RubyGems - omniauth-apple - Versions diffs - 1.2.0 → 1.2.1 - Mend

omniauth-apple 1.2.0 → 1.2.1

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +8 -1
data/lib/omniauth/apple/version.rb +1 -1
data/lib/omniauth/strategies/apple.rb +28 -17
data/omniauth-apple.gemspec +0 -1
metadata +2 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
-  data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
+  metadata.gz: 31e8e9835b469abca7611926aaa4da9b1f3e35804ea9c4e9fa5b06a1791dcdd1
+  data.tar.gz: c916fa50a22971da3f2f71a72566e43771531945b7d9e83bbaf0914a04a6253a
 SHA512:
-  metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
-  data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c
+  metadata.gz: 02bde67e85651dc85bacdb548248d240d9a3c501f24a204ad572253af8cd6468914fe3de86ee30bbc7a174bb6249d77ee6ae82222573beb829dc9b4f7f690099
+  data.tar.gz: 57a0b49a53f55a77470ad280c27acdb11bccfa93e43170ed0c34730b3fdb9918bb0d43a1ac20ae30f10eb101ef161bac5a79a90e54bee7186c8c813e7923f733

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,13 @@
 ## [Unreleased]
-## [1.1.0] - 2022-09-27
+## [1.2.1] - 2022-10-25
+### Fixed
+- [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
+- [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
+## [1.2.0] - 2022-09-27
 ### Fixed

data/lib/omniauth/apple/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OmniAuth
   module Apple
-    VERSION = "1.2.0"
+    VERSION = "1.2.1"
   end
 end

data/lib/omniauth/strategies/apple.rb CHANGED Viewed

@@ -74,27 +74,38 @@ module OmniAuth
       def id_info
         @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
                        id_token = request.params['id_token'] || access_token.params['id_token']
-                       jwt_options = {
-                         verify_iss: true,
-                         iss: 'https://appleid.apple.com',
-                         verify_iat: true,
-                         verify_aud: true,
-                         aud: [options.client_id].concat(options.authorized_client_ids),
-                         algorithms: ['RS256'],
-                         jwks: fetch_jwks
-                       }
-                       payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
-                       verify_nonce!(payload)
-                       payload
+                       if (verification_key = fetch_jwks)
+                         jwt_options = {
+                           verify_iss: true,
+                           iss: 'https://appleid.apple.com',
+                           verify_iat: true,
+                           verify_aud: true,
+                           aud: [options.client_id].concat(options.authorized_client_ids),
+                           algorithms: ['RS256'],
+                           jwks: verification_key
+                         }
+                         payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
+                         verify_nonce!(payload)
+                         payload
+                       else
+                         {}
+                       end
                      end
       end
       def fetch_jwks
-        http = Net::HTTP.new('appleid.apple.com', 443)
-        http.use_ssl = true
-        request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
-        response = http.request(request)
-        JSON.parse(response.body, symbolize_names: true)
+        conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
+          c.response :json, parser_options: { symbolize_names: true }
+          c.adapter Faraday.default_adapter
+        end
+        res = conn.get 'https://appleid.apple.com/auth/keys'
+        if res.success?
+          res.body
+        else
+          fail!(:jwks_fetching_failed, CallbackError.new(:jwks_fetching_failed, 'HTTP Error when fetching JWKs'))
+        end
+      rescue Faraday::Error => e
+        fail!(:jwks_fetching_failed, e)
       end
       def verify_nonce!(payload)

data/omniauth-apple.gemspec CHANGED Viewed

@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'omniauth-oauth2'
   spec.add_dependency 'jwt'
-  spec.add_dependency 'rack-protection', '~> 2.0'
   spec.add_development_dependency "bundler", "~> 2.0"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.9"

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-apple
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.1
 platform: ruby
 authors:
 - nhosoya
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-09-27 00:00:00.000000000 Z
+date: 2022-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
@@ -39,20 +39,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: rack-protection
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement