stytch 7.0.1 → 7.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/stytch/b2b_sessions.rb +1 -1
- data/lib/stytch/sessions.rb +21 -19
- data/lib/stytch/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7db7ce0ca6bc7abc37055eb392add1196bf5b6a0d226bbd465c0a7d7fe77ce11
|
4
|
+
data.tar.gz: f7a8dc3fd353b3727e0ae8ac9567c6e3655f16a10c30589a2305560c15090a25
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c382982dece8ce8f68b22a06dd2522b0f86618f304642189b85f08b89c3a8870126abe1a3995377c61412b52609a6580e844a4345ef70bfa7265f763d501c168
|
7
|
+
data.tar.gz: 04755c76aef2e3a0d20dff671cbe34504ec7e0bc4a887bf77c7b975d3616700fea61594410389580cb0bc8056d68cbeef813e9234afafdd518f089e98dfec9c6
|
data/lib/stytch/b2b_sessions.rb
CHANGED
@@ -380,7 +380,7 @@ module StytchB2B
|
|
380
380
|
)
|
381
381
|
end
|
382
382
|
|
383
|
-
decoded_jwt = authenticate_jwt_local(session_jwt:
|
383
|
+
decoded_jwt = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds, authorization_check: authorization_check)
|
384
384
|
return decoded_jwt unless decoded_jwt.nil?
|
385
385
|
|
386
386
|
authenticate(
|
data/lib/stytch/sessions.rb
CHANGED
@@ -215,16 +215,14 @@ module Stytch
|
|
215
215
|
)
|
216
216
|
end
|
217
217
|
|
218
|
-
session = authenticate_jwt_local(session_jwt)
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
)
|
227
|
-
end
|
218
|
+
session = authenticate_jwt_local(session_jwt, max_token_age_seconds: max_token_age_seconds)
|
219
|
+
return session unless session.nil?
|
220
|
+
|
221
|
+
authenticate(
|
222
|
+
session_jwt: session_jwt,
|
223
|
+
session_duration_minutes: session_duration_minutes,
|
224
|
+
session_custom_claims: session_custom_claims
|
225
|
+
)
|
228
226
|
rescue StandardError
|
229
227
|
# JWT could not be verified locally. Check with the Stytch API.
|
230
228
|
authenticate(
|
@@ -237,6 +235,7 @@ module Stytch
|
|
237
235
|
# Parse a JWT and verify the signature locally (without calling /authenticate in the API)
|
238
236
|
# Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
|
239
237
|
# function to get the JWK
|
238
|
+
# This method never authenticates a JWT directly with the API
|
240
239
|
# If max_token_age_seconds is not supplied 300 seconds will be used as the default.
|
241
240
|
def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil)
|
242
241
|
max_token_age_seconds = 300 if max_token_age_seconds.nil?
|
@@ -245,6 +244,7 @@ module Stytch
|
|
245
244
|
begin
|
246
245
|
decoded_token = JWT.decode session_jwt, nil, true,
|
247
246
|
{ jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ['RS256'] }
|
247
|
+
|
248
248
|
session = decoded_token[0]
|
249
249
|
iat_time = Time.at(session['iat']).to_datetime
|
250
250
|
return nil unless iat_time + max_token_age_seconds >= Time.now
|
@@ -272,15 +272,17 @@ module Stytch
|
|
272
272
|
reserved_claims = ['aud', 'exp', 'iat', 'iss', 'jti', 'nbf', 'sub', stytch_claim]
|
273
273
|
custom_claims = jwt.reject { |key, _| reserved_claims.include?(key) }
|
274
274
|
{
|
275
|
-
'
|
276
|
-
|
277
|
-
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
275
|
+
'session' => {
|
276
|
+
'session_id' => jwt[stytch_claim]['id'],
|
277
|
+
'user_id' => jwt['sub'],
|
278
|
+
'started_at' => jwt[stytch_claim]['started_at'],
|
279
|
+
'last_accessed_at' => jwt[stytch_claim]['last_accessed_at'],
|
280
|
+
# For JWTs that include it, prefer the inner expires_at claim.
|
281
|
+
'expires_at' => expires_at,
|
282
|
+
'attributes' => jwt[stytch_claim]['attributes'],
|
283
|
+
'authentication_factors' => jwt[stytch_claim]['authentication_factors'],
|
284
|
+
'custom_claims' => custom_claims
|
285
|
+
}
|
284
286
|
}
|
285
287
|
end
|
286
288
|
# ENDMANUAL(Sessions::authenticate_jwt)
|
data/lib/stytch/version.rb
CHANGED