omniauth-google-oauth2 1.2.0 → 1.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/.github/FUNDING.yml +1 -0
  3. data/.gitignore +1 -0
  4. data/CHANGELOG.md +14 -0
  5. data/README.md +2 -1
  6. data/examples/Gemfile +2 -2
  7. data/lib/omniauth/google_oauth2/version.rb +1 -1
  8. data/lib/omniauth/strategies/google_oauth2.rb +5 -11
  9. data/omniauth-google-oauth2.gemspec +1 -1
  10. metadata +5 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 45ce2b17155396ac41a875e3bcadfd9827cf45b30d2c64309992b84d3ef0088d
4
- data.tar.gz: d9f9e89a3526a81b19a66a222b3534848c66914a34960500a6ed57fe23e40fdd
3
+ metadata.gz: fb04de5f033f4c247c0cd004619d2e8cbb9f54b29a1861c5810d539608c278c0
4
+ data.tar.gz: a0a71c285455501e4904ea4c184db32298907be93f1def96d3a180ca60df9684
5
5
  SHA512:
6
- metadata.gz: 543ac7161867df4ec9826c29ccebe89ae70348b3038095b747b2160f2988c2cdcfccb418d4afaaff6b564e8df4aafa5dd704f8632cbd755ef5d222b7a6e63697
7
- data.tar.gz: 2585a702d4595b4986c6406fc8121e4f61ff4fc4558372fc689e28cc87ce21ba8a387b8999a2cc1c53bcfa96df6e68457777f493675c71a511f9e0d5adae12e6
6
+ metadata.gz: 3cd913d3979e3c3e9dd93f76ed40aeff42bc95a8841db4b4287e92d28a00fe85a4bbc14483b25478fbdde0552877617d4b32c57eb03c67472e43fd857c1e9180
7
+ data.tar.gz: '0078d9d52c2661b12895509ce17320818360aa968904742d45665158334af0a219064999cabe71e1af9ce93cddd45481b7aee263d729d582f99d088b68242905'
data/.github/FUNDING.yml ADDED
@@ -0,0 +1 @@
1
+ github: [zquestz]
data/.gitignore CHANGED
@@ -20,3 +20,4 @@ test/version_tmp
20
20
  tmp
21
21
  .powenv
22
22
  .idea/
23
+ examples/Gemfile.lock
data/CHANGELOG.md CHANGED
@@ -1,6 +1,20 @@
1
1
  # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
+ ## 1.2.1 - 2025-01-18
5
+
6
+ ### Added
7
+ - Use jwt v2.9.2's public claims verification API - https://github.com/zquestz/omniauth-google-oauth2/pull/465
8
+
9
+ ### Deprecated
10
+ - Nothing.
11
+
12
+ ### Removed
13
+ - Support for jwt < 2.9.2.
14
+
15
+ ### Fixed
16
+ - Nothing.
17
+
4
18
  ## 1.2.0 - 2024-09-15
5
19
 
6
20
  ### Added
data/README.md CHANGED
@@ -196,7 +196,8 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
196
196
  flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
197
197
  sign_in_and_redirect @user, event: :authentication
198
198
  else
199
- session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
199
+ # Useful for debugging login failures. Uncomment for development.
200
+ # session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
200
201
  redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
201
202
  end
202
203
  end
data/examples/Gemfile CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  source 'https://rubygems.org'
4
4
 
5
- gem 'omniauth-google-oauth2', '~> 1.2.0'
5
+ gem 'omniauth-google-oauth2', path: '..'
6
6
  gem 'rubocop'
7
- gem 'sinatra', '~> 1.4'
7
+ gem 'sinatra'
8
8
  gem 'webrick'
data/lib/omniauth/google_oauth2/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OmniAuth
4
4
  module GoogleOauth2
5
- VERSION = '1.2.0'
5
+ VERSION = '1.2.1'
6
6
  end
7
7
  end
data/lib/omniauth/strategies/google_oauth2.rb CHANGED
@@ -76,17 +76,11 @@ module OmniAuth
76
76
 
77
77
  # We have to manually verify the claims because the third parameter to
78
78
  # JWT.decode is false since no verification key is provided.
79
- ::JWT::Claims.verify!(decoded,
80
- verify_iss: true,
81
- iss: ALLOWED_ISSUERS,
82
- verify_aud: true,
83
- aud: options.client_id,
84
- verify_sub: false,
85
- verify_expiration: true,
86
- verify_not_before: true,
87
- verify_iat: false,
88
- verify_jti: false,
89
- leeway: options[:jwt_leeway])
79
+ ::JWT::Claims.verify_payload!(decoded,
80
+ iss: ALLOWED_ISSUERS,
81
+ aud: options.client_id,
82
+ exp: { leeway: options.jwt_leeway },
83
+ nbf: { leeway: options.jwt_leeway })
90
84
 
91
85
  hash[:id_info] = decoded
92
86
  end
data/omniauth-google-oauth2.gemspec CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |gem|
20
20
 
21
21
  gem.required_ruby_version = '>= 2.5'
22
22
 
23
- gem.add_runtime_dependency 'jwt', '>= 2.9'
23
+ gem.add_runtime_dependency 'jwt', '>= 2.9.2'
24
24
  gem.add_runtime_dependency 'oauth2', '~> 2.0'
25
25
  gem.add_runtime_dependency 'omniauth', '~> 2.0'
26
26
  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.8'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-google-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.0
4
+ version: 1.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Ellithorpe
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-09-16 00:00:00.000000000 Z
12
+ date: 2025-01-19 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: jwt
@@ -17,14 +17,14 @@ dependencies:
17
17
  requirements:
18
18
  - - ">="
19
19
  - !ruby/object:Gem::Version
20
- version: '2.9'
20
+ version: 2.9.2
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
25
  - - ">="
26
26
  - !ruby/object:Gem::Version
27
- version: '2.9'
27
+ version: 2.9.2
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: oauth2
30
30
  requirement: !ruby/object:Gem::Requirement
@@ -117,6 +117,7 @@ executables: []
117
117
  extensions: []
118
118
  extra_rdoc_files: []
119
119
  files:
120
+ - ".github/FUNDING.yml"
120
121
  - ".github/workflows/ci.yml"
121
122
  - ".gitignore"
122
123
  - ".rubocop.yml"