passageidentity 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a592cfe2a08870771b7bb52f737eada85f6b631bf6570a1f239a2187667352b4
-  data.tar.gz: 48e62a0beb94c042a0dffbeae6ea62dcb10010ad13e418d7c3958acf0d6aa8b3
+  metadata.gz: d5dd45f9023ac4cd3eb005f4604f40229981aeca5c6da2ebd1eca685fcf54245
+  data.tar.gz: de14152791bbe75fb11de58d65cf72bab61f570bec22f93240f7a88c128d8eaa
 SHA512:
-  metadata.gz: b6ef3d1a59fb0e04597003fba47d6d5d73ccf9b0a47a5e25f99d7298adf2e656ba1d8b1f01303dcc8b7dd91b57f29ec8e66f906b5f05fe77f551845a706188af
-  data.tar.gz: 6560d66712f9bccfd9d0f80eb30bbf5e45602a25cb5099e77461891be284831f0db73a551b7d764df302fae6450b7af86a39494509acbdbd2c027580ba984fec
+  metadata.gz: d7184b5a3325f54c022a0ba63c622ad38670793eeb9c3cabadb0c28c4ee9b9675f63d302a93449f1d5eac43cecbbdf0bb82c0bbb1d06132caf3d3a99f552d3d1
+  data.tar.gz: 65e9721e3ca3049a758eb0287f5f379b7e27ee43397cb75592c2875194155a9d83d95c47244716d9de09d88fb6bb9ae33115d4f45649d6095adfb15c5b562942

data/CONTRIBUTING.md

@@ -50,16 +50,22 @@ gem push passage-0.0.0.gem
 ```
 
 You can check for the gem here:
+
 ```
 gem list -r passage
 ```
+
 =======
 gem push passageidentity-0.0.0.gem
+
 ```
 
 You can check for the gem here:
 
 ```
+
 gem list -r passageidentity
+
 ```
 >>>>>>> 2d0e3f6dc3b40c621c8d16506fa6ab43b0fba673
+```

data/lib/passageidentity/auth.rb

@@ -5,14 +5,47 @@ require_relative 'client'
 
 module Passage
   class Auth
-    def initialize(app_id, auth_strategy, public_key, auth_origin)
+    @@app_cache = {}
+    def initialize(app_id, auth_strategy, connection)
       @app_id = app_id
       @auth_strategy = auth_strategy
-      @auth_origin = auth_origin
+      @connection = connection
 
-      # bas64 decode and then parse the public key
-      # when we have JWKS endpoint, this will get easier I think
-      @public_key = OpenSSL::PKey::RSA.new(Base64.decode64(public_key))
+      fetch_jwks
+    end
+
+    def fetch_app()
+      begin
+        response = @connection.get("/v1/apps/#{@app_id}")
+        return response.body['app']
+      rescue Faraday::Error => e
+        raise PassageError,
+              "failed to get Passage User. Http Status: #{e.response[:status]}. Response: #{e.response[:body]['error']}"
+      end
+    end
+
+    def fetch_jwks()
+      if @@app_cache[@app_id]
+        @jwks, @auth_origin = @@app_cache[@app_id]
+      else
+        app = fetch_app
+        auth_gw_connection =
+          Faraday.new(url: 'https://auth.passage.id') do |f|
+            f.request :json
+            f.request :retry
+            f.response :raise_error
+            f.response :json
+            f.adapter :net_http
+          end
+
+        # fetch the public key if not in cache
+        app = fetch_app
+        @auth_origin = app['auth_origin']
+        response =
+          auth_gw_connection.get("/v1/apps/#{@app_id}/.well-known/jwks.json")
+        @jwks = response.body
+        @@app_cache[@app_id] ||= [@jwks, @auth_origin]
+      end
     end
 
     def authenticate_request(request)
@@ -41,18 +74,28 @@ module Passage
     end
 
     def authenticate_token(token)
+      kid = JWT.decode(token, nil, false)[1]['kid']
+      exists = false
+      for jwk in @jwks['keys']
+        if jwk['kid'] == kid
+          exists = true
+          break
+        end
+      end
+      fetch_jwks unless exists
       begin
         claims =
           JWT.decode(
             token,
-            @public_key,
+            nil,
             true,
             {
               iss: @app_id,
               verify_iss: true,
               aud: @auth_origin,
               verify_aud: true,
-              algorithms: ['RS256']
+              algorithms: ['RS256'],
+              jwks: @jwks
             }
           )
         return claims[0]['sub']

data/lib/passageidentity/client.rb

@@ -47,8 +47,6 @@ module Passage
   PHONE_CHANNEL = 'phone'
 
   class Client
-    @@app_cache = {}
-
     attr_reader :auth
     attr_reader :user
 
@@ -65,11 +63,9 @@ module Passage
 
       # setup
       get_connection
-      fetch_public_key(@connection)
 
       # initialize auth class
-      @auth =
-        Passage::Auth.new(@app_id, @auth_strategy, @public_key, @auth_origin)
+      @auth = Passage::Auth.new(@app_id, @auth_strategy, @connection)
 
       # initialize user class
       @user = Passage::UserAPI.new(@connection, @app_id, @api_key)
@@ -102,18 +98,6 @@ module Passage
       end
     end
 
-    def fetch_public_key(conn)
-      if @@app_cache[@app_id]
-        @public_key, @auth_origin = @@app_cache[@app_id]
-      else
-        # fetch the public key if not in cache
-        response = conn.get("/v1/apps/#{@app_id}")
-        @public_key = response.body['app']['rsa_public_key']
-        @auth_origin = response.body['app']['auth_origin']
-        @@app_cache[@app_id] ||= [@public_key, @auth_origin]
-      end
-    end
-
     def create_magic_link(
       user_id: '',
       email: '',

data/passageidentity.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'passageidentity'
-  s.version = '0.0.3'
+  s.version = '0.0.4'
   s.summary = 'Passage SDK for biometric authentication'
   s.description =
     'Enables verification of server-side authentication and user management for applications using Passage'

data/tests/auth_test.rb

@@ -0,0 +1,14 @@
+require_relative '../lib/passageidentity/client'
+require_relative './environment'
+require 'faraday'
+require 'test/unit'
+
+class TestUserAPI < Test::Unit::TestCase
+  PassageClient =
+    Passage::Client.new(app_id: ENV['APP_ID'], api_key: ENV['API_KEY'])
+
+  def test_authenticate_token
+    user_id = PassageClient.auth.authenticate_token(ENV['PSG_JWT'])
+    assert_equal ENV['TEST_USER_ID'], user_id
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: passageidentity
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Passage Identity
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-29 00:00:00.000000000 Z
+date: 2022-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -69,11 +69,6 @@ files:
 - CONTRIBUTING.md
 - LICENSE
 - README.md
-- lib/passage.rb
-- lib/passage/auth.rb
-- lib/passage/client.rb
-- lib/passage/request.rb
-- lib/passage/user.rb
 - lib/passageidentity.rb
 - lib/passageidentity/auth.rb
 - lib/passageidentity/client.rb
@@ -82,6 +77,7 @@ files:
 - passage-ruby
 - passageidentity.gemspec
 - tests/all.rb
+- tests/auth_test.rb
 - tests/magic_link_test.rb
 - tests/user_api_test.rb
 homepage: https://rubygems.org/gems/passageidentity

data/lib/passage/auth.rb

@@ -1,35 +0,0 @@
-require 'openssl'
-require 'base64'
-require 'jwt'
-
-module Passage
-    class Auth
-
-        def initialize(app_id, public_key, auth_origin)
-
-            @app_id = app_id
-            @auth_origin = auth_origin
-
-            # bas64 decode and then parse the public key
-            # when we have JWKS endpoint, this will get easier I think
-            @public_key = OpenSSL::PKey::RSA.new(Base64.decode64(public_key))
-
-        end
-
-        def authenticate(token)
-  
-            begin
-              claims = JWT.decode(token, @public_key, true,{ iss: @app_id, verify_iss: true, aud: @auth_origin, verify_aud: true, algorithms: ["RS256"] })
-              return claims[0]["sub"]
-            rescue JWT::InvalidIssuerError
-              raise JWTInvalidIssuerError
-            rescue JWT::InvalidAudError
-              raise JWTInvalidAudienceError
-            rescue JWT::ExpiredSignature
-              raise JWTExpiredSignatureError
-            rescue JWT::IncorrectAlgorithm
-              raise JWTIncorrectAlgorithmError
-            end
-          end
-    end
-end

data/lib/passage/client.rb

@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require_relative 'request'
-require_relative 'auth'
-
-module Passage
-    class Client
-
-        attr_reader :auth
-
-        def initialize(app_id:)
-            @api_url = "https://api.passage.id"
-            @app_id = app_id
-
-            get_connection()
-
-            fetch_public_key(@connection)
-
-            @auth = Passage::Auth.new(@app_id, @public_key, @auth_origin)
-        end
-
-        def get_connection
-            @connection = Faraday.new(url: @api_url) do |f|
-                f.request :json
-                f.request :retry
-                f.response :json
-                f.adapter :net_http
-            end
-        end
-
-        def fetch_public_key(conn)
-            response = conn.get("/v1/apps/" + @app_id)
-            # TODO Add error handling
-            @public_key = response.body["app"]["rsa_public_key"]
-            @auth_origin = response.body["app"]["auth_origin"]
-        end
-
-    end
-end

data/lib/passage/request.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module Passage
-    module Request
-      def get_request(path)
-        @connection.get(
-          path
-        ).body
-      end
-  
-      def post_request(path, data)
-        @connection.post(
-          path,
-          data
-        ).body
-      end
-  
-      def put_request(path, data)
-        @connection.put(
-          path,
-          data
-        ).body
-      end
-  
-      def delete_request(path)
-        @connection.delete(
-          path
-        ).body
-      end
-  
-    end
-end

data/lib/passage.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-require 'faraday'
-
-require_relative 'passage/client'
-
-module Passage end
-
-