okta-jwt 0.5.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +35 -10
- data/lib/okta/jwt.rb +13 -5
- data/lib/okta/jwt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 13e5d691d2e52857e02e2dba1a078dd9e2919b878f3426437c23c55b169d99ce
|
4
|
+
data.tar.gz: a7be07dee7976a82fb89cd181ca1f40d7f822bba7c16281dfc5c1010d8269ecf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 01553fbc8f947fdb6ef574d279a0b4f480c65e1a0cbe9a359b5eac042a87c6ceb56a04c7fbeb20c6aa34fbe147a49053a28e67b1082a92b981321b462b16b4de
|
7
|
+
data.tar.gz: 12234fb7cc1f169f392f5faf17c2abc491510fa4534c6e0ac22a5ee9eda6032cdfdfed56fd002a1d390f76b20777f60280c30d872234d712429e87acb180c7cf
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -19,34 +19,59 @@ Or install it yourself as:
|
|
19
19
|
$ gem install okta-jwt
|
20
20
|
|
21
21
|
## Usage
|
22
|
+
Require the library:
|
22
23
|
|
23
|
-
|
24
|
+
```ruby
|
25
|
+
require 'okta/jwt'
|
26
|
+
```
|
27
|
+
|
28
|
+
### Getting the tokens
|
29
|
+
|
30
|
+
Configuration:
|
24
31
|
|
25
32
|
```ruby
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
client_id: 'client_id',
|
30
|
-
client_secret: 'client_secret')
|
33
|
+
Okta::Jwt.configure!(
|
34
|
+
issuer: 'https://<org>.oktapreview.com/oauth2<auth_server_id>'
|
35
|
+
)
|
31
36
|
```
|
37
|
+
NOTE: this step is optional, you don't need it for token verification.
|
38
|
+
|
39
|
+
#### Resource owner password flow
|
32
40
|
|
33
41
|
Sign in user to get access token (default scope is openid):
|
34
42
|
|
35
43
|
```ruby
|
36
|
-
auth_response = Okta::Jwt.
|
44
|
+
auth_response = Okta::Jwt.sign_in_user(
|
37
45
|
username: 'user@example.org',
|
38
46
|
password: 'password',
|
47
|
+
client_id: 'client_id',
|
48
|
+
client_secret: 'client_secret',
|
39
49
|
scope: 'openid my_scope'
|
40
50
|
)
|
41
|
-
|
42
|
-
|
51
|
+
access_token = JSON.parse(auth_response.body)['access_token']
|
52
|
+
```
|
53
|
+
|
54
|
+
#### Client credentials flow
|
55
|
+
|
56
|
+
Sign in client to get access token (provide at least one custom scope):
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
auth_response = Okta::Jwt.sign_in_client(
|
60
|
+
client_id: 'client_id',
|
61
|
+
client_secret: 'client_secret',
|
62
|
+
scope: 'my_scope'
|
63
|
+
)
|
64
|
+
access_token = JSON.parse(auth_response.body)['access_token']
|
43
65
|
```
|
44
66
|
|
67
|
+
### Verify the token
|
68
|
+
|
45
69
|
Verify access token (signature + claims):
|
46
70
|
|
47
71
|
```ruby
|
48
72
|
Okta::Jwt.logger = Logger.new(STDOUT) # set optional logger
|
49
|
-
verified_access_token = Okta::Jwt.verify_token(
|
73
|
+
verified_access_token = Okta::Jwt.verify_token(
|
74
|
+
access_token,
|
50
75
|
issuer: 'https://<org>.oktapreview.com/oauth2<auth_server_id>',
|
51
76
|
audience: 'development',
|
52
77
|
client_id: 'client_id'
|
data/lib/okta/jwt.rb
CHANGED
@@ -14,19 +14,17 @@ module Okta
|
|
14
14
|
JWKS_CACHE = {}
|
15
15
|
|
16
16
|
class << self
|
17
|
-
attr_accessor :issuer, :auth_server_id, :
|
17
|
+
attr_accessor :issuer, :auth_server_id, :logger
|
18
18
|
end
|
19
19
|
|
20
20
|
# configure the client for signing in
|
21
|
-
def
|
21
|
+
def configure!(issuer:, logger: nil)
|
22
22
|
@issuer = issuer
|
23
|
-
@client_id = client_id
|
24
|
-
@client_secret = client_secret
|
25
23
|
@auth_server_id = issuer.split('/').last
|
26
24
|
end
|
27
25
|
|
28
26
|
# sign in user to get tokens
|
29
|
-
def
|
27
|
+
def sign_in_user(username:, password:, client_id:, client_secret:, scope: 'openid')
|
30
28
|
client(issuer).post do |req|
|
31
29
|
req.url "/oauth2/#{auth_server_id}/v1/token"
|
32
30
|
req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
@@ -34,6 +32,16 @@ module Okta
|
|
34
32
|
req.body = URI.encode_www_form username: username, password: password, scope: scope, grant_type: 'password'
|
35
33
|
end
|
36
34
|
end
|
35
|
+
|
36
|
+
# sign in client to get access_token
|
37
|
+
def sign_in_client(client_id:, client_secret:, scope:)
|
38
|
+
client(issuer).post do |req|
|
39
|
+
req.url "/oauth2/#{auth_server_id}/v1/token"
|
40
|
+
req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
|
41
|
+
req.headers['Authorization'] = 'Basic: ' + Base64.strict_encode64("#{client_id}:#{client_secret}")
|
42
|
+
req.body = URI.encode_www_form scope: scope, grant_type: 'client_credentials'
|
43
|
+
end
|
44
|
+
end
|
37
45
|
|
38
46
|
# validate the token
|
39
47
|
def verify_token(token, issuer:, audience:, client_id:)
|
data/lib/okta/jwt/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: okta-jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Damir Roso
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-12-
|
11
|
+
date: 2018-12-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|