omniauth-jwt 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b3551ff660ec977a58e338979ab86ca32ed4a2f6
4
+ data.tar.gz: 37ba6b94e3f82189a64259adf4142f95d3b5798d
5
+ SHA512:
6
+ metadata.gz: 42b586ec5c268f2f07ffb887a95b2e7a8aae4f326821d17cbc30170e42bc9051be310f7f9a57873bdc420c573a798db61f8b39a423daf59e63b2182482323dda
7
+ data.tar.gz: cb0d96261106ba6dd0475bc06cc609485be77a4c89e33e7337b8fecdf975d52b91cfa514258e87ddf9d92f184f8366d46662c8d015c827af78e003e07d5a14dd
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --color
2
+ --format progress
data/.travis.yml ADDED
@@ -0,0 +1,6 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.0.0
4
+ - 1.9.3
5
+ - jruby-19mode
6
+ - rbx-19mode
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in omniauth-jwt.gemspec
4
+ gemspec
data/Guardfile ADDED
@@ -0,0 +1,8 @@
1
+ # A sample Guardfile
2
+ # More info at https://github.com/guard/guard#readme
3
+
4
+ guard :rspec do
5
+ watch(%r{^spec/.+_spec\.rb$})
6
+ watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
7
+ watch('spec/spec_helper.rb') { "spec" }
8
+ end
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Michael Bleigh
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,85 @@
1
+ # OmniAuth::JWT
2
+
3
+ [![Build Status](https://travis-ci.org/mbleigh/omniauth-jwt.png)](https://travis-ci.org/mbleigh/omniauth-jwt)
4
+
5
+ [JSON Web Token](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) (JWT) is a simple
6
+ way to send verified information between two parties online. This can be useful as a mechanism for
7
+ providing Single Sign-On (SSO) to an application by allowing an authentication server to send a validated
8
+ claim and log the user in. This is how [Zendesk does SSO](https://support.zendesk.com/entries/23675367-Setting-up-single-sign-on-with-JWT-JSON-Web-Token-),
9
+ for example.
10
+
11
+ OmniAuth::JWT provides a clean, simple wrapper on top of JWT so that you can easily implement this kind
12
+ of SSO either between your own applications or allow third parties to delegate authentication.
13
+
14
+ ## Installation
15
+
16
+ Add this line to your application's Gemfile:
17
+
18
+ gem 'omniauth-jwt'
19
+
20
+ And then execute:
21
+
22
+ $ bundle
23
+
24
+ Or install it yourself as:
25
+
26
+ $ gem install omniauth-jwt
27
+
28
+ ## Usage
29
+
30
+ You use OmniAuth::JWT just like you do any other OmniAuth strategy:
31
+
32
+ ```ruby
33
+ use OmniAuth::JWT, 'SHAREDSECRET', auth_url: 'http://example.com/login'
34
+ ```
35
+
36
+ The first parameter is the shared secret that will be used by the external authenticator to verify
37
+ that. You must also specify the `auth_url` option to tell the strategy where to redirect to log
38
+ in. Other available options are:
39
+
40
+ * **algorithm:** the algorithm to use to decode the JWT token. This is `HS256` by default but can
41
+ be set to anything supported by [ruby-jwt](https://github.com/progrium/ruby-jwt)
42
+ * **uid_key:** this determines which claim will be used to uniquely identify the user. Defaults
43
+ to `email`
44
+ * **required_claims:** array of claims that are required to make this a valid authentication call.
45
+ Defaults to `['name', 'email']`
46
+ * **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
47
+ to the same in the info hash.
48
+ * **valid_within:** integer of how many seconds of time skew you will allow. Defaults to `nil`. If this
49
+ is set, the `iat` claim becomes required and must be within the specified number of seconds of the
50
+ current time. This helps to prevent replay attacks.
51
+
52
+ ### Authentication Process
53
+
54
+ When you authenticate through `omniauth-jwt` you can send users to `/auth/jwt` and it will redirect
55
+ them to the URL specified in the `auth_url` option. From there, the provider must generate a JWT
56
+ and send it to the `/auth/jwt/callback` URL as a "jwt" parameter:
57
+
58
+ /auth/jwt/callback?jwt=ENCODEDJWTGOESHERE
59
+
60
+ An example of how to do that in Sinatra:
61
+
62
+ ```ruby
63
+ require 'jwt'
64
+
65
+ get '/login/sso/other-app' do
66
+ # assuming the user is already logged in and this is available as current_user
67
+ claims = {
68
+ id: current_user.id,
69
+ name: current_user.name,
70
+ email: current_user.email,
71
+ iat: Time.now.to_i
72
+ }
73
+
74
+ payload = JWT.encode(claims, ENV['SSO_SECRET'])
75
+ redirect "http://other-app.com/auth/jwt/callback?jwt=#{payload}"
76
+ end
77
+ ```
78
+
79
+ ## Contributing
80
+
81
+ 1. Fork it
82
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
83
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
84
+ 4. Push to the branch (`git push origin my-new-feature`)
85
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new
5
+
6
+ task :default => :spec
@@ -0,0 +1,2 @@
1
+ require "omniauth/jwt/version"
2
+ require "omniauth/strategies/jwt"
@@ -0,0 +1,5 @@
1
+ module Omniauth
2
+ module JWT
3
+ VERSION = "0.0.1"
4
+ end
5
+ end
@@ -0,0 +1,57 @@
1
+ require 'omniauth'
2
+ require 'jwt'
3
+
4
+ module OmniAuth
5
+ module Strategies
6
+ class JWT
7
+ class ClaimInvalid < StandardError; end
8
+
9
+ include OmniAuth::Strategy
10
+
11
+ args [:secret]
12
+
13
+ option :secret, nil
14
+ option :algorithm, 'HS256'
15
+ option :uid_key, 'email'
16
+ option :required_claims, %w(name email)
17
+ option :info_map, {"name" => "name", "email" => "email"}
18
+ option :auth_url, nil
19
+ option :valid_within, nil
20
+
21
+ def request_phase
22
+ redirect options.auth_url
23
+ end
24
+
25
+ def decoded
26
+ @decoded ||= ::JWT.decode(request.params['jwt'], options.secret, options.algorithm)
27
+ (options.required_claims || []).each do |field|
28
+ raise ClaimInvalid.new("Missing required '#{field}' claim.") if !@decoded.key?(field.to_s)
29
+ end
30
+ raise ClaimInvalid.new("Missing required 'iat' claim.") if options.valid_within && !@decoded["iat"]
31
+ raise ClaimInvalid.new("'iat' timestamp claim is too skewed from present.") if options.valid_within && (Time.now.to_i - @decoded["iat"]).abs > options.valid_within
32
+ @decoded
33
+ end
34
+
35
+ def callback_phase
36
+ super
37
+ rescue ClaimInvalid => e
38
+ fail! :claim_invalid, e
39
+ end
40
+
41
+ uid{ decoded[options.uid_field] }
42
+
43
+ extra do
44
+ {:raw_info => decoded}
45
+ end
46
+
47
+ info do
48
+ options.info_map.inject({}) do |h,(k,v)|
49
+ h[k.to_s] = decoded[v.to_s]
50
+ h
51
+ end
52
+ end
53
+ end
54
+
55
+ class Jwt < JWT; end
56
+ end
57
+ end
@@ -0,0 +1,30 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'omniauth/jwt/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "omniauth-jwt"
8
+ spec.version = Omniauth::JWT::VERSION
9
+ spec.authors = ["Michael Bleigh"]
10
+ spec.email = ["mbleigh@mbleigh.com"]
11
+ spec.description = %q{An OmniAuth strategy to accept JWT-based single sign-on.}
12
+ spec.summary = %q{An OmniAuth strategy to accept JWT-based single sign-on.}
13
+ spec.homepage = "http://github.com/mbleigh/omniauth-jwt"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.3"
22
+ spec.add_development_dependency "rake"
23
+ spec.add_development_dependency "rspec"
24
+ spec.add_development_dependency "guard"
25
+ spec.add_development_dependency "guard-rspec"
26
+ spec.add_development_dependency "rack-test"
27
+
28
+ spec.add_dependency "jwt"
29
+ spec.add_dependency "omniauth", "~> 1.1"
30
+ end
@@ -0,0 +1,59 @@
1
+ require 'spec_helper'
2
+
3
+ describe OmniAuth::Strategies::JWT do
4
+ let(:response_json){ MultiJson.load(last_response.body) }
5
+ let(:args){ ['imasecret', {auth_url: 'http://example.com/login'}] }
6
+
7
+ let(:app){
8
+ the_args = args
9
+ Rack::Builder.new do |b|
10
+ b.use Rack::Session::Cookie, secret: 'sekrit'
11
+ b.use OmniAuth::Strategies::JWT, *the_args
12
+ b.run lambda{|env| [200, {}, [(env['omniauth.auth'] || {}).to_json]]}
13
+ end
14
+ }
15
+
16
+ context 'request phase' do
17
+ it 'should redirect to the configured login url' do
18
+ get '/auth/jwt'
19
+ expect(last_response.status).to eq(302)
20
+ expect(last_response.headers['Location']).to eq('http://example.com/login')
21
+ end
22
+ end
23
+
24
+ context 'callback phase' do
25
+ it 'should decode the response' do
26
+ encoded = JWT.encode({name: 'Bob', email: 'steve@example.com'}, 'imasecret')
27
+ get '/auth/jwt/callback?jwt=' + encoded
28
+ expect(response_json["info"]["email"]).to eq("steve@example.com")
29
+ end
30
+
31
+ it 'should not work without required fields' do
32
+ encoded = JWT.encode({name: 'Steve'}, 'imasecret')
33
+ get '/auth/jwt/callback?jwt=' + encoded
34
+ expect(last_response.status).to eq(302)
35
+ end
36
+
37
+ context 'with a :valid_within option set' do
38
+ let(:args){ ['imasecret', {auth_url: 'http://example.com/login', valid_within: 300}] }
39
+
40
+ it 'should work if the iat key is within the time window' do
41
+ encoded = JWT.encode({name: 'Ted', email: 'ted@example.com', iat: Time.now.to_i}, 'imasecret')
42
+ get '/auth/jwt/callback?jwt=' + encoded
43
+ expect(last_response.status).to eq(200)
44
+ end
45
+
46
+ it 'should not work if the iat key is outside the time window' do
47
+ encoded = JWT.encode({name: 'Ted', email: 'ted@example.com', iat: Time.now.to_i + 500}, 'imasecret')
48
+ get '/auth/jwt/callback?jwt=' + encoded
49
+ expect(last_response.status).to eq(302)
50
+ end
51
+
52
+ it 'should not work if the iat key is missing' do
53
+ encoded = JWT.encode({name: 'Ted', email: 'ted@example.com'}, 'imasecret')
54
+ get '/auth/jwt/callback?jwt=' + encoded
55
+ expect(last_response.status).to eq(302)
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,24 @@
1
+ $:.unshift File.dirname(__FILE__) + "/../lib"
2
+ require 'rack/test'
3
+
4
+ require 'omniauth/jwt'
5
+ OmniAuth.config.logger = Logger.new('/dev/null')
6
+ # This file was generated by the `rspec --init` command. Conventionally, all
7
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
8
+ # Require this file using `require "spec_helper"` to ensure that it is only
9
+ # loaded once.
10
+ #
11
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
12
+ RSpec.configure do |config|
13
+ config.treat_symbols_as_metadata_keys_with_true_values = true
14
+ config.run_all_when_everything_filtered = true
15
+ config.filter_run :focus
16
+
17
+ include Rack::Test::Methods
18
+
19
+ # Run specs in random order to surface order dependencies. If you find an
20
+ # order dependency and want to debug it, you can fix the order by providing
21
+ # the seed, which is printed after each run.
22
+ # --seed 1234
23
+ config.order = 'random'
24
+ end
metadata ADDED
@@ -0,0 +1,172 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: omniauth-jwt
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Michael Bleigh
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2013-10-18 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ~>
18
+ - !ruby/object:Gem::Version
19
+ version: '1.3'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ~>
25
+ - !ruby/object:Gem::Version
26
+ version: '1.3'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - '>='
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - '>='
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '>='
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: guard
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '>='
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: guard-rspec
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - '>='
74
+ - !ruby/object:Gem::Version
75
+ version: '0'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: rack-test
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - '>='
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '>='
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: jwt
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - '>='
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - '>='
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: omniauth
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ~>
116
+ - !ruby/object:Gem::Version
117
+ version: '1.1'
118
+ type: :runtime
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ~>
123
+ - !ruby/object:Gem::Version
124
+ version: '1.1'
125
+ description: An OmniAuth strategy to accept JWT-based single sign-on.
126
+ email:
127
+ - mbleigh@mbleigh.com
128
+ executables: []
129
+ extensions: []
130
+ extra_rdoc_files: []
131
+ files:
132
+ - .gitignore
133
+ - .rspec
134
+ - .travis.yml
135
+ - Gemfile
136
+ - Guardfile
137
+ - LICENSE.txt
138
+ - README.md
139
+ - Rakefile
140
+ - lib/omniauth/jwt.rb
141
+ - lib/omniauth/jwt/version.rb
142
+ - lib/omniauth/strategies/jwt.rb
143
+ - omniauth-jwt.gemspec
144
+ - spec/lib/omniauth/strategies/jwt_spec.rb
145
+ - spec/spec_helper.rb
146
+ homepage: http://github.com/mbleigh/omniauth-jwt
147
+ licenses:
148
+ - MIT
149
+ metadata: {}
150
+ post_install_message:
151
+ rdoc_options: []
152
+ require_paths:
153
+ - lib
154
+ required_ruby_version: !ruby/object:Gem::Requirement
155
+ requirements:
156
+ - - '>='
157
+ - !ruby/object:Gem::Version
158
+ version: '0'
159
+ required_rubygems_version: !ruby/object:Gem::Requirement
160
+ requirements:
161
+ - - '>='
162
+ - !ruby/object:Gem::Version
163
+ version: '0'
164
+ requirements: []
165
+ rubyforge_project:
166
+ rubygems_version: 2.0.3
167
+ signing_key:
168
+ specification_version: 4
169
+ summary: An OmniAuth strategy to accept JWT-based single sign-on.
170
+ test_files:
171
+ - spec/lib/omniauth/strategies/jwt_spec.rb
172
+ - spec/spec_helper.rb