omniauth-jwt2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 85ecb41b3dcf8d20cb6bb3229bfc0d4605356ff07a9d71885522683ecc4a5d05
+  data.tar.gz: 0460fdcc06eea2cba436b1fc04ae701bb91a13bdecc3818777c76f6df2eb00ab
+SHA512:
+  metadata.gz: 8d4355d90b9488207efe106bd6911cbd0f6c1cca54dc92aecde7ebee8aeed0fbf1f7a4154a3eca5d657a3865f166b90bd6b97f54662e1639115b89938f25bc8e
+  data.tar.gz: 708081766470208844bdb88647e797de49acc82d225ae15c8cd78148b47db8189afa3624a4a77c51a6e182c36b0d0f910557a15bcf1754be0e5a37c23c023f4c

data/.github/FUNDING.yml

@@ -0,0 +1,11 @@
+# These are supported funding model platforms
+
+github: [pboling] # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
+patreon: galtzo # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: pboling # Replace with a single Ko-fi username
+tidelift: rubygems/omniauth-jwt2 # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: pboling # Replace with a single Liberapay username
+issuehunt: pboling # Replace with a single IssueHunt username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

data/.github/dependabot.yml

@@ -0,0 +1,2 @@
+ignore:
+  - dependency-name: "rubocop-lts"

data/.github/workflows/ancient.yml

@@ -0,0 +1,53 @@
+name: Ancient Ruby Support
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Ruby ${{ matrix.ruby }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        rubygems:
+          - "2.7.11"
+        bundler:
+          - none
+        gemfile:
+          - ancient
+        ruby:
+          - "2.3.8"
+          - "2.2.10"
+    runs-on: ubuntu-20.04
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Ruby & Bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec

data/.github/workflows/ci.yml

@@ -0,0 +1,59 @@
+name: Omniauth JWT Tests
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    name: Ruby ${{ matrix.ruby }}
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        rubygems:
+          - latest
+        bundler:
+          - latest
+        gemfile:
+          - vanilla
+        ruby:
+          - "2.7"
+          - "3.0"
+          - "3.1"
+          - "3.2"
+        exclude:
+          # Vanilla + 3.2 is effectively run by coverage workflow
+          - gemfile: vanilla
+            ruby: "3.2"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Ruby & Bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+      - name: Tests
+        run: bundle exec rspec

data/.github/workflows/coverage.yml

@@ -0,0 +1,91 @@
+name: Code Coverage
+
+env:
+  K_SOUP_COV_MIN_BRANCH: 85
+  K_SOUP_COV_MIN_LINE: 87
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Specs with Coverage - Ruby ${{ matrix.ruby }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+      CI_CODECOV: true
+      COVER_ALL: true
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        rubygems:
+          - latest
+        bundler:
+          - latest
+        gemfile:
+          - coverage
+        ruby:
+          - "3.2"
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby & Bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+
+      - name: Run RSpec tests
+        run: |
+          bundle exec rspec
+
+      - name: Code Coverage Summary Report
+        uses: irongut/CodeCoverageSummary@v1.3.0
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          filename: ./coverage/coverage.xml
+          badge: true
+          fail_below_min: true
+          format: markdown
+          hide_branch_rate: false
+          hide_complexity: true
+          indicators: true
+          output: both
+          # https://github.com/irongut/CodeCoverageSummary#thresholds
+          thresholds: "75 85"
+        continue-on-error: ${{ matrix.experimental != 'false' }}
+
+      - name: Add Coverage PR Comment
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          recreate: true
+          path: code-coverage-results.md
+        continue-on-error: ${{ matrix.experimental != 'false' }}
+
+      - name: Coveralls
+        uses: coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+        continue-on-error: ${{ matrix.experimental != 'false' }}

data/.github/workflows/legacy.yml

@@ -0,0 +1,54 @@
+name: Legacy Ruby Support
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Ruby ${{ matrix.ruby }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        rubygems:
+          - "2.7.11"
+        bundler:
+          - none
+        gemfile:
+          - legacy
+        ruby:
+          - "2.6"
+          - "2.5"
+          - "2.4"
+    runs-on: ubuntu-20.04
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Ruby & Bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+      - name: Run tests
+        run: bundle exec rspec

data/.github/workflows/style.yml

@@ -0,0 +1,43 @@
+name: Code Style
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  rubocop:
+    name: RuboCop
+    strategy:
+      fail-fast: false
+      matrix:
+        experimental: [false]
+        rubygems:
+          - latest
+        bundler:
+          - latest
+        gemfile:
+          - style
+        ruby:
+          - "3.2"
+
+    runs-on: ubuntu-latest
+    env: # $BUNDLE_GEMFILE must be set at the job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Ruby & Bundle
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: true
+      - name: Run RuboCop Gradual
+        run: bundle exec rake rubocop_gradual:check

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+gemfiles/*.gemfile.lock

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.rubocop.yml

@@ -0,0 +1,2 @@
+inherit_gem:
+  rubocop-lts: config/rubygem_rspec.yml

data/.rubocop_gradual.lock

@@ -0,0 +1,39 @@
+{
+  "lib/omniauth/strategies/jwt.rb:543932255": [
+    [60, 9, 76, "Lint/RescueException: Avoid rescuing the `Exception` class. Perhaps you meant to rescue `StandardError`?", 967033479]
+  ],
+  "omniauth-jwt2.gemspec:998952283": [
+    [18, 16, 16, "Packaging/GemspecGit: Avoid using git to produce lists of files. Downstreams often need to build your package in an environment that does not have git (on purpose). Use some pure Ruby alternative, like `Dir` or `Dir.glob`.", 1973161220]
+  ],
+  "spec/lib/omniauth/strategies/jwt_spec.rb:2698313308": [
+    [3, 1, 34, "RSpec/FilePath: Spec path should end with `omni_auth/strategies/jwt*_spec.rb`.", 1935033905],
+    [3, 1, 34, "RSpec/SpecFilePathFormat: Spec path should end with `omni_auth/strategies/jwt*_spec.rb`.", 1935033905],
+    [12, 13, 25, "RSpec/DescribedClass: Use `described_class` instead of `OmniAuth::Strategies::JWT`.", 2234488924],
+    [19, 11, 15, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 391893083],
+    [20, 5, 42, "RSpec/MultipleExpectations: Example has too many expectations [2/1].", 4106660663],
+    [29, 11, 16, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1409468707],
+    [51, 7, 51, "RSpec/MultipleExpectations: Example has too many expectations [2/1].", 4149552871],
+    [51, 7, 531, "RSpec/ExampleLength: Example has too many lines. [6/5]", 2143440997],
+    [91, 3, 3512, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 2363831099],
+    [110, 7, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [111, 7, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [116, 9, 6, "RSpec/ExpectInHook: Do not use `expect` in `before` hook", 1179768986],
+    [116, 9, 20, "RSpec/StubbedMock: Prefer `allow` over `expect` when configuring a response.", 2951559342],
+    [116, 33, 7, "RSpec/MessageSpies: Prefer `have_received` for setting message expectations. Setup `rack_request` as a spy using `allow` or `instance_spy`.", 1384559950],
+    [130, 5, 56, "Performance/RedundantMerge: Use `algos[OpenSSL::PKey::EC] = %w[ES256 ES384 ES512]` instead of `algos.merge!(OpenSSL::PKey::EC => %w[ES256 ES384 ES512])`.", 2983772293],
+    [133, 9, 846, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3520352246],
+    [152, 22, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [160, 5, 310, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3501674141],
+    [160, 13, 28, "RSpec/ContextWording: Context description should match /^when\\b/, /^with\\b/, or /^without\\b/.", 1877551307],
+    [170, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [174, 5, 515, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 1246671601],
+    [185, 9, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [189, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [193, 5, 537, "RSpec/MultipleMemoizedHelpers: Example group has too many memoized helpers [10/5]", 3770030886],
+    [205, 9, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441],
+    [209, 18, 7, "RSpec/NamedSubject: Name your test subject if you need to reference it explicitly.", 1892732441]
+  ],
+  "spec/support/hash.rb:812296649": [
+    [2, 3, 110, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3570181400]
+  ]
+}

data/.simplecov

@@ -0,0 +1,2 @@
+require "kettle/soup/cover/config"
+SimpleCov.start # you could do this somewhere else, up to you, but you do have to do it

data/.tool-versions

@@ -0,0 +1 @@
+ruby 2.3.8

data/Gemfile

@@ -0,0 +1,17 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in omniauth-jwt.gemspec
+gemspec
+
+# Development dependencies that rely on Ruby version >=
+# Style
+eval_gemfile "gemfiles/contexts/style.gemfile"
+
+# Coverage
+eval_gemfile "gemfiles/contexts/coverage.gemfile"
+
+# Testing
+eval_gemfile "gemfiles/contexts/testing.gemfile"
+
+# Debug
+eval_gemfile "gemfiles/contexts/debug.gemfile"

data/Guardfile

@@ -0,0 +1,8 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard :rspec do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$}) { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch("spec/spec_helper.rb") { "spec" }
+end

data/LICENSE.txt

@@ -0,0 +1,23 @@
+Copyright (c) 2013 Michael Bleigh
+Copyright (c) 2023 Peter Boling of railsbling.com
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,125 @@
+# OmniAuth::JWT
+
+<div id="badges">
+
+[![Current][🚎ciwfi]][🚎ciwf] [![Coverage][🖐cowfi]][🖐cowf] [![Style][🧮swfi]][🧮swf]
+
+[![Legacy][🧮lwfi]][🧮lwf] [![Ancient][🧮awfi]][🧮awf]
+
+---
+
+[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay]
+<span class="badge-buymeacoffee">
+[![Sponsor Me][🖇sponsor-img]][🖇sponsor]
+<a href="https://ko-fi.com/O5O86SNP4" target='_blank' title="Donate to my FLOSS or refugee efforts at ko-fi.com"><img src="https://img.shields.io/badge/buy%20me%20coffee-donate-yellow.svg" alt="Buy Me Coffee donation button" /></a>
+</span>
+<span class="badge-patreon">
+<a href="https://patreon.com/galtzo" title="Donate to my FLOSS or refugee efforts using Patreon"><img src="https://img.shields.io/badge/patreon-donate-yellow.svg" alt="Patreon donate button" /></a>
+</span>
+
+</div>
+
+[🚎ciwf]: https://github.com/pboling/omniauth-jwt2/actions/workflows/ci.yml
+[🚎ciwfi]: https://github.com/pboling/omniauth-jwt2/actions/workflows/ci.yml/badge.svg
+[🖐cowf]: https://github.com/pboling/omniauth-jwt2/actions/workflows/coverage.yml
+[🖐cowfi]: https://github.com/pboling/omniauth-jwt2/actions/workflows/coverage.yml/badge.svg
+[🧮swf]: https://github.com/pboling/omniauth-jwt2/actions/workflows/style.yml
+[🧮swfi]: https://github.com/pboling/omniauth-jwt2/actions/workflows/style.yml/badge.svg
+[🧮lwf]: https://github.com/pboling/omniauth-jwt2/actions/workflows/legacy.yml
+[🧮lwfi]: https://github.com/pboling/omniauth-jwt2/actions/workflows/legacy.yml/badge.svg
+[🧮awf]: https://github.com/pboling/omniauth-jwt2/actions/workflows/ancient.yml
+[🧮awfi]: https://github.com/pboling/omniauth-jwt2/actions/workflows/ancient.yml/badge.svg
+
+[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+
+[JSON Web Token](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) (JWT) is a simple
+way to send verified information between two parties online. This can be useful as a mechanism for
+providing Single Sign-On (SSO) to an application by allowing an authentication server to send a validated
+claim and log the user in. This is how [Zendesk does SSO](https://support.zendesk.com/hc/en-us/articles/4408845838874-Enabling-JWT-JSON-Web-Token-single-sign-on),
+for example.
+
+OmniAuth::JWT provides a clean, simple wrapper on top of JWT so that you can easily implement this kind
+of SSO either between your own applications or allow third parties to delegate authentication.
+
+## History
+
+This library is a fork of the [original](https://github.com/mbleigh/omniauth-jwt)
+by Michael Bleigh which stopped development in 2013.
+It incorporates *all* of the fixes and features from the main forks by Aha, Discourse,
+and GitLab (which has been vendored inside GitLab, and isn't even in the fork network).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'omniauth-jwt2'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install omniauth-jwt2
+
+## Usage
+
+You use OmniAuth::JWT just like you do any other OmniAuth strategy:
+
+```ruby
+use OmniAuth::JWT, "SHAREDSECRET", auth_url: "http://example.com/login"
+```
+
+The first parameter is the shared secret that will be used by the external authenticator to verify
+that. You must also specify the `auth_url` option to tell the strategy where to redirect to log
+in. Other available options are:
+
+* **algorithm:** the algorithm to use to decode the JWT token. This is `HS256` by default but can
+  be set to anything supported by [ruby-jwt](https://github.com/progrium/ruby-jwt)
+* **uid_claim:** this determines which claim will be used to uniquely identify the user. Defaults
+  to `email`
+* **required_claims:** array of claims that are required to make this a valid authentication call.
+  Defaults to `['name', 'email']`
+* **info_map:** array mapping claim values to info hash values. Defaults to mapping `name` and `email`
+  to the same in the info hash.
+* **valid_within:** integer of how many seconds of time skew you will allow. Defaults to `nil`. If this
+  is set, the `iat` claim becomes required and must be within the specified number of seconds of the
+  current time. This helps to prevent replay attacks.
+
+### Authentication Process
+
+When you authenticate through `omniauth-jwt` you can send users to `/auth/jwt` and it will redirect
+them to the URL specified in the `auth_url` option. From there, the provider must generate a JWT
+and send it to the `/auth/jwt/callback` URL as a "jwt" parameter:
+
+    /auth/jwt/callback?jwt=ENCODEDJWTGOESHERE
+
+An example of how to do that in Sinatra:
+
+```ruby
+require "jwt"
+
+get "/login/sso/other-app" do
+  # assuming the user is already logged in and this is available as current_user
+  claims = {
+    id: current_user.id,
+    name: current_user.name,
+    email: current_user.email,
+    iat: Time.now.to_i,
+  }
+
+  payload = JWT.encode(claims, ENV["SSO_SECRET"])
+  redirect "http://other-app.com/auth/jwt/callback?jwt=#{payload}"
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,23 @@
+require "bundler/gem_tasks"
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+
+desc "alias test task to spec"
+task test: :spec
+
+begin
+  require "kettle-soup-cover"
+  Kettle::Soup::Cover.install_tasks
+rescue LoadError
+  # NOOP
+end
+
+begin
+  require "rubocop/lts"
+  Rubocop::Lts.install_tasks
+rescue LoadError
+  # NOOP
+end
+
+task default: :spec

data/gemfiles/ancient.gemfile

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+source "https://rubygems.org"
+
+# Gemfile is only for local development.
+# On CI we only need the gemspecs' dependencies (including development dependencies).
+# Exceptions, if any, will be found in gemfiles/*
+
+# Testing
+gem "rack", "~> 2.1.4.3"                      # ruby 2.2.2
+gem "json", "~> 2.5.1"                        # ruby 2.0
+
+# Debugging
+eval_gemfile "contexts/debug.gemfile"
+
+gemspec path: "../"
+
+gem "omniauth", "< 2"

data/gemfiles/contexts/coverage.gemfile

@@ -0,0 +1,2 @@
+# Coverage
+gem "kettle-soup-cover", "~> 1.0", ">= 1.0.2" # ruby 2.7

data/gemfiles/contexts/debug.gemfile

@@ -0,0 +1,6 @@
+# Ancient rubies do not have String#casecmp?
+debugging = ENV["CI"].nil? && ENV.fetch("DEBUG", "false")
+
+if debugging && debugging[/true/i]
+  gem "byebug"
+end

data/gemfiles/contexts/style.gemfile

@@ -0,0 +1,5 @@
+# Style
+gem "rubocop-lts", "~> 8.1", ">= 8.1.1"       # ruby 2.7 - Lint Support for Ruby 2.2+
+gem "rubocop-packaging", "~> 0.5", ">= 0.5.2" # ruby 2.6
+gem "rubocop-rspec", "~> 2.25"                # ruby 2.7
+gem "rspec-block_is_expected", "~> 1.0", ">= 1.0.5" # ruby 1.8.7

data/gemfiles/contexts/testing.gemfile

@@ -0,0 +1,8 @@
+# Testing
+gem "ed25519", "~> 1.3"                       # ruby 2.4
+gem "json", "~> 2.6", ">= 2.6.3"              # ruby 2.3
+gem "openssl", ">= 2.0"                       # ruby 2.3, v3.0 is >= 2.6, v3.2 is >= 2.7
+gem "openssl-signature_algorithm", "~> 1.3"   # ruby 2.4
+gem "rack", "~> 3.0", ">= 3.0.8"              # ruby 2.4
+gem "rack-session", "~> 2.0"                  # ruby 2.4
+gem "rspec-block_is_expected", "~> 1.0", ">= 1.0.5" # ruby 1.8.7