omniauth-apple 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 221e35d0cf4add7e7015c2571ab6c36cd43119aa8ac1ebf6ad749e6d075ff342
4
- data.tar.gz: ab591ea9afc76e0365a88d7838de284fd4eef30d9891f2cba73df4d718250738
3
+ metadata.gz: 81a5350ae8be48914ee324f8586b5d58f83927467bc87106cab846e028e38beb
4
+ data.tar.gz: 42db86865c9120c95e7326359e3ac02dd58dbd28bfe84c7fc0bbb002488b0a1b
5
5
  SHA512:
6
- metadata.gz: 52c7db989eae8f46ab8f76458d8b02b3df22de0f35116166d39ce970118a37901db7213f5d121f913f20b785c3c3b3c985b64cfacdd5cb5ced646ade4ad9182b
7
- data.tar.gz: 96ca930d07a243a3ba6580702ddcace78d48d6b446ed1115c721535665c5607745c3dad76f9bed3cffb8cc897af0479485858fa4b48c7817e6e738c68762fe5c
6
+ metadata.gz: 18a1bf098d7687ed17df039b9b2f4b0a388f0d6858a4a54aa8c94a7233622f7cb1d4485a38d870ae430f873aadaaee8d9d1b42c9f8a91545c0bdb10c4cffbe11
7
+ data.tar.gz: f53179d2a247e0fd2559614fece6b3b734579d756be44c1b4c40ab9c6911479e38dc7f74800dcc59b36b09749656bb93aff6c8eeccc422238e95667049064b63
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  ## [Unreleased]
2
2
 
3
- ## [1.1.0] - 2022-09-27
3
+ ## [1.2.1] - 2022-10-25
4
+
5
+ ### Fixed
6
+
7
+ - [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
8
+ - [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
9
+
10
+ ## [1.2.0] - 2022-09-27
4
11
 
5
12
  ### Fixed
6
13
 
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Apple
3
- VERSION = "1.2.0"
3
+ VERSION = "1.2.2"
4
4
  end
5
5
  end
@@ -6,6 +6,12 @@ require 'net/https'
6
6
  module OmniAuth
7
7
  module Strategies
8
8
  class Apple < OmniAuth::Strategies::OAuth2
9
+ class JWTFetchingFailed < CallbackError
10
+ def initialize(error_reason = nil, error_uri = nil)
11
+ super :jwks_fetching_failed, error_reason, error_uri
12
+ end
13
+ end
14
+
9
15
  option :name, 'apple'
10
16
 
11
17
  option :client_options,
@@ -74,27 +80,38 @@ module OmniAuth
74
80
  def id_info
75
81
  @id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
76
82
  id_token = request.params['id_token'] || access_token.params['id_token']
77
- jwt_options = {
78
- verify_iss: true,
79
- iss: 'https://appleid.apple.com',
80
- verify_iat: true,
81
- verify_aud: true,
82
- aud: [options.client_id].concat(options.authorized_client_ids),
83
- algorithms: ['RS256'],
84
- jwks: fetch_jwks
85
- }
86
- payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
87
- verify_nonce!(payload)
88
- payload
83
+ if (verification_key = fetch_jwks)
84
+ jwt_options = {
85
+ verify_iss: true,
86
+ iss: 'https://appleid.apple.com',
87
+ verify_iat: true,
88
+ verify_aud: true,
89
+ aud: [options.client_id].concat(options.authorized_client_ids),
90
+ algorithms: ['RS256'],
91
+ jwks: verification_key
92
+ }
93
+ payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
94
+ verify_nonce!(payload)
95
+ payload
96
+ else
97
+ {}
98
+ end
89
99
  end
90
100
  end
91
101
 
92
102
  def fetch_jwks
93
- http = Net::HTTP.new('appleid.apple.com', 443)
94
- http.use_ssl = true
95
- request = Net::HTTP::Get.new('/auth/keys', 'User-Agent' => 'ruby/omniauth-apple')
96
- response = http.request(request)
97
- JSON.parse(response.body, symbolize_names: true)
103
+ conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
104
+ c.response :json, parser_options: { symbolize_names: true }
105
+ c.adapter Faraday.default_adapter
106
+ end
107
+ res = conn.get 'https://appleid.apple.com/auth/keys'
108
+ if res.success?
109
+ res.body
110
+ else
111
+ raise JWTFetchingFailed.new('HTTP Error when fetching JWKs')
112
+ end
113
+ rescue JWTFetchingFailed, Faraday::Error => e
114
+ fail!(:jwks_fetching_failed, e) and nil
98
115
  end
99
116
 
100
117
  def verify_nonce!(payload)
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
38
38
 
39
39
  spec.add_dependency 'omniauth-oauth2'
40
40
  spec.add_dependency 'jwt'
41
- spec.add_dependency 'rack-protection', '~> 2.0'
42
41
  spec.add_development_dependency "bundler", "~> 2.0"
43
42
  spec.add_development_dependency "rake", "~> 13.0"
44
43
  spec.add_development_dependency "rspec", "~> 3.9"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-apple
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - nhosoya
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2022-09-27 00:00:00.000000000 Z
12
+ date: 2022-10-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth-oauth2
@@ -39,20 +39,6 @@ dependencies:
39
39
  - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
- - !ruby/object:Gem::Dependency
43
- name: rack-protection
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - "~>"
47
- - !ruby/object:Gem::Version
48
- version: '2.0'
49
- type: :runtime
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - "~>"
54
- - !ruby/object:Gem::Version
55
- version: '2.0'
56
42
  - !ruby/object:Gem::Dependency
57
43
  name: bundler
58
44
  requirement: !ruby/object:Gem::Requirement