omniauth-google-oauth2 1.2.0 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.github/FUNDING.yml +1 -0
  3. data/.gitignore +1 -0
  4. data/CHANGELOG.md +14 -0
  5. data/README.md +2 -1
  6. data/examples/Gemfile +2 -2
  7. data/lib/omniauth/google_oauth2/version.rb +1 -1
  8. data/lib/omniauth/strategies/google_oauth2.rb +5 -11
  9. data/omniauth-google-oauth2.gemspec +1 -1
  10. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 45ce2b17155396ac41a875e3bcadfd9827cf45b30d2c64309992b84d3ef0088d
4
- data.tar.gz: d9f9e89a3526a81b19a66a222b3534848c66914a34960500a6ed57fe23e40fdd
3
+ metadata.gz: fb04de5f033f4c247c0cd004619d2e8cbb9f54b29a1861c5810d539608c278c0
4
+ data.tar.gz: a0a71c285455501e4904ea4c184db32298907be93f1def96d3a180ca60df9684
5
5
  SHA512:
6
- metadata.gz: 543ac7161867df4ec9826c29ccebe89ae70348b3038095b747b2160f2988c2cdcfccb418d4afaaff6b564e8df4aafa5dd704f8632cbd755ef5d222b7a6e63697
7
- data.tar.gz: 2585a702d4595b4986c6406fc8121e4f61ff4fc4558372fc689e28cc87ce21ba8a387b8999a2cc1c53bcfa96df6e68457777f493675c71a511f9e0d5adae12e6
6
+ metadata.gz: 3cd913d3979e3c3e9dd93f76ed40aeff42bc95a8841db4b4287e92d28a00fe85a4bbc14483b25478fbdde0552877617d4b32c57eb03c67472e43fd857c1e9180
7
+ data.tar.gz: '0078d9d52c2661b12895509ce17320818360aa968904742d45665158334af0a219064999cabe71e1af9ce93cddd45481b7aee263d729d582f99d088b68242905'
data/.github/FUNDING.yml ADDED
@@ -0,0 +1 @@
1
+ github: [zquestz]
data/.gitignore CHANGED
@@ -20,3 +20,4 @@ test/version_tmp
20
20
  tmp
21
21
  .powenv
22
22
  .idea/
23
+ examples/Gemfile.lock
data/CHANGELOG.md CHANGED
@@ -1,6 +1,20 @@
1
1
  # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 1.2.1 - 2025-01-18
5
+
6
+ ### Added
7
+ - Use jwt v2.9.2's public claims verification API - https://github.com/zquestz/omniauth-google-oauth2/pull/465
8
+
9
+ ### Deprecated
10
+ - Nothing.
11
+
12
+ ### Removed
13
+ - Support for jwt < 2.9.2.
14
+
15
+ ### Fixed
16
+ - Nothing.
17
+
4
18
  ## 1.2.0 - 2024-09-15
5
19
 
6
20
  ### Added
data/README.md CHANGED
@@ -196,7 +196,8 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
196
196
  flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
197
197
  sign_in_and_redirect @user, event: :authentication
198
198
  else
199
- session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
199
+ # Useful for debugging login failures. Uncomment for development.
200
+ # session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
200
201
  redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
201
202
  end
202
203
  end
data/examples/Gemfile CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  source 'https://rubygems.org'
4
4
 
5
- gem 'omniauth-google-oauth2', '~> 1.2.0'
5
+ gem 'omniauth-google-oauth2', path: '..'
6
6
  gem 'rubocop'
7
- gem 'sinatra', '~> 1.4'
7
+ gem 'sinatra'
8
8
  gem 'webrick'
data/lib/omniauth/google_oauth2/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module GoogleOauth2
5
- VERSION = '1.2.0'
5
+ VERSION = '1.2.1'
6
6
  end
7
7
  end
data/lib/omniauth/strategies/google_oauth2.rb CHANGED
@@ -76,17 +76,11 @@ module OmniAuth
76
76
 
77
77
  # We have to manually verify the claims because the third parameter to
78
78
  # JWT.decode is false since no verification key is provided.
79
- ::JWT::Claims.verify!(decoded,
80
- verify_iss: true,
81
- iss: ALLOWED_ISSUERS,
82
- verify_aud: true,
83
- aud: options.client_id,
84
- verify_sub: false,
85
- verify_expiration: true,
86
- verify_not_before: true,
87
- verify_iat: false,
88
- verify_jti: false,
89
- leeway: options[:jwt_leeway])
79
+ ::JWT::Claims.verify_payload!(decoded,
80
+ iss: ALLOWED_ISSUERS,
81
+ aud: options.client_id,
82
+ exp: { leeway: options.jwt_leeway },
83
+ nbf: { leeway: options.jwt_leeway })
90
84
 
91
85
  hash[:id_info] = decoded
92
86
  end
data/omniauth-google-oauth2.gemspec CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |gem|
20
20
 
21
21
  gem.required_ruby_version = '>= 2.5'
22
22
 
23
- gem.add_runtime_dependency 'jwt', '>= 2.9'
23
+ gem.add_runtime_dependency 'jwt', '>= 2.9.2'
24
24
  gem.add_runtime_dependency 'oauth2', '~> 2.0'
25
25
  gem.add_runtime_dependency 'omniauth', '~> 2.0'
26
26
  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-09-16 00:00:00.000000000 Z
12
+ date: 2025-01-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jwt
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - ">="
19
19
  - !ruby/object:Gem::Version
20
- version: '2.9'
20
+ version: 2.9.2
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - ">="
26
26
  - !ruby/object:Gem::Version
27
- version: '2.9'
27
+ version: 2.9.2
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: oauth2
30
30
  requirement: !ruby/object:Gem::Requirement
@@ -117,6 +117,7 @@ executables: []
117
117
  extensions: []
118
118
  extra_rdoc_files: []
119
119
  files:
120
+ - ".github/FUNDING.yml"
120
121
  - ".github/workflows/ci.yml"
121
122
  - ".gitignore"
122
123
  - ".rubocop.yml"