omniauth-aitu-passport 0.1.24 → 0.1.26

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/Gemfile.lock +1 -1
  4. data/lib/omniauth/aitu_passport/version.rb +1 -1
  5. data/lib/omniauth/strategies/aitu_passport.rb +29 -3
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a58e50932132dada555e296ab35d8164105768c7aed6f411315705cb13a6183
4
- data.tar.gz: 63e2743ae7099c59911bd5518e023fabda97982ab8d680285e2395aa2f755b56
3
+ metadata.gz: ed9f43131e0356fa3011a05bb6c8928943718ffe2716426a04051f9ea2805cd9
4
+ data.tar.gz: 8dadf7133bc547aa229fe6e736825b79659f16bcbbdb892aa02ffd39b137f3d1
5
5
  SHA512:
6
- metadata.gz: 1772e65d6e68a2a25c6bbae50491b0a77d5696a04f4895e4ba16a4748b0ec0e1ede16fe14a4169503f054c6b1aeefcfa622b29b8332f1e5fbec7b771c9b2f28a
7
- data.tar.gz: 4aba6961aa2168b0d80812b80b8d31b0e9a85923b09c786c904f13668af7dea2f2c358ad0eda013fb86147bf69d94f3f6d1d448f0c127da8fe27012d88eda11e
6
+ metadata.gz: 483dfd398af835545691c9efe60ffa11f45e6f6040fe047fd774f6a419707aeef7fb2c91a0506a70d837882fefad623e5efa262bf32239e378ab848f78bc4b65
7
+ data.tar.gz: b62d08dadc3a9537e51310f725b607ddd1fd7b30a80580bed692c90b27aa8b480255f7b1096a53861bf3154785594f05c6b585c681c1a73688dac65c94b27ef8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ # v 0.1.25
2
+
3
+ Added:
4
+ - id_token: support with JWT verification
5
+
6
+
1
7
  # v 0.1.24
2
8
 
3
9
  Added:
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- omniauth-aitu-passport (0.1.23)
4
+ omniauth-aitu-passport (0.1.25)
5
5
  oauth2 (~> 1.4.7)
6
6
  omniauth (~> 1)
7
7
  omniauth-oauth2 (~> 1)
data/lib/omniauth/aitu_passport/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module AituPassport
5
- VERSION = '0.1.24'
5
+ VERSION = '0.1.26'
6
6
  end
7
7
  end
data/lib/omniauth/strategies/aitu_passport.rb CHANGED
@@ -3,6 +3,7 @@
3
3
  require 'omniauth'
4
4
  require 'oauth2'
5
5
  require 'omniauth-oauth2'
6
+ require 'jwt'
6
7
 
7
8
  module OmniAuth
8
9
  module Strategies
@@ -19,6 +20,7 @@ module OmniAuth
19
20
  }
20
21
 
21
22
  option :pkce, true
23
+ option :jwt_leeway, 60
22
24
 
23
25
  AVAILABLE_SCOPE_OPTIONS = %w[
24
26
  openid
@@ -46,6 +48,8 @@ module OmniAuth
46
48
 
47
49
  DEFAULT_SCOPE = 'openid phone'
48
50
 
51
+ ALLOWED_ISS = %w[https://passport.stage.supreme-team.tech https://passport.aitu.io].freeze
52
+
49
53
  uid { raw_info['openid'] }
50
54
 
51
55
  info do
@@ -59,9 +63,31 @@ module OmniAuth
59
63
  end
60
64
 
61
65
  extra do
62
- {
63
- 'raw_info' => raw_info
64
- }
66
+ hash = {}
67
+ hash[:id_token] = access_token['id_token']
68
+ if !options[:skip_jwt] && !access_token['id_token'].nil?
69
+ decoded = ::JWT.decode(access_token['id_token'], nil, false).first
70
+
71
+ # We have to manually verify the claims because the third parameter to
72
+ # JWT.decode is false since no verification key is provided.
73
+ ::JWT::Verify.verify_claims(decoded,
74
+ verify_iss: true,
75
+ iss: ALLOWED_ISS,
76
+ verify_aud: true,
77
+ aud: options.client_id,
78
+ verify_sub: false,
79
+ verify_expiration: true,
80
+ verify_not_before: true,
81
+ verify_iat: false,
82
+ verify_jti: false,
83
+ leeway: options[:jwt_leeway])
84
+
85
+ hash[:id_info] = decoded
86
+ end
87
+ hash[:raw_info] = raw_info unless skip_info?
88
+
89
+ # returning resulting hash
90
+ hash
65
91
  end
66
92
 
67
93
  # Omniauth::Strategy
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-aitu-passport
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.24
4
+ version: 0.1.26
5
5
  platform: ruby
6
6
  authors:
7
7
  - Yaroslav Shevchenko
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-03-30 00:00:00.000000000 Z
11
+ date: 2022-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: oauth2