omniauth-nitro-id 1.1.1 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d597ab3b4ec465274903767494f7261a93cb09afb365618dd6681752ee8ba0c0
-  data.tar.gz: dbd6d14de7b47202b908d9fc67919832ad75d58c11ef971c3437b2c4c2ac9629
+  metadata.gz: 598ab656c80d449f084bd6b56d7daaf87ec9c16d6370c23722e2406c83822a96
+  data.tar.gz: 992cea65d60e09ae5d7870299cf10a0efff90570b81b72683efb410523ff8f0e
 SHA512:
-  metadata.gz: 82db598358577adbdaccc0346501e8fd00a0dd3e24e09591b9dc51eb1e8e2d9b75a575e3115604c0916ff27bc5aed46a98df08e83de9e15daa5de7cbc358e3ce
-  data.tar.gz: 5f0a78eeb7a3660ff3688b35d6324c9a0c4f39e2724084259b5ae41038299c56794b507fc585f307ef42386a71f67eca5723d3f013053b8522f58c900b499b0a
+  metadata.gz: f57196206bc8307d16a067d71af20cf1c9bc378727d0a238b76e6470bde1b3e6494cb7977e7ae1a314575e359175a4ef76452cf649c264a7d22b96d717c95617
+  data.tar.gz: 0e7e79bdf2e1242a01e0e58660ef27e18e0085b1a56919a4fec7d7f25a62e4ead9461d7f90d244e113144fe23092984c72e4e9173311cfba81b0859d9744ac08

data/.github/workflows/omniauth-nitro-id.yml

@@ -5,9 +5,8 @@ on:
 
 jobs:
   ruby:
-    uses: powerhome/power-tools/.github/workflows/_ruby-package.yml@main
+    uses: powerhome/power-tools/.github/workflows/_ruby-workflow.yml@main
     with:
       package: '${{ github.workflow }}'
       ruby: '["2.7", "3.0", "3.1"]'
-      rails: '["any"]'
     secrets: inherit

data/.gitignore

@@ -1,7 +1,6 @@
 /.bundle/
 /.DS_store
 /.yardoc
-/Gemfile.lock
 /_yardoc/
 /coverage/
 /pkg/

data/Gemfile.lock

@@ -0,0 +1,261 @@
+PATH
+  remote: .
+  specs:
+    omniauth-nitro-id (1.2.0)
+      faraday (= 2.7.10)
+      jwt (= 2.7.0)
+      omniauth-rails_csrf_protection (= 1.0.1)
+      omniauth_openid_connect (~> 0.4.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (7.0.6)
+      actionview (= 7.0.6)
+      activesupport (= 7.0.6)
+      rack (~> 2.0, >= 2.2.4)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (7.0.6)
+      activesupport (= 7.0.6)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activemodel (7.0.6)
+      activesupport (= 7.0.6)
+    activesupport (7.0.6)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.4)
+      public_suffix (>= 2.0.2, < 6.0)
+    aes_key_wrap (1.1.0)
+    ast (2.4.2)
+    attr_required (1.0.1)
+    bindata (2.4.15)
+    builder (3.2.4)
+    coderay (1.1.3)
+    concurrent-ruby (1.2.2)
+    crass (1.0.6)
+    date (3.3.3)
+    diff-lcs (1.5.0)
+    erubi (1.12.0)
+    faraday (2.7.10)
+      faraday-net_http (>= 2.0, < 3.1)
+      ruby2_keywords (>= 0.0.4)
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
+    faraday-net_http (3.0.2)
+    ffi (1.15.5)
+    formatador (1.1.0)
+    guard (2.18.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.13.0)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hashie (5.0.0)
+    httpclient (2.8.3)
+    i18n (1.14.1)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    json-jwt (1.16.3)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
+      faraday (~> 2.0)
+      faraday-follow_redirects
+    jwt (2.7.0)
+    license_finder (7.1.0)
+      bundler
+      rubyzip (>= 1, < 3)
+      thor (~> 1.2)
+      tomlrb (>= 1.3, < 2.1)
+      with_env (= 1.1.0)
+      xml-simple (~> 1.1.9)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    loofah (2.21.3)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    lumberjack (1.2.8)
+    mail (2.8.1)
+      mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
+    method_source (1.0.0)
+    mini_mime (1.1.2)
+    minitest (5.18.1)
+    nenv (0.3.0)
+    net-imap (0.3.6)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
+    nokogiri (1.15.3-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.15.3-x86_64-linux)
+      racc (~> 1.4)
+    notiffany (0.1.3)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    omniauth (2.1.1)
+      hashie (>= 3.4.6)
+      rack (>= 2.2.3)
+      rack-protection
+    omniauth-rails_csrf_protection (1.0.1)
+      actionpack (>= 4.2)
+      omniauth (~> 2.0)
+    omniauth_openid_connect (0.4.0)
+      addressable (~> 2.5)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 1.1)
+    openid_connect (1.4.2)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.15.0)
+      net-smtp
+      rack-oauth2 (~> 1.21)
+      swd (~> 1.3)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (~> 1.2)
+    parallel (1.23.0)
+    parser (3.2.2.3)
+      ast (~> 2.4.1)
+      racc
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.3)
+    racc (1.7.1)
+    rack (2.2.7)
+    rack-oauth2 (1.21.3)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
+    rack-protection (3.0.6)
+      rack
+    rack-test (2.1.0)
+      rack (>= 1.3)
+    rails-dom-testing (2.1.1)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.0)
+      loofah (~> 2.21)
+      nokogiri (~> 1.14)
+    rainbow (3.1.1)
+    rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
+    regexp_parser (2.8.1)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.1)
+    rubocop (1.31.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.29.0)
+      parser (>= 3.2.1.0)
+    rubocop-performance (1.18.0)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    rubocop-powerhome (0.5.0)
+      rubocop
+      rubocop-performance
+      rubocop-rails
+      rubocop-rake
+      rubocop-rspec
+    rubocop-rails (2.15.2)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.7.0, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (2.12.1)
+      rubocop (~> 1.31)
+    ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
+    rubyzip (2.3.2)
+    shellany (0.0.1)
+    swd (1.3.0)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
+    thor (1.2.2)
+    timeout (0.4.0)
+    tomlrb (2.0.3)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.15)
+      activemodel (>= 3.0.0)
+      public_suffix
+    webfinger (1.2.0)
+      activesupport
+      httpclient (>= 2.4)
+    with_env (1.1.0)
+    xml-simple (1.1.9)
+      rexml
+
+PLATFORMS
+  arm64-darwin-22
+  x86_64-linux
+
+DEPENDENCIES
+  bundler
+  guard-rspec
+  license_finder (>= 7.0)
+  net-smtp
+  omniauth-nitro-id!
+  pry
+  rake (= 13.0.6)
+  rspec (= 3.11.0)
+  rubocop (= 1.31.1)
+  rubocop-powerhome (>= 0.4.1)
+
+BUNDLED WITH
+   2.4.17

data/docs/CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.2.0] - 2023-07-24
+
+### Added
+
+* Add `decode_logout_token` method. PR [#13](https://github.com/powerhome/omniauth-nitro-id/pull/13)
+
 ## [1.1.1] - 2023-03-06
 
 ### Added
@@ -25,7 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 * Initial release
 
-[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.1.1...HEAD
+[Unreleased]: https://github.com/powerhome/omniauth-nitro-id/compare/v1.2.0...HEAD
+[1.2.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.2.0
 [1.1.1]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.1
 [1.1.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.1.0
 [1.0.0]: https://github.com/powerhome/omniauth-nitro-id/releases/tag/v1.0.0

data/docs/README.md

@@ -31,4 +31,13 @@ config.omniauth :nitro_id, {
 }
 ```
 
+Decoding NitroID's RSA256-encoded logout token
+```ruby
+token = params[:logout_token]
+# eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpoeWRyYS5vcGVuaWQuaWQtdG9rZW4iLCJ0eXAiOiJK...
+
+OmniAuth::Strategies::NitroId.decode_logout_token(token)
+# [{"aud"=>["196da0d5-adc6-4454-98f2-3cabae04855c"], "events"=>{"http://schemas.openid.net/event/backchannel-logout"=>{}}, "iat"=>1688672696, "iss"=>"https://id.powerhrg.com/" ...
+```
+
 Check out Power's [example Rails app](https://github.com/powerhome/example-rails-app) for details on how to use this gem with Devise.

data/lib/omniauth/nitro_id/version.rb

@@ -2,6 +2,6 @@
 
 module OmniAuth
   module NitroId
-    VERSION = "1.1.1"
+    VERSION = "1.2.0"
   end
 end

data/lib/omniauth/strategies/base_strategy.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "jwt"
+
 require "omniauth_openid_connect"
 require_relative "../../extensions/discovery"
 
@@ -16,6 +18,20 @@ module OmniAuth
                         end
       end
 
+      def self.decode_logout_token(token)
+        jwks = fetch_jwks
+        jwks.filter! { |key| key[:use] == "sig" }
+        algorithms = jwks.filter_map { |key| key[:alg] }.uniq
+        JWT.decode(token, nil, true, algorithms: algorithms, jwks: jwks)
+      end
+
+      def self.fetch_jwks
+        conn = Faraday.new(url: default_options[:issuer]) { |faraday| faraday.response :raise_error }
+        response = conn.get(".well-known/jwks.json")
+        jwks = JSON.parse(response.body)
+        JWT::JWK::Set.new(jwks)
+      end
+
     private
 
       def fetch_key

data/omniauth-nitro-id.gemspec

@@ -17,6 +17,8 @@ Gem::Specification.new do |spec|
   spec.executables   = []
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "faraday", "2.7.10"
+  spec.add_dependency "jwt", "2.7.0"
   spec.add_dependency "omniauth_openid_connect", "~> 0.4.0"
   spec.add_dependency "omniauth-rails_csrf_protection", "1.0.1"
 

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-nitro-id
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.2.0
 platform: ruby
 authors:
 - Stephen Greer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-06 00:00:00.000000000 Z
+date: 2023-07-24 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.10
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.10
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.7.0
 - !ruby/object:Gem::Dependency
   name: omniauth_openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -177,6 +205,7 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - Gemfile
+- Gemfile.lock
 - Guardfile
 - LICENSE.txt
 - Rakefile