omniauth-apple 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -1
  3. data/lib/omniauth/apple/version.rb +1 -1
  4. data/lib/omniauth/strategies/apple.rb +28 -17
  5. data/omniauth-apple.gemspec +0 -1
  6. metadata +2 -16
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
4
- data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
3
+ metadata.gz: 31e8e9835b469abca7611926aaa4da9b1f3e35804ea9c4e9fa5b06a1791dcdd1
4
+ data.tar.gz: c916fa50a22971da3f2f71a72566e43771531945b7d9e83bbaf0914a04a6253a
5
5
  SHA512:
6
- metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
7
- data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c
6
+ metadata.gz: 02bde67e85651dc85bacdb548248d240d9a3c501f24a204ad572253af8cd6468914fe3de86ee30bbc7a174bb6249d77ee6ae82222573beb829dc9b4f7f690099
7
+ data.tar.gz: 57a0b49a53f55a77470ad280c27acdb11bccfa93e43170ed0c34730b3fdb9918bb0d43a1ac20ae30f10eb101ef161bac5a79a90e54bee7186c8c813e7923f733
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  ## [Unreleased]
2
2
 
3
- ## [1.1.0] - 2022-09-27
3
+ ## [1.2.1] - 2022-10-25
4
+
5
+ ### Fixed
6
+
7
+ - [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
8
+ - [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
9
+
10
+ ## [1.2.0] - 2022-09-27
4
11
 
5
12
  ### Fixed
6
13
 
data/lib/omniauth/apple/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Apple
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.1"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/apple.rb CHANGED
@@ -74,27 +74,38 @@ module OmniAuth
74
74
  def id_info
75
75
  @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
76
76
  id_token = request.params['id_token'] || access_token.params['id_token']
77
- jwt_options = {
78
- verify_iss: true,
79
- iss: 'https://appleid.apple.com',
80
- verify_iat: true,
81
- verify_aud: true,
82
- aud: [options.client_id].concat(options.authorized_client_ids),
83
- algorithms: ['RS256'],
84
- jwks: fetch_jwks
85
- }
86
- payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
87
- verify_nonce!(payload)
88
- payload
77
+ if (verification_key = fetch_jwks)
78
+ jwt_options = {
79
+ verify_iss: true,
80
+ iss: 'https://appleid.apple.com',
81
+ verify_iat: true,
82
+ verify_aud: true,
83
+ aud: [options.client_id].concat(options.authorized_client_ids),
84
+ algorithms: ['RS256'],
85
+ jwks: verification_key
86
+ }
87
+ payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
88
+ verify_nonce!(payload)
89
+ payload
90
+ else
91
+ {}
92
+ end
89
93
  end
90
94
  end
91
95
 
92
96
  def fetch_jwks
93
- http = Net::HTTP.new('appleid.apple.com', 443)
94
- http.use_ssl = true
95
- request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
96
- response = http.request(request)
97
- JSON.parse(response.body, symbolize_names: true)
97
+ conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
98
+ c.response :json, parser_options: { symbolize_names: true }
99
+ c.adapter Faraday.default_adapter
100
+ end
101
+ res = conn.get 'https://appleid.apple.com/auth/keys'
102
+ if res.success?
103
+ res.body
104
+ else
105
+ fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, 'HTTP Error when fetching JWKs'))
106
+ end
107
+ rescue Faraday::Error => e
108
+ fail!(:jwks_fetching_failed, e)
98
109
  end
99
110
 
100
111
  def verify_nonce!(payload)
data/omniauth-apple.gemspec CHANGED
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
38
38
 
39
39
  spec.add_dependency 'omniauth-oauth2'
40
40
  spec.add_dependency 'jwt'
41
- spec.add_dependency 'rack-protection', '~> 2.0'
42
41
  spec.add_development_dependency "bundler", "~> 2.0"
43
42
  spec.add_development_dependency "rake", "~> 13.0"
44
43
  spec.add_development_dependency "rspec", "~> 3.9"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-apple
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nhosoya
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2022-09-27 00:00:00.000000000 Z
12
+ date: 2022-10-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth-oauth2
@@ -39,20 +39,6 @@ dependencies:
39
39
  - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
- - !ruby/object:Gem::Dependency
43
- name: rack-protection
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - "~>"
47
- - !ruby/object:Gem::Version
48
- version: '2.0'
49
- type: :runtime
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - "~>"
54
- - !ruby/object:Gem::Version
55
- version: '2.0'
56
42
  - !ruby/object:Gem::Dependency
57
43
  name: bundler
58
44
  requirement: !ruby/object:Gem::Requirement