myinfo 0.5.4 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c7aeaabc21bdd0de155e96b9306ba1c86015f70eae7f0e1aeec8ef0c8ce0e553
-  data.tar.gz: 26abbbb4749b9ae61c4d38ec1e4e6ab7b28dec410602b7ec448024bc0ceb726d
+  metadata.gz: 12a9996ed3c5052b49d43a086da72399138768ecc3e6928be0cbe152d1cf8bab
+  data.tar.gz: aeb4fbf81d51722a3e3994c392e3c74a89122f87169d3f317b366916bc47a97c
 SHA512:
-  metadata.gz: 25015c46d6e06e6d9ec2405448926e9d0482c1ee9fe5d0aadea0467afe1a830518abc376beb46757c89234322df9077ea983025330744ed071e1f28dbbab7c48
-  data.tar.gz: 9edf346e8b4da8d49cc95e6db9efc477b690b0b9bbbd6d680cf8a537c5ca38081c1b7dd2eac169b8dfd2050fc0bdf0a5028b8159c1e9850364f0dfcdd8017bfd
+  metadata.gz: e00d202ce7b880932543b9e4c1e9cf4ce3d6ab6cd5e0862dd7bf279512f9b91e81032da4ed777ab735dd36b5b0f790bed626c36268d366642c36a15fc2e7b227
+  data.tar.gz: 921b719e0b480948f4159a5ebd1645f8062966b89c1db55e536931ab0b174dc60ba997e41cc94fa6feaea1c1061d770184f64f9ddd32a273f57ff6a925b8c21f

data/README.md

@@ -2,10 +2,65 @@
 
 ![tests](https://github.com/GovTechSG/myinfo/workflows/tests/badge.svg?branch=main)
 
+# MyInfo V4
+
+[MyInfo Documentation (Public)](https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.html)
+
+Note: Currently this gem only supports `public_facing = true` for MyInfo V4 API.
+
+## Basic Setup (Public)
+
+1. `bundle add myinfo`
+2. Create a `config/initializers/myinfo.rb` and add the required configuration based on your environment.
+```ruby
+  MyInfo.configure do |config|
+    config.app_id = ''
+    config.client_id = ''
+    config.client_secret = ''
+    config.base_url = 'test.api.myinfo.gov.sg'
+    config.redirect_uri = 'https://localhost:3001/callback'
+    config.public_facing = true
+    config.sandbox = false # optional, false by default
+    config.private_encryption_key = ''
+    config.private_signing_key = ''
+    config.authorise_jwks_base_url = "test.authorise.singpass.gov.sg"
+    # setup proxy here if needed
+    config.proxy = { address: 'proxy_address', port: 'proxy_port' } # optional, nil by default
+    config.gateway_url = 'https://test_gateway_url' # optional, nil by default
+    config.gateway_key = '44d953c796cccebcec9bdc826852857ab412fbe2' # optional, nil by default
+  end
+```
+
+3. Generate the code verifier and code challenge and manage a session to their frontend to link the code_verifier and code_challenge.
+```ruby
+code_verifier, code_challenge = MyInfo::V4::Session.call
+```
+
+4. On callback url triggered, obtain a `MyInfo::V4::Token`. This token can only be used once.
+
+```ruby
+key_pairs = SecurityHelper.generate_session_key_pair
+response = MyInfo::V4::Token.call(
+  key_pairs: key_pairs,
+  auth_code: params[:code],
+  code_verifier: session[:code_verifier]
+)
+
+access_token = response.data
+```
+
+5. Obtain the `access_token` from the `response` and query for `MyInfo::V4::Person`:
+```ruby
+response = MyInfo::V4::Person.call(key_pairs: key_pairs, access_token: access_token)
+```
+
+
+# MyInfo V3
 
 [MyInfo Documentation (Public)](https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v3.1.0.html)
 
 [MyInfo Documentation (Government)](https://public.cloud.myinfo.gov.sg/myinfo/tuo/myinfo-tuo-specs.html)
+
 ## Basic Setup (Public)
 
 1. `bundle add myinfo`
@@ -22,8 +77,8 @@
     config.public_cert = File.read(Rails.root.join('public_cert_location'))
     config.sandbox = false # optional, false by default
     config.proxy = { address: 'proxy_address', port: 'proxy_port' } # optional, nil by default
-    config.gateway_url = 'https://test_gateway_url' #optional, nil by default
-    config.gateway_key = '44d953c796cccebcec9bdc826852857ab412fbe2' #optional, nil by default
+    config.gateway_url = 'https://test_gateway_url' # optional, nil by default
+    config.gateway_key = '44d953c796cccebcec9bdc826852857ab412fbe2' # optional, nil by default
   end
 ```
 

data/lib/myinfo/errors.rb

@@ -1,7 +1,9 @@
 # frozen_string_literal: true
 
 module MyInfo
-  class MissingConfigurationError < StandardError; end
+  class MyInfoError < StandardError; end
 
-  class UnavailableError < StandardError; end
+  class MissingConfigurationError < MyInfoError; end
+
+  class UnavailableError < MyInfoError; end
 end

data/lib/myinfo/helpers/attributes.rb

@@ -5,10 +5,10 @@ module MyInfo
   module Attributes
     DEFAULT_VALUES = %i[name sex race dob residentialstatus email mobileno regadd].freeze
 
-    def self.parse(attributes)
+    def self.parse(attributes, separator = ',')
       attributes ||= DEFAULT_VALUES
 
-      attributes.is_a?(String) ? attributes : attributes.join(',')
+      attributes.is_a?(String) ? attributes : attributes.join(separator)
     end
   end
 end

data/lib/myinfo/helpers/jwe_decryptor.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+# This class is used to decrypt the JWE token received from MyInfo.
+# Codes are actually extracted from JOSE gem
+class JweDecryptor
+  DEFAULT_IV = OpenSSL::BN.new(0xA6A6A6A6A6A6A6A6).to_s(2).freeze
+
+  def initialize(key:, jwe:)
+    @jwe = jwe
+    @private_encryption_key = key
+  end
+
+  def decrypt
+    jwe_parts = @jwe.split('.')
+
+    raise ArgumentError, 'bad jwe' if jwe_parts.size != 5
+
+    protected, encoded_encrypted_key, encoded_iv, encoded_ciphertext, encoded_tag = jwe_parts
+
+    header = JSON.parse(Base64.urlsafe_decode64(protected), { symbolize_names: true })
+    encrypted_key = Base64.urlsafe_decode64(encoded_encrypted_key)
+    iv = Base64.urlsafe_decode64(encoded_iv)
+    ciphertext = Base64.urlsafe_decode64(encoded_ciphertext)
+    tag = Base64.urlsafe_decode64(encoded_tag)
+
+    key = compute_public_key(header)
+    cek = decrypt_key(key, encrypted_key)
+    plain_text = decrypt_ciphertext(cek, iv, ciphertext, tag, protected)
+
+    JWT.decode(plain_text, nil, false).first
+  end
+
+  private
+
+  def compute_public_key(header)
+    crv = 'prime256v1'
+    x = Base64.urlsafe_decode64(header[:epk][:x])
+    y = Base64.urlsafe_decode64(header[:epk][:y])
+
+    point = OpenSSL::PKey::EC::Point.new(
+      OpenSSL::PKey::EC::Group.new(crv),
+      OpenSSL::BN.new([0x04, x, y].pack('Ca*a*'), 2)
+    )
+
+    sequence = OpenSSL::ASN1::Sequence([
+                                         OpenSSL::ASN1::Sequence([
+                                                                   OpenSSL::ASN1::ObjectId('id-ecPublicKey'),
+                                                                   OpenSSL::ASN1::ObjectId(crv)
+                                                                 ]),
+                                         OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+                                       ])
+    ec = OpenSSL::PKey::EC.new(sequence.to_der)
+
+    @private_encryption_key.dh_compute_key(ec.public_key)
+  end
+
+  # this method decrypts the key which is encypted using ECDH-ES+A256KW algorithm, 256 bits
+  def decrypt_key(key, encrypted_key)
+    algorithm_id = 'ECDH-ES+A256KW'
+    hash = OpenSSL::Digest::SHA256
+    key_data_len = 256
+    supp_pub_info = [key_data_len].pack('N')
+
+    other_info = [
+      algorithm_id.bytesize, algorithm_id,
+      ''.bytesize, '',
+      ''.bytesize, '',
+      supp_pub_info,
+      ''
+    ].pack('Na*Na*Na*a*a*')
+    hash_len = hash.digest('').bytesize * 8
+    reps =  (key_data_len / hash_len.to_f).ceil
+    if reps == 1
+      concatenation = [0, 0, 0, 1, key, other_info].pack('C4a*a*')
+      derived_key = [hash.digest(concatenation).unpack1('B*')[0...key_data_len]].pack('B*')
+    elsif reps > 0xFFFFFFFF
+      raise ArgumentError, "too many reps"
+    else
+      derived_key = derive_key(hash, 1, reps, key_data_len, [key, other_info].join, '')
+    end
+
+    unwrap(encrypted_key, derived_key)
+  end
+
+  def decrypt_ciphertext(cek, iv, ciphertext, tag, protected)
+    cipher = OpenSSL::Cipher.new('aes-256-gcm')
+    cipher.decrypt
+    cipher.key = cek
+    cipher.iv = iv
+    cipher.padding = 0
+    cipher.auth_data = protected
+    cipher.auth_tag = tag
+    cipher.update(ciphertext) + cipher.final
+  end
+
+  def unwrap(cipher_text, kek, iv = nil)
+    iv ||= DEFAULT_IV
+    bits = kek.bytesize * 8
+    unless (cipher_text.bytesize % 8).zero? && ((bits == 128) || (bits == 192) || (bits == 256))
+      raise ArgumentError, 'bad cipher_text, kek, or iv'
+    end
+
+    block_count = cipher_text.bytesize.div(8) - 1
+    buffer = do_unwrap(cipher_text, 5, block_count, kek, bits)
+    buffer_s = StringIO.new(buffer)
+    raise ArgumentError, 'iv does not match' unless buffer_s.read(iv.bytesize) == iv
+
+    buffer_s.read
+  end
+
+  def do_unwrap(buffer, j, block_count, kek, bits)
+    if j.negative?
+      buffer
+    else
+      do_unwrap(do_unwrap_step(buffer, j, block_count, block_count, kek, bits), j - 1, block_count, kek, bits)
+    end
+  end
+
+  def do_unwrap_step(buffer, j, i, block_count, kek, bits)
+    return buffer if i < 1
+
+    buffer_s = StringIO.new(buffer)
+    a0, = buffer_s.read(8).unpack('Q>')
+    head_size = (i - 1) * 8
+    head = buffer_s.read(head_size)
+    b0 = buffer_s.read(8)
+    tail = buffer_s.read
+    round = (block_count * j) + i
+    a1 = a0 ^ round
+    data = [a1, b0].pack('Q>a*')
+    a2, b1 = aes_ecb_decrypt(bits, kek, data).unpack('Q>a*')
+    do_unwrap_step([a2, head, b1, tail].pack('Q>a*a*a*'), j, i - 1, block_count, kek, bits)
+  end
+
+  def aes_ecb_decrypt(bits, key, cipher_text)
+    cipher = OpenSSL::Cipher::AES.new(bits, :ECB)
+    cipher.decrypt
+    cipher.key = key
+    cipher.padding = 0
+    cipher.update(cipher_text) + cipher.final
+  end
+end

data/lib/myinfo/helpers/security_helper.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+require 'jwe'
+require 'jwt'
+
+JWT.configuration.jwk.kid_generator = JWT::JWK::Thumbprint
+
+# Helper class for security related codes
+class SecurityHelper
+  class << self
+    def generate_session_key_pair
+      ec = OpenSSL::PKey::EC.generate('prime256v1')
+
+      group = ec.public_key.group
+      point = ec.public_key
+      asn1 = OpenSSL::ASN1::Sequence(
+        [
+          OpenSSL::ASN1::Sequence([
+                                    OpenSSL::ASN1::ObjectId('id-ecPublicKey'),
+                                    OpenSSL::ASN1::ObjectId(group.curve_name)
+                                  ]),
+          OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+        ]
+      )
+      public_key = OpenSSL::PKey::EC.new(asn1.to_der)
+
+      { private_key: ec.to_pem, public_key: public_key.to_pem }
+    end
+
+    def generate_dpop(url, access_token, http_method, key_pairs)
+      now = Time.now.to_i
+      payload = {
+        htu: url,
+        htm: http_method,
+        jti: SecureRandom.alphanumeric(40),
+        iat: now,
+        exp: now + 120
+      }
+
+      if access_token.present?
+        payload[:ath] = Base64.urlsafe_encode64(Digest::SHA256.digest(access_token), padding: false)
+      end
+
+      private_key = OpenSSL::PKey.read(key_pairs[:private_key])
+      jwk = JWT::JWK.new(OpenSSL::PKey.read(key_pairs[:public_key]), { use: 'sig', alg: 'ES256' })
+
+      JWT.encode(payload, private_key, 'ES256', { typ: 'dpop+jwt', jwk: jwk.export })
+    end
+
+    def generate_client_assertion(client_id, url, thumbprint, private_signing_key)
+      now = Time.now.to_i
+      payload = {
+        sub: client_id,
+        jti: SecureRandom.alphanumeric(40),
+        aud: url,
+        iss: client_id,
+        iat: now,
+        exp: now + 300,
+        cnf: {
+          jkt: thumbprint
+        }
+      }
+
+      headers = {
+        typ: 'JWT',
+        alg: 'ES256'
+      }
+
+      JWT.encode(payload, private_signing_key, 'ES256', headers)
+    end
+
+    def thumbprint(key)
+      jwk = JWT::JWK.new(OpenSSL::PKey.read(key), { use: 'sig', alg: 'ES256' })
+      jwk_hash = jwk.export
+      jwk_hash[:kid]
+    end
+  end
+end

data/lib/myinfo/v4/api.rb

@@ -0,0 +1,144 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module MyInfo
+  module V4
+    # Base API class
+    class Api
+      extend Callable
+
+      attr_reader :key_pairs, :thumbprint
+
+      def initialize(key_pairs:)
+        @key_pairs = key_pairs
+        @thumbprint = SecurityHelper.thumbprint(key_pairs[:public_key])
+      end
+
+      def endpoint
+        raise NotImplementedError, 'abstract'
+      end
+
+      def params(_args)
+        raise NotImplementedError, 'abstract'
+      end
+
+      def slug
+        ''
+      end
+
+      def call
+        yield
+      rescue StandardError => e
+        Response.new(success: false, data: e)
+      end
+
+      def http_method
+        'GET'
+      end
+
+      def support_gzip?
+        false
+      end
+
+      def header(access_token: nil)
+        {
+          'Content-Type' => 'application/json',
+          'Accept' => 'application/json',
+          'Cache-Control' => 'no-cache'
+        }.tap do |values|
+          values['x-api-key'] = config.gateway_key if config.gateway_key.present?
+
+          unless config.sandbox?
+            values['Authorization'] = auth_header(access_token: access_token) if access_token.present?
+            values['dpop'] = SecurityHelper.generate_dpop(endpoint, access_token, http_method, key_pairs)
+          end
+
+          if support_gzip?
+            values['Accept-Encoding'] = 'gzip'
+            values['Content-Encoding'] = 'gzip'
+          end
+        end
+      end
+
+      def api_path
+        path = config.gateway_path.present? ? "#{config.gateway_path}/" : ''
+        "#{path}#{slug}"
+      end
+
+      def parse_response(response)
+        if response.code == '200'
+          yield
+        elsif errors.include?(response.code)
+          json = JSON.parse(response.body)
+
+          Response.new(success: false, data: "#{json['code']} - #{json['message']}")
+        else
+          Response.new(success: false, data: "#{response.code} - #{response.body}")
+        end
+      end
+
+      protected
+
+      def http
+        url = config.gateway_host || config.base_url
+        @http ||= if config.proxy.blank?
+                    Net::HTTP.new(url, 443)
+                  else
+                    Net::HTTP.new(url, 443, config.proxy[:address], config.proxy[:port])
+                  end
+
+        @http.use_ssl = true
+        @http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+        @http
+      end
+
+      def jwks_http
+        url = config.gateway_host || config.authorise_jwks_base_url
+        @jwks_http_client = if config.proxy.blank?
+                              Net::HTTP.new(url, 443)
+                            else
+                              Net::HTTP.new(url, 443, config.proxy[:address], config.proxy[:port])
+                            end
+
+        @jwks_http_client.use_ssl = true
+        @jwks_http_client.verify_mode = OpenSSL::SSL::VERIFY_PEER
+
+        @jwks_http_client
+      end
+
+      def config
+        MyInfo.configuration
+      end
+
+      def errors
+        %w[400 401]
+      end
+
+      private
+
+      def private_encryption_key
+        raise MissingConfigurationError, :private_encryption_key if config.private_encryption_key.blank?
+
+        OpenSSL::PKey::EC.new(config.private_encryption_key)
+      end
+
+      def private_signing_key
+        raise MissingConfigurationError, :private_signing_key if config.private_signing_key.blank?
+
+        OpenSSL::PKey::EC.new(config.private_signing_key)
+      end
+
+      def to_query(headers)
+        headers.sort_by { |k, v| [k.to_s, v] }
+               .map { |arr| arr.join('=') }
+               .join('&')
+      end
+
+      def auth_header(access_token: nil)
+        "DPoP #{access_token}"
+      end
+    end
+  end
+end

data/lib/myinfo/v4/authorise_url.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module MyInfo
+  module V4
+    # https://public.cloud.myinfo.gov.sg/myinfo/api/myinfo-kyc-v4.0.html#operation/getauthorize
+    class AuthoriseUrl
+      extend Callable
+
+      attr_accessor :attributes, :code_challenge, :purpose, :nric_fin
+
+      def initialize(purpose:, code_challenge:, nric_fin: nil, attributes: nil)
+        @attributes = Attributes.parse(attributes)
+        @code_challenge = code_challenge
+        @purpose = purpose
+        @nric_fin = nric_fin
+      end
+
+      def call
+        query_string = {
+          purpose_id: purpose,
+          response_type: 'code',
+          scope: attributes,
+          code_challenge: code_challenge,
+          code_challenge_method: 'S256',
+          redirect_uri: config.redirect_uri,
+          client_id: config.client_id
+        }.compact.to_param
+
+        endpoint(query_string)
+      end
+
+      def endpoint(query_string)
+        if config.public?
+          "#{config.base_url_with_protocol}/#{slug}?#{query_string}"
+        else
+          # TODO: update url for gov version
+          "#{config.base_url_with_protocol}/#{slug}/#{nric_fin}?#{query_string}"
+        end
+      end
+
+      def slug
+        slug_prefix = config.public? ? 'com' : 'gov'
+
+        "#{slug_prefix}/v4/authorize"
+      end
+
+      def config
+        MyInfo.configuration
+      end
+    end
+  end
+end

data/lib/myinfo/v4/person.rb

@@ -0,0 +1,77 @@
+# frozen_string_literal: true
+
+require 'jwt'
+
+module MyInfo
+  module V4
+    # Calls the Person API
+    class Person < Api
+      attr_reader :access_token, :decoded_token, :attributes, :user_identifier
+
+      def initialize(key_pairs:, access_token:, attributes: nil)
+        super(key_pairs: key_pairs)
+        @access_token = access_token
+        @decoded_token = verify_jws(access_token).first
+        @user_identifier = @decoded_token['sub']
+
+        @attributes = Attributes.parse(attributes, ' ')
+      end
+
+      def call
+        super do
+          # call person API using, uinfin, access token, ephemeral key_pairs
+          headers = header(access_token: access_token).merge({ 'Content-Type' => 'application/x-www-form-urlencoded' })
+          endpoint_url = "/#{api_path}?#{params.to_query}"
+
+          response = http.request_get(endpoint_url, headers)
+          parse_response(response)
+        end
+      end
+
+      def slug
+        slug_prefix = config.public? ? 'com' : 'gov'
+
+        "#{slug_prefix}/v4/person/#{user_identifier}"
+      end
+
+      def endpoint
+        "#{config.base_url_with_protocol}/#{slug}"
+      end
+
+      def support_gzip?
+        true
+      end
+
+      def params
+        {
+          scope: attributes,
+          subentity_id: config.subentity_id
+        }.compact
+      end
+
+      def errors
+        %w[401 403 404]
+      end
+
+      def parse_response(response)
+        super do
+          json = JweDecryptor.new(key: private_encryption_key, jwe: response.body).decrypt
+          Response.new(success: true, data: json)
+        end
+      end
+
+      private
+
+      def verify_jws(access_token)
+        response = jwks_http.request_get('/.well-known/keys.json')
+
+        jwks_hash = JSON.parse(response.body)
+        jwks = JWT::JWK::Set.new(jwks_hash)
+        jwks.filter! { |key| key[:use] == 'sig' }
+        algorithms = jwks.map { |key| key[:alg] }.compact.uniq
+
+        JWT.decode(access_token, nil, true, algorithms: algorithms, jwks: jwks)
+      end
+    end
+  end
+end

data/lib/myinfo/v4/response.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module MyInfo
+  module V4
+    # Simple response wrapper
+    class Response
+      attr_reader :data
+
+      def initialize(success:, data:)
+        @success = success
+
+        if data.is_a?(StandardError)
+          @data = data.message
+          @exception = true
+        else
+          @data = data
+          @exception = false
+        end
+      end
+
+      def exception?
+        @exception
+      end
+
+      def success?
+        @success
+      end
+
+      def to_s
+        data
+      end
+    end
+  end
+end

data/lib/myinfo/v4/session.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'digest'
+
+module MyInfo
+  module V4
+    # Class to generate code_verifier and code_challenge to client application
+    class Session
+      extend Callable
+
+      def call
+        code_verifier = SecureRandom.hex(32)
+
+        sha256_encoded_code_verifier = Digest::SHA256.digest code_verifier
+        code_challenge = Base64.urlsafe_encode64(sha256_encoded_code_verifier, padding: false)
+
+        [code_verifier, code_challenge]
+      end
+    end
+  end
+end

data/lib/myinfo/v4/token.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module MyInfo
+  module V4
+    # Called after authorise to obtain a token for API calls
+    class Token < Api
+      attr_accessor :auth_code, :code_verifier
+
+      def initialize(key_pairs:, auth_code:, code_verifier:)
+        super(key_pairs: key_pairs)
+        @auth_code = auth_code
+        @code_verifier = code_verifier
+      end
+
+      def call
+        super do
+          headers = header.merge({ 'Content-Type' => 'application/x-www-form-urlencoded' })
+          response = http.request_post("/#{api_path}", params.to_param, headers)
+
+          parse_response(response)
+        end
+      end
+
+      def http_method
+        'POST'
+      end
+
+      def endpoint
+        "#{config.base_url_with_protocol}/#{slug}"
+      end
+
+      def slug
+        slug_prefix = config.public? ? 'com' : 'gov'
+
+        "#{slug_prefix}/v4/token"
+      end
+
+      def params
+        {
+          code: auth_code,
+          grant_type: 'authorization_code',
+          client_id: config.client_id,
+          redirect_uri: config.redirect_uri,
+          client_assertion: SecurityHelper.generate_client_assertion(
+            config.client_id,
+            endpoint,
+            thumbprint,
+            private_signing_key
+          ),
+          client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+          code_verifier: code_verifier
+        }.compact
+      end
+
+      def parse_response(response)
+        super do
+          json = JSON.parse(response.body)
+          access_token = json['access_token']
+
+          Response.new(success: true, data: access_token)
+        end
+      end
+    end
+  end
+end

data/lib/myinfo/version.rb

@@ -2,6 +2,6 @@
 
 module MyInfo
   module Version
-    WRAPPER_VERSION = '0.5.4'
+    WRAPPER_VERSION = '0.6.0'
   end
 end

data/lib/myinfo.rb

@@ -8,6 +8,8 @@ require_relative 'myinfo/errors'
 
 require_relative 'myinfo/helpers/callable'
 require_relative 'myinfo/helpers/attributes'
+require_relative 'myinfo/helpers/jwe_decryptor'
+require_relative 'myinfo/helpers/security_helper'
 
 require_relative 'myinfo/v3/response'
 require_relative 'myinfo/v3/api'
@@ -16,6 +18,13 @@ require_relative 'myinfo/v3/person'
 require_relative 'myinfo/v3/person_basic'
 require_relative 'myinfo/v3/authorise_url'
 
+require_relative 'myinfo/v4/response'
+require_relative 'myinfo/v4/api'
+require_relative 'myinfo/v4/session'
+require_relative 'myinfo/v4/authorise_url'
+require_relative 'myinfo/v4/token'
+require_relative 'myinfo/v4/person'
+
 # Base MyInfo class
 module MyInfo
   class << self
@@ -29,8 +38,20 @@ module MyInfo
 
   # Configuration to set various properties needed to use MyInfo
   class Configuration
-    attr_accessor :singpass_eservice_id, :app_id, :client_id, :proxy, :private_key, :public_cert, :client_secret,
-                  :redirect_uri, :gateway_url, :gateway_key
+    attr_accessor :singpass_eservice_id,
+                  :app_id,
+                  :client_id,
+                  :proxy,
+                  :private_key,
+                  :public_cert,
+                  :client_secret,
+                  :redirect_uri,
+                  :gateway_url,
+                  :gateway_key,
+                  :authorise_jwks_base_url, # added for v4
+                  :subentity_id, # added for v4, UEN of SaaS partner's client that will be receiving the person data.
+                  :private_encryption_key, # added for V4
+                  :private_signing_key # added for V4
 
     attr_reader :base_url
     attr_writer :public_facing, :sandbox

metadata

@@ -1,15 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: myinfo
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: 0.6.0
 platform: ruby
 authors:
 - Lim Yao Jie
 - Eileen Kang
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-11-22 00:00:00.000000000 Z
+date: 2023-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwe
@@ -31,28 +31,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.2'
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6'
+        version: '7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -101,14 +101,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.59'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.8'
+        version: '1.59'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.25'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.25'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -148,19 +162,27 @@ files:
 - lib/myinfo/errors.rb
 - lib/myinfo/helpers/attributes.rb
 - lib/myinfo/helpers/callable.rb
+- lib/myinfo/helpers/jwe_decryptor.rb
+- lib/myinfo/helpers/security_helper.rb
 - lib/myinfo/v3/api.rb
 - lib/myinfo/v3/authorise_url.rb
 - lib/myinfo/v3/person.rb
 - lib/myinfo/v3/person_basic.rb
 - lib/myinfo/v3/response.rb
 - lib/myinfo/v3/token.rb
+- lib/myinfo/v4/api.rb
+- lib/myinfo/v4/authorise_url.rb
+- lib/myinfo/v4/person.rb
+- lib/myinfo/v4/response.rb
+- lib/myinfo/v4/session.rb
+- lib/myinfo/v4/token.rb
 - lib/myinfo/version.rb
 homepage: https://github.com/GovTechSG/myinfo-rails
 licenses:
 - MIT
 metadata:
   rubygems_mfa_required: 'true'
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -175,8 +197,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
-signing_key: 
+rubygems_version: 3.4.6
+signing_key:
 specification_version: 4
 summary: Rails wrapper for MyInfo API
 test_files: []