oauth_im 0.7.4 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +16 -6
  3. data/app/controllers/oauth_im/client_controller.rb +0 -2
  4. data/app/services/oauth_im/token_decoder.rb +21 -5
  5. data/lib/oauth_im/configuration.rb +1 -0
  6. data/lib/oauth_im/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 85fc483377f0cf348af3a8399c70fec84395915203cb6bfa203f7d147eedb7d6
4
- data.tar.gz: 40f90809e1e7405640098732aa41ac1ab96771230d9721d22f41ebfed3b19e74
3
+ metadata.gz: be1d2aa7d9e5c1ac97a5e5aabd89671a48bfc2afc17c53276f961be0a29d357e
4
+ data.tar.gz: 64f150ae67c0b67efd6a8db20c1390bb69ca21f29837446ad07264947e8e863d
5
5
  SHA512:
6
- metadata.gz: ec6f87a823e4ea3c8bd51bfc6ef09d65908840282c9228d88b78e98f686933c8eaaf2b0d844e0b2967bbed54e271f9f4c5c3b27cd7d4824b52539007018bbf29
7
- data.tar.gz: dfbb145b3cf8658853b41f7d86e62024f957a21a5f6a99b69a9f682e49ad839734ab629c4a5d9ced89a53265726de029724645710dee9efa42760a0650bf2dd8
6
+ metadata.gz: 11624bb0650c05d8a5f63edee7b8918f6e043f6a4b6d15b25cd593da5940af18ab320a5d4587479ab96c836ef60b99b4e45f49fabfe3a08e23870dd1d1489499
7
+ data.tar.gz: 4018866ef76985ec65ccb37ab95e7e973caf0e8f07086a25ad3f55b2eb17659d130e75421466f60f8d526aa8929239c935d87fb905d7358edfceae6c81540ff5
data/README.md CHANGED
@@ -40,16 +40,23 @@ module OauthIm
40
40
  ################################################
41
41
  config.iss_domain = ENV.fetch 'FUSION_AUTH_ISS_DOMAIN', DEFAULT_ISS_DOMAIN
42
42
 
43
- ###############################
44
- # on FA application OAuth tab #
45
- ###############################
43
+ ####################################
44
+ # find on FA application OAuth tab #
45
+ ####################################
46
46
  config.client_id = ENV['FUSION_AUTH_CLIENT_ID']
47
47
  config.client_secret = ENV['FUSION_AUTH_CLIENT_SECRET']
48
48
 
49
- ###################################################################################
50
- # View default signing key: https://illustrativemath-dev.fusionauth.io/admin/key/ #
51
- ###################################################################################
49
+ #################################################################################
50
+ # 1. Find signing key name on the app details name. #
51
+ # 2. Look up the key (by name) under Key Master tab under Settings: #
52
+ # https://illustrativemath-dev.fusionauth.io/admin/key/ #
53
+ # 3. The key should be either HMAC or RSA. #
54
+ # - If HMAC, view the Secret under Details. You will need to click to reveal. #
55
+ # - If RSA, copy the PEM encoded public key as-is. #
56
+ # Note: You don't need both keys --- TokenDecoder will use the one available. #
57
+ #################################################################################
52
58
  config.hmac = ENV['FUSION_AUTH_HMAC']
59
+ config.rsa_public = ENV['FUSION_AUTH_RSA_PUBLIC]
53
60
  end
54
61
  end
55
62
  ```
@@ -142,6 +149,9 @@ After many false starts, this repo includes two (seemingly functional) github wo
142
149
  you.
143
150
 
144
151
  ## Version History
152
+ ### 0.8.0
153
+ * Allow RSA signing keys in addition to HMAC.
154
+ This is because Terraform creates RSA keys during runs.
145
155
  ### 0.7.4
146
156
  * Use https protocol for callback in production; http otherwise
147
157
 
data/app/controllers/oauth_im/client_controller.rb CHANGED
@@ -7,8 +7,6 @@ module OauthIm
7
7
  def callback
8
8
  session[:user_jwt] = user_jwt
9
9
  redirect_to main_app.root_path
10
- rescue StandardError
11
- head :forbidden
12
10
  end
13
11
 
14
12
  def login
data/app/services/oauth_im/token_decoder.rb CHANGED
@@ -20,14 +20,30 @@ module OauthIm
20
20
  private
21
21
 
22
22
  delegate :configuration, to: OauthIm
23
- delegate :hmac, :iss_domain, to: :configuration
23
+ delegate :hmac, :rsa_public, :iss_domain, to: :configuration
24
24
 
25
25
  def decoded_token
26
- @decoded_token ||= JWT.decode token, hmac, true, decode_params
26
+ @decoded_token ||= JWT.decode token, key, verify?, decode_params
27
27
  end
28
28
 
29
- def decode_algorithm
30
- DEFAULT_DECODE_ALGORITHM
29
+ def decode_using_hmac?
30
+ hmac.present?
31
+ end
32
+
33
+ def key
34
+ @key ||= decode_using_hmac? ? hmac : rsa_public_key
35
+ end
36
+
37
+ def rsa_public_key
38
+ @rsa_public_key ||= OpenSSL::PKey::RSA.new rsa_public
39
+ end
40
+
41
+ def algorithm
42
+ @algorithm ||= decode_using_hmac? ? 'HS256' : 'RS256'
43
+ end
44
+
45
+ def verify?
46
+ true
31
47
  end
32
48
 
33
49
  def verify_iss?
@@ -43,7 +59,7 @@ module OauthIm
43
59
  iss: iss_domain,
44
60
  verify_aud: verify_aud?,
45
61
  aud: aud,
46
- algorithm: decode_algorithm }.freeze
62
+ algorithm: algorithm }.freeze
47
63
  end
48
64
  end
49
65
  end
data/lib/oauth_im/configuration.rb CHANGED
@@ -15,6 +15,7 @@ module OauthIm
15
15
  client_id
16
16
  client_secret
17
17
  hmac
18
+ rsa_public
18
19
  ].freeze
19
20
 
20
21
  class Configuration
data/lib/oauth_im/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module OauthIm
4
- VERSION = '0.7.4'
4
+ VERSION = '0.8.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauth_im
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.4
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Connally
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-24 00:00:00.000000000 Z
11
+ date: 2022-05-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jwt