okta-jwt 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/okta/jwt.rb +10 -9
- data/lib/okta/jwt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d86a02a18fafb45fcc0bb032360de8c925c084fb53e6d6cc1eba219befcc353a
|
|
4
|
+
data.tar.gz: 98c2c4cfd3e45288de02c616a97660135ec77e21223b071191d2e1f49847dc54
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 67f895b7796bfd0279c0225b806a36396bc53fadeee8f86ddad66de19f853e4727edda2027015182a987f2b478cabe22baf9cf77c23e1d9f1d424455a28d24d7
|
|
7
|
+
data.tar.gz: 4cb76774add99285f65827fb7d3ef7d9a64ad4a7753fbb84be25cad44860d28724cceca9652f20372d94d2c7a2105224a90f2de014188b4c54d1cadc68e06fd8
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -25,7 +25,7 @@ Configure the client:
|
|
|
25
25
|
```ruby
|
|
26
26
|
Okta::Jwt.configure! issuer_url: 'https://organization.oktapreview.com,
|
|
27
27
|
auth_server_id: 'auth_server_id,
|
|
28
|
-
client_id: 'client_id,
|
|
28
|
+
client_id: 'client_id, # optional, used to sign in users
|
|
29
29
|
client_secret: 'client_secret, # optional, used to sign in users
|
|
30
30
|
logger: Logger.new(STDOUT) # optional
|
|
31
31
|
```
|
data/lib/okta/jwt.rb
CHANGED
|
@@ -16,11 +16,10 @@ module Okta
|
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
# configure the client
|
|
19
|
-
def configure!(issuer_url:, auth_server_id:, client_id
|
|
19
|
+
def configure!(issuer_url:, auth_server_id:, client_id: nil, client_secret: nil, logger: Logger.new(IO::NULL))
|
|
20
20
|
@issuer_url = issuer_url
|
|
21
21
|
@auth_server_id = auth_server_id
|
|
22
22
|
@client_id = client_id
|
|
23
|
-
@public_key_ttl = public_key_ttl
|
|
24
23
|
@client_secret = client_secret
|
|
25
24
|
@logger = logger
|
|
26
25
|
|
|
@@ -42,18 +41,18 @@ module Okta
|
|
|
42
41
|
|
|
43
42
|
# validate the token
|
|
44
43
|
def verify_token(token)
|
|
45
|
-
|
|
46
|
-
jwk = JSON::JWK.new(get_jwk(kid))
|
|
44
|
+
jwk = JSON::JWK.new(get_jwk(token))
|
|
47
45
|
JSON::JWT.decode(token, jwk.to_key)
|
|
48
46
|
end
|
|
49
47
|
|
|
50
|
-
# extract public key from metadata's jwks_uri
|
|
51
|
-
def get_jwk(
|
|
48
|
+
# extract public key from metadata's jwks_uri using kid
|
|
49
|
+
def get_jwk(token)
|
|
50
|
+
kid = JSON.parse(Base64.decode64(token.split('.').first))['kid']
|
|
52
51
|
return JWKS_CACHE[kid] if JWKS_CACHE[kid] # cache hit
|
|
53
52
|
|
|
54
53
|
logger.info("[Okta::Jwt] Fetching public key: kid => #{kid} ...")
|
|
55
54
|
jwks_response = client.get do |req|
|
|
56
|
-
req.url get_metadata['jwks_uri']
|
|
55
|
+
req.url get_metadata(token)['jwks_uri']
|
|
57
56
|
end
|
|
58
57
|
jwk = JSON.parse(jwks_response.body)['keys'].find do |key|
|
|
59
58
|
key.dig('kid') == kid
|
|
@@ -63,8 +62,10 @@ module Okta
|
|
|
63
62
|
jwk.tap{JWKS_CACHE[kid] = jwk}
|
|
64
63
|
end
|
|
65
64
|
|
|
66
|
-
# fetch metadata
|
|
67
|
-
def get_metadata
|
|
65
|
+
# fetch client metadata using cid/aud
|
|
66
|
+
def get_metadata(token)
|
|
67
|
+
payload = JSON.parse(Base64.decode64(token.split('.')[1]))
|
|
68
|
+
client_id = payload['cid'] || payload['aud'] # id_token has client_id value under aud key
|
|
68
69
|
metadata_response = client.get do |req|
|
|
69
70
|
req.url "/oauth2/#{auth_server_id}/.well-known/oauth-authorization-server?client_id=#{client_id}"
|
|
70
71
|
end
|
data/lib/okta/jwt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: okta-jwt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Damir Roso
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-12-
|
|
11
|
+
date: 2018-12-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|