RubyGems - stytch - Versions diffs - 2.11.0 → 2.12.0 - Mend

stytch 2.11.0 → 2.12.0

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9e1c109c231f2dedb872cf4528ad44366517c5bac06adff7139b355e09c0537
-  data.tar.gz: 1cfd8aa59c94ca621cda81a36a2669ff1352a84919d0ebe304aec47d6463a989
+  metadata.gz: b507432445cb9a02301a537e29ffd6286dca4a9daa1629a6344bee6c073751e1
+  data.tar.gz: 48e01f84c824c94a987baf00221a142e45c5b5f976a25801cc04846f14658a7d
 SHA512:
-  metadata.gz: 21f8bd406c9f5e9135cb93e6f66f1bf7f3b9a4644b6a2e3309afa688302ce466b6cc343d871df5bc295fea07bcf20862a4ccdf0ea8d5eb1df7621a79cb86b6c1
-  data.tar.gz: 2f7bf4ae7d789858a36d65dea80a9ecd1c6f459748fb301d9eda97e2ce015a125a97f3bd9dda381ec0709d2e962ba268734736ce2aee0dc5e751ace10d7b9f13
+  metadata.gz: '093757bb72ff4b992e94e875df54c7b781a8c3d1bbf54c5f3be79f3d8df00b0ec7a70cc25a0477977122c6f498533cc47881e0ad2b51fa1fb352a89e23f35387'
+  data.tar.gz: a53dcc14f57a8a141f048232c004b886c3b2ad291c70fd0ebd595b883e2301f0e96a52146a5255a359ecb8cb1204dd92c50b2e54c1412cf2185b533e50d97a1c

data/lib/stytch/client.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Stytch
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection)
+      @sessions = Stytch::Sessions.new(@connection, @project_id)
       @totps = Stytch::TOTPs.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)

data/lib/stytch/crypto_wallets.rb CHANGED Viewed

@@ -32,6 +32,7 @@ module Stytch
       crypto_wallet_type:,
       signature:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -41,6 +42,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/errors.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module Stytch
+    class JWTInvalidIssuerError < StandardError
+        def initialize(msg="JWT issuer did not match")
+            super
+        end
+    end
+    class JWTInvalidAudienceError < StandardError
+        def initialize(msg="JWT audience did not match")
+            super
+        end
+    end
+    class JWTExpiredSignatureError < StandardError
+        def initialize(msg="JWT signature has expired")
+            super
+        end
+    end
+    class JWTIncorrectAlgorithmError < StandardError
+        def initialize(msg="JWT algorithm is incorrect")
+            super
+        end
+    end
+end

data/lib/stytch/magic_links.rb CHANGED Viewed

@@ -36,6 +36,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -45,6 +46,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/oauth.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Stytch
       token:,
       session_management_type: nil,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -23,6 +24,7 @@ module Stytch
       }
       request[:session_management_type] = session_management_type unless session_management_type.nil?
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/otps.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -34,6 +35,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/sessions.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
+require 'jwt'
+require 'json/jwt'
+require_relative 'errors'
 require_relative 'request_helper'
 module Stytch
@@ -8,8 +12,12 @@ module Stytch
     PATH = '/v1/sessions'
-    def initialize(connection)
+    def initialize(connection, project_id)
       @connection = connection
+      @project_id = project_id
+      @jwks_loader = ->(options) do
+        options[:invalidate] ? jwks(project_id: @project_id) : {}
+      end
     end
     def get(user_id:)
@@ -23,13 +31,14 @@ module Stytch
     end
     def authenticate(
-      session_token:,
+      session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
-      request = {
-        session_token: session_token
-      }
+      request = {}
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)
@@ -46,5 +55,73 @@ module Stytch
       post_request("#{PATH}/revoke", request)
     end
+    def jwks(project_id:)
+      request_path = "#{PATH}/jwks/" + project_id
+      get_request(request_path)
+    end
+    # Parse a JWT and verify the signature. If max_token_age_seconds is unset, call the API directly
+    # If max_token_age_seconds is set and the JWT was issued (based on the "iat" claim) less than
+    # max_token_age_seconds seconds ago, then just verify locally and don't call the API
+    # To force remote validation for all tokens, set max_token_age_seconds to 0 or call authenticate()
+    def authenticate_jwt(
+      session_jwt,
+      max_token_age_seconds: nil,
+      session_duration_minutes: nil
+    )
+      if max_token_age_seconds == 0
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+      decoded_jwt = authenticate_jwt_local(session_jwt)
+      iat_time = Time.at(decoded_jwt["iat"]).to_datetime
+      if iat_time + max_token_age_seconds >= Time.now
+        session = marshal_jwt_into_session(decoded_jwt)
+        return {"session" => session}
+      else
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+    end
+    # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
+    # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
+    # function to get the JWK
+    # This method never authenticates a JWT directly with the API
+    def authenticate_jwt_local(session_jwt)
+      issuer = "stytch.com/" + @project_id
+      begin
+        decoded_token = JWT.decode session_jwt, nil, true,
+        { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ["RS256"]}
+        return decoded_token[0]
+      rescue JWT::InvalidIssuerError
+        raise JWTInvalidIssuerError
+      rescue JWT::InvalidAudError
+        raise JWTInvalidAudienceError
+      rescue JWT::ExpiredSignature
+        raise JWTExpiredSignatureError
+      rescue JWT::IncorrectAlgorithm
+        raise JWTIncorrectAlgorithmError
+      end
+    end
+    def marshal_jwt_into_session(jwt)
+      stytch_claim = "https://stytch.com/session"
+      return {
+        "session_id" => jwt["jti"],
+        "user_id" => jwt["sub"],
+        "started_at" => jwt[stytch_claim]["started_at"],
+        "last_accessed_at" => jwt[stytch_claim]["last_accessed_at"],
+        "expires_at" => Time.at(jwt["exp"]).to_datetime.iso8601,
+        "attributes" => jwt[stytch_claim]["attributes"],
+        "authentication_factors" => jwt[stytch_claim]["authentication_factors"],
+      }
+    end
   end
 end

data/lib/stytch/totps.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module Stytch
       user_id:,
       totp_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -37,6 +38,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)
@@ -56,6 +58,7 @@ module Stytch
       user_id:,
       recovery_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -64,6 +67,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/recover", request)

data/lib/stytch/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Stytch
-  VERSION = '2.11.0'
+  VERSION = '2.12.0'
 end

data/lib/stytch/webauthn.rb CHANGED Viewed

@@ -56,6 +56,7 @@ module Stytch
     def authenticate(
       public_key_credential:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -63,6 +64,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/stytch.gemspec CHANGED Viewed

@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
   spec.add_dependency 'faraday_middleware', '>= 0.14.0', '< 2.0'
+  spec.add_dependency 'jwt', '>= 2.3.0'
+  spec.add_dependency 'json-jwt', '>=1.13.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 2.11.0
+  version: 2.12.0
 platform: ruby
 authors:
 - stytch
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -50,7 +50,35 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
-description:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+description:
 email:
 - support@stytch.com
 executables: []
@@ -72,6 +100,7 @@ files:
 - lib/stytch.rb
 - lib/stytch/client.rb
 - lib/stytch/crypto_wallets.rb
+- lib/stytch/errors.rb
 - lib/stytch/magic_links.rb
 - lib/stytch/middleware.rb
 - lib/stytch/oauth.rb
@@ -89,7 +118,7 @@ licenses:
 metadata:
   homepage_uri: https://stytch.com
   source_code_uri: https://github.com/stytchauth/stytch-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -104,8 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Stytch Ruby Gem
 test_files: []