omniauth-fishbrain 0.11.2 → 0.11.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/omniauth/fishbrain/decode_id_token.rb +53 -0
- data/lib/omniauth/fishbrain/jwks.rb +19 -0
- data/lib/omniauth/fishbrain/premium_status.rb +2 -4
- data/lib/omniauth/fishbrain/verifies_id_token.rb +2 -6
- data/lib/omniauth-fishbrain/version.rb +1 -1
- data/lib/omniauth-fishbrain.rb +1 -0
- metadata +24 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5f50dfb6ad611857363bafd7f98dfd8a26c6241e021b285358a838bdf735e6b5
|
|
4
|
+
data.tar.gz: 64886edd7b774f99c6a58d989471c7c374fa98fb8c087cd8d0fd97cfc19b2dc0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b07f0d861cc9d6cab95ee3e76d44c88d2a7d353de04d29f25c56b15b89b75ecc44515dabeeb382a966b727bde429e319a3ceeb58ebd436f7c9b110c77dc93b1f
|
|
7
|
+
data.tar.gz: 360bd6039fd1c0cc7039c4851997884f9d6c05e81cb594f36b058dd7909b08674307caab358739539498145aaaae957f4a7d32eeaf454009de431f00c5786b0f
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'omniauth/fishbrain/jwks'
|
|
4
|
+
require 'jwt'
|
|
5
|
+
|
|
6
|
+
module OmniAuth
|
|
7
|
+
module Fishbrain
|
|
8
|
+
class DecodeIdToken
|
|
9
|
+
include Jwks
|
|
10
|
+
|
|
11
|
+
AWS_REGION = 'eu-west-1'
|
|
12
|
+
USER_POOL_ID = 'eu-west-1_TKWveIcYu'
|
|
13
|
+
|
|
14
|
+
attr_reader :client_id, :aws_region, :user_pool_id, :jwt_leeway
|
|
15
|
+
|
|
16
|
+
def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
|
|
17
|
+
@client_id = client_id
|
|
18
|
+
@user_pool_id = user_pool_id
|
|
19
|
+
@aws_region = aws_region
|
|
20
|
+
@jwt_leeway = 60
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def decode(raw_id_token)
|
|
24
|
+
JWT.decode(raw_id_token, nil, true, decode_options).first
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def decode_options
|
|
30
|
+
{
|
|
31
|
+
iss: iss,
|
|
32
|
+
aud: client_id,
|
|
33
|
+
verify_aud: false,
|
|
34
|
+
verify_expiration: true,
|
|
35
|
+
verify_iat: true,
|
|
36
|
+
verify_iss: true,
|
|
37
|
+
verify_not_before: true,
|
|
38
|
+
leeway: jwt_leeway,
|
|
39
|
+
algorithm: 'RS256',
|
|
40
|
+
jwks: jwks,
|
|
41
|
+
}
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def iss
|
|
45
|
+
"https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def jwks
|
|
49
|
+
get_json("#{iss}/.well-known/jwks.json")
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'net/http'
|
|
4
|
+
require 'api_cache'
|
|
5
|
+
|
|
6
|
+
module OmniAuth
|
|
7
|
+
module Fishbrain
|
|
8
|
+
module Jwks
|
|
9
|
+
def get_json(uri)
|
|
10
|
+
APICache.get('fishbrain_jwks', cache: 86_400) do # 24 hours
|
|
11
|
+
uri
|
|
12
|
+
.yield_self(&URI.method(:parse))
|
|
13
|
+
.yield_self(&Net::HTTP.method(:get))
|
|
14
|
+
.yield_self { |it| JSON.parse(it, symbolize_names: true) }
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'date'
|
|
4
3
|
require 'json'
|
|
5
4
|
|
|
6
5
|
module OmniAuth
|
|
@@ -9,15 +8,14 @@ module OmniAuth
|
|
|
9
8
|
def premium_status
|
|
10
9
|
return {} unless id_token['premium_status']
|
|
11
10
|
|
|
12
|
-
JSON.parse
|
|
11
|
+
JSON.parse(id_token['premium_status'])
|
|
13
12
|
rescue JSON::ParserError
|
|
14
13
|
{}
|
|
15
14
|
end
|
|
16
15
|
|
|
17
16
|
def premium?
|
|
18
|
-
|
|
17
|
+
Time.xmlschema(premium_status['end_date']) > Time.new.utc
|
|
19
18
|
rescue ArgumentError
|
|
20
|
-
# if format was wrong
|
|
21
19
|
false
|
|
22
20
|
end
|
|
23
21
|
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require '
|
|
3
|
+
require 'omniauth/fishbrain/jwks'
|
|
4
4
|
require 'jwt'
|
|
5
5
|
|
|
6
6
|
module OmniAuth
|
|
@@ -34,11 +34,7 @@ module OmniAuth
|
|
|
34
34
|
end
|
|
35
35
|
|
|
36
36
|
def jwks
|
|
37
|
-
|
|
38
|
-
"#{iss}/.well-known/jwks.json"
|
|
39
|
-
.yield_self(&URI.method(:parse))
|
|
40
|
-
.yield_self(&Net::HTTP.method(:get))
|
|
41
|
-
.yield_self { |it| JSON.parse(it, symbolize_names: true) }
|
|
37
|
+
get_json("#{iss}/.well-known/jwks.json")
|
|
42
38
|
end
|
|
43
39
|
end
|
|
44
40
|
end
|
data/lib/omniauth-fishbrain.rb
CHANGED
metadata
CHANGED
|
@@ -1,16 +1,30 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: omniauth-fishbrain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Erik Dalen
|
|
8
8
|
- Fishbrain AB
|
|
9
|
-
autorequire:
|
|
9
|
+
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2021-08-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: api_cache
|
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
|
17
|
+
requirements:
|
|
18
|
+
- - "~>"
|
|
19
|
+
- !ruby/object:Gem::Version
|
|
20
|
+
version: 0.3.0
|
|
21
|
+
type: :runtime
|
|
22
|
+
prerelease: false
|
|
23
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - "~>"
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
version: 0.3.0
|
|
14
28
|
- !ruby/object:Gem::Dependency
|
|
15
29
|
name: jwt
|
|
16
30
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -39,7 +53,7 @@ dependencies:
|
|
|
39
53
|
- - "~>"
|
|
40
54
|
- !ruby/object:Gem::Version
|
|
41
55
|
version: '1.6'
|
|
42
|
-
description:
|
|
56
|
+
description:
|
|
43
57
|
email:
|
|
44
58
|
- erik.dalen@fishbrain.com
|
|
45
59
|
- developer@fishbrain.com
|
|
@@ -51,6 +65,8 @@ files:
|
|
|
51
65
|
- README.markdown
|
|
52
66
|
- lib/omniauth-fishbrain.rb
|
|
53
67
|
- lib/omniauth-fishbrain/version.rb
|
|
68
|
+
- lib/omniauth/fishbrain/decode_id_token.rb
|
|
69
|
+
- lib/omniauth/fishbrain/jwks.rb
|
|
54
70
|
- lib/omniauth/fishbrain/premium_status.rb
|
|
55
71
|
- lib/omniauth/fishbrain/verifies_id_token.rb
|
|
56
72
|
- lib/omniauth/strategies/fishbrain.rb
|
|
@@ -59,7 +75,7 @@ homepage: https://github.com/fishbrain/omniauth-fishbrain
|
|
|
59
75
|
licenses:
|
|
60
76
|
- MIT
|
|
61
77
|
metadata: {}
|
|
62
|
-
post_install_message:
|
|
78
|
+
post_install_message:
|
|
63
79
|
rdoc_options: []
|
|
64
80
|
require_paths:
|
|
65
81
|
- lib
|
|
@@ -67,15 +83,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
67
83
|
requirements:
|
|
68
84
|
- - ">="
|
|
69
85
|
- !ruby/object:Gem::Version
|
|
70
|
-
version:
|
|
86
|
+
version: 2.5.0
|
|
71
87
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
72
88
|
requirements:
|
|
73
89
|
- - ">="
|
|
74
90
|
- !ruby/object:Gem::Version
|
|
75
91
|
version: '0'
|
|
76
92
|
requirements: []
|
|
77
|
-
rubygems_version: 3.
|
|
78
|
-
signing_key:
|
|
93
|
+
rubygems_version: 3.2.3
|
|
94
|
+
signing_key:
|
|
79
95
|
specification_version: 4
|
|
80
96
|
summary: OmniAuth strategy for Fishbrain
|
|
81
97
|
test_files: []
|