omniauth-fishbrain 0.9.0 → 0.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 18b08b84c82f3c10704e309debd002b2a05bfba8c3f9392028325339fdab0f61
4
- data.tar.gz: fc941f8c41c630491831e79f828f07621be3e1fc80ca91a7f7fe93f64cad926a
3
+ metadata.gz: 70b077fd97606f323245d0180a5a66e5ddb0dc92ec0670147242884bdc930319
4
+ data.tar.gz: e483cf58669ab9991b5f59fb5c89c918cebae4572eacec67fcf1b0a145eda569
5
5
  SHA512:
6
- metadata.gz: 1ad8cff223e86137c99d924b0bdd8cf2146393738419b13163d2ae5dd69b3678967e71ce96f9cd8422b77080eaf6186edd9c1064ab9c4870e8d99dca5ff31848
7
- data.tar.gz: cc450625016d5ee861732382fdf868ec42c4291f453358729f1d28c530978bd0d5bffd6e41a9e35b8c0b8fedade712a902c1f96ab4f06423f1f81c7f9a16e99d
6
+ metadata.gz: 4062fe761e149af6926a3757405da9769e86be530ad68f97f8b26343a518872bff85c36ca771bb0c3b9da40b67816b24e3ef1225bf3bc0e02c51bc943400dc09
7
+ data.tar.gz: b284b8dba51dc78102513bc6d3746c0ffac410a174f2a7700c00280610067ac6cc272edeb644e6e0500c789e3e6da88b0c696e26d5127cd4736296ea2ba11de7
data/README.markdown ADDED
@@ -0,0 +1,54 @@
1
+ # OmniAuth Fishbrain
2
+
3
+ This gem provides two OmniAuth strategies for Fishbrain.
4
+
5
+ 1. The `fishbrain` strategy is a standard Omniauth OAuth2 strategy for signing up and signing in
6
+ 2. The `fishbrain_id` strategy is intended for sharing a user's identity between services, typically from mobile app to
7
+ server
8
+
9
+ ## Installation
10
+
11
+ ```ruby
12
+ gem 'omniauth-fishbrain'
13
+ ```
14
+
15
+ ## Usage
16
+
17
+ In production environments:
18
+
19
+ ```
20
+ use OmniAuth::Builder do
21
+ provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET')
22
+ provider :fishbrain_id
23
+ end
24
+ ```
25
+
26
+ In development/test/staging environments:
27
+
28
+ ```
29
+ use OmniAuth::Builder do
30
+ provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET'),
31
+ user_pool_id: 'eu-west-1_K2uP41DlP',
32
+ client_options: {
33
+ site: 'https://accounts-staging.fishbrain.com',
34
+ }
35
+ provider :fishbrain_id, user_pool_id: 'eu-west-1_K2uP41DlP'
36
+ end
37
+ ```
38
+
39
+ `path_prefix` is supported too:
40
+
41
+ ```
42
+ use OmniAuth::Builder do
43
+ ...
44
+
45
+ configure { |c| c.path_prefix = '/client/auth' }
46
+ end
47
+ ```
48
+
49
+
50
+ See [`/examples`](examples) for full example using Sinatra.
51
+
52
+ ## LICENSE
53
+
54
+ [MIT](LICENSE)
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'net/http'
4
+ require 'jwt'
5
+
6
+ module OmniAuth
7
+ module Fishbrain
8
+ module VerifiesIdToken
9
+ def id_token
10
+ @_id_token ||= begin
11
+ return {} unless raw_id_token
12
+
13
+ JWT.decode(raw_id_token, nil, true, decode_options).first
14
+ end
15
+ end
16
+
17
+ def decode_options
18
+ {
19
+ iss: iss,
20
+ aud: options[:client_id],
21
+ verify_aud: true,
22
+ verify_expiration: true,
23
+ verify_iat: true,
24
+ verify_iss: true,
25
+ verify_not_before: true,
26
+ leeway: options[:jwt_leeway],
27
+ algorithm: 'RS256',
28
+ jwks: jwks,
29
+ }
30
+ end
31
+
32
+ def iss
33
+ "https://cognito-idp.#{options[:aws_region]}.amazonaws.com/#{options[:user_pool_id]}"
34
+ end
35
+
36
+ def jwks
37
+ @_jwks ||= \
38
+ "#{iss}/.well-known/jwks.json"
39
+ .yield_self(&URI.method(:parse))
40
+ .yield_self(&Net::HTTP.method(:get))
41
+ .yield_self { |it| JSON.parse(it, symbolize_names: true) }
42
+ end
43
+ end
44
+ end
45
+ end
@@ -1,84 +1,58 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'omniauth-oauth2'
4
- require 'jwt'
4
+ require 'omniauth/fishbrain/verifies_id_token'
5
5
 
6
6
  module OmniAuth
7
7
  module Strategies
8
- # OmniAuth Strategy for Fishbrain
9
8
  class Fishbrain < OmniAuth::Strategies::OAuth2
9
+ include OmniAuth::Fishbrain::VerifiesIdToken
10
+
10
11
  option :name, 'fishbrain'
11
- option :client_options,
12
- site: 'https://accounts.fishbrain.com',
13
- authorize_url: '/oauth2/authorize',
14
- token_url: '/oauth2/token',
15
- auth_scheme: :basic_auth
12
+ option :client_options, site: 'https://accounts.fishbrain.com',
13
+ authorize_url: '/oauth2/authorize',
14
+ token_url: '/oauth2/token',
15
+ auth_scheme: :basic_auth
16
16
  option :scope, 'email openid profile'
17
- option :jwt_leeway, 60
18
17
  option :user_pool_id, 'eu-west-1_5r0WbR8OH'
19
18
  option :aws_region, 'eu-west-1'
19
+ option :jwt_leeway, 60
20
20
 
21
21
  uid do
22
- parsed_id_token['sub'] if parsed_id_token
22
+ id_token['sub']
23
23
  end
24
24
 
25
25
  info do
26
- if parsed_id_token
27
- {
28
- name: parsed_id_token['name'],
29
- email: parsed_id_token['email'],
30
- phone: parsed_id_token['phone_number']
31
- }
32
- end
26
+ {
27
+ given_name: id_token['given_name'],
28
+ email: id_token['email'],
29
+ phone: id_token['phone_number'],
30
+ }
33
31
  end
34
32
 
35
33
  credentials do
36
- { token: access_token.token }.tap do |hash|
37
- hash[:refresh_token] = access_token.refresh_token if access_token.expires? && access_token.refresh_token
38
- hash[:expires_at] = access_token.expires_at if access_token.expires?
39
- hash[:expires] = access_token.expires?
40
- hash[:id_token] = id_token if id_token
34
+ hash = { token: access_token.token }
35
+ if access_token.expires?
36
+ hash[:refresh_token] = access_token.refresh_token if access_token.refresh_token
37
+ hash[:expires_at] = access_token.expires_at
41
38
  end
39
+ hash[:expires] = access_token.expires?
40
+ hash[:id_token] = access_token['id_token'] if access_token['id_token']
41
+ hash
42
42
  end
43
43
 
44
44
  extra do
45
- { raw_info: parsed_id_token.reject { |key| %w[iss aud exp iat token_use nbf].include?(key) } }
45
+ { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
46
46
  end
47
47
 
48
48
  private
49
49
 
50
- # Override this method to remove the query string from the callback_url because Cognito
51
- # requires an exact match
52
- def build_access_token
53
- client.auth_code.get_token(
54
- request.params['code'],
55
- { redirect_uri: callback_url.split('?').first }.merge(token_params.to_hash(symbolize_keys: true)),
56
- deep_symbolize(options.auth_token_params)
57
- )
50
+ def callback_url
51
+ full_host + script_name + callback_path
58
52
  end
59
53
 
60
- def id_token
61
- access_token && access_token['id_token']
62
- end
63
-
64
- def parsed_id_token
65
- return nil unless id_token
66
-
67
- @parsed_id_token ||= JWT.decode(
68
- id_token,
69
- nil,
70
- false,
71
- verify_iss: options[:aws_region] && options[:user_pool_id],
72
- iss: "https://cognito-idp.#{options[:aws_region]}.amazonaws.com/#{options[:user_pool_id]}",
73
- verify_aud: true,
74
- aud: options[:client_id],
75
- verify_sub: true,
76
- verify_expiration: true,
77
- verify_not_before: true,
78
- verify_iat: true,
79
- verify_jti: false,
80
- leeway: options[:jwt_leeway]
81
- ).first
54
+ def raw_id_token
55
+ access_token['id_token']
82
56
  end
83
57
  end
84
58
  end
@@ -0,0 +1,55 @@
1
+ # frozen_string_literal:true
2
+
3
+ require 'omniauth/fishbrain/verifies_id_token'
4
+
5
+ module OmniAuth
6
+ module Strategies
7
+ class FishbrainId
8
+ include OmniAuth::Strategy
9
+ include OmniAuth::Fishbrain::VerifiesIdToken
10
+
11
+ option :name, 'fishbrain_id'
12
+ option :user_pool_id, 'eu-west-1_5r0WbR8OH'
13
+ option :client_id, nil
14
+ option :aws_region, 'eu-west-1'
15
+ option :jwt_leeway, 60
16
+
17
+ uid do
18
+ id_token['sub']
19
+ end
20
+
21
+ info do
22
+ {
23
+ given_name: id_token['given_name'],
24
+ email: id_token['email'],
25
+ phone: id_token['phone_number'],
26
+ }
27
+ end
28
+
29
+ extra do
30
+ { raw_info: id_token.reject { |key| %w[iss aud exp iat token_use].include?(key) } }
31
+ end
32
+
33
+ def callback_phase
34
+ if raw_id_token
35
+ id_token
36
+ super
37
+ else
38
+ fail! :missing_id_token
39
+ end
40
+ rescue JWT::ExpiredSignature
41
+ fail! :invalid_id_token
42
+ end
43
+
44
+ def request_phase
45
+ redirect callback_url
46
+ end
47
+
48
+ private
49
+
50
+ def raw_id_token
51
+ request.params['id_token']
52
+ end
53
+ end
54
+ end
55
+ end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module Fishbrain
5
- VERSION = '0.9.0'
5
+ VERSION = '0.10.0'
6
6
  end
7
7
  end
@@ -1,3 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require 'omniauth/fishbrain'
3
+ require 'omniauth-fishbrain/version'
4
+ require 'omniauth/strategies/fishbrain'
5
+ require 'omniauth/strategies/fishbrain_id'
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-fishbrain
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Dalen
8
+ - Fishbrain AB
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2020-02-10 00:00:00.000000000 Z
12
+ date: 2020-02-17 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: jwt
@@ -38,27 +39,21 @@ dependencies:
38
39
  - - "~>"
39
40
  - !ruby/object:Gem::Version
40
41
  version: '1.6'
41
- description: A Fishbrain strategy for OmniAuth 1.x. This allows you to login to Fishbrain
42
- with your ruby app.
42
+ description:
43
43
  email:
44
44
  - erik.dalen@fishbrain.com
45
+ - developer@fishbrain.com
45
46
  executables: []
46
47
  extensions: []
47
48
  extra_rdoc_files: []
48
49
  files:
49
- - ".gitignore"
50
50
  - LICENSE
51
- - README.md
52
- - examples/sinatra/Gemfile
53
- - examples/sinatra/fishbrain_example.rb
54
- - examples/sinatra/views/auth_failure.haml
55
- - examples/sinatra/views/callback.haml
56
- - examples/sinatra/views/index.haml
51
+ - README.markdown
57
52
  - lib/omniauth-fishbrain.rb
58
- - lib/omniauth/fishbrain.rb
59
- - lib/omniauth/fishbrain/version.rb
53
+ - lib/omniauth-fishbrain/version.rb
54
+ - lib/omniauth/fishbrain/verifies_id_token.rb
60
55
  - lib/omniauth/strategies/fishbrain.rb
61
- - omniauth-fishbrain.gemspec
56
+ - lib/omniauth/strategies/fishbrain_id.rb
62
57
  homepage: https://github.com/fishbrain/omniauth-fishbrain
63
58
  licenses:
64
59
  - MIT
@@ -71,16 +66,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
71
66
  requirements:
72
67
  - - ">="
73
68
  - !ruby/object:Gem::Version
74
- version: '2.2'
69
+ version: '0'
75
70
  required_rubygems_version: !ruby/object:Gem::Requirement
76
71
  requirements:
77
72
  - - ">="
78
73
  - !ruby/object:Gem::Version
79
74
  version: '0'
80
75
  requirements: []
81
- rubyforge_project:
82
- rubygems_version: 2.7.6
76
+ rubygems_version: 3.0.3
83
77
  signing_key:
84
78
  specification_version: 4
85
- summary: A Fishbrain strategy for OmniAuth 1.x
79
+ summary: OmniAuth strategy for Fishbrain
86
80
  test_files: []
data/.gitignore DELETED
@@ -1,56 +0,0 @@
1
- *.gem
2
- *.rbc
3
- /.config
4
- /coverage/
5
- /InstalledFiles
6
- /pkg/
7
- /spec/reports/
8
- /spec/examples.txt
9
- /test/tmp/
10
- /test/version_tmp/
11
- /tmp/
12
-
13
- # Used by dotenv library to load environment variables.
14
- # .env
15
-
16
- # Ignore Byebug command history file.
17
- .byebug_history
18
-
19
- ## Specific to RubyMotion:
20
- .dat*
21
- .repl_history
22
- build/
23
- *.bridgesupport
24
- build-iPhoneOS/
25
- build-iPhoneSimulator/
26
-
27
- ## Specific to RubyMotion (use of CocoaPods):
28
- #
29
- # We recommend against adding the Pods directory to your .gitignore. However
30
- # you should judge for yourself, the pros and cons are mentioned at:
31
- # https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
32
- #
33
- # vendor/Pods/
34
-
35
- ## Documentation cache and generated files:
36
- /.yardoc/
37
- /_yardoc/
38
- /doc/
39
- /rdoc/
40
-
41
- ## Environment normalization:
42
- /.bundle/
43
- /vendor/bundle
44
- /lib/bundler/man/
45
-
46
- # for a library or gem, you might want to ignore these files since the code is
47
- # intended to run in multiple environments; otherwise, check them in:
48
- # Gemfile.lock
49
- # .ruby-version
50
- # .ruby-gemset
51
-
52
- # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
53
- .rvmrc
54
-
55
- # Used by RuboCop. Remote config files pulled in from inherit_from directive.
56
- # .rubocop-https?--*
data/README.md DELETED
@@ -1,25 +0,0 @@
1
- # omniauth-fishbrain
2
-
3
- OmniAuth strategy for authenticating with Fishbrain
4
-
5
- ## Installation
6
-
7
- Add to your `Gemfile`:
8
-
9
- ```ruby
10
- gem 'omniauth-google-oauth2'
11
- ```
12
-
13
- Then `bundle install`.
14
-
15
- ## Usage
16
-
17
- Add something like the following to add the fishbrain authentication stategy.
18
-
19
- ```
20
- use OmniAuth::Builder do
21
- provider :fishbrain, ENV.fetch('FISHBRAIN_CLIENT_ID'), ENV.fetch('FISHBRAIN_CLIENT_SECRET')
22
- end
23
- ```
24
-
25
- See `/examples` for a full example using Sinatra & Omniauth.
@@ -1,10 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- source 'https://rubygems.org'
4
-
5
- git_source(:github) {|repo_name| 'https://github.com/#{repo_name}' }
6
-
7
- gem 'sinatra'
8
- gem 'omniauth'
9
- gem 'haml'
10
- gem 'omniauth-fishbrain'
@@ -1,34 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # frozen_string_literal: true
3
-
4
- require 'sinatra/base'
5
- require 'omniauth'
6
- require 'omniauth-fishbrain'
7
- require 'pp'
8
-
9
- # Example Sinatra+Omniauth+Fishbrain app
10
- class FishbrainExample < Sinatra::Application
11
- configure do
12
- set :sessions, true
13
- set :haml, format: :html5
14
- end
15
- use OmniAuth::Builder do
16
- provider :fishbrain,
17
- ENV.fetch('FISHBRAIN_CLIENT_ID'),
18
- ENV.fetch('FISHBRAIN_CLIENT_SECRET')
19
- end
20
-
21
- get '/' do
22
- haml :index
23
- end
24
-
25
- get '/auth/failure' do
26
- haml :auth_failure
27
- end
28
-
29
- get '/auth/:provider/callback' do
30
- haml :callback
31
- end
32
-
33
- run! if app_file == $PROGRAM_NAME
34
- end
@@ -1,10 +0,0 @@
1
- !!!
2
- %html
3
- %head
4
- %title
5
- Cognito auth example
6
- %body
7
- %h1
8
- Authentication failure
9
-
10
- %pre= params['message']
@@ -1,9 +0,0 @@
1
- !!!
2
- %html
3
- %head
4
- %title
5
- Cognito auth example
6
- %body
7
- %h1= params[:provider]
8
-
9
- %pre= request.env['omniauth.auth'].pretty_inspect
@@ -1,14 +0,0 @@
1
- !!!
2
- %html
3
- %head
4
- %title
5
- Cognito auth example
6
- %body
7
- %h1
8
- Welcome
9
-
10
- %a{ href: "/auth/fishbrain" }
11
- Log in with Fishbrain
12
-
13
- %a{ href: "/auth/cognito-idp" }
14
- Log in with Cognito
@@ -1,3 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'omniauth/strategies/fishbrain'
@@ -1,25 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require File.expand_path(
4
- File.join('..', 'lib', 'omniauth', 'fishbrain', 'version'),
5
- __FILE__
6
- )
7
-
8
- Gem::Specification.new do |gem|
9
- gem.name = 'omniauth-fishbrain'
10
- gem.version = OmniAuth::Fishbrain::VERSION
11
- gem.license = 'MIT'
12
- gem.summary = %(A Fishbrain strategy for OmniAuth 1.x)
13
- gem.description = %(A Fishbrain strategy for OmniAuth 1.x. This allows you to login to Fishbrain with your ruby app.)
14
- gem.authors = ['Erik Dalen']
15
- gem.email = ['erik.dalen@fishbrain.com']
16
- gem.homepage = 'https://github.com/fishbrain/omniauth-fishbrain'
17
-
18
- gem.files = `git ls-files`.split("\n")
19
- gem.require_paths = ['lib']
20
-
21
- gem.required_ruby_version = '>= 2.2'
22
-
23
- gem.add_runtime_dependency 'jwt', '~> 2.0'
24
- gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.6'
25
- end