openid_connect 0.9.1 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
|
4
|
+
data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
|
7
|
+
data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.9.
|
1
|
+
0.9.2
|
@@ -63,11 +63,10 @@ module OpenIDConnect
|
|
63
63
|
|
64
64
|
def decode_self_issued(jwt_string)
|
65
65
|
jwt = JSON::JWT.decode jwt_string, :skip_verification
|
66
|
-
jwk = jwt[:sub_jwk]
|
66
|
+
jwk = JSON::JWK.new jwt[:sub_jwk]
|
67
67
|
raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
|
68
|
-
raise InvalidToken.new('Invalid subject') unless jwt[:sub] ==
|
69
|
-
|
70
|
-
jwt = JSON::JWT.decode jwt_string, public_key
|
68
|
+
raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
|
69
|
+
jwt.verify! jwk
|
71
70
|
new jwt
|
72
71
|
end
|
73
72
|
|
@@ -75,23 +74,10 @@ module OpenIDConnect
|
|
75
74
|
attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
|
76
75
|
_attributes_ = {
|
77
76
|
iss: 'https://self-issued.me',
|
78
|
-
sub:
|
77
|
+
sub: JSON::JWK.new(attributes[:sub_jwk]).thumbprint
|
79
78
|
}.merge(attributes)
|
80
79
|
new _attributes_
|
81
80
|
end
|
82
|
-
|
83
|
-
def self_issued_subject(jwk)
|
84
|
-
subject_base_string = case jwk[:kty].to_s
|
85
|
-
when 'RSA'
|
86
|
-
[jwk[:n], jwk[:e]].join
|
87
|
-
when 'EC'
|
88
|
-
raise NotImplementedError.new('Not Implemented Yet')
|
89
|
-
else
|
90
|
-
# Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
|
91
|
-
raise InvalidToken.new('Unknown Algorithm')
|
92
|
-
end
|
93
|
-
UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
|
94
|
-
end
|
95
81
|
end
|
96
82
|
end
|
97
83
|
end
|
data/openid_connect.gemspec
CHANGED
@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
|
|
18
18
|
s.add_runtime_dependency "activemodel"
|
19
19
|
s.add_runtime_dependency "validate_url"
|
20
20
|
s.add_runtime_dependency "validate_email"
|
21
|
-
s.add_runtime_dependency "json-jwt", ">= 1.
|
21
|
+
s.add_runtime_dependency "json-jwt", ">= 1.5.0"
|
22
22
|
s.add_runtime_dependency "swd", ">= 1.0.0"
|
23
23
|
s.add_runtime_dependency "webfinger", ">= 1.0.1"
|
24
24
|
s.add_runtime_dependency "rack-oauth2", ">= 1.2.1"
|
@@ -232,12 +232,12 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
232
232
|
its(key) { should == attributes[key] }
|
233
233
|
end
|
234
234
|
its(:exp) { should == attributes[:exp].to_i }
|
235
|
-
its(:raw_attributes) { should be_instance_of JSON::
|
235
|
+
its(:raw_attributes) { should be_instance_of JSON::JWS }
|
236
236
|
|
237
237
|
context 'when self-issued' do
|
238
238
|
context 'when valid' do
|
239
239
|
let(:self_issued) do
|
240
|
-
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.
|
240
|
+
'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiMmdDUWFLUmJkY0RaeUlDTE92ODJJR2EtdHBSVU52QW1ZN3BnZ3Z5NGdENCIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTQ0MjQ4Mjc4MiwiaWF0IjoxNDQxODc3OTgyLCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6IjN1RzNiSTV6MTFhM1hlOXUyZFVJNDBpcWZrVl9vTmFQVmNlalN4V3l0YnMybTZKMGMzNjJESlJQNGtyUl9TZjNtQXJ3Qjd6Qm5UWExkbW1tZW85VzloSDhsSnFGOUthMTY3dHBTQWJCajB1MjhyaTgwZFZ4NUxzblJTX19uUUd6Y3dNa2sxTTBERUx2X0FXbVYwU2JudDhJZEpSeFhwdG5xRE5tWXJ0cmItMkk0a1lwRHlwN2pvTXd0bDNXeGp2cnkwbENLNExqOU9SeXdod05zYUU2MHFsako5aHBGZV8wTmpmaThzaVBlMDRJSkFaUjl3NXo0TnAtQS1HbWdmeTNJTmNZVFYyQ25FekNSY29HSGl5OGduRzA1a015TnRtZTFVdV8xanBhdF9lcF9QUG9PWEJ6Q1NwbzB5QlRNSWhmdEJTQ3p2a2V1ZFdhNks2aW5LMkYxdyJ9fQ.wchF80oFxdjEcOEwPZ9TUlV6R96Vz8XK9MzednMOsZmEMnNSEqKKTyO0Mhp9lijJPZX8J7lTtAGkz4gfsjyoYBIHQOTf0qHRHSx9RTeC31whw1TJ9x5V6UXpKN0EW1EhjAEGIZ0EyFJ-cRTgVs0V7PT7e63JOUYyW6LqqHa4MV9SdK8BdnaN0D4-402Pf7yFqjneSHq3KZbXcgjUPT_hszsGvnn9qEyuIHQqON6YnDt55z5SvP_RfKtBfUe2VY-yglJT41LfhkIgpvjLYdYYRPh9G9ftJr17qht5RtHSNpTp4FPw7BR7rCnptb4xTxyq-sLu7qjSLRtqQ35Xpi_6qQ'
|
241
241
|
end
|
242
242
|
|
243
243
|
context 'when key == :self_issued' do
|
@@ -300,41 +300,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
|
|
300
300
|
end
|
301
301
|
its(:iss) { should == 'https://self-issued.me' }
|
302
302
|
its(:sub_jwk) { should == sub_jwk}
|
303
|
-
its(:subject) { should ==
|
304
|
-
end
|
305
|
-
|
306
|
-
describe '.self_issued_subject' do
|
307
|
-
context 'when RSA key given' do
|
308
|
-
let(:jwk) { JSON::JWK.new(public_key) }
|
309
|
-
it do
|
310
|
-
user_id = klass.self_issued_subject jwk
|
311
|
-
user_id.should == UrlSafeBase64.encode64(
|
312
|
-
OpenSSL::Digest::SHA256.digest([jwk[:n], jwk[:e]].join)
|
313
|
-
)
|
314
|
-
end
|
315
|
-
end
|
316
|
-
|
317
|
-
context 'when EC key given' do
|
318
|
-
let(:jwk) { JSON::JWK.new(ec_public_key) }
|
319
|
-
it do
|
320
|
-
expect do
|
321
|
-
klass.self_issued_subject jwk
|
322
|
-
end.to raise_error NotImplementedError
|
323
|
-
end
|
324
|
-
end
|
325
|
-
|
326
|
-
context 'when unknown algorithm JWK given' do
|
327
|
-
let(:jwk) do
|
328
|
-
{
|
329
|
-
alg: 'unknown'
|
330
|
-
}
|
331
|
-
end
|
332
|
-
|
333
|
-
it do
|
334
|
-
expect do
|
335
|
-
klass.self_issued_subject jwk
|
336
|
-
end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
|
337
|
-
end
|
338
|
-
end
|
303
|
+
its(:subject) { should == sub_jwk.thumbprint }
|
339
304
|
end
|
340
305
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: openid_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.9.
|
4
|
+
version: 0.9.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nov matake
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-09-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|
@@ -100,14 +100,14 @@ dependencies:
|
|
100
100
|
requirements:
|
101
101
|
- - ">="
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version: 1.
|
103
|
+
version: 1.5.0
|
104
104
|
type: :runtime
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
108
|
- - ">="
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version: 1.
|
110
|
+
version: 1.5.0
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: swd
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|