stytch 7.0.1 → 7.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/stytch/b2b_sessions.rb +1 -1
- data/lib/stytch/sessions.rb +14 -10
- data/lib/stytch/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 11c676836879020ec0d87cbe9d7017ccfc777f27d4e73db695cd991a416589b6
|
|
4
|
+
data.tar.gz: e58761d69d0cb5f4c1a9f72d09bd1017a9dab222da4924570ebba7c26a4e1bb4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e0d885c1e262b76649e01ffcbe64a6a31a78e183ff35d0128da9983e51dcc70e7bc7b7c9608983f8a516ac93a47cc9c51424c72aa73d7e1fc81218f83c31cfda
|
|
7
|
+
data.tar.gz: a88377ca19b824229fa2d0c3e2958c92f14e3926371f852ea39e12bbe3e10b5d3a70f859971196c48d425a0129ce5f0b79b527e96f1af09fc7f8c8edb124191f
|
data/lib/stytch/b2b_sessions.rb
CHANGED
|
@@ -380,7 +380,7 @@ module StytchB2B
|
|
|
380
380
|
)
|
|
381
381
|
end
|
|
382
382
|
|
|
383
|
-
decoded_jwt = authenticate_jwt_local(session_jwt:
|
|
383
|
+
decoded_jwt = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds, authorization_check: authorization_check)
|
|
384
384
|
return decoded_jwt unless decoded_jwt.nil?
|
|
385
385
|
|
|
386
386
|
authenticate(
|
data/lib/stytch/sessions.rb
CHANGED
|
@@ -215,7 +215,7 @@ module Stytch
|
|
|
215
215
|
)
|
|
216
216
|
end
|
|
217
217
|
|
|
218
|
-
session = authenticate_jwt_local(session_jwt)
|
|
218
|
+
session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
|
|
219
219
|
if !session.nil?
|
|
220
220
|
{ 'session' => session }
|
|
221
221
|
else
|
|
@@ -237,6 +237,7 @@ module Stytch
|
|
|
237
237
|
# Parse a JWT and verify the signature locally (without calling /authenticate in the API)
|
|
238
238
|
# Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
|
|
239
239
|
# function to get the JWK
|
|
240
|
+
# This method never authenticates a JWT directly with the API
|
|
240
241
|
# If max_token_age_seconds is not supplied 300 seconds will be used as the default.
|
|
241
242
|
def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil)
|
|
242
243
|
max_token_age_seconds = 300 if max_token_age_seconds.nil?
|
|
@@ -245,6 +246,7 @@ module Stytch
|
|
|
245
246
|
begin
|
|
246
247
|
decoded_token = JWT.decode session_jwt, nil, true,
|
|
247
248
|
{ jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ['RS256'] }
|
|
249
|
+
|
|
248
250
|
session = decoded_token[0]
|
|
249
251
|
iat_time = Time.at(session['iat']).to_datetime
|
|
250
252
|
return nil unless iat_time + max_token_age_seconds >= Time.now
|
|
@@ -272,15 +274,17 @@ module Stytch
|
|
|
272
274
|
reserved_claims = ['aud', 'exp', 'iat', 'iss', 'jti', 'nbf', 'sub', stytch_claim]
|
|
273
275
|
custom_claims = jwt.reject { |key, _| reserved_claims.include?(key) }
|
|
274
276
|
{
|
|
275
|
-
'
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
277
|
+
'session' => {
|
|
278
|
+
'session_id' => jwt[stytch_claim]['id'],
|
|
279
|
+
'user_id' => jwt['sub'],
|
|
280
|
+
'started_at' => jwt[stytch_claim]['started_at'],
|
|
281
|
+
'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
|
|
282
|
+
# For JWTs that include it, prefer the inner expires_at claim.
|
|
283
|
+
'expires_at' => expires_at,
|
|
284
|
+
'attributes' => jwt[stytch_claim]['attributes'],
|
|
285
|
+
'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
|
|
286
|
+
'custom_claims' => custom_claims
|
|
287
|
+
}
|
|
284
288
|
}
|
|
285
289
|
end
|
|
286
290
|
# ENDMANUAL(Sessions::authenticate_jwt)
|
data/lib/stytch/version.rb
CHANGED