omniauth-apple 1.2.0 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/omniauth/apple/version.rb +1 -1
- data/lib/omniauth/strategies/apple.rb +34 -17
- data/omniauth-apple.gemspec +0 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81a5350ae8be48914ee324f8586b5d58f83927467bc87106cab846e028e38beb
|
|
4
|
+
data.tar.gz: 42db86865c9120c95e7326359e3ac02dd58dbd28bfe84c7fc0bbb002488b0a1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 18a1bf098d7687ed17df039b9b2f4b0a388f0d6858a4a54aa8c94a7233622f7cb1d4485a38d870ae430f873aadaaee8d9d1b42c9f8a91545c0bdb10c4cffbe11
|
|
7
|
+
data.tar.gz: f53179d2a247e0fd2559614fece6b3b734579d756be44c1b4c40ab9c6911479e38dc7f74800dcc59b36b09749656bb93aff6c8eeccc422238e95667049064b63
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
-
## [1.1
|
|
3
|
+
## [1.2.1] - 2022-10-25
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
|
|
7
|
+
- [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
|
|
8
|
+
- [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
|
|
9
|
+
|
|
10
|
+
## [1.2.0] - 2022-09-27
|
|
4
11
|
|
|
5
12
|
### Fixed
|
|
6
13
|
|
|
@@ -6,6 +6,12 @@ require 'net/https'
|
|
|
6
6
|
module OmniAuth
|
|
7
7
|
module Strategies
|
|
8
8
|
class Apple < OmniAuth::Strategies::OAuth2
|
|
9
|
+
class JWTFetchingFailed < CallbackError
|
|
10
|
+
def initialize(error_reason = nil, error_uri = nil)
|
|
11
|
+
super :jwks_fetching_failed, error_reason, error_uri
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
9
15
|
option :name, 'apple'
|
|
10
16
|
|
|
11
17
|
option :client_options,
|
|
@@ -74,27 +80,38 @@ module OmniAuth
|
|
|
74
80
|
def id_info
|
|
75
81
|
@id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
|
|
76
82
|
id_token = request.params['id_token'] || access_token.params['id_token']
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
83
|
+
if (verification_key = fetch_jwks)
|
|
84
|
+
jwt_options = {
|
|
85
|
+
verify_iss: true,
|
|
86
|
+
iss: 'https://appleid.apple.com',
|
|
87
|
+
verify_iat: true,
|
|
88
|
+
verify_aud: true,
|
|
89
|
+
aud: [options.client_id].concat(options.authorized_client_ids),
|
|
90
|
+
algorithms: ['RS256'],
|
|
91
|
+
jwks: verification_key
|
|
92
|
+
}
|
|
93
|
+
payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
|
|
94
|
+
verify_nonce!(payload)
|
|
95
|
+
payload
|
|
96
|
+
else
|
|
97
|
+
{}
|
|
98
|
+
end
|
|
89
99
|
end
|
|
90
100
|
end
|
|
91
101
|
|
|
92
102
|
def fetch_jwks
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
103
|
+
conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
|
|
104
|
+
c.response :json, parser_options: { symbolize_names: true }
|
|
105
|
+
c.adapter Faraday.default_adapter
|
|
106
|
+
end
|
|
107
|
+
res = conn.get 'https://appleid.apple.com/auth/keys'
|
|
108
|
+
if res.success?
|
|
109
|
+
res.body
|
|
110
|
+
else
|
|
111
|
+
raise JWTFetchingFailed.new('HTTP Error when fetching JWKs')
|
|
112
|
+
end
|
|
113
|
+
rescue JWTFetchingFailed, Faraday::Error => e
|
|
114
|
+
fail!(:jwks_fetching_failed, e) and nil
|
|
98
115
|
end
|
|
99
116
|
|
|
100
117
|
def verify_nonce!(payload)
|
data/omniauth-apple.gemspec
CHANGED
|
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
|
|
|
38
38
|
|
|
39
39
|
spec.add_dependency 'omniauth-oauth2'
|
|
40
40
|
spec.add_dependency 'jwt'
|
|
41
|
-
spec.add_dependency 'rack-protection', '~> 2.0'
|
|
42
41
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
43
42
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
44
43
|
spec.add_development_dependency "rspec", "~> 3.9"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-apple
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nhosoya
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-
|
|
12
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-oauth2
|
|
@@ -39,20 +39,6 @@ dependencies:
|
|
|
39
39
|
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
|
-
- !ruby/object:Gem::Dependency
|
|
43
|
-
name: rack-protection
|
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
|
45
|
-
requirements:
|
|
46
|
-
- - "~>"
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: '2.0'
|
|
49
|
-
type: :runtime
|
|
50
|
-
prerelease: false
|
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
52
|
-
requirements:
|
|
53
|
-
- - "~>"
|
|
54
|
-
- !ruby/object:Gem::Version
|
|
55
|
-
version: '2.0'
|
|
56
42
|
- !ruby/object:Gem::Dependency
|
|
57
43
|
name: bundler
|
|
58
44
|
requirement: !ruby/object:Gem::Requirement
|