/login\.microsoftonline\.com\/(.+)\/v2\.0/).nil?
+          payload[:exp].nil? ||
+          payload[:nbf].nil? ||
+          payload[:sub].nil? ||
+          payload[:iss].nil? ||
+          payload[:iat].nil? ||
+          payload[:tid].nil? ||
+          (
+           payload[:iss].match(/https:\/\/login\.microsoftonline\.com\/(.+)\/v2\.0/).nil? &&
+           payload[:iss].match(/https:\/\/sts\.windows\.net\/(.+)\//).nil?
+         )
         raise BadIdTokenPayloadFormat
       end
 

data/ms-id-token-validator.gemspec

@@ -1,41 +1,41 @@
-# coding: utf-8
 lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "ms-id-token-validator/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = "ms-id-token-validator"
-  spec.version       = MsIdToken::Validator::VERSION
-  spec.authors       = ["QQ"]
-  spec.email         = ["me@quang.be"]
+  spec.name = "ms-id-token-validator"
+  spec.version = MsIdToken::Validator::VERSION
+  spec.authors = ["QQ"]
+  spec.email = ["me@quang.be"]
 
-  spec.summary       = %q{Validate the Microsoft Oauth2 ID token}
-  spec.description   = %q{Validate the id token from Microsoft oauth2 service}
-  spec.homepage      = "https://github.com/quangquach/ms-id-token-validator"
-  spec.license       = "MIT"
+  spec.summary = "Validate the Microsoft Oauth2 ID token"
+  spec.description = "Validate the id token from Microsoft oauth2 service"
+  spec.homepage = "https://github.com/QQism/ms-id-token-validator"
+  spec.license = "MIT"
 
   # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
   # to allow pushing to a single host or delete this section to allow pushing to any host.
   if spec.respond_to?(:metadata)
-    spec.metadata["allowed_push_host"] = 'https://rubygems.org'
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
   else
     raise "RubyGems 2.0 or newer is required to protect against " \
       "public gem pushes."
   end
 
-  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.bindir        = "exe"
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency('json-jwt', '~> 1.7')
+  spec.add_runtime_dependency("json-jwt", "~> 1.7")
 
-  spec.add_development_dependency "bundler", "~> 1.15"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", "~> 2.2.33"
+  spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency('pry', '~> 0')
-  spec.add_development_dependency('pry-doc', '~> 0')
-  spec.add_development_dependency('timecop', '~> 0')
+  spec.add_development_dependency("pry", "~> 0")
+  spec.add_development_dependency("pry-doc", "~> 0")
+  spec.add_development_dependency("timecop", "~> 0")
+  spec.add_development_dependency("standard", "~> 0")
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ms-id-token-validator
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - QQ
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2017-10-22 00:00:00.000000000 Z
+date: 1980-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json-jwt
@@ -30,28 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: 2.2.33
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.15'
+        version: 2.2.33
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: standard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Validate the id token from Microsoft oauth2 service
 email:
 - me@quang.be
@@ -117,7 +131,9 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -127,12 +143,12 @@ files:
 - lib/ms-id-token-validator.rb
 - lib/ms-id-token-validator/version.rb
 - ms-id-token-validator.gemspec
-homepage: https://github.com/quangquach/ms-id-token-validator
+homepage: https://github.com/QQism/ms-id-token-validator
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -147,9 +163,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.8
-signing_key: 
+rubygems_version: 3.2.26
+signing_key:
 specification_version: 4
 summary: Validate the Microsoft Oauth2 ID token
 test_files: []