passageidentity 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CONTRIBUTING.md +6 -0
- data/lib/passageidentity/auth.rb +50 -7
- data/lib/passageidentity/client.rb +1 -17
- data/passageidentity.gemspec +1 -1
- data/tests/auth_test.rb +14 -0
- metadata +3 -7
- data/lib/passage/auth.rb +0 -35
- data/lib/passage/client.rb +0 -39
- data/lib/passage/request.rb +0 -32
- data/lib/passage/user.rb +0 -0
- data/lib/passage.rb +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d5dd45f9023ac4cd3eb005f4604f40229981aeca5c6da2ebd1eca685fcf54245
|
4
|
+
data.tar.gz: de14152791bbe75fb11de58d65cf72bab61f570bec22f93240f7a88c128d8eaa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d7184b5a3325f54c022a0ba63c622ad38670793eeb9c3cabadb0c28c4ee9b9675f63d302a93449f1d5eac43cecbbdf0bb82c0bbb1d06132caf3d3a99f552d3d1
|
7
|
+
data.tar.gz: 65e9721e3ca3049a758eb0287f5f379b7e27ee43397cb75592c2875194155a9d83d95c47244716d9de09d88fb6bb9ae33115d4f45649d6095adfb15c5b562942
|
data/CONTRIBUTING.md
CHANGED
@@ -50,16 +50,22 @@ gem push passage-0.0.0.gem
|
|
50
50
|
```
|
51
51
|
|
52
52
|
You can check for the gem here:
|
53
|
+
|
53
54
|
```
|
54
55
|
gem list -r passage
|
55
56
|
```
|
57
|
+
|
56
58
|
=======
|
57
59
|
gem push passageidentity-0.0.0.gem
|
60
|
+
|
58
61
|
```
|
59
62
|
|
60
63
|
You can check for the gem here:
|
61
64
|
|
62
65
|
```
|
66
|
+
|
63
67
|
gem list -r passageidentity
|
68
|
+
|
64
69
|
```
|
65
70
|
>>>>>>> 2d0e3f6dc3b40c621c8d16506fa6ab43b0fba673
|
71
|
+
```
|
data/lib/passageidentity/auth.rb
CHANGED
@@ -5,14 +5,47 @@ require_relative 'client'
|
|
5
5
|
|
6
6
|
module Passage
|
7
7
|
class Auth
|
8
|
-
|
8
|
+
@@app_cache = {}
|
9
|
+
def initialize(app_id, auth_strategy, connection)
|
9
10
|
@app_id = app_id
|
10
11
|
@auth_strategy = auth_strategy
|
11
|
-
@
|
12
|
+
@connection = connection
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
14
|
+
fetch_jwks
|
15
|
+
end
|
16
|
+
|
17
|
+
def fetch_app()
|
18
|
+
begin
|
19
|
+
response = @connection.get("/v1/apps/#{@app_id}")
|
20
|
+
return response.body['app']
|
21
|
+
rescue Faraday::Error => e
|
22
|
+
raise PassageError,
|
23
|
+
"failed to get Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def fetch_jwks()
|
28
|
+
if @@app_cache[@app_id]
|
29
|
+
@jwks, @auth_origin = @@app_cache[@app_id]
|
30
|
+
else
|
31
|
+
app = fetch_app
|
32
|
+
auth_gw_connection =
|
33
|
+
Faraday.new(url: 'https://auth.passage.id') do |f|
|
34
|
+
f.request :json
|
35
|
+
f.request :retry
|
36
|
+
f.response :raise_error
|
37
|
+
f.response :json
|
38
|
+
f.adapter :net_http
|
39
|
+
end
|
40
|
+
|
41
|
+
# fetch the public key if not in cache
|
42
|
+
app = fetch_app
|
43
|
+
@auth_origin = app['auth_origin']
|
44
|
+
response =
|
45
|
+
auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
|
46
|
+
@jwks = response.body
|
47
|
+
@@app_cache[@app_id] ||= [@jwks, @auth_origin]
|
48
|
+
end
|
16
49
|
end
|
17
50
|
|
18
51
|
def authenticate_request(request)
|
@@ -41,18 +74,28 @@ module Passage
|
|
41
74
|
end
|
42
75
|
|
43
76
|
def authenticate_token(token)
|
77
|
+
kid = JWT.decode(token, nil, false)[1]['kid']
|
78
|
+
exists = false
|
79
|
+
for jwk in @jwks['keys']
|
80
|
+
if jwk['kid'] == kid
|
81
|
+
exists = true
|
82
|
+
break
|
83
|
+
end
|
84
|
+
end
|
85
|
+
fetch_jwks unless exists
|
44
86
|
begin
|
45
87
|
claims =
|
46
88
|
JWT.decode(
|
47
89
|
token,
|
48
|
-
|
90
|
+
nil,
|
49
91
|
true,
|
50
92
|
{
|
51
93
|
iss: @app_id,
|
52
94
|
verify_iss: true,
|
53
95
|
aud: @auth_origin,
|
54
96
|
verify_aud: true,
|
55
|
-
algorithms: ['RS256']
|
97
|
+
algorithms: ['RS256'],
|
98
|
+
jwks: @jwks
|
56
99
|
}
|
57
100
|
)
|
58
101
|
return claims[0]['sub']
|
@@ -47,8 +47,6 @@ module Passage
|
|
47
47
|
PHONE_CHANNEL = 'phone'
|
48
48
|
|
49
49
|
class Client
|
50
|
-
@@app_cache = {}
|
51
|
-
|
52
50
|
attr_reader :auth
|
53
51
|
attr_reader :user
|
54
52
|
|
@@ -65,11 +63,9 @@ module Passage
|
|
65
63
|
|
66
64
|
# setup
|
67
65
|
get_connection
|
68
|
-
fetch_public_key(@connection)
|
69
66
|
|
70
67
|
# initialize auth class
|
71
|
-
@auth =
|
72
|
-
Passage::Auth.new(@app_id, @auth_strategy, @public_key, @auth_origin)
|
68
|
+
@auth = Passage::Auth.new(@app_id, @auth_strategy, @connection)
|
73
69
|
|
74
70
|
# initialize user class
|
75
71
|
@user = Passage::UserAPI.new(@connection, @app_id, @api_key)
|
@@ -102,18 +98,6 @@ module Passage
|
|
102
98
|
end
|
103
99
|
end
|
104
100
|
|
105
|
-
def fetch_public_key(conn)
|
106
|
-
if @@app_cache[@app_id]
|
107
|
-
@public_key, @auth_origin = @@app_cache[@app_id]
|
108
|
-
else
|
109
|
-
# fetch the public key if not in cache
|
110
|
-
response = conn.get("/v1/apps/#{@app_id}")
|
111
|
-
@public_key = response.body['app']['rsa_public_key']
|
112
|
-
@auth_origin = response.body['app']['auth_origin']
|
113
|
-
@@app_cache[@app_id] ||= [@public_key, @auth_origin]
|
114
|
-
end
|
115
|
-
end
|
116
|
-
|
117
101
|
def create_magic_link(
|
118
102
|
user_id: '',
|
119
103
|
email: '',
|
data/passageidentity.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'passageidentity'
|
3
|
-
s.version = '0.0.
|
3
|
+
s.version = '0.0.4'
|
4
4
|
s.summary = 'Passage SDK for biometric authentication'
|
5
5
|
s.description =
|
6
6
|
'Enables verification of server-side authentication and user management for applications using Passage'
|
data/tests/auth_test.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
require_relative '../lib/passageidentity/client'
|
2
|
+
require_relative './environment'
|
3
|
+
require 'faraday'
|
4
|
+
require 'test/unit'
|
5
|
+
|
6
|
+
class TestUserAPI < Test::Unit::TestCase
|
7
|
+
PassageClient =
|
8
|
+
Passage::Client.new(app_id: ENV['APP_ID'], api_key: ENV['API_KEY'])
|
9
|
+
|
10
|
+
def test_authenticate_token
|
11
|
+
user_id = PassageClient.auth.authenticate_token(ENV['PSG_JWT'])
|
12
|
+
assert_equal ENV['TEST_USER_ID'], user_id
|
13
|
+
end
|
14
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: passageidentity
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Passage Identity
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -69,11 +69,6 @@ files:
|
|
69
69
|
- CONTRIBUTING.md
|
70
70
|
- LICENSE
|
71
71
|
- README.md
|
72
|
-
- lib/passage.rb
|
73
|
-
- lib/passage/auth.rb
|
74
|
-
- lib/passage/client.rb
|
75
|
-
- lib/passage/request.rb
|
76
|
-
- lib/passage/user.rb
|
77
72
|
- lib/passageidentity.rb
|
78
73
|
- lib/passageidentity/auth.rb
|
79
74
|
- lib/passageidentity/client.rb
|
@@ -82,6 +77,7 @@ files:
|
|
82
77
|
- passage-ruby
|
83
78
|
- passageidentity.gemspec
|
84
79
|
- tests/all.rb
|
80
|
+
- tests/auth_test.rb
|
85
81
|
- tests/magic_link_test.rb
|
86
82
|
- tests/user_api_test.rb
|
87
83
|
homepage: https://rubygems.org/gems/passageidentity
|
data/lib/passage/auth.rb
DELETED
@@ -1,35 +0,0 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
require 'base64'
|
3
|
-
require 'jwt'
|
4
|
-
|
5
|
-
module Passage
|
6
|
-
class Auth
|
7
|
-
|
8
|
-
def initialize(app_id, public_key, auth_origin)
|
9
|
-
|
10
|
-
@app_id = app_id
|
11
|
-
@auth_origin = auth_origin
|
12
|
-
|
13
|
-
# bas64 decode and then parse the public key
|
14
|
-
# when we have JWKS endpoint, this will get easier I think
|
15
|
-
@public_key = OpenSSL::PKey::RSA.new(Base64.decode64(public_key))
|
16
|
-
|
17
|
-
end
|
18
|
-
|
19
|
-
def authenticate(token)
|
20
|
-
|
21
|
-
begin
|
22
|
-
claims = JWT.decode(token, @public_key, true,{ iss: @app_id, verify_iss: true, aud: @auth_origin, verify_aud: true, algorithms: ["RS256"] })
|
23
|
-
return claims[0]["sub"]
|
24
|
-
rescue JWT::InvalidIssuerError
|
25
|
-
raise JWTInvalidIssuerError
|
26
|
-
rescue JWT::InvalidAudError
|
27
|
-
raise JWTInvalidAudienceError
|
28
|
-
rescue JWT::ExpiredSignature
|
29
|
-
raise JWTExpiredSignatureError
|
30
|
-
rescue JWT::IncorrectAlgorithm
|
31
|
-
raise JWTIncorrectAlgorithmError
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
data/lib/passage/client.rb
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require_relative 'request'
|
4
|
-
require_relative 'auth'
|
5
|
-
|
6
|
-
module Passage
|
7
|
-
class Client
|
8
|
-
|
9
|
-
attr_reader :auth
|
10
|
-
|
11
|
-
def initialize(app_id:)
|
12
|
-
@api_url = "https://api.passage.id"
|
13
|
-
@app_id = app_id
|
14
|
-
|
15
|
-
get_connection()
|
16
|
-
|
17
|
-
fetch_public_key(@connection)
|
18
|
-
|
19
|
-
@auth = Passage::Auth.new(@app_id, @public_key, @auth_origin)
|
20
|
-
end
|
21
|
-
|
22
|
-
def get_connection
|
23
|
-
@connection = Faraday.new(url: @api_url) do |f|
|
24
|
-
f.request :json
|
25
|
-
f.request :retry
|
26
|
-
f.response :json
|
27
|
-
f.adapter :net_http
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
def fetch_public_key(conn)
|
32
|
-
response = conn.get("/v1/apps/" + @app_id)
|
33
|
-
# TODO Add error handling
|
34
|
-
@public_key = response.body["app"]["rsa_public_key"]
|
35
|
-
@auth_origin = response.body["app"]["auth_origin"]
|
36
|
-
end
|
37
|
-
|
38
|
-
end
|
39
|
-
end
|
data/lib/passage/request.rb
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Passage
|
4
|
-
module Request
|
5
|
-
def get_request(path)
|
6
|
-
@connection.get(
|
7
|
-
path
|
8
|
-
).body
|
9
|
-
end
|
10
|
-
|
11
|
-
def post_request(path, data)
|
12
|
-
@connection.post(
|
13
|
-
path,
|
14
|
-
data
|
15
|
-
).body
|
16
|
-
end
|
17
|
-
|
18
|
-
def put_request(path, data)
|
19
|
-
@connection.put(
|
20
|
-
path,
|
21
|
-
data
|
22
|
-
).body
|
23
|
-
end
|
24
|
-
|
25
|
-
def delete_request(path)
|
26
|
-
@connection.delete(
|
27
|
-
path
|
28
|
-
).body
|
29
|
-
end
|
30
|
-
|
31
|
-
end
|
32
|
-
end
|
data/lib/passage/user.rb
DELETED
File without changes
|