oauth_im 0.7.4 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -6
  3. data/app/controllers/oauth_im/client_controller.rb +0 -2
  4. data/app/services/oauth_im/token_decoder.rb +21 -5
  5. data/lib/oauth_im/configuration.rb +1 -0
  6. data/lib/oauth_im/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 85fc483377f0cf348af3a8399c70fec84395915203cb6bfa203f7d147eedb7d6
4
- data.tar.gz: 40f90809e1e7405640098732aa41ac1ab96771230d9721d22f41ebfed3b19e74
3
+ metadata.gz: be1d2aa7d9e5c1ac97a5e5aabd89671a48bfc2afc17c53276f961be0a29d357e
4
+ data.tar.gz: 64f150ae67c0b67efd6a8db20c1390bb69ca21f29837446ad07264947e8e863d
5
5
  SHA512:
6
- metadata.gz: ec6f87a823e4ea3c8bd51bfc6ef09d65908840282c9228d88b78e98f686933c8eaaf2b0d844e0b2967bbed54e271f9f4c5c3b27cd7d4824b52539007018bbf29
7
- data.tar.gz: dfbb145b3cf8658853b41f7d86e62024f957a21a5f6a99b69a9f682e49ad839734ab629c4a5d9ced89a53265726de029724645710dee9efa42760a0650bf2dd8
6
+ metadata.gz: 11624bb0650c05d8a5f63edee7b8918f6e043f6a4b6d15b25cd593da5940af18ab320a5d4587479ab96c836ef60b99b4e45f49fabfe3a08e23870dd1d1489499
7
+ data.tar.gz: 4018866ef76985ec65ccb37ab95e7e973caf0e8f07086a25ad3f55b2eb17659d130e75421466f60f8d526aa8929239c935d87fb905d7358edfceae6c81540ff5
data/README.md CHANGED
@@ -40,16 +40,23 @@ module OauthIm
40
40
  ################################################
41
41
  config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
42
42
 
43
- ###############################
44
- # on FA application OAuth tab #
45
- ###############################
43
+ ####################################
44
+ # find on FA application OAuth tab #
45
+ ####################################
46
46
  config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
47
47
  config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
48
48
 
49
- ###################################################################################
50
- # View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
51
- ###################################################################################
49
+ #################################################################################
50
+ # 1. Find signing key name on the app details name. #
51
+ # 2. Look up the key (by name) under Key Master tab under Settings: #
52
+ # https://illustrativemath-dev.fusionauth.io/admin/key/ #
53
+ # 3. The key should be either HMAC or RSA. #
54
+ # - If HMAC, view the Secret under Details. You will need to click to reveal. #
55
+ # - If RSA, copy the PEM encoded public key as-is. #
56
+ # Note: You don't need both keys --- TokenDecoder will use the one available. #
57
+ #################################################################################
52
58
  config.hmac = ENV['FUSION_AUTH_HMAC']
59
+ config.rsa_public = ENV['FUSION_AUTH_RSA_PUBLIC]
53
60
  end
54
61
  end
55
62
  ```
@@ -142,6 +149,9 @@ After many false starts, this repo includes two (seemingly functional) github wo
142
149
  you.
143
150
 
144
151
  ## Version History
152
+ ### 0.8.0
153
+ * Allow RSA signing keys in addition to HMAC.
154
+ This is because Terraform creates RSA keys during runs.
145
155
  ### 0.7.4
146
156
  * Use https protocol for callback in production; http otherwise
147
157
 
data/app/controllers/oauth_im/client_controller.rb CHANGED
@@ -7,8 +7,6 @@ module OauthIm
7
7
  def callback
8
8
  session[:user_jwt] = user_jwt
9
9
  redirect_to main_app.root_path
10
- rescue StandardError
11
- head :forbidden
12
10
  end
13
11
 
14
12
  def login
data/app/services/oauth_im/token_decoder.rb CHANGED
@@ -20,14 +20,30 @@ module OauthIm
20
20
  private
21
21
 
22
22
  delegate :configuration, to: OauthIm
23
- delegate :hmac, :iss_domain, to: :configuration
23
+ delegate :hmac, :rsa_public, :iss_domain, to: :configuration
24
24
 
25
25
  def decoded_token
26
- @decoded_token ||= JWT.decode token, hmac, true, decode_params
26
+ @decoded_token ||= JWT.decode token, key, verify?, decode_params
27
27
  end
28
28
 
29
- def decode_algorithm
30
- DEFAULT_DECODE_ALGORITHM
29
+ def decode_using_hmac?
30
+ hmac.present?
31
+ end
32
+
33
+ def key
34
+ @key ||= decode_using_hmac? ? hmac : rsa_public_key
35
+ end
36
+
37
+ def rsa_public_key
38
+ @rsa_public_key ||= OpenSSL::PKey::RSA.new rsa_public
39
+ end
40
+
41
+ def algorithm
42
+ @algorithm ||= decode_using_hmac? ? 'HS256' : 'RS256'
43
+ end
44
+
45
+ def verify?
46
+ true
31
47
  end
32
48
 
33
49
  def verify_iss?
@@ -43,7 +59,7 @@ module OauthIm
43
59
  iss: iss_domain,
44
60
  verify_aud: verify_aud?,
45
61
  aud: aud,
46
- algorithm: decode_algorithm }.freeze
62
+ algorithm: algorithm }.freeze
47
63
  end
48
64
  end
49
65
  end
data/lib/oauth_im/configuration.rb CHANGED
@@ -15,6 +15,7 @@ module OauthIm
15
15
  client_id
16
16
  client_secret
17
17
  hmac
18
+ rsa_public
18
19
  ].freeze
19
20
 
20
21
  class Configuration
data/lib/oauth_im/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OauthIm
4
- VERSION = '0.7.4'
4
+ VERSION = '0.8.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauth_im
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.4
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Connally
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-24 00:00:00.000000000 Z
11
+ date: 2022-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt