omniauth-fishbrain 0.10.0 → 0.11.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.markdown +13 -12
- data/lib/omniauth-fishbrain/version.rb +1 -1
- data/lib/omniauth/fishbrain/decode_id_token.rb +54 -0
- data/lib/omniauth/fishbrain/premium_status.rb +23 -0
- data/lib/omniauth/fishbrain/verifies_id_token.rb +5 -5
- data/lib/omniauth/strategies/fishbrain.rb +8 -2
- data/lib/omniauth/strategies/fishbrain_id.rb +11 -6
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 58b986c338209b8d0078fe1575f66ebac4af360a662db67d0bfff5f3ee6a9dae
|
4
|
+
data.tar.gz: d111c45ee3100e0232bf0d5993b80430990bc39c20a7bc0cf7d97c33ec91de44
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 99441c0a1cf973b4a8a1ed557a3cf361ebbf54695f864bdcf0ad98ebc63d3798c70111a71dd77f262f1a64cd6743cad3ec5c65d544bd156c45a4eccb53e30c1e
|
7
|
+
data.tar.gz: e282f4cd037715c4e826938e33305f7d5b9a07784170fbb3d510599338683f2807aad4f6ad60307035e44000f37bebb6f6defd034f4534598b7fe316da04228f
|
data/README.markdown
CHANGED
@@ -1,10 +1,12 @@
|
|
1
1
|
# OmniAuth Fishbrain
|
2
2
|
|
3
|
+
![](https://github.com/omniauth/omniauth-github/workflows/Ruby/badge.svg?branch=master)
|
4
|
+
|
3
5
|
This gem provides two OmniAuth strategies for Fishbrain.
|
4
6
|
|
5
|
-
1. The `fishbrain` strategy is a standard
|
6
|
-
2. The `fishbrain_id` strategy is intended for sharing
|
7
|
-
|
7
|
+
1. The `fishbrain` strategy is a standard OmniAuth OAuth2 strategy.
|
8
|
+
2. The `fishbrain_id` strategy is intended for sharing identities between
|
9
|
+
services.
|
8
10
|
|
9
11
|
## Installation
|
10
12
|
|
@@ -16,29 +18,29 @@ gem 'omniauth-fishbrain'
|
|
16
18
|
|
17
19
|
In production environments:
|
18
20
|
|
19
|
-
```
|
21
|
+
```ruby
|
20
22
|
use OmniAuth::Builder do
|
21
|
-
provider :fishbrain, ENV
|
23
|
+
provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET']
|
22
24
|
provider :fishbrain_id
|
23
25
|
end
|
24
26
|
```
|
25
27
|
|
26
28
|
In development/test/staging environments:
|
27
29
|
|
28
|
-
```
|
30
|
+
```ruby
|
29
31
|
use OmniAuth::Builder do
|
30
|
-
provider :fishbrain, ENV
|
31
|
-
user_pool_id: 'eu-west-
|
32
|
+
provider :fishbrain, ENV['FISHBRAIN_CLIENT_ID'], ENV['FISHBRAIN_CLIENT_SECRET'],
|
33
|
+
user_pool_id: 'eu-west-1_WlBhbuD6e',
|
32
34
|
client_options: {
|
33
35
|
site: 'https://accounts-staging.fishbrain.com',
|
34
36
|
}
|
35
|
-
provider :fishbrain_id, user_pool_id: 'eu-west-
|
37
|
+
provider :fishbrain_id, user_pool_id: 'eu-west-1_WlBhbuD6e'
|
36
38
|
end
|
37
39
|
```
|
38
40
|
|
39
41
|
`path_prefix` is supported too:
|
40
42
|
|
41
|
-
```
|
43
|
+
```ruby
|
42
44
|
use OmniAuth::Builder do
|
43
45
|
...
|
44
46
|
|
@@ -46,9 +48,8 @@ use OmniAuth::Builder do
|
|
46
48
|
end
|
47
49
|
```
|
48
50
|
|
49
|
-
|
50
51
|
See [`/examples`](examples) for full example using Sinatra.
|
51
52
|
|
52
|
-
##
|
53
|
+
## License
|
53
54
|
|
54
55
|
[MIT](LICENSE)
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'net/http'
|
4
|
+
require 'jwt'
|
5
|
+
|
6
|
+
module OmniAuth
|
7
|
+
module Fishbrain
|
8
|
+
class DecodeIdToken
|
9
|
+
AWS_REGION = 'eu-west-1'
|
10
|
+
USER_POOL_ID = 'eu-west-1_TKWveIcYu'
|
11
|
+
|
12
|
+
attr_reader :client_id, :aws_region, :user_pool_id, :jwt_leeway
|
13
|
+
|
14
|
+
def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
|
15
|
+
@client_id = client_id
|
16
|
+
@user_pool_id = user_pool_id
|
17
|
+
@aws_region = aws_region
|
18
|
+
@jwt_leeway = 60
|
19
|
+
end
|
20
|
+
|
21
|
+
def decode(raw_id_token)
|
22
|
+
JWT.decode(raw_id_token, nil, true, decode_options).first
|
23
|
+
end
|
24
|
+
|
25
|
+
private
|
26
|
+
|
27
|
+
def decode_options
|
28
|
+
{
|
29
|
+
iss: iss,
|
30
|
+
aud: client_id,
|
31
|
+
verify_aud: true,
|
32
|
+
verify_expiration: true,
|
33
|
+
verify_iat: true,
|
34
|
+
verify_iss: true,
|
35
|
+
verify_not_before: true,
|
36
|
+
leeway: jwt_leeway,
|
37
|
+
algorithm: 'RS256',
|
38
|
+
jwks: jwks,
|
39
|
+
}
|
40
|
+
end
|
41
|
+
|
42
|
+
def iss
|
43
|
+
"https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
|
44
|
+
end
|
45
|
+
|
46
|
+
def jwks
|
47
|
+
@_jwks ||= "#{iss}/.well-known/jwks.json"
|
48
|
+
.yield_self(&URI.method(:parse))
|
49
|
+
.yield_self(&Net::HTTP.method(:get))
|
50
|
+
.yield_self { |it| JSON.parse(it, symbolize_names: true) }
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'json'
|
4
|
+
|
5
|
+
module OmniAuth
|
6
|
+
module Fishbrain
|
7
|
+
module PremiumStatus
|
8
|
+
def premium_status
|
9
|
+
return {} unless id_token['premium_status']
|
10
|
+
|
11
|
+
JSON.parse(id_token['premium_status'])
|
12
|
+
rescue JSON::ParserError
|
13
|
+
{}
|
14
|
+
end
|
15
|
+
|
16
|
+
def premium?
|
17
|
+
Time.xmlschema(premium_status['end_date']) > Time.new.utc
|
18
|
+
rescue ArgumentError
|
19
|
+
false
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -7,11 +7,11 @@ module OmniAuth
|
|
7
7
|
module Fishbrain
|
8
8
|
module VerifiesIdToken
|
9
9
|
def id_token
|
10
|
-
@_id_token ||=
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
10
|
+
@_id_token ||= if raw_id_token&.strip&.empty?
|
11
|
+
{}
|
12
|
+
else
|
13
|
+
JWT.decode(raw_id_token, nil, true, decode_options).first
|
14
|
+
end
|
15
15
|
end
|
16
16
|
|
17
17
|
def decode_options
|
@@ -2,11 +2,13 @@
|
|
2
2
|
|
3
3
|
require 'omniauth-oauth2'
|
4
4
|
require 'omniauth/fishbrain/verifies_id_token'
|
5
|
+
require 'omniauth/fishbrain/premium_status'
|
5
6
|
|
6
7
|
module OmniAuth
|
7
8
|
module Strategies
|
8
9
|
class Fishbrain < OmniAuth::Strategies::OAuth2
|
9
10
|
include OmniAuth::Fishbrain::VerifiesIdToken
|
11
|
+
include OmniAuth::Fishbrain::PremiumStatus
|
10
12
|
|
11
13
|
option :name, 'fishbrain'
|
12
14
|
option :client_options, site: 'https://accounts.fishbrain.com',
|
@@ -14,7 +16,7 @@ module OmniAuth
|
|
14
16
|
token_url: '/oauth2/token',
|
15
17
|
auth_scheme: :basic_auth
|
16
18
|
option :scope, 'email openid profile'
|
17
|
-
option :user_pool_id, 'eu-west-
|
19
|
+
option :user_pool_id, 'eu-west-1_TKWveIcYu'
|
18
20
|
option :aws_region, 'eu-west-1'
|
19
21
|
option :jwt_leeway, 60
|
20
22
|
|
@@ -42,7 +44,11 @@ module OmniAuth
|
|
42
44
|
end
|
43
45
|
|
44
46
|
extra do
|
45
|
-
{
|
47
|
+
{
|
48
|
+
raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
|
49
|
+
premium_status: premium_status,
|
50
|
+
is_premium: premium?,
|
51
|
+
}
|
46
52
|
end
|
47
53
|
|
48
54
|
private
|
@@ -1,15 +1,17 @@
|
|
1
1
|
# frozen_string_literal:true
|
2
2
|
|
3
3
|
require 'omniauth/fishbrain/verifies_id_token'
|
4
|
+
require 'omniauth/fishbrain/premium_status'
|
4
5
|
|
5
6
|
module OmniAuth
|
6
7
|
module Strategies
|
7
8
|
class FishbrainId
|
8
9
|
include OmniAuth::Strategy
|
9
10
|
include OmniAuth::Fishbrain::VerifiesIdToken
|
11
|
+
include OmniAuth::Fishbrain::PremiumStatus
|
10
12
|
|
11
13
|
option :name, 'fishbrain_id'
|
12
|
-
option :user_pool_id, 'eu-west-
|
14
|
+
option :user_pool_id, 'eu-west-1_TKWveIcYu'
|
13
15
|
option :client_id, nil
|
14
16
|
option :aws_region, 'eu-west-1'
|
15
17
|
option :jwt_leeway, 60
|
@@ -27,15 +29,18 @@ module OmniAuth
|
|
27
29
|
end
|
28
30
|
|
29
31
|
extra do
|
30
|
-
{
|
32
|
+
{
|
33
|
+
raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) },
|
34
|
+
premium_status: premium_status,
|
35
|
+
is_premium: premium?,
|
36
|
+
}
|
31
37
|
end
|
32
38
|
|
33
39
|
def callback_phase
|
34
|
-
if
|
35
|
-
id_token
|
36
|
-
super
|
37
|
-
else
|
40
|
+
if id_token.empty?
|
38
41
|
fail! :missing_id_token
|
42
|
+
else
|
43
|
+
super
|
39
44
|
end
|
40
45
|
rescue JWT::ExpiredSignature
|
41
46
|
fail! :invalid_id_token
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-fishbrain
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erik Dalen
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2020-
|
12
|
+
date: 2020-06-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: jwt
|
@@ -51,6 +51,8 @@ files:
|
|
51
51
|
- README.markdown
|
52
52
|
- lib/omniauth-fishbrain.rb
|
53
53
|
- lib/omniauth-fishbrain/version.rb
|
54
|
+
- lib/omniauth/fishbrain/decode_id_token.rb
|
55
|
+
- lib/omniauth/fishbrain/premium_status.rb
|
54
56
|
- lib/omniauth/fishbrain/verifies_id_token.rb
|
55
57
|
- lib/omniauth/strategies/fishbrain.rb
|
56
58
|
- lib/omniauth/strategies/fishbrain_id.rb
|