omniauth-apple 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
4
- data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
3
+ metadata.gz: 31e8e9835b469abca7611926aaa4da9b1f3e35804ea9c4e9fa5b06a1791dcdd1
4
+ data.tar.gz: c916fa50a22971da3f2f71a72566e43771531945b7d9e83bbaf0914a04a6253a
5
5
  SHA512:
6
- metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
7
- data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c
6
+ metadata.gz: 02bde67e85651dc85bacdb548248d240d9a3c501f24a204ad572253af8cd6468914fe3de86ee30bbc7a174bb6249d77ee6ae82222573beb829dc9b4f7f690099
7
+ data.tar.gz: 57a0b49a53f55a77470ad280c27acdb11bccfa93e43170ed0c34730b3fdb9918bb0d43a1ac20ae30f10eb101ef161bac5a79a90e54bee7186c8c813e7923f733
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  ## [Unreleased]
2
2
 
3
- ## [1.1.0] - 2022-09-27
3
+ ## [1.2.1] - 2022-10-25
4
+
5
+ ### Fixed
6
+
7
+ - [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
8
+ - [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
9
+
10
+ ## [1.2.0] - 2022-09-27
4
11
 
5
12
  ### Fixed
6
13
 
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Apple
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.1"
4
4
  end
5
5
  end
@@ -74,27 +74,38 @@ module OmniAuth
74
74
  def id_info
75
75
  @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
76
76
  id_token = request.params['id_token'] || access_token.params['id_token']
77
- jwt_options = {
78
- verify_iss: true,
79
- iss: 'https://appleid.apple.com',
80
- verify_iat: true,
81
- verify_aud: true,
82
- aud: [options.client_id].concat(options.authorized_client_ids),
83
- algorithms: ['RS256'],
84
- jwks: fetch_jwks
85
- }
86
- payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
87
- verify_nonce!(payload)
88
- payload
77
+ if (verification_key = fetch_jwks)
78
+ jwt_options = {
79
+ verify_iss: true,
80
+ iss: 'https://appleid.apple.com',
81
+ verify_iat: true,
82
+ verify_aud: true,
83
+ aud: [options.client_id].concat(options.authorized_client_ids),
84
+ algorithms: ['RS256'],
85
+ jwks: verification_key
86
+ }
87
+ payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
88
+ verify_nonce!(payload)
89
+ payload
90
+ else
91
+ {}
92
+ end
89
93
  end
90
94
  end
91
95
 
92
96
  def fetch_jwks
93
- http = Net::HTTP.new('appleid.apple.com', 443)
94
- http.use_ssl = true
95
- request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
96
- response = http.request(request)
97
- JSON.parse(response.body, symbolize_names: true)
97
+ conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
98
+ c.response :json, parser_options: { symbolize_names: true }
99
+ c.adapter Faraday.default_adapter
100
+ end
101
+ res = conn.get 'https://appleid.apple.com/auth/keys'
102
+ if res.success?
103
+ res.body
104
+ else
105
+ fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, 'HTTP Error when fetching JWKs'))
106
+ end
107
+ rescue Faraday::Error => e
108
+ fail!(:jwks_fetching_failed, e)
98
109
  end
99
110
 
100
111
  def verify_nonce!(payload)
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
38
38
 
39
39
  spec.add_dependency 'omniauth-oauth2'
40
40
  spec.add_dependency 'jwt'
41
- spec.add_dependency 'rack-protection', '~> 2.0'
42
41
  spec.add_development_dependency "bundler", "~> 2.0"
43
42
  spec.add_development_dependency "rake", "~> 13.0"
44
43
  spec.add_development_dependency "rspec", "~> 3.9"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-apple
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - nhosoya
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2022-09-27 00:00:00.000000000 Z
12
+ date: 2022-10-25 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth-oauth2
@@ -39,20 +39,6 @@ dependencies:
39
39
  - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
- - !ruby/object:Gem::Dependency
43
- name: rack-protection
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - "~>"
47
- - !ruby/object:Gem::Version
48
- version: '2.0'
49
- type: :runtime
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - "~>"
54
- - !ruby/object:Gem::Version
55
- version: '2.0'
56
42
  - !ruby/object:Gem::Dependency
57
43
  name: bundler
58
44
  requirement: !ruby/object:Gem::Requirement