omniauth-apple 1.0.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a5e32b1f9b3dfe8859855b86ffdb6da18d238c0f065d2aa83fd8494ae49a3dc5
-  data.tar.gz: bab7b98074c2a989120b1a7d3188a9ba85037c55956efc5e2e462373ed9d0d4f
+  metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
+  data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
 SHA512:
-  metadata.gz: bce3e4e1a4feb3df68f3d2d5361a56e6977dfe765068b2bee6cef743a41f59212d1b533a1cdefbeb1eaebf8a7cf832dd0f53dbd080f4efa1311bd30942b7ea86
-  data.tar.gz: c67ff848f44f6061c6f319db5a708e0e407977446252bea63af9e94799df2ce140c93dd7a5be5c1afbbdf3fdcdeafaeb7650cad4de199749d8edb436f21896e8
+  metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
+  data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c

data/.github/workflows/rspec.yml

@@ -6,21 +6,22 @@ on:
       - master
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
-  build:
+  spec:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        ruby: ['2.5', '2.6', '2.7']
+        ruby: ['2.6', '2.7', '3.0', '3.1']
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby ${{ matrix.ruby }}
-      uses: actions/setup-ruby@v1
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
-    - name: Build and test with Rake on Ruby ${{ matrix.ruby }}
-      run: |
-        gem install bundler
-        bundle install --jobs 4 --retry 3
-        bundle exec rake spec
+        bundler-cache: true
+    - name: Run Specs
+      run: bundle exec rake spec

data/CHANGELOG.md

@@ -1,5 +1,23 @@
 ## [Unreleased]
 
+## [1.1.0] - 2022-09-27
+
+### Fixed
+
+- [#91](https://github.com/nhosoya/omniauth-apple/pull/91) explicitly specify auth_scheme for oauth2 v2+ support
+
+## [1.1.0] - 2022-09-26
+
+### Added
+
+- [#67](https://github.com/nhosoya/omniauth-apple/pull/67) Add email_verified and is_private_email
+
+### Fixed
+
+- [#74](https://github.com/nhosoya/omniauth-apple/pull/74) rspec failure - callback_path null pointer
+- [#81](https://github.com/nhosoya/omniauth-apple/pull/81) Allow for omniauth 2.0 series
+- [#88](https://github.com/nhosoya/omniauth-apple/pull/88) update github actions config
+
 ## [1.0.2] - 2021-05-19
 
 ### Fixed
@@ -33,7 +51,7 @@
 
 ### Changed
 
-- [#27](https://github.com/nhosoya/omniauth-apple/pull/27) Update development dependency 
+- [#27](https://github.com/nhosoya/omniauth-apple/pull/27) Update development dependency
 - [#28](https://github.com/nhosoya/omniauth-apple/pull/28) Update README.md
 - [#38](https://github.com/nhosoya/omniauth-apple/pull/38) Refine AuthHash
 - [#39](https://github.com/nhosoya/omniauth-apple/pull/39) Set the default scope to 'email name'
@@ -44,7 +62,9 @@
 
 ## [0.0.1] - 2019-06-07
 
-[Unreleased]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.2...master
-[1.0.0]: https://github.com/nhosoya/omniauth-apple/compare/v0.0.3...v1.0.0
-[1.0.1]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.0...v1.0.1
+[Unreleased]: https://github.com/nhosoya/omniauth-apple/compare/v1.2.0...master
+[1.2.0]: https://github.com/nhosoya/omniauth-apple/compare/v1.1.0...v1.2.0
+[1.1.0]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.2...v1.1.0
 [1.0.2]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.1...v1.0.2
+[1.0.1]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.0...v1.0.1
+[1.0.0]: https://github.com/nhosoya/omniauth-apple/compare/v0.0.3...v1.0.0

data/README.md

@@ -34,6 +34,77 @@ Rails.application.config.middleware.use OmniAuth::Builder do
 end
 ```
 
+## Configuring "Sign In with Apple"
+
+_other Sign In with Apple guides:_
+- ["How To" by janak amarasena (2019)](https://medium.com/identity-beyond-borders/how-to-configure-sign-in-with-apple-77c61e336003)
+- [the docs, by Apple](https://developer.apple.com/sign-in-with-apple/)
+
+### Look out for the values you need for your config
+  1. your domain and subdomains, something like: `myapp.com`, `www.myapp.com`
+  2. your redirect uri, something like: `https://myapp.com/users/auth/apple/callback` (check `rails routes` to be sure)
+  3. omniauth's "client id" will be Apple's "bundle id", something like: `com.myapp`
+  4. you will get the "team id" value from Apple when you create your _**App Id**_, something like: `H000000B`
+  5. Apple will give you a `.p8` file, which you'll use to GENERATE your `:pem` value
+
+### Steps
+
+1. Log into your [Apple Developer Account](https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=891bd3417a7776362562d2197f89480a8547b108fd934911bcbea0110d07f757&path=%2Faccount%2F&rv=1)
+    (if you don't have one, you can [create one here](https://appleid.apple.com/account?appId=632&returnUrl=https%3A%2F%2Fdeveloper.apple.com%2Faccount%2F))
+
+2. Get an App Id with the "Sign In with Apple" capability
+    - go to your [Identifiers](https://developer.apple.com/account/resources/identifiers/list) list
+    - [start a new Identifier](https://developer.apple.com/account/resources/identifiers/add/bundleId) by clicking on the + sign in the Identifiers List
+    - select _**App IDs**_ and click _**continue**_
+    - select _**App**_ and _**continue**_
+    - enter a description and a bundle id
+    - check the **_"Sign In with Apple"_** capability
+    - save it
+
+3. Get a Services Id (which we will use as our client id)
+    - go to your [Identifiers](https://developer.apple.com/account/resources/identifiers/list) list
+    - [start a new Identifier](https://developer.apple.com/account/resources/identifiers/add/bundleId) by clicking on the + sign in the Identifiers List
+    - select _**Services IDs**_ and click _**continue**_
+    - enter a description and a bundle id
+    - make sure **_"Sign In with Apple"_** is checked, then click _**configure**_
+    - make sure the Primary App ID matches the App ID you configured earlier
+    -  enter all the subdomains you might use (comma delimited):
+
+        example.com,www.example.com
+
+    - enter all the redirect URLS you might use (comma delimited):
+
+       https://example.com/users/auth/apple/callback,https://example.com/users/auth/apple/callback
+
+    -  save the "Sign In with Apple" capability config and the Service Id
+
+4. Get a Secret Key
+    - go to your [Keys](https://developer.apple.com/account/resources/authkeys/list) list
+    - [start a new Key](https://developer.apple.com/account/resources/authkeys/add) by clicking on the + sign in the Keys List
+    - enter a name
+    - make sure **_"Sign In with Apple"_** is checked, then click _**configure**_
+    - make sure the Primary App ID matches the App ID you configured earlier
+    - save the "Sign In with Apple" capability
+    - click "continue" to finish the Key config (you will be prompted to _**Download Your Key**_)
+    - Apple will give you a `.p8` file, keep it safe and secure (don't commit it).
+
+### Mapping Apple Values to OmniAuth Values
+  - your `:team_id` is in the top-right of your App Id config (aka _**App ID Prefix**_), it looks like: `H000000B`
+  - your `:client_id` is in the top-right of your Services Id config (aka _**Identifier**_), it looks like: `com.example`
+  - your `:key_id` is on the left side of your Key Details page, it looks like: `XYZ000000`
+  - your `:pem` is the content of the `.p8` file you got from Apple, _**with an extra newline at the end**_
+
+  - example from a Devise config:
+
+      ```ruby
+        config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', {
+          scope: 'email name',
+          team_id: ENV['APPLE_APP_ID_PREFIX'],
+          key_id: ENV['APPLE_KEY_ID'],
+          pem: ENV['APPLE_P8_FILE_CONTENT_WITH_EXTRA_NEWLINE']
+        }
+      ```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.

data/lib/omniauth/apple/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Apple
-    VERSION = "1.0.2"
+    VERSION = "1.2.0"
   end
 end

data/lib/omniauth/strategies/apple.rb

@@ -11,7 +11,8 @@ module OmniAuth
       option :client_options,
              site: 'https://appleid.apple.com',
              authorize_url: '/auth/authorize',
-             token_url: '/auth/token'
+             token_url: '/auth/token',
+             auth_scheme: :request_body
       option :authorize_params,
              response_mode: 'form_post',
              scope: 'email name'
@@ -19,6 +20,8 @@ module OmniAuth
 
       uid { id_info['sub'] }
 
+      # Documentation on parameters
+      # https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple
       info do
         prune!(
           sub: id_info['sub'],
@@ -26,6 +29,8 @@ module OmniAuth
           first_name: first_name,
           last_name: last_name,
           name: (first_name || last_name) ? [first_name, last_name].join(' ') : email,
+          email_verified: email_verified,
+          is_private_email: is_private_email
         )
       end
 
@@ -38,12 +43,22 @@ module OmniAuth
         ::OAuth2::Client.new(client_id, client_secret, deep_symbolize(options.client_options))
       end
 
+      def email_verified
+        value = id_info['email_verified']
+        value == true || value == "true"
+      end
+
+      def is_private_email
+        value = id_info['is_private_email']
+        value == true || value == "true"
+      end
+
       def authorize_params
         super.merge(nonce: new_nonce)
       end
 
       def callback_url
-        options[:redirect_uri] || (full_host + script_name + callback_path)
+        options[:redirect_uri] || (full_host + callback_path)
       end
 
       private

data/omniauth-apple.gemspec

@@ -38,9 +38,10 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'omniauth-oauth2'
   spec.add_dependency 'jwt'
+  spec.add_dependency 'rack-protection', '~> 2.0'
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.9"
   spec.add_development_dependency "webmock", "~> 3.8"
-  spec.add_development_dependency 'simplecov', "~> 0.18"
+  spec.add_development_dependency "simplecov", "~> 0.18"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-apple
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.2.0
 platform: ruby
 authors:
 - nhosoya
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-05-19 00:00:00.000000000 Z
+date: 2022-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -39,6 +39,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-protection
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -150,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: OmniAuth strategy for Sign In with Apple