openid_connect 0.9.1 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d1fc4cbeb17d2ecdfaf458baa1224cbbc9fc6ba
-  data.tar.gz: ab5dde2730ff6f27368749cb1a70a4e8a4cbd9ce
+  metadata.gz: 0c8f7a65bb459955b2c3b48c95136b767d2299db
+  data.tar.gz: b425f0dd8c76e63749920ab0079a3ba60218721b
 SHA512:
-  metadata.gz: b0f75a52f9582a982f00626d3e1505b5865918fe934d2c92880d850b225c3ad01281e2202136d344bcddaacfb692a392d3aa7c084191973c4435ce23be09c062
-  data.tar.gz: e8f48acf61ddefa1c79230bb771005ae6a3e3c6d092ee5e2ab72a4fd25ff8158ff7ac9aa183dc3e6d477c0d13b84a8272d3fd478775a8ba6099d3e9bf6782eff
+  metadata.gz: 8fe38d6c1f68b1c0d1b15762ea42c9c3dffb17334490766d088e31c3c1ff1b98915bbe56d4884f146b3d2ec1565f622155e7d47bea199a5b3f484640b031a42c
+  data.tar.gz: c07ffac0ba172baa94dbf46efb4bfcb921ec29fc541ce0385aca6494e34601de05ad789943f1144fd6ed2f07ac23fe691a346b798e93d3f1f24181f412c9c683

data/VERSION

@@ -1 +1 @@
-0.9.1
+0.9.2

data/lib/openid_connect/discovery/provider/config/response.rb

@@ -84,9 +84,7 @@ module OpenIDConnect
           end
 
           def public_keys
-            @public_keys ||= jwks.collect do |jwk|
-              JSON::JWK.decode jwk
-            end
+            @public_keys ||= jwks.collect(&:to_key)
           end
         end
       end

data/lib/openid_connect/response_object/id_token.rb

@@ -63,11 +63,10 @@ module OpenIDConnect
 
         def decode_self_issued(jwt_string)
           jwt = JSON::JWT.decode jwt_string, :skip_verification
-          jwk = jwt[:sub_jwk]
+          jwk = JSON::JWK.new jwt[:sub_jwk]
           raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
-          raise InvalidToken.new('Invalid subject') unless jwt[:sub] == self_issued_subject(jwk)
-          public_key = JSON::JWK.decode jwk
-          jwt = JSON::JWT.decode jwt_string, public_key
+          raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
+          jwt.verify! jwk
           new jwt
         end
 
@@ -75,23 +74,10 @@ module OpenIDConnect
           attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
           _attributes_ = {
             iss: 'https://self-issued.me',
-            sub: self_issued_subject(attributes[:sub_jwk])
+            sub: JSON::JWK.new(attributes[:sub_jwk]).thumbprint
           }.merge(attributes)
           new _attributes_
         end
-
-        def self_issued_subject(jwk)
-          subject_base_string = case jwk[:kty].to_s
-          when 'RSA'
-            [jwk[:n], jwk[:e]].join
-          when 'EC'
-            raise NotImplementedError.new('Not Implemented Yet')
-          else
-            # Shouldn't reach here. All unknown algorithm error should occurs when decoding JWK
-            raise InvalidToken.new('Unknown Algorithm')
-          end
-          UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
-        end
       end
     end
   end

data/openid_connect.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "activemodel"
   s.add_runtime_dependency "validate_url"
   s.add_runtime_dependency "validate_email"
-  s.add_runtime_dependency "json-jwt", ">= 1.3.1"
+  s.add_runtime_dependency "json-jwt", ">= 1.5.0"
   s.add_runtime_dependency "swd", ">= 1.0.0"
   s.add_runtime_dependency "webfinger", ">= 1.0.1"
   s.add_runtime_dependency "rack-oauth2", ">= 1.2.1"

data/spec/openid_connect/response_object/id_token_spec.rb

@@ -232,12 +232,12 @@ describe OpenIDConnect::ResponseObject::IdToken do
       its(key) { should == attributes[key] }
     end
     its(:exp) { should == attributes[:exp].to_i }
-    its(:raw_attributes) { should be_instance_of JSON::JWT }
+    its(:raw_attributes) { should be_instance_of JSON::JWS }
 
     context 'when self-issued' do
       context 'when valid' do
         let(:self_issued) do
-          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiOWp1WGpObmFmbUhhdXF5TGNMRXZ2eGkweEZNMlZXZWtEQVhTUTZkMEFfYyIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTM3MzExNTU5OSwiaWF0IjoxMzcyNTEwNzk5LCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6InR1V1VKWUlEeTh3SVBnSnhicDNxbkVlaUVyWTk5bTY2N1lqc0JNelYzYUV1WlJobDJhVE81aFpGTXZ0eHljUi1jS3ZiV25Balg2bjgtRlFhb2Z4R1Qyb21NYTZjcTN6S2hjQ2N6dl81UElwVkJEQkpmMDN3YUIzU1h0R2ZtVDdBMklYUHdSSER4Tjllc0s1dWxzT0MtZl9IOXM4N3Z0U0RYVUhLZDVxS0JaNzhfc0I4eG10UFk0OGVmRVRXNnVDZHBnSy11U1hsYVJKbnN3YXRfdlIyRHJCWjZiOUJfQ0dYWHYxS1JRX1dDUmxoR2RNX294dFNMWHZGai00MlNFSnU5RHB3UzhjRUhKRTFHeU8xSmM2V1dfSTJZMXR5ZUs1Zm1RREpHZklpcUJvWkdBRFg1RUpjYm1aMmtWU2gxaXB0c2dZRUk0c2U0MW15LTdaUGZlZkQ4USJ9fQ.Gy31NnvCUSnS-cZuC4kQqR-DHcvZ0b8y7sNnp-2oCpXoHydGkVoVLsGXesUz6KB7RSB2cjoBySz0_k4eI_Trg7pR94zHCPf4U76mnCujGj7x09O3THlwiyYE3-V2ejhfAEhAXkzQNFu57HbWtvHVGP8SHnNs5NUY2YqJvchQ2uCrWYU4OyHdEnMQXbAdZcj2ltNIHREXtZTOxZhJ5fYUIbynBC27lxETI0LTHfHAzSwzKuFpM0zE99Uhrt7v17Us8gAGlUZIC-A3x2Och_8ryBCJaugROagSv3FoS-LvzaciEu5VLbi3EB9sFP4et_12ZSjFWNEAw5VeSBzF1l0kBQ'
+          'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL3NlbGYtaXNzdWVkLm1lIiwic3ViIjoiMmdDUWFLUmJkY0RaeUlDTE92ODJJR2EtdHBSVU52QW1ZN3BnZ3Z5NGdENCIsImF1ZCI6ImNsaWVudC5leGFtcGxlLmNvbSIsImV4cCI6MTQ0MjQ4Mjc4MiwiaWF0IjoxNDQxODc3OTgyLCJzdWJfandrIjp7Imt0eSI6IlJTQSIsImUiOiJBUUFCIiwibiI6IjN1RzNiSTV6MTFhM1hlOXUyZFVJNDBpcWZrVl9vTmFQVmNlalN4V3l0YnMybTZKMGMzNjJESlJQNGtyUl9TZjNtQXJ3Qjd6Qm5UWExkbW1tZW85VzloSDhsSnFGOUthMTY3dHBTQWJCajB1MjhyaTgwZFZ4NUxzblJTX19uUUd6Y3dNa2sxTTBERUx2X0FXbVYwU2JudDhJZEpSeFhwdG5xRE5tWXJ0cmItMkk0a1lwRHlwN2pvTXd0bDNXeGp2cnkwbENLNExqOU9SeXdod05zYUU2MHFsako5aHBGZV8wTmpmaThzaVBlMDRJSkFaUjl3NXo0TnAtQS1HbWdmeTNJTmNZVFYyQ25FekNSY29HSGl5OGduRzA1a015TnRtZTFVdV8xanBhdF9lcF9QUG9PWEJ6Q1NwbzB5QlRNSWhmdEJTQ3p2a2V1ZFdhNks2aW5LMkYxdyJ9fQ.wchF80oFxdjEcOEwPZ9TUlV6R96Vz8XK9MzednMOsZmEMnNSEqKKTyO0Mhp9lijJPZX8J7lTtAGkz4gfsjyoYBIHQOTf0qHRHSx9RTeC31whw1TJ9x5V6UXpKN0EW1EhjAEGIZ0EyFJ-cRTgVs0V7PT7e63JOUYyW6LqqHa4MV9SdK8BdnaN0D4-402Pf7yFqjneSHq3KZbXcgjUPT_hszsGvnn9qEyuIHQqON6YnDt55z5SvP_RfKtBfUe2VY-yglJT41LfhkIgpvjLYdYYRPh9G9ftJr17qht5RtHSNpTp4FPw7BR7rCnptb4xTxyq-sLu7qjSLRtqQ35Xpi_6qQ'
         end
 
         context 'when key == :self_issued' do
@@ -300,41 +300,6 @@ describe OpenIDConnect::ResponseObject::IdToken do
     end
     its(:iss)     { should == 'https://self-issued.me' }
     its(:sub_jwk) { should == sub_jwk}
-    its(:subject) { should == OpenIDConnect::ResponseObject::IdToken.self_issued_subject(sub_jwk) }
-  end
-
-  describe '.self_issued_subject' do
-    context 'when RSA key given' do
-      let(:jwk) { JSON::JWK.new(public_key) }
-      it do
-        user_id = klass.self_issued_subject jwk
-        user_id.should == UrlSafeBase64.encode64(
-          OpenSSL::Digest::SHA256.digest([jwk[:n], jwk[:e]].join)
-        )
-      end
-    end
-
-    context 'when EC key given' do
-      let(:jwk) { JSON::JWK.new(ec_public_key) }
-      it do
-        expect do
-          klass.self_issued_subject jwk
-        end.to raise_error NotImplementedError
-      end
-    end
-
-    context 'when unknown algorithm JWK given' do
-      let(:jwk) do
-        {
-          alg: 'unknown'
-        }
-      end
-
-      it do
-        expect do
-          klass.self_issued_subject jwk
-        end.to raise_error OpenIDConnect::ResponseObject::IdToken::InvalidToken
-      end
-    end
+    its(:subject) { should == sub_jwk.thumbprint }
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openid_connect
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - nov matake
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-08-14 00:00:00.000000000 Z
+date: 2015-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -100,14 +100,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.3.1
+        version: 1.5.0
 - !ruby/object:Gem::Dependency
   name: swd
   requirement: !ruby/object:Gem::Requirement