omniauth-apple2 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2ad52fcdf800abdbd15cdcac8562772a46789e397a76676a024a6d4191d4663a
-  data.tar.gz: 06f8523bf5fe15369050d1d3a3945df365c49ea51def9e80922dfd7b3f1fefb6
+  metadata.gz: 43cb0d220327e9f7fb7dcfe341ec34c079dbb4b21c5578d415c6e224c2462d37
+  data.tar.gz: 31f0f2eb78846e54026b86fb8b26ad8f25729f6fd406b35087dfb3690a581339
 SHA512:
-  metadata.gz: c9c95ee2731850f2bc2361250dfdbe3c7205bd34381bd42c632e9f1fd63ce72ab3f6698a5c8cd5a2f13c90bebaabb481ad302b8d129e47a4b5a438fce226423f
-  data.tar.gz: f1077a68f8797ec68b77957878cdf4717243fe3eb63ba69a222313277759c404f6c38bfed5ebaa885ec8bfdc1d2db90c10e2f45b2574c97e07ceeffe93080b5c
+  metadata.gz: 1b8eb303c3f9ef98820f7b003ff6fd5d7e3468779f21a1839d6c9a57721ceadaf5063d96e77d65bfa35ea33444fa27108907be03d3eade5069a4da856ef933f3
+  data.tar.gz: 55b220301197a16fffdb1c42e5a7da48ba9617686993b908adcee3ed2be26f553b0e50975370e67cf6e06217bf45e1e9137368cd7b7ee7c737425b8c10fcf67d

data/README.md

@@ -1,4 +1,4 @@
-# OmniAuth Apple2 Strategy
+# OmniAuth Apple Strategy
 
 [![Test](https://github.com/icoretech/omniauth-apple2/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/icoretech/omniauth-apple2/actions/workflows/test.yml?query=branch%3Amain)
 [![Gem Version](https://badge.fury.io/rb/omniauth-apple2.svg)](https://badge.fury.io/rb/omniauth-apple2)
@@ -120,7 +120,8 @@ Example payload from `request.env['omniauth.auth']` (real flow shape, anonymized
 
 ```bash
 bundle install
-bundle exec rake lint test_unit
+bundle exec standardrb --fix
+bundle exec rake test_unit
 RAILS_VERSION='~> 8.1.0' bundle exec rake test_rails_integration
 ```
 

data/lib/omniauth/apple2/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module Apple2
-    VERSION = '1.0.0'
+    VERSION = "1.0.1"
   end
 end

data/lib/omniauth/apple2.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 
-require 'omniauth/apple2/version'
-require 'omniauth/strategies/apple2'
+require "omniauth/apple2/version"
+require "omniauth/strategies/apple2"

data/lib/omniauth/strategies/apple2.rb

@@ -1,68 +1,68 @@
 # frozen_string_literal: true
 
-require 'base64'
-require 'jwt'
-require 'net/http'
-require 'omniauth-oauth2'
-require 'openssl'
-require 'securerandom'
-require 'uri'
+require "base64"
+require "jwt"
+require "net/http"
+require "omniauth-oauth2"
+require "openssl"
+require "securerandom"
+require "uri"
 
 module OmniAuth
   module Strategies
     # OmniAuth strategy for Sign in with Apple.
     class Apple2 < OmniAuth::Strategies::OAuth2
-      ISSUER = 'https://appleid.apple.com'
-      JWKS_URL = 'https://appleid.apple.com/auth/keys'
+      ISSUER = "https://appleid.apple.com"
+      JWKS_URL = "https://appleid.apple.com/auth/keys"
 
-      option :name, 'apple2'
+      option :name, "apple2"
       option :authorize_options, %i[scope state response_mode response_type nonce]
-      option :scope, 'email name'
-      option :response_mode, 'form_post'
-      option :response_type, 'code'
+      option :scope, "email name"
+      option :response_mode, "form_post"
+      option :response_type, "code"
       option :authorized_client_ids, []
 
       option :client_options,
-             site: ISSUER,
-             authorize_url: '/auth/authorize',
-             token_url: '/auth/token',
-             auth_scheme: :request_body,
-             connection_opts: {
-               headers: {
-                 user_agent: 'icoretech-omniauth-apple2 gem',
-                 accept: 'application/json'
-               }
-             }
-
-      uid { id_info['sub'] }
+        site: ISSUER,
+        authorize_url: "/auth/authorize",
+        token_url: "/auth/token",
+        auth_scheme: :request_body,
+        connection_opts: {
+          headers: {
+            user_agent: "icoretech-omniauth-apple2 gem",
+            accept: "application/json"
+          }
+        }
+
+      uid { id_info["sub"] }
 
       info do
         {
           name: full_name,
-          email: id_info['email'],
-          first_name: user_info.dig('name', 'firstName'),
-          last_name: user_info.dig('name', 'lastName'),
-          email_verified: true_claim?(id_info['email_verified']),
-          is_private_email: true_claim?(id_info['is_private_email'])
+          email: id_info["email"],
+          first_name: user_info.dig("name", "firstName"),
+          last_name: user_info.dig("name", "lastName"),
+          email_verified: true_claim?(id_info["email_verified"]),
+          is_private_email: true_claim?(id_info["is_private_email"])
         }.compact
       end
 
       credentials do
         {
-          'token' => access_token.token,
-          'refresh_token' => access_token.refresh_token,
-          'expires_at' => access_token.expires_at,
-          'expires' => access_token.expires?,
-          'scope' => token_scope
+          "token" => access_token.token,
+          "refresh_token" => access_token.refresh_token,
+          "expires_at" => access_token.expires_at,
+          "expires" => access_token.expires?,
+          "scope" => token_scope
         }.compact
       end
 
       extra do
         {
-          'raw_info' => {
-            'id_info' => id_info,
-            'user_info' => user_info,
-            'id_token' => raw_id_token
+          "raw_info" => {
+            "id_info" => id_info,
+            "user_info" => user_info,
+            "id_token" => raw_id_token
           }.compact
         }
       end
@@ -81,7 +81,7 @@ module OmniAuth
       end
 
       def query_string
-        return '' if request.params['code']
+        return "" if request.params["code"]
 
         super
       end
@@ -95,14 +95,14 @@ module OmniAuth
       def id_info
         @id_info ||= begin
           token = raw_id_token
-          raise CallbackError.new(:id_token_missing, 'id_token is missing') if blank?(token)
+          raise CallbackError.new(:id_token_missing, "id_token is missing") if blank?(token)
 
           decode_and_verify_id_token(token)
         end
       end
 
       def user_info
-        raw_user = request.params['user']
+        raw_user = request.params["user"]
         return {} if blank?(raw_user)
 
         @user_info ||= JSON.parse(raw_user)
@@ -111,19 +111,19 @@ module OmniAuth
       end
 
       def raw_id_token
-        request.params['id_token'] || access_token&.params&.dig('id_token')
+        request.params["id_token"] || access_token&.params&.dig("id_token")
       end
 
       def full_name
-        parts = [user_info.dig('name', 'firstName'), user_info.dig('name', 'lastName')].compact
-        return parts.join(' ') unless parts.empty?
+        parts = [user_info.dig("name", "firstName"), user_info.dig("name", "lastName")].compact
+        return parts.join(" ") unless parts.empty?
 
-        id_info['email']
+        id_info["email"]
       end
 
       def token_scope
         token_params = access_token.respond_to?(:params) ? access_token.params : {}
-        token_params['scope'] || (access_token['scope'] if access_token.respond_to?(:[]))
+        token_params["scope"] || (access_token["scope"] if access_token.respond_to?(:[]))
       end
 
       def decode_and_verify_id_token(token)
@@ -138,17 +138,17 @@ module OmniAuth
       end
 
       def verify_nonce!(payload)
-        return unless payload.key?('nonce')
+        return unless payload.key?("nonce")
 
         expected_nonce = stored_nonce
-        return if payload['nonce'] == expected_nonce
+        return if payload["nonce"] == expected_nonce
 
-        raise CallbackError.new(:id_token_nonce_invalid, 'nonce does not match')
+        raise CallbackError.new(:id_token_nonce_invalid, "nonce does not match")
       end
 
       def fetch_jwk(expected_kid)
         jwks = fetch_jwks_keys
-        matching_key = jwks.find { |key| key['kid'] == expected_kid }
+        matching_key = jwks.find { |key| key["kid"] == expected_kid }
         raise CallbackError.new(:jwks_key_not_found, expected_kid) unless matching_key
 
         JWT::JWK.import(matching_key)
@@ -161,7 +161,7 @@ module OmniAuth
         response = Net::HTTP.get_response(uri)
         raise CallbackError.new(:jwks_fetch_failed, response.code) unless response.is_a?(Net::HTTPSuccess)
 
-        JSON.parse(response.body).fetch('keys', [])
+        JSON.parse(response.body).fetch("keys", [])
       end
 
       def valid_audiences
@@ -169,9 +169,9 @@ module OmniAuth
       end
 
       def extract_kid(token)
-        header_segment = token.split('.').first
+        header_segment = token.split(".").first
         decoded_header = Base64.urlsafe_decode64(pad_base64(header_segment))
-        JSON.parse(decoded_header)['kid']
+        JSON.parse(decoded_header)["kid"]
       end
 
       def decode_payload(token, jwk)
@@ -186,7 +186,7 @@ module OmniAuth
 
       def decode_options
         {
-          algorithms: ['RS256'],
+          algorithms: ["RS256"],
           iss: ISSUER,
           verify_iss: true,
           aud: valid_audiences,
@@ -201,7 +201,7 @@ module OmniAuth
       end
 
       def client_secret
-        JWT.encode(client_secret_claims, private_key, 'ES256', client_secret_headers)
+        JWT.encode(client_secret_claims, private_key, "ES256", client_secret_headers)
       end
 
       def private_key
@@ -226,15 +226,15 @@ module OmniAuth
       end
 
       def new_nonce
-        session['omniauth.nonce'] = SecureRandom.urlsafe_base64(16)
+        session["omniauth.nonce"] = SecureRandom.urlsafe_base64(16)
       end
 
       def stored_nonce
-        session.delete('omniauth.nonce')
+        session.delete("omniauth.nonce")
       end
 
       def true_claim?(value)
-        [true, 'true'].include?(value)
+        [true, "true"].include?(value)
       end
 
       def blank?(value)
@@ -242,16 +242,16 @@ module OmniAuth
       end
 
       def pad_base64(value)
-        value + ('=' * ((4 - (value.length % 4)) % 4))
+        value + ("=" * ((4 - (value.length % 4)) % 4))
       end
     end
 
     # Backward-compatible strategy name for existing callback paths.
     class Apple < Apple2
-      option :name, 'apple'
+      option :name, "apple"
     end
   end
 end
 
-OmniAuth.config.add_camelization 'apple2', 'Apple2'
-OmniAuth.config.add_camelization 'apple', 'Apple'
+OmniAuth.config.add_camelization "apple2", "Apple2"
+OmniAuth.config.add_camelization "apple", "Apple"

data/lib/omniauth-apple2.rb

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'omniauth/apple2'
+require "omniauth/apple2"

data/omniauth-apple2.gemspec

@@ -1,35 +1,35 @@
 # frozen_string_literal: true
 
-lib = File.expand_path('lib', __dir__)
+lib = File.expand_path("lib", __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'omniauth/apple2/version'
+require "omniauth/apple2/version"
 
 Gem::Specification.new do |spec|
-  spec.name = 'omniauth-apple2'
+  spec.name = "omniauth-apple2"
   spec.version = OmniAuth::Apple2::VERSION
-  spec.authors = ['Claudio Poli']
-  spec.email = ['masterkain@gmail.com']
+  spec.authors = ["Claudio Poli"]
+  spec.email = ["masterkain@gmail.com"]
 
-  spec.summary = 'OmniAuth strategy for Sign in with Apple authentication.'
-  spec.description = 'OAuth2 strategy for OmniAuth that authenticates users with Sign in with Apple.'
-  spec.homepage = 'https://github.com/icoretech/omniauth-apple2'
-  spec.license = 'MIT'
-  spec.required_ruby_version = '>= 3.2'
+  spec.summary = "OmniAuth strategy for Sign in with Apple authentication."
+  spec.description = "OAuth2 strategy for OmniAuth that authenticates users with Sign in with Apple."
+  spec.homepage = "https://github.com/icoretech/omniauth-apple2"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.2"
 
-  spec.metadata['source_code_uri'] = 'https://github.com/icoretech/omniauth-apple2'
-  spec.metadata['bug_tracker_uri'] = 'https://github.com/icoretech/omniauth-apple2/issues'
-  spec.metadata['changelog_uri'] = 'https://github.com/icoretech/omniauth-apple2/releases'
-  spec.metadata['rubygems_mfa_required'] = 'true'
+  spec.metadata["source_code_uri"] = "https://github.com/icoretech/omniauth-apple2"
+  spec.metadata["bug_tracker_uri"] = "https://github.com/icoretech/omniauth-apple2/issues"
+  spec.metadata["changelog_uri"] = "https://github.com/icoretech/omniauth-apple2/releases"
+  spec.metadata["rubygems_mfa_required"] = "true"
 
   spec.files = Dir[
-    'lib/**/*.rb',
-    'README*',
-    'LICENSE*',
-    '*.gemspec'
+    "lib/**/*.rb",
+    "README*",
+    "LICENSE*",
+    "*.gemspec"
   ]
-  spec.require_paths = ['lib']
+  spec.require_paths = ["lib"]
 
-  spec.add_dependency 'cgi', '>= 0.3.6'
-  spec.add_dependency 'jwt', '>= 2.8'
-  spec.add_dependency 'omniauth-oauth2', '>= 1.8', '< 2.0'
+  spec.add_dependency "cgi", ">= 0.3.6"
+  spec.add_dependency "jwt", ">= 2.8"
+  spec.add_dependency "omniauth-oauth2", ">= 1.8", "< 2.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-apple2
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Claudio Poli