okta-jwt 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +1 -1
  4. data/lib/okta/jwt.rb +10 -9
  5. data/lib/okta/jwt/version.rb +1 -1
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 51baf643a26e73a82ac3bb0dffb9a5cd631d560920ba10c064b890d36da2c47a
4
- data.tar.gz: 61d85c61b02cee7a38a75ee699a1acab0b2d77f87f3c890255344505570a72a9
3
+ metadata.gz: d86a02a18fafb45fcc0bb032360de8c925c084fb53e6d6cc1eba219befcc353a
4
+ data.tar.gz: 98c2c4cfd3e45288de02c616a97660135ec77e21223b071191d2e1f49847dc54
5
5
  SHA512:
6
- metadata.gz: 799d0370eec69267493467ad8fe711a464f8b28c24fc7ef4621dca3596d238aac25a57ddcb8370d8cba68bd2634767c6db4fec64ad052e525536d1ce111704d9
7
- data.tar.gz: 74426bb23cdf7ae60d17ddeab5b94c8dff53b88fa6ec6ac5193f077402fc1d7bc05238be44620128c3b0cbf1726a86da6d0cdf4521d6d3a92114717cbe8292d6
6
+ metadata.gz: 67f895b7796bfd0279c0225b806a36396bc53fadeee8f86ddad66de19f853e4727edda2027015182a987f2b478cabe22baf9cf77c23e1d9f1d424455a28d24d7
7
+ data.tar.gz: 4cb76774add99285f65827fb7d3ef7d9a64ad4a7753fbb84be25cad44860d28724cceca9652f20372d94d2c7a2105224a90f2de014188b4c54d1cadc68e06fd8
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- okta-jwt (0.1.0)
4
+ okta-jwt (0.2.0)
5
5
  faraday
6
6
  json-jwt
7
7
 
data/README.md CHANGED
@@ -25,7 +25,7 @@ Configure the client:
25
25
  ```ruby
26
26
  Okta::Jwt.configure! issuer_url: 'https://organization.oktapreview.com,
27
27
  auth_server_id: 'auth_server_id,
28
- client_id: 'client_id,
28
+ client_id: 'client_id, # optional, used to sign in users
29
29
  client_secret: 'client_secret, # optional, used to sign in users
30
30
  logger: Logger.new(STDOUT) # optional
31
31
  ```
data/lib/okta/jwt.rb CHANGED
@@ -16,11 +16,10 @@ module Okta
16
16
  end
17
17
 
18
18
  # configure the client
19
- def configure!(issuer_url:, auth_server_id:, client_id:, public_key_ttl: 0, client_secret: nil, logger: Logger.new(IO::NULL))
19
+ def configure!(issuer_url:, auth_server_id:, client_id: nil, client_secret: nil, logger: Logger.new(IO::NULL))
20
20
  @issuer_url = issuer_url
21
21
  @auth_server_id = auth_server_id
22
22
  @client_id = client_id
23
- @public_key_ttl = public_key_ttl
24
23
  @client_secret = client_secret
25
24
  @logger = logger
26
25
 
@@ -42,18 +41,18 @@ module Okta
42
41
 
43
42
  # validate the token
44
43
  def verify_token(token)
45
- kid = JSON.parse(Base64.decode64(token.split('.').first))['kid']
46
- jwk = JSON::JWK.new(get_jwk(kid))
44
+ jwk = JSON::JWK.new(get_jwk(token))
47
45
  JSON::JWT.decode(token, jwk.to_key)
48
46
  end
49
47
 
50
- # extract public key from metadata's jwks_uri
51
- def get_jwk(kid)
48
+ # extract public key from metadata's jwks_uri using kid
49
+ def get_jwk(token)
50
+ kid = JSON.parse(Base64.decode64(token.split('.').first))['kid']
52
51
  return JWKS_CACHE[kid] if JWKS_CACHE[kid] # cache hit
53
52
 
54
53
  logger.info("[Okta::Jwt] Fetching public key: kid => #{kid} ...")
55
54
  jwks_response = client.get do |req|
56
- req.url get_metadata['jwks_uri']
55
+ req.url get_metadata(token)['jwks_uri']
57
56
  end
58
57
  jwk = JSON.parse(jwks_response.body)['keys'].find do |key|
59
58
  key.dig('kid') == kid
@@ -63,8 +62,10 @@ module Okta
63
62
  jwk.tap{JWKS_CACHE[kid] = jwk}
64
63
  end
65
64
 
66
- # fetch metadata
67
- def get_metadata
65
+ # fetch client metadata using cid/aud
66
+ def get_metadata(token)
67
+ payload = JSON.parse(Base64.decode64(token.split('.')[1]))
68
+ client_id = payload['cid'] || payload['aud'] # id_token has client_id value under aud key
68
69
  metadata_response = client.get do |req|
69
70
  req.url "/oauth2/#{auth_server_id}/.well-known/oauth-authorization-server?client_id=#{client_id}"
70
71
  end
data/lib/okta/jwt/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Okta
2
2
  module Jwt
3
- VERSION = "0.1.0"
3
+ VERSION = "0.2.0"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: okta-jwt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Damir Roso
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-12-04 00:00:00.000000000 Z
11
+ date: 2018-12-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler