omniauth-apple 1.2.0 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/omniauth/apple/version.rb +1 -1
- data/lib/omniauth/strategies/apple.rb +34 -17
- data/omniauth-apple.gemspec +0 -1
- metadata +2 -16
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81a5350ae8be48914ee324f8586b5d58f83927467bc87106cab846e028e38beb
|
|
4
|
+
data.tar.gz: 42db86865c9120c95e7326359e3ac02dd58dbd28bfe84c7fc0bbb002488b0a1b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 18a1bf098d7687ed17df039b9b2f4b0a388f0d6858a4a54aa8c94a7233622f7cb1d4485a38d870ae430f873aadaaee8d9d1b42c9f8a91545c0bdb10c4cffbe11
|
|
7
|
+
data.tar.gz: f53179d2a247e0fd2559614fece6b3b734579d756be44c1b4c40ab9c6911479e38dc7f74800dcc59b36b09749656bb93aff6c8eeccc422238e95667049064b63
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
|
|
3
|
-
## [1.1
|
|
3
|
+
## [1.2.1] - 2022-10-25
|
|
4
|
+
|
|
5
|
+
### Fixed
|
|
6
|
+
|
|
7
|
+
- [#94](https://github.com/nhosoya/omniauth-apple/pull/94) rack-protection.rb is back in rack-protection v3.0.1
|
|
8
|
+
- [#96](https://github.com/nhosoya/omniauth-apple/pull/96) handle JWKS fetch failures
|
|
9
|
+
|
|
10
|
+
## [1.2.0] - 2022-09-27
|
|
4
11
|
|
|
5
12
|
### Fixed
|
|
6
13
|
|
|
@@ -6,6 +6,12 @@ require 'net/https'
|
|
|
6
6
|
module OmniAuth
|
|
7
7
|
module Strategies
|
|
8
8
|
class Apple < OmniAuth::Strategies::OAuth2
|
|
9
|
+
class JWTFetchingFailed < CallbackError
|
|
10
|
+
def initialize(error_reason = nil, error_uri = nil)
|
|
11
|
+
super :jwks_fetching_failed, error_reason, error_uri
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
9
15
|
option :name, 'apple'
|
|
10
16
|
|
|
11
17
|
option :client_options,
|
|
@@ -74,27 +80,38 @@ module OmniAuth
|
|
|
74
80
|
def id_info
|
|
75
81
|
@id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
|
|
76
82
|
id_token = request.params['id_token'] || access_token.params['id_token']
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
83
|
+
if (verification_key = fetch_jwks)
|
|
84
|
+
jwt_options = {
|
|
85
|
+
verify_iss: true,
|
|
86
|
+
iss: 'https://appleid.apple.com',
|
|
87
|
+
verify_iat: true,
|
|
88
|
+
verify_aud: true,
|
|
89
|
+
aud: [options.client_id].concat(options.authorized_client_ids),
|
|
90
|
+
algorithms: ['RS256'],
|
|
91
|
+
jwks: verification_key
|
|
92
|
+
}
|
|
93
|
+
payload, _header = ::JWT.decode(id_token, nil, true, jwt_options)
|
|
94
|
+
verify_nonce!(payload)
|
|
95
|
+
payload
|
|
96
|
+
else
|
|
97
|
+
{}
|
|
98
|
+
end
|
|
89
99
|
end
|
|
90
100
|
end
|
|
91
101
|
|
|
92
102
|
def fetch_jwks
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
103
|
+
conn = Faraday.new(headers: {user_agent: 'ruby/omniauth-apple'}) do |c|
|
|
104
|
+
c.response :json, parser_options: { symbolize_names: true }
|
|
105
|
+
c.adapter Faraday.default_adapter
|
|
106
|
+
end
|
|
107
|
+
res = conn.get 'https://appleid.apple.com/auth/keys'
|
|
108
|
+
if res.success?
|
|
109
|
+
res.body
|
|
110
|
+
else
|
|
111
|
+
raise JWTFetchingFailed.new('HTTP Error when fetching JWKs')
|
|
112
|
+
end
|
|
113
|
+
rescue JWTFetchingFailed, Faraday::Error => e
|
|
114
|
+
fail!(:jwks_fetching_failed, e) and nil
|
|
98
115
|
end
|
|
99
116
|
|
|
100
117
|
def verify_nonce!(payload)
|
data/omniauth-apple.gemspec
CHANGED
|
@@ -38,7 +38,6 @@ Gem::Specification.new do |spec|
|
|
|
38
38
|
|
|
39
39
|
spec.add_dependency 'omniauth-oauth2'
|
|
40
40
|
spec.add_dependency 'jwt'
|
|
41
|
-
spec.add_dependency 'rack-protection', '~> 2.0'
|
|
42
41
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
43
42
|
spec.add_development_dependency "rake", "~> 13.0"
|
|
44
43
|
spec.add_development_dependency "rspec", "~> 3.9"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-apple
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nhosoya
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2022-
|
|
12
|
+
date: 2022-10-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-oauth2
|
|
@@ -39,20 +39,6 @@ dependencies:
|
|
|
39
39
|
- - ">="
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
41
|
version: '0'
|
|
42
|
-
- !ruby/object:Gem::Dependency
|
|
43
|
-
name: rack-protection
|
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
|
45
|
-
requirements:
|
|
46
|
-
- - "~>"
|
|
47
|
-
- !ruby/object:Gem::Version
|
|
48
|
-
version: '2.0'
|
|
49
|
-
type: :runtime
|
|
50
|
-
prerelease: false
|
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
52
|
-
requirements:
|
|
53
|
-
- - "~>"
|
|
54
|
-
- !ruby/object:Gem::Version
|
|
55
|
-
version: '2.0'
|
|
56
42
|
- !ruby/object:Gem::Dependency
|
|
57
43
|
name: bundler
|
|
58
44
|
requirement: !ruby/object:Gem::Requirement
|