omniauth-apple 1.3.0.alpha → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/omniauth/apple/version.rb +1 -1
- data/lib/omniauth/strategies/apple.rb +18 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0a0049edf786737a4acc4af68aeff8b8323a020822dfd530a01c0f8925cc1f1
|
|
4
|
+
data.tar.gz: 44d8cf583c85cb198f6dd5a9f7e593d5109335a78cc01ec7b32feaa69b449df0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecc115718bb19ab99e6b15c05432b19ae73499a8b76f98e05e5cb0b45d61b61549a283709180d0df60b188e3c5db789a5d4c0cfe79d147014ca798df5ecc511a
|
|
7
|
+
data.tar.gz: eaa439dee2483186d09f0aa24e6e653118ca37545f01d074c098366c24daa8b355c8e24df1e0138e0fcd93efa0946a7ae9141c21e6cee7c3629941dbe59b2a65
|
|
@@ -77,20 +77,27 @@ module OmniAuth
|
|
|
77
77
|
@id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
|
|
78
78
|
id_token_str = request.params['id_token'] || access_token.params['id_token']
|
|
79
79
|
id_token = JSON::JWT.decode(id_token_str, :skip_verification)
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
verify_claims!(id_token)
|
|
83
|
-
id_token
|
|
84
|
-
else
|
|
85
|
-
{}
|
|
86
|
-
end
|
|
80
|
+
verify_id_token! id_token
|
|
81
|
+
id_token
|
|
87
82
|
end
|
|
88
83
|
end
|
|
89
84
|
|
|
90
|
-
def
|
|
85
|
+
def verify_id_token!(id_token)
|
|
86
|
+
jwk = fetch_jwk! id_token.kid
|
|
87
|
+
verify_signature! id_token, jwk
|
|
88
|
+
verify_claims! id_token
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def fetch_jwk!(kid)
|
|
91
92
|
JSON::JWK::Set::Fetcher.fetch File.join(ISSUER, 'auth/keys'), kid: kid
|
|
92
|
-
rescue
|
|
93
|
-
|
|
93
|
+
rescue => e
|
|
94
|
+
raise CallbackError.new(:jwks_fetching_failed, e)
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
def verify_signature!(id_token, jwk)
|
|
98
|
+
id_token.verify! jwk
|
|
99
|
+
rescue => e
|
|
100
|
+
raise CallbackError.new(:id_token_signature_invalid, e)
|
|
94
101
|
end
|
|
95
102
|
|
|
96
103
|
def verify_claims!(id_token)
|
|
@@ -122,9 +129,7 @@ module OmniAuth
|
|
|
122
129
|
end
|
|
123
130
|
|
|
124
131
|
def invalid_claim!(claim)
|
|
125
|
-
|
|
126
|
-
message = "#{claim} invalid"
|
|
127
|
-
fail! key, CallbackError.new(key, message)
|
|
132
|
+
raise CallbackError.new(:id_token_claims_invalid, "#{claim} invalid")
|
|
128
133
|
end
|
|
129
134
|
|
|
130
135
|
def client_id
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-apple
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.0
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nhosoya
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-oauth2
|
|
@@ -146,9 +146,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
146
146
|
version: '0'
|
|
147
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
148
|
requirements:
|
|
149
|
-
- - "
|
|
149
|
+
- - ">="
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version:
|
|
151
|
+
version: '0'
|
|
152
152
|
requirements: []
|
|
153
153
|
rubygems_version: 3.3.26
|
|
154
154
|
signing_key:
|