stytch 7.0.1 → 7.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/stytch/b2b_sessions.rb +1 -1
  3. data/lib/stytch/sessions.rb +21 -19
  4. data/lib/stytch/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b5b6f3a220db5b04687a900ac17b0e8f538fb5880a71c390c9ffcef876fd5425
4
- data.tar.gz: ed5964bfc4b355a239cc8b5214ea6a2e7dd89a980fa923fd62cf9665176bf241
3
+ metadata.gz: 7db7ce0ca6bc7abc37055eb392add1196bf5b6a0d226bbd465c0a7d7fe77ce11
4
+ data.tar.gz: f7a8dc3fd353b3727e0ae8ac9567c6e3655f16a10c30589a2305560c15090a25
5
5
  SHA512:
6
- metadata.gz: ea9dca6572aaed91548265c03bf051237965cc57d7b82d4d0e3df4f4d1a5e9b1232501c983076057d2c38c168c0210f8051b8874e66155734d62772619c7b343
7
- data.tar.gz: 201db2bb213b9c97614c3392beca947df83ed24c57a229e7dadc635a293d4fd6ebc9c424f5d6156a794e53fa9185d23f7447f9f9c11a9896e5567d0653edc758
6
+ metadata.gz: c382982dece8ce8f68b22a06dd2522b0f86618f304642189b85f08b89c3a8870126abe1a3995377c61412b52609a6580e844a4345ef70bfa7265f763d501c168
7
+ data.tar.gz: 04755c76aef2e3a0d20dff671cbe34504ec7e0bc4a887bf77c7b975d3616700fea61594410389580cb0bc8056d68cbeef813e9234afafdd518f089e98dfec9c6
data/lib/stytch/b2b_sessions.rb CHANGED
@@ -380,7 +380,7 @@ module StytchB2B
380
380
  )
381
381
  end
382
382
 
383
- decoded_jwt = authenticate_jwt_local(session_jwt: session_jwt, authorization_check: authorization_check)
383
+ decoded_jwt = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds, authorization_check: authorization_check)
384
384
  return decoded_jwt unless decoded_jwt.nil?
385
385
 
386
386
  authenticate(
data/lib/stytch/sessions.rb CHANGED
@@ -215,16 +215,14 @@ module Stytch
215
215
  )
216
216
  end
217
217
 
218
- session = authenticate_jwt_local(session_jwt)
219
- if !session.nil?
220
- { 'session' => session }
221
- else
222
- authenticate(
223
- session_jwt: session_jwt,
224
- session_duration_minutes: session_duration_minutes,
225
- session_custom_claims: session_custom_claims
226
- )
227
- end
218
+ session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
219
+ return session unless session.nil?
220
+
221
+ authenticate(
222
+ session_jwt: session_jwt,
223
+ session_duration_minutes: session_duration_minutes,
224
+ session_custom_claims: session_custom_claims
225
+ )
228
226
  rescue StandardError
229
227
  # JWT could not be verified locally. Check with the Stytch API.
230
228
  authenticate(
@@ -237,6 +235,7 @@ module Stytch
237
235
  # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
238
236
  # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
239
237
  # function to get the JWK
238
+ # This method never authenticates a JWT directly with the API
240
239
  # If max_token_age_seconds is not supplied 300 seconds will be used as the default.
241
240
  def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil)
242
241
  max_token_age_seconds = 300 if max_token_age_seconds.nil?
@@ -245,6 +244,7 @@ module Stytch
245
244
  begin
246
245
  decoded_token = JWT.decode session_jwt, nil, true,
247
246
  { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ['RS256'] }
247
+
248
248
  session = decoded_token[0]
249
249
  iat_time = Time.at(session['iat']).to_datetime
250
250
  return nil unless iat_time + max_token_age_seconds >= Time.now
@@ -272,15 +272,17 @@ module Stytch
272
272
  reserved_claims = ['aud', 'exp', 'iat', 'iss', 'jti', 'nbf', 'sub', stytch_claim]
273
273
  custom_claims = jwt.reject { |key, _| reserved_claims.include?(key) }
274
274
  {
275
- 'session_id' => jwt[stytch_claim]['id'],
276
- 'user_id' => jwt['sub'],
277
- 'started_at' => jwt[stytch_claim]['started_at'],
278
- 'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
279
- # For JWTs that include it, prefer the inner expires_at claim.
280
- 'expires_at' => expires_at,
281
- 'attributes' => jwt[stytch_claim]['attributes'],
282
- 'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
283
- 'custom_claims' => custom_claims
275
+ 'session' => {
276
+ 'session_id' => jwt[stytch_claim]['id'],
277
+ 'user_id' => jwt['sub'],
278
+ 'started_at' => jwt[stytch_claim]['started_at'],
279
+ 'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
280
+ # For JWTs that include it, prefer the inner expires_at claim.
281
+ 'expires_at' => expires_at,
282
+ 'attributes' => jwt[stytch_claim]['attributes'],
283
+ 'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
284
+ 'custom_claims' => custom_claims
285
+ }
284
286
  }
285
287
  end
286
288
  # ENDMANUAL(Sessions::authenticate_jwt)
data/lib/stytch/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Stytch
4
- VERSION = '7.0.1'
4
+ VERSION = '7.0.3'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: stytch
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.1
4
+ version: 7.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - stytch