omniauth-apple 1.3.0.alpha → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/omniauth/apple/version.rb +1 -1
- data/lib/omniauth/strategies/apple.rb +18 -13
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0a0049edf786737a4acc4af68aeff8b8323a020822dfd530a01c0f8925cc1f1
|
|
4
|
+
data.tar.gz: 44d8cf583c85cb198f6dd5a9f7e593d5109335a78cc01ec7b32feaa69b449df0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ecc115718bb19ab99e6b15c05432b19ae73499a8b76f98e05e5cb0b45d61b61549a283709180d0df60b188e3c5db789a5d4c0cfe79d147014ca798df5ecc511a
|
|
7
|
+
data.tar.gz: eaa439dee2483186d09f0aa24e6e653118ca37545f01d074c098366c24daa8b355c8e24df1e0138e0fcd93efa0946a7ae9141c21e6cee7c3629941dbe59b2a65
|
|
@@ -77,20 +77,27 @@ module OmniAuth
|
|
|
77
77
|
@id_info ||= if request.params&.key?('id_token') || access_token&.params&.key?('id_token')
|
|
78
78
|
id_token_str = request.params['id_token'] || access_token.params['id_token']
|
|
79
79
|
id_token = JSON::JWT.decode(id_token_str, :skip_verification)
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
verify_claims!(id_token)
|
|
83
|
-
id_token
|
|
84
|
-
else
|
|
85
|
-
{}
|
|
86
|
-
end
|
|
80
|
+
verify_id_token! id_token
|
|
81
|
+
id_token
|
|
87
82
|
end
|
|
88
83
|
end
|
|
89
84
|
|
|
90
|
-
def
|
|
85
|
+
def verify_id_token!(id_token)
|
|
86
|
+
jwk = fetch_jwk! id_token.kid
|
|
87
|
+
verify_signature! id_token, jwk
|
|
88
|
+
verify_claims! id_token
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
def fetch_jwk!(kid)
|
|
91
92
|
JSON::JWK::Set::Fetcher.fetch File.join(ISSUER, 'auth/keys'), kid: kid
|
|
92
|
-
rescue
|
|
93
|
-
|
|
93
|
+
rescue => e
|
|
94
|
+
raise CallbackError.new(:jwks_fetching_failed, e)
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
def verify_signature!(id_token, jwk)
|
|
98
|
+
id_token.verify! jwk
|
|
99
|
+
rescue => e
|
|
100
|
+
raise CallbackError.new(:id_token_signature_invalid, e)
|
|
94
101
|
end
|
|
95
102
|
|
|
96
103
|
def verify_claims!(id_token)
|
|
@@ -122,9 +129,7 @@ module OmniAuth
|
|
|
122
129
|
end
|
|
123
130
|
|
|
124
131
|
def invalid_claim!(claim)
|
|
125
|
-
|
|
126
|
-
message = "#{claim} invalid"
|
|
127
|
-
fail! key, CallbackError.new(key, message)
|
|
132
|
+
raise CallbackError.new(:id_token_claims_invalid, "#{claim} invalid")
|
|
128
133
|
end
|
|
129
134
|
|
|
130
135
|
def client_id
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-apple
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.0
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- nhosoya
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: omniauth-oauth2
|
|
@@ -146,9 +146,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
146
146
|
version: '0'
|
|
147
147
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
148
|
requirements:
|
|
149
|
-
- - "
|
|
149
|
+
- - ">="
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version:
|
|
151
|
+
version: '0'
|
|
152
152
|
requirements: []
|
|
153
153
|
rubygems_version: 3.3.26
|
|
154
154
|
signing_key:
|