omniauth-apple 1.1.0 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -3
- data/README.md +71 -0
- data/lib/omniauth/apple/version.rb +1 -1
- data/lib/omniauth/strategies/apple.rb +30 -18
- data/omniauth-apple.gemspec +0 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 31e8e9835b469abca7611926aaa4da9b1f3e35804ea9c4e9fa5b06a1791dcdd1
|
|
4
|
+
data.tar.gz: c916fa50a22971da3f2f71a72566e43771531945b7d9e83bbaf0914a04a6253a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02bde67e85651dc85bacdb548248d240d9a3c501f24a204ad572253af8cd6468914fe3de86ee30bbc7a174bb6249d77ee6ae82222573beb829dc9b4f7f690099
|
|
7
|
+
data.tar.gz: 57a0b49a53f55a77470ad280c27acdb11bccfa93e43170ed0c34730b3fdb9918bb0d43a1ac20ae30f10eb101ef161bac5a79a90e54bee7186c8c813e7923f733
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
+
## [1.2.1] - 2022-10-25
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
|
|
7
|
+
- [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
|
|
8
|
+
- [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
|
|
9
|
+
|
|
10
|
+
## [1.2.0] - 2022-09-27
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- [#91](https://github.com/nhosoya/omniauth-apple/pull/91) explicitly specify auth_scheme for oauth2 v2+ support
|
|
15
|
+
|
|
3
16
|
## [1.1.0] - 2022-09-26
|
|
4
17
|
|
|
5
18
|
### Added
|
|
@@ -56,7 +69,9 @@
|
|
|
56
69
|
|
|
57
70
|
## [0.0.1] - 2019-06-07
|
|
58
71
|
|
|
59
|
-
[Unreleased]: https://github.com/nhosoya/omniauth-apple/compare/v1.0
|
|
60
|
-
[1.
|
|
61
|
-
[1.0
|
|
72
|
+
[Unreleased]: https://github.com/nhosoya/omniauth-apple/compare/v1.2.0...master
|
|
73
|
+
[1.2.0]: https://github.com/nhosoya/omniauth-apple/compare/v1.1.0...v1.2.0
|
|
74
|
+
[1.1.0]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.2...v1.1.0
|
|
62
75
|
[1.0.2]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.1...v1.0.2
|
|
76
|
+
[1.0.1]: https://github.com/nhosoya/omniauth-apple/compare/v1.0.0...v1.0.1
|
|
77
|
+
[1.0.0]: https://github.com/nhosoya/omniauth-apple/compare/v0.0.3...v1.0.0
|
data/README.md
CHANGED
|
@@ -34,6 +34,77 @@ Rails.application.config.middleware.use OmniAuth::Builder do
|
|
|
34
34
|
end
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
+
## Configuring "Sign In with Apple"
|
|
38
|
+
|
|
39
|
+
_other Sign In with Apple guides:_
|
|
40
|
+
- ["How To" by janak amarasena (2019)](https://medium.com/identity-beyond-borders/how-to-configure-sign-in-with-apple-77c61e336003)
|
|
41
|
+
- [the docs, by Apple](https://developer.apple.com/sign-in-with-apple/)
|
|
42
|
+
|
|
43
|
+
### Look out for the values you need for your config
|
|
44
|
+
1. your domain and subdomains, something like: `myapp.com`, `www.myapp.com`
|
|
45
|
+
2. your redirect uri, something like: `https://myapp.com/users/auth/apple/callback` (check `rails routes` to be sure)
|
|
46
|
+
3. omniauth's "client id" will be Apple's "bundle id", something like: `com.myapp`
|
|
47
|
+
4. you will get the "team id" value from Apple when you create your _**App Id**_, something like: `H000000B`
|
|
48
|
+
5. Apple will give you a `.p8` file, which you'll use to GENERATE your `:pem` value
|
|
49
|
+
|
|
50
|
+
### Steps
|
|
51
|
+
|
|
52
|
+
1. Log into your [Apple Developer Account](https://idmsa.apple.com/IDMSWebAuth/signin?appIdKey=891bd3417a7776362562d2197f89480a8547b108fd934911bcbea0110d07f757&path=%2Faccount%2F&rv=1)
|
|
53
|
+
(if you don't have one, you can [create one here](https://appleid.apple.com/account?appId=632&returnUrl=https%3A%2F%2Fdeveloper.apple.com%2Faccount%2F))
|
|
54
|
+
|
|
55
|
+
2. Get an App Id with the "Sign In with Apple" capability
|
|
56
|
+
- go to your [Identifiers](https://developer.apple.com/account/resources/identifiers/list) list
|
|
57
|
+
- [start a new Identifier](https://developer.apple.com/account/resources/identifiers/add/bundleId) by clicking on the + sign in the Identifiers List
|
|
58
|
+
- select _**App IDs**_ and click _**continue**_
|
|
59
|
+
- select _**App**_ and _**continue**_
|
|
60
|
+
- enter a description and a bundle id
|
|
61
|
+
- check the **_"Sign In with Apple"_** capability
|
|
62
|
+
- save it
|
|
63
|
+
|
|
64
|
+
3. Get a Services Id (which we will use as our client id)
|
|
65
|
+
- go to your [Identifiers](https://developer.apple.com/account/resources/identifiers/list) list
|
|
66
|
+
- [start a new Identifier](https://developer.apple.com/account/resources/identifiers/add/bundleId) by clicking on the + sign in the Identifiers List
|
|
67
|
+
- select _**Services IDs**_ and click _**continue**_
|
|
68
|
+
- enter a description and a bundle id
|
|
69
|
+
- make sure **_"Sign In with Apple"_** is checked, then click _**configure**_
|
|
70
|
+
- make sure the Primary App ID matches the App ID you configured earlier
|
|
71
|
+
- enter all the subdomains you might use (comma delimited):
|
|
72
|
+
|
|
73
|
+
example.com,www.example.com
|
|
74
|
+
|
|
75
|
+
- enter all the redirect URLS you might use (comma delimited):
|
|
76
|
+
|
|
77
|
+
https://example.com/users/auth/apple/callback,https://example.com/users/auth/apple/callback
|
|
78
|
+
|
|
79
|
+
- save the "Sign In with Apple" capability config and the Service Id
|
|
80
|
+
|
|
81
|
+
4. Get a Secret Key
|
|
82
|
+
- go to your [Keys](https://developer.apple.com/account/resources/authkeys/list) list
|
|
83
|
+
- [start a new Key](https://developer.apple.com/account/resources/authkeys/add) by clicking on the + sign in the Keys List
|
|
84
|
+
- enter a name
|
|
85
|
+
- make sure **_"Sign In with Apple"_** is checked, then click _**configure**_
|
|
86
|
+
- make sure the Primary App ID matches the App ID you configured earlier
|
|
87
|
+
- save the "Sign In with Apple" capability
|
|
88
|
+
- click "continue" to finish the Key config (you will be prompted to _**Download Your Key**_)
|
|
89
|
+
- Apple will give you a `.p8` file, keep it safe and secure (don't commit it).
|
|
90
|
+
|
|
91
|
+
### Mapping Apple Values to OmniAuth Values
|
|
92
|
+
- your `:team_id` is in the top-right of your App Id config (aka _**App ID Prefix**_), it looks like: `H000000B`
|
|
93
|
+
- your `:client_id` is in the top-right of your Services Id config (aka _**Identifier**_), it looks like: `com.example`
|
|
94
|
+
- your `:key_id` is on the left side of your Key Details page, it looks like: `XYZ000000`
|
|
95
|
+
- your `:pem` is the content of the `.p8` file you got from Apple, _**with an extra newline at the end**_
|
|
96
|
+
|
|
97
|
+
- example from a Devise config:
|
|
98
|
+
|
|
99
|
+
```ruby
|
|
100
|
+
config.omniauth :apple, ENV['APPLE_SERVICE_BUNDLE_ID'], '', {
|
|
101
|
+
scope: 'email name',
|
|
102
|
+
team_id: ENV['APPLE_APP_ID_PREFIX'],
|
|
103
|
+
key_id: ENV['APPLE_KEY_ID'],
|
|
104
|
+
pem: ENV['APPLE_P8_FILE_CONTENT_WITH_EXTRA_NEWLINE']
|
|
105
|
+
}
|
|
106
|
+
```
|
|
107
|
+
|
|
37
108
|
## Contributing
|
|
38
109
|
|
|
39
110
|
Bug reports and pull requests are welcome on GitHub at https://github.com/nhosoya/omniauth-apple.
|
|
@@ -11,7 +11,8 @@ module OmniAuth
|
|
|
11
11
|
option :client_options,
|
|
12
12
|
site: 'https://appleid.apple.com',
|
|
13
13
|
authorize_url: '/auth/authorize',
|
|
14
|
-
token_url: '/auth/token'
|
|
14
|
+
token_url: '/auth/token',
|
|
15
|
+
auth_scheme: :request_body
|
|
15
16
|
option :authorize_params,
|
|
16
17
|
response_mode: 'form_post',
|
|
17
18
|
scope: 'email name'
|
|
@@ -73,27 +74,38 @@ module OmniAuth
|
|
|
73
74
|
def id_info
|
|
74
75
|
@id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
|
|
75
76
|
id_token = request.params['id_token'] || access_token.params['id_token']
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
77
|
+
if (verification_key = fetch_jwks)
|
|
78
|
+
jwt_options = {
|
|
79
|
+
verify_iss: true,
|
|
80
|
+
iss: 'https://appleid.apple.com',
|
|
81
|
+
verify_iat: true,
|
|
82
|
+
verify_aud: true,
|
|
83
|
+
aud: [options.client_id].concat(options.authorized_client_ids),
|
|
84
|
+
algorithms: ['RS256'],
|
|
85
|
+
jwks: verification_key
|
|
86
|
+
}
|
|
87
|
+
payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
|
|
88
|
+
verify_nonce!(payload)
|
|
89
|
+
payload
|
|
90
|
+
else
|
|
91
|
+
{}
|
|
92
|
+
end
|
|
88
93
|
end
|
|
89
94
|
end
|
|
90
95
|
|
|
91
96
|
def fetch_jwks
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
+
conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
|
|
98
|
+
c.response :json, parser_options: { symbolize_names: true }
|
|
99
|
+
c.adapter Faraday.default_adapter
|
|
100
|
+
end
|
|
101
|
+
res = conn.get 'https://appleid.apple.com/auth/keys'
|
|
102
|
+
if res.success?
|
|
103
|
+
res.body
|
|
104
|
+
else
|
|
105
|
+
fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, 'HTTP Error when fetching JWKs'))
|
|
106
|
+
end
|
|
107
|
+
rescue Faraday::Error => e
|
|
108
|
+
fail!(:jwks_fetching_failed, e)
|
|
97
109
|
end
|
|
98
110
|
|
|
99
111
|
def verify_nonce!(payload)
|
data/omniauth-apple.gemspec
CHANGED
|
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
|
|
|
38
38
|
|
|
39
39
|
spec.add_dependency 'omniauth-oauth2'
|
|
40
40
|
spec.add_dependency 'jwt'
|
|
41
|
-
spec.add_dependency 'rack-protection', '~> 2.0'
|
|
42
41
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
43
42
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
44
43
|
spec.add_development_dependency "rspec", "~> 3.9"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-apple
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1
|
|
4
|
+
version: 1.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nhosoya
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-
|
|
12
|
+
date: 2022-10-25 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-oauth2
|
|
@@ -39,20 +39,6 @@ dependencies:
|
|
|
39
39
|
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
|
-
- !ruby/object:Gem::Dependency
|
|
43
|
-
name: rack-protection
|
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
|
45
|
-
requirements:
|
|
46
|
-
- - "~>"
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: '2.0'
|
|
49
|
-
type: :runtime
|
|
50
|
-
prerelease: false
|
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
52
|
-
requirements:
|
|
53
|
-
- - "~>"
|
|
54
|
-
- !ruby/object:Gem::Version
|
|
55
|
-
version: '2.0'
|
|
56
42
|
- !ruby/object:Gem::Dependency
|
|
57
43
|
name: bundler
|
|
58
44
|
requirement: !ruby/object:Gem::Requirement
|