RubyGems - stytch - Versions diffs - 2.11.0 → 2.12.0 - Mend

stytch 2.11.0 → 2.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9e1c109c231f2dedb872cf4528ad44366517c5bac06adff7139b355e09c0537
-  data.tar.gz: 1cfd8aa59c94ca621cda81a36a2669ff1352a84919d0ebe304aec47d6463a989
+  metadata.gz: b507432445cb9a02301a537e29ffd6286dca4a9daa1629a6344bee6c073751e1
+  data.tar.gz: 48e01f84c824c94a987baf00221a142e45c5b5f976a25801cc04846f14658a7d
 SHA512:
-  metadata.gz: 21f8bd406c9f5e9135cb93e6f66f1bf7f3b9a4644b6a2e3309afa688302ce466b6cc343d871df5bc295fea07bcf20862a4ccdf0ea8d5eb1df7621a79cb86b6c1
-  data.tar.gz: 2f7bf4ae7d789858a36d65dea80a9ecd1c6f459748fb301d9eda97e2ce015a125a97f3bd9dda381ec0709d2e962ba268734736ce2aee0dc5e751ace10d7b9f13
+  metadata.gz: '093757bb72ff4b992e94e875df54c7b781a8c3d1bbf54c5f3be79f3d8df00b0ec7a70cc25a0477977122c6f498533cc47881e0ad2b51fa1fb352a89e23f35387'
+  data.tar.gz: a53dcc14f57a8a141f048232c004b886c3b2ad291c70fd0ebd595b883e2301f0e96a52146a5255a359ecb8cb1204dd92c50b2e54c1412cf2185b533e50d97a1c

data/lib/stytch/client.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module Stytch
       @magic_links = Stytch::MagicLinks.new(@connection)
       @oauth = Stytch::OAuth.new(@connection)
       @otps = Stytch::OTPs.new(@connection)
-      @sessions = Stytch::Sessions.new(@connection)
+      @sessions = Stytch::Sessions.new(@connection, @project_id)
       @totps = Stytch::TOTPs.new(@connection)
       @webauthn = Stytch::WebAuthn.new(@connection)
       @crypto_wallets = Stytch::CryptoWallets.new(@connection)

data/lib/stytch/crypto_wallets.rb CHANGED Viewed

@@ -32,6 +32,7 @@ module Stytch
       crypto_wallet_type:,
       signature:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -41,6 +42,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/errors.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module Stytch
+    class JWTInvalidIssuerError < StandardError
+        def initialize(msg="JWT issuer did not match")
+            super
+        end
+    end
+    class JWTInvalidAudienceError < StandardError
+        def initialize(msg="JWT audience did not match")
+            super
+        end
+    end
+    class JWTExpiredSignatureError < StandardError
+        def initialize(msg="JWT signature has expired")
+            super
+        end
+    end
+    class JWTIncorrectAlgorithmError < StandardError
+        def initialize(msg="JWT algorithm is incorrect")
+            super
+        end
+    end
+end

data/lib/stytch/magic_links.rb CHANGED Viewed

@@ -36,6 +36,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -45,6 +46,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/oauth.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module Stytch
       token:,
       session_management_type: nil,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -23,6 +24,7 @@ module Stytch
       }
       request[:session_management_type] = session_management_type unless session_management_type.nil?
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/otps.rb CHANGED Viewed

@@ -24,6 +24,7 @@ module Stytch
       attributes: {},
       options: {},
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -34,6 +35,7 @@ module Stytch
       request[:attributes] = attributes if attributes != {}
       request[:options] = options if options != {}
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/lib/stytch/sessions.rb CHANGED Viewed

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
+require 'jwt'
+require 'json/jwt'
+require_relative 'errors'
 require_relative 'request_helper'
 module Stytch
@@ -8,8 +12,12 @@ module Stytch
     PATH = '/v1/sessions'
-    def initialize(connection)
+    def initialize(connection, project_id)
       @connection = connection
+      @project_id = project_id
+      @jwks_loader = ->(options) do
+        options[:invalidate] ? jwks(project_id: @project_id) : {}
+      end
     end
     def get(user_id:)
@@ -23,13 +31,14 @@ module Stytch
     end
     def authenticate(
-      session_token:,
+      session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
-      request = {
-        session_token: session_token
-      }
+      request = {}
+      request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)
@@ -46,5 +55,73 @@ module Stytch
       post_request("#{PATH}/revoke", request)
     end
+    def jwks(project_id:)
+      request_path = "#{PATH}/jwks/" + project_id
+      get_request(request_path)
+    end
+    # Parse a JWT and verify the signature. If max_token_age_seconds is unset, call the API directly
+    # If max_token_age_seconds is set and the JWT was issued (based on the "iat" claim) less than
+    # max_token_age_seconds seconds ago, then just verify locally and don't call the API
+    # To force remote validation for all tokens, set max_token_age_seconds to 0 or call authenticate()
+    def authenticate_jwt(
+      session_jwt,
+      max_token_age_seconds: nil,
+      session_duration_minutes: nil
+    )
+      if max_token_age_seconds == 0
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+      decoded_jwt = authenticate_jwt_local(session_jwt)
+      iat_time = Time.at(decoded_jwt["iat"]).to_datetime
+      if iat_time + max_token_age_seconds >= Time.now
+        session = marshal_jwt_into_session(decoded_jwt)
+        return {"session" => session}
+      else
+        return authenticate(
+          session_jwt: session_jwt,
+          session_duration_minutes: session_duration_minutes,
+        )
+      end
+    end
+    # Parse a JWT and verify the signature locally (without calling /authenticate in the API)
+    # Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
+    # function to get the JWK
+    # This method never authenticates a JWT directly with the API
+    def authenticate_jwt_local(session_jwt)
+      issuer = "stytch.com/" + @project_id
+      begin
+        decoded_token = JWT.decode session_jwt, nil, true,
+        { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ["RS256"]}
+        return decoded_token[0]
+      rescue JWT::InvalidIssuerError
+        raise JWTInvalidIssuerError
+      rescue JWT::InvalidAudError
+        raise JWTInvalidAudienceError
+      rescue JWT::ExpiredSignature
+        raise JWTExpiredSignatureError
+      rescue JWT::IncorrectAlgorithm
+        raise JWTIncorrectAlgorithmError
+      end
+    end
+    def marshal_jwt_into_session(jwt)
+      stytch_claim = "https://stytch.com/session"
+      return {
+        "session_id" => jwt["jti"],
+        "user_id" => jwt["sub"],
+        "started_at" => jwt[stytch_claim]["started_at"],
+        "last_accessed_at" => jwt[stytch_claim]["last_accessed_at"],
+        "expires_at" => Time.at(jwt["exp"]).to_datetime.iso8601,
+        "attributes" => jwt[stytch_claim]["attributes"],
+        "authentication_factors" => jwt[stytch_claim]["authentication_factors"],
+      }
+    end
   end
 end

data/lib/stytch/totps.rb CHANGED Viewed

@@ -29,6 +29,7 @@ module Stytch
       user_id:,
       totp_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -37,6 +38,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)
@@ -56,6 +58,7 @@ module Stytch
       user_id:,
       recovery_code:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -64,6 +67,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/recover", request)

data/lib/stytch/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Stytch
-  VERSION = '2.11.0'
+  VERSION = '2.12.0'
 end

data/lib/stytch/webauthn.rb CHANGED Viewed

@@ -56,6 +56,7 @@ module Stytch
     def authenticate(
       public_key_credential:,
       session_token: nil,
+      session_jwt: nil,
       session_duration_minutes: nil
     )
       request = {
@@ -63,6 +64,7 @@ module Stytch
       }
       request[:session_token] = session_token unless session_token.nil?
+      request[:session_jwt] = session_jwt unless session_jwt.nil?
       request[:session_duration_minutes] = session_duration_minutes unless session_duration_minutes.nil?
       post_request("#{PATH}/authenticate", request)

data/stytch.gemspec CHANGED Viewed

@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday', '>= 0.17.0', '< 2.0'
   spec.add_dependency 'faraday_middleware', '>= 0.14.0', '< 2.0'
+  spec.add_dependency 'jwt', '>= 2.3.0'
+  spec.add_dependency 'json-jwt', '>=1.13.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: stytch
 version: !ruby/object:Gem::Version
-  version: 2.11.0
+  version: 2.12.0
 platform: ruby
 authors:
 - stytch
-autorequire:
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-03-08 00:00:00.000000000 Z
+date: 2022-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -50,7 +50,35 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
-description:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.13.0
+description:
 email:
 - support@stytch.com
 executables: []
@@ -72,6 +100,7 @@ files:
 - lib/stytch.rb
 - lib/stytch/client.rb
 - lib/stytch/crypto_wallets.rb
+- lib/stytch/errors.rb
 - lib/stytch/magic_links.rb
 - lib/stytch/middleware.rb
 - lib/stytch/oauth.rb
@@ -89,7 +118,7 @@ licenses:
 metadata:
   homepage_uri: https://stytch.com
   source_code_uri: https://github.com/stytchauth/stytch-ruby
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -104,8 +133,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key:
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Stytch Ruby Gem
 test_files: []