omniauth-apple 1.2.0 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
4
- data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
3
+ metadata.gz: 81a5350ae8be48914ee324f8586b5d58f83927467bc87106cab846e028e38beb
4
+ data.tar.gz: 42db86865c9120c95e7326359e3ac02dd58dbd28bfe84c7fc0bbb002488b0a1b
5
5
  SHA512:
6
- metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
7
- data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c
6
+ metadata.gz: 18a1bf098d7687ed17df039b9b2f4b0a388f0d6858a4a54aa8c94a7233622f7cb1d4485a38d870ae430f873aadaaee8d9d1b42c9f8a91545c0bdb10c4cffbe11
7
+ data.tar.gz: f53179d2a247e0fd2559614fece6b3b734579d756be44c1b4c40ab9c6911479e38dc7f74800dcc59b36b09749656bb93aff6c8eeccc422238e95667049064b63
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  ## [Unreleased]
2
2
 
3
- ## [1.1.0] - 2022-09-27
3
+ ## [1.2.1] - 2022-10-25
4
+
5
+ ### Fixed
6
+
7
+ - [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
8
+ - [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
9
+
10
+ ## [1.2.0] - 2022-09-27
4
11
 
5
12
  ### Fixed
6
13
 
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Apple
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.2"
4
4
  end
5
5
  end
@@ -6,6 +6,12 @@ require 'net/https'
6
6
  module OmniAuth
7
7
  module Strategies
8
8
  class Apple < OmniAuth::Strategies::OAuth2
9
+ class JWTFetchingFailed < CallbackError
10
+ def initialize(error_reason = nil, error_uri = nil)
11
+ super :jwks_fetching_failed, error_reason, error_uri
12
+ end
13
+ end
14
+
9
15
  option :name, 'apple'
10
16
 
11
17
  option :client_options,
@@ -74,27 +80,38 @@ module OmniAuth
74
80
  def id_info
75
81
  @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
76
82
  id_token = request.params['id_token'] || access_token.params['id_token']
77
- jwt_options = {
78
- verify_iss: true,
79
- iss: 'https://appleid.apple.com',
80
- verify_iat: true,
81
- verify_aud: true,
82
- aud: [options.client_id].concat(options.authorized_client_ids),
83
- algorithms: ['RS256'],
84
- jwks: fetch_jwks
85
- }
86
- payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
87
- verify_nonce!(payload)
88
- payload
83
+ if (verification_key = fetch_jwks)
84
+ jwt_options = {
85
+ verify_iss: true,
86
+ iss: 'https://appleid.apple.com',
87
+ verify_iat: true,
88
+ verify_aud: true,
89
+ aud: [options.client_id].concat(options.authorized_client_ids),
90
+ algorithms: ['RS256'],
91
+ jwks: verification_key
92
+ }
93
+ payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
94
+ verify_nonce!(payload)
95
+ payload
96
+ else
97
+ {}
98
+ end
89
99
  end
90
100
  end
91
101
 
92
102
  def fetch_jwks
93
- http = Net::HTTP.new('appleid.apple.com', 443)
94
- http.use_ssl = true
95
- request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
96
- response = http.request(request)
97
- JSON.parse(response.body, symbolize_names: true)
103
+ conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
104
+ c.response :json, parser_options: { symbolize_names: true }
105
+ c.adapter Faraday.default_adapter
106
+ end
107
+ res = conn.get 'https://appleid.apple.com/auth/keys'
108
+ if res.success?
109
+ res.body
110
+ else
111
+ raise JWTFetchingFailed.new('HTTP Error when fetching JWKs')
112
+ end
113
+ rescue JWTFetchingFailed, Faraday::Error => e
114
+ fail!(:jwks_fetching_failed, e) and nil
98
115
  end
99
116
 
100
117
  def verify_nonce!(payload)
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
38
38
 
39
39
  spec.add_dependency 'omniauth-oauth2'
40
40
  spec.add_dependency 'jwt'
41
- spec.add_dependency 'rack-protection', '~> 2.0'
42
41
  spec.add_development_dependency "bundler", "~> 2.0"
43
42
  spec.add_development_dependency "rake", "~> 13.0"
44
43
  spec.add_development_dependency "rspec", "~> 3.9"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-apple
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nhosoya
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2022-09-27 00:00:00.000000000 Z
12
+ date: 2022-10-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth-oauth2
@@ -39,20 +39,6 @@ dependencies:
39
39
  - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
- - !ruby/object:Gem::Dependency
43
- name: rack-protection
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - "~>"
47
- - !ruby/object:Gem::Version
48
- version: '2.0'
49
- type: :runtime
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - "~>"
54
- - !ruby/object:Gem::Version
55
- version: '2.0'
56
42
  - !ruby/object:Gem::Dependency
57
43
  name: bundler
58
44
  requirement: !ruby/object:Gem::Requirement