warden-auth0 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 939379a82913caa0c5060cc39aae03e29d9c6e47c3eb1d719991c8fc081852cb
-  data.tar.gz: 1b6f48e30e6dcb001391006609da801a0558811893a8545ebf00699bf03c18d4
+  metadata.gz: afcf9aee49fb8c2b0f36a107c154357931a191753556748951451fd00ea4f996
+  data.tar.gz: aedf18139544af9c3c55c1fd8862709bcd825a6df122dd03088a309bb728c7e5
 SHA512:
-  metadata.gz: c2a20ac41090ed49a578445e41d5ae33f824a00ddba0a8b80bb591d445d54738227818a203b860532d74e767e8477e34505746a80174e777d23e97c4d13257a0
-  data.tar.gz: 4b8393824cafb8d731b25318ec918c81b36170b93309b2697c167419fd652f9672e2f130e7016684f12bc891a1ca4fa05222e790400a333ce0fc8e4a814f5020
+  metadata.gz: 8b9cdf67c51cdcb6edfea06d6ef7a73b9592ed8dd4fa8e3eac38149aa114086435f53c2261a9f6b800009134d3ab564ed4a64fc51e942389f3c7f6fcd67e9a50
+  data.tar.gz: 2e1e65fd7855d83be55b2374fda7b45e8d255154a2df735515db0100990eaf6fb2ee8d011ea3fa6e60d14c7c26dd943a951f75c0a6b83ffd09e973d0a2d733b6

data/lib/warden/auth0/strategy.rb

@@ -22,6 +22,7 @@ module Warden
 
         method = "#{scope}_resolver"
         raise "unimplemented resolver #{method}" unless respond_to?(method)
+
         user = send(method, decoded_token)
 
         raise Warden::Auth0::Errors::NilUser, 'nil user' unless user

data/lib/warden/auth0/token_decoder.rb

@@ -6,7 +6,7 @@ module Warden
   module Auth0
     # Decodes a JWT into a hash payload into a JWT token
     class TokenDecoder
-      include Auth0::Import['decoding_secret', 'algorithm']
+      include Auth0::Import['algorithm', 'jwks']
 
       # Decodes the payload from a JWT as a hash
       #
@@ -16,17 +16,13 @@ module Warden
       # @param token [String] a JWT
       # @return [Hash] payload decoded from the JWT
       def call(token)
-        decode(token, decoding_secret)
+        decode(token)
       end
 
       private
 
-      def decode(token, secret)
-        JWT.decode(token,
-                   secret,
-                   true,
-                   algorithm: algorithm,
-                   verify_jti: true)[0]
+      def decode(token)
+        JWT.decode(token, nil, true, algorithms: algorithm, jwks: jwks)[0]
       end
     end
   end

data/lib/warden/auth0/version.rb

@@ -2,6 +2,6 @@
 
 module Warden
   module Auth0
-    VERSION = '0.3.0'
+    VERSION = '0.4.0'
   end
 end

data/lib/warden/auth0.rb

@@ -4,6 +4,7 @@ require 'dry/configurable'
 require 'dry/auto_inject'
 require 'jwt'
 require 'warden'
+require 'faraday'
 
 module Warden
   # Auth0 authentication plugin for warden.
@@ -12,29 +13,6 @@ module Warden
   # token present in the `Authentication` header (as `Bearer %token%`).
   module Auth0
     extend Dry::Configurable
-
-    def symbolize_keys(hash)
-      hash.transform_keys(&:to_sym)
-    end
-
-    def upcase_first_items(array)
-      array.map do |tuple|
-        method, path = tuple
-        [method.to_s.upcase, path]
-      end
-    end
-
-    def constantize_values(hash)
-      hash.transform_values do |value|
-        value.is_a?(String) ? Object.const_get(value) : value
-      end
-    end
-
-    module_function :constantize_values, :symbolize_keys, :upcase_first_items
-
-    # The secret used to decode the token, defaults to `secret` if not provided
-    setting :decoding_secret, constructor: ->(value) { value || config.secret }
-
     # Request header that will be used for receiving and returning the token.
     setting :token_header, default: 'Authorization'
 
@@ -53,10 +31,30 @@ module Warden
     # Will be used to only apply the warden strategy when the audience matches.
     setting :aud, default: nil
 
-    # This is a method that takes in the payload sub and should return a User
-    setting :user_resolver
+    # The url to fetch jwks from
+    setting :jwks_url
+
+    # Store the JWKS after fetching it
+    setting :jwks, constructor: ->(jwks) { jwks || fetch_jwks(config.jwks_url) }
 
     Import = Dry::AutoInject(config)
+
+    # Method to fetch JWKS from the specified URL
+    def self.fetch_jwks(jwks_url)
+      raise 'No url provided for fetching jwks' if jwks_url.nil?
+
+      jwks_response = connection.get(jwks_url).body
+      jwks = JWT::JWK::Set.new(jwks_response)
+      jwks.select { |key| key[:use] == 'sig' }
+    rescue StandardError => e
+      raise "Failed to fetch JWKS: #{e.message}"
+    end
+
+    def self.connection
+      Faraday.new(request: { timeout: 5 }) do |conn|
+        conn.response :json
+      end
+    end
   end
 end
 

data/warden-auth0.gemspec

@@ -25,6 +25,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'dry-configurable', '>= 0.13', '< 2'
   spec.add_dependency 'jwt', '~> 2.1'
   spec.add_dependency 'warden', '~> 1.2'
+  spec.add_dependency 'faraday', '~> 2.11'
 
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'pry-byebug', '~> 3.7'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: warden-auth0
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - 1KOMMA5º
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-09-16 00:00:00.000000000 Z
+date: 2024-09-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dry-auto_inject
@@ -78,6 +78,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.11'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement