omniauth-atproto 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +21 -0
- data/lib/omniauth/strategies/atproto.rb +21 -62
- data/lib/omniauth-atproto/version.rb +1 -1
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bc86c1376053df62fcdc24db7d18eb370727215726af22bb2780a6c36f4f85f3
|
|
4
|
+
data.tar.gz: 28c3f9a7e1240b04121e859e913f9feb21fe69394d3e745d6fe4960e71d3ed88
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4941f9b4bf7355f2881a779210d65070311d920fa708e9afbb1201510c114d13c2c4d41fa9e55f6631795090d73062d446db42be816c6b4d33316057e73ce164
|
|
7
|
+
data.tar.gz: 60e567ef2f1fba250cf59211f2e9b1f174741103527f74c989dd2807236871ea513633c8d60bb36a793cf9d0e84bc9b4436d8c18ef25797a4eb5b3dd12fbd7f0
|
data/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2024 François Brault
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -21,28 +21,29 @@ module OmniAuth
|
|
|
21
21
|
|
|
22
22
|
def self.setup
|
|
23
23
|
lambda do |env|
|
|
24
|
-
session = env[
|
|
24
|
+
session = env['rack.session']
|
|
25
25
|
|
|
26
|
-
if env[
|
|
26
|
+
if env['rack.request.form_hash'] && handle = env['rack.request.form_hash']['handle']
|
|
27
27
|
resolver = DIDKit::Resolver.new
|
|
28
28
|
did = resolver.resolve_handle(handle)
|
|
29
29
|
|
|
30
30
|
unless did
|
|
31
31
|
env['omniauth.strategy'].fail!(:unknown_handle,
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
32
|
+
OmniAuth::Error.new(
|
|
33
|
+
'Handle parameter did not resolve to a did'
|
|
34
|
+
))
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
endpoint = resolver.resolve_did(did).pds_endpoint
|
|
38
38
|
auth_server = get_authorization_server(endpoint)
|
|
39
|
-
session[
|
|
39
|
+
session['authorization_info'] = authorization_info = get_authorization_data(auth_server)
|
|
40
40
|
end
|
|
41
|
-
|
|
42
|
-
if authorization_info ||= session.delete(
|
|
43
|
-
env['omniauth.strategy'].options[
|
|
44
|
-
env['omniauth.strategy'].options[
|
|
45
|
-
|
|
41
|
+
|
|
42
|
+
if authorization_info ||= session.delete('authorization_info')
|
|
43
|
+
env['omniauth.strategy'].options['client_options']['site'] = authorization_info['issuer']
|
|
44
|
+
env['omniauth.strategy'].options['client_options']['authorize_url'] =
|
|
45
|
+
authorization_info['authorization_endpoint']
|
|
46
|
+
env['omniauth.strategy'].options['client_options']['token_url'] = authorization_info['token_endpoint']
|
|
46
47
|
end
|
|
47
48
|
end
|
|
48
49
|
end
|
|
@@ -52,61 +53,19 @@ module OmniAuth
|
|
|
52
53
|
private
|
|
53
54
|
|
|
54
55
|
def build_access_token
|
|
55
|
-
|
|
56
|
-
{
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
56
|
+
response = AtProto::Client.new(private_key: options.private_key).get_token!(
|
|
57
|
+
**token_params.merge({
|
|
58
|
+
code: request.params['code'],
|
|
59
|
+
jwk: options.client_jwk,
|
|
60
|
+
client_id: options.client_id,
|
|
61
|
+
redirect_uri: full_host + callback_path,
|
|
62
|
+
site: options.client_options.site,
|
|
63
|
+
endpoint: options.client_options.token_url
|
|
64
|
+
}).to_h.symbolize_keys
|
|
64
65
|
)
|
|
65
|
-
dpop_handler = AtProto::DpopHandler.new(options.private_key)
|
|
66
|
-
response = dpop_handler.make_request(
|
|
67
|
-
client.token_url,
|
|
68
|
-
:post,
|
|
69
|
-
headers: { 'Content-Type' => 'application/json', 'Accept' => 'application/json' },
|
|
70
|
-
body: new_token_params
|
|
71
|
-
)
|
|
72
|
-
|
|
73
66
|
::OAuth2::AccessToken.from_hash(client, response)
|
|
74
67
|
end
|
|
75
68
|
|
|
76
|
-
def generate_client_assertion
|
|
77
|
-
# Should return a JWT signed with the private key corresponding to the one in client-metadata.json
|
|
78
|
-
|
|
79
|
-
raise 'Client ID is required' unless options.client_id
|
|
80
|
-
raise 'Client JWK is required' unless options.client_jwk
|
|
81
|
-
|
|
82
|
-
private_key = if options.private_key.is_a?(String)
|
|
83
|
-
OpenSSL::PKey::EC.new(options.private_key)
|
|
84
|
-
elsif options.private_key.is_a?(OpenSSL::PKey::EC)
|
|
85
|
-
options.private_key
|
|
86
|
-
else
|
|
87
|
-
raise 'Invalid private_key format'
|
|
88
|
-
end
|
|
89
|
-
jwt_payload = {
|
|
90
|
-
iss: options.client_id,
|
|
91
|
-
sub: options.client_id,
|
|
92
|
-
aud: options.client_options.site,
|
|
93
|
-
jti: SecureRandom.uuid,
|
|
94
|
-
iat: Time.now.to_i,
|
|
95
|
-
exp: Time.now.to_i + 300
|
|
96
|
-
}
|
|
97
|
-
|
|
98
|
-
JWT.encode(
|
|
99
|
-
jwt_payload,
|
|
100
|
-
private_key,
|
|
101
|
-
'ES256',
|
|
102
|
-
{
|
|
103
|
-
typ: 'jwt',
|
|
104
|
-
alg: 'ES256',
|
|
105
|
-
kid: options.client_jwk[:kid]
|
|
106
|
-
}
|
|
107
|
-
)
|
|
108
|
-
end
|
|
109
|
-
|
|
110
69
|
def self.get_authorization_server(pds_endpoint)
|
|
111
70
|
response = Faraday.get("#{pds_endpoint}/.well-known/oauth-protected-resource")
|
|
112
71
|
|
metadata
CHANGED
|
@@ -1,29 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-atproto
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- frabr
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-12-
|
|
11
|
+
date: 2024-12-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: atproto_client
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 0.1.4
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 0.1.4
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: didkit
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -129,6 +129,7 @@ executables: []
|
|
|
129
129
|
extensions: []
|
|
130
130
|
extra_rdoc_files: []
|
|
131
131
|
files:
|
|
132
|
+
- LICENSE
|
|
132
133
|
- README.md
|
|
133
134
|
- lib/omniauth-atproto.rb
|
|
134
135
|
- lib/omniauth-atproto/key_manager.rb
|