warden-jwt_auth 0.6.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/CHANGELOG.md +4 -1
- data/README.md +10 -0
- data/lib/warden/jwt_auth/token_decoder.rb +2 -2
- data/lib/warden/jwt_auth/version.rb +1 -1
- data/lib/warden/jwt_auth.rb +3 -0
- data/warden-jwt_auth.gemspec +2 -0
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1d3eebd02efa288aa59f731fc3650a0c1deefe2922f35a606ce53f0fd16d0be
|
|
4
|
+
data.tar.gz: 8bdab56cf91544de74393491d842c34208b6028000c07a2187caf93f09887093
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8949c3f273247d3fbbf6bc034952d50ab58be7214c411fa6144ea190485b3c3963dac7f024ef9462b08f6240c64b7c9e11cade4d3ddb655419ce0c0cd88e1075
|
|
7
|
+
data.tar.gz: 05076d7b6e458c914cd974c8310820e80a5f0832e19e7b82303a6d75dd9e04a403b2fc19bc925d954d08229cafd6ac1a7d31316977bc08803f80981723dbca8c
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
github: waiting-for-dev
|
data/CHANGELOG.md
CHANGED
|
@@ -4,7 +4,10 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format is based on [Keep a Changelog](http://keepachangelog.com/)
|
|
5
5
|
and this project adheres to [Semantic Versioning](http://semver.org/).
|
|
6
6
|
|
|
7
|
-
## [0.
|
|
7
|
+
## [0.7.0] - 2022-09-12
|
|
8
|
+
- Support asymmetric algorithms ([40](https://github.com/waiting-for-dev/warden-jwt_auth/issues/40))
|
|
9
|
+
|
|
10
|
+
## [0.6.0] - 2021-09-21
|
|
8
11
|
- Support ruby 3.0 and deprecate 2.5
|
|
9
12
|
- Fixed dry-configurable compatibility. ([28](https://github.com/waiting-for-dev/warden-jwt_auth/issues/28))
|
|
10
13
|
|
data/README.md
CHANGED
|
@@ -68,6 +68,16 @@ Warden::JWTAuth.configure do |config|
|
|
|
68
68
|
end
|
|
69
69
|
```
|
|
70
70
|
|
|
71
|
+
If the algorithm is asymmetric (e.g. RS256) and necessitates a different decoding secret than the encoding secret, configure the `decoding_secret` setting as well.
|
|
72
|
+
|
|
73
|
+
```ruby
|
|
74
|
+
Warden::JWTAuth.configure do |config|
|
|
75
|
+
config.secret = OpenSSL::PKey::RSA.new(ENV['WARDEN_JWT_PRIVATE_KEY'])
|
|
76
|
+
config.decoding_secret = OpenSSL::PKey::RSA.new(ENV['WARDEN_JWT_PUBLIC_KEY'])
|
|
77
|
+
config.algorithm = 'RS256' # or other asymmetric algorithm
|
|
78
|
+
end
|
|
79
|
+
```
|
|
80
|
+
|
|
71
81
|
### Warden scopes configuration
|
|
72
82
|
|
|
73
83
|
You have to map the warden scopes that will be authenticatable through JWT, with the user repositories from where these scope user records can be fetched. If a string is supplied, the user repository will first be looked up as a constant.
|
|
@@ -4,7 +4,7 @@ module Warden
|
|
|
4
4
|
module JWTAuth
|
|
5
5
|
# Decodes a JWT into a hash payload into a JWT token
|
|
6
6
|
class TokenDecoder
|
|
7
|
-
include JWTAuth::Import['
|
|
7
|
+
include JWTAuth::Import['decoding_secret', 'algorithm']
|
|
8
8
|
|
|
9
9
|
# Decodes the payload from a JWT as a hash
|
|
10
10
|
#
|
|
@@ -15,7 +15,7 @@ module Warden
|
|
|
15
15
|
# @return [Hash] payload decoded from the JWT
|
|
16
16
|
def call(token)
|
|
17
17
|
JWT.decode(token,
|
|
18
|
-
|
|
18
|
+
decoding_secret,
|
|
19
19
|
true,
|
|
20
20
|
algorithm: algorithm,
|
|
21
21
|
verify_jti: true)[0]
|
data/lib/warden/jwt_auth.rb
CHANGED
|
@@ -41,6 +41,9 @@ module Warden
|
|
|
41
41
|
# The secret used to encode the token
|
|
42
42
|
setting :secret
|
|
43
43
|
|
|
44
|
+
# The secret used to decode the token, defaults to `secret` if not provided
|
|
45
|
+
setting :decoding_secret, constructor: ->(value) { value || config.secret }
|
|
46
|
+
|
|
44
47
|
# The algorithm used to encode the token
|
|
45
48
|
setting :algorithm, default: 'HS256'
|
|
46
49
|
|
data/warden-jwt_auth.gemspec
CHANGED
|
@@ -20,6 +20,8 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
21
21
|
spec.require_paths = ['lib']
|
|
22
22
|
|
|
23
|
+
spec.metadata['rubygems_mfa_required'] = 'true'
|
|
24
|
+
|
|
23
25
|
spec.add_dependency 'dry-auto_inject', '~> 0.8'
|
|
24
26
|
spec.add_dependency 'dry-configurable', '~> 0.13'
|
|
25
27
|
spec.add_dependency 'jwt', '~> 2.1'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warden-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Busqué
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dry-auto_inject
|
|
@@ -201,6 +201,7 @@ extensions: []
|
|
|
201
201
|
extra_rdoc_files: []
|
|
202
202
|
files:
|
|
203
203
|
- ".codeclimate.yml"
|
|
204
|
+
- ".github/FUNDING.yml"
|
|
204
205
|
- ".gitignore"
|
|
205
206
|
- ".rspec"
|
|
206
207
|
- ".rubocop.yml"
|
|
@@ -237,7 +238,8 @@ files:
|
|
|
237
238
|
homepage: https://github.com/waiting-for-dev/warden-jwt_auth
|
|
238
239
|
licenses:
|
|
239
240
|
- MIT
|
|
240
|
-
metadata:
|
|
241
|
+
metadata:
|
|
242
|
+
rubygems_mfa_required: 'true'
|
|
241
243
|
post_install_message:
|
|
242
244
|
rdoc_options: []
|
|
243
245
|
require_paths:
|
|
@@ -253,7 +255,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
253
255
|
- !ruby/object:Gem::Version
|
|
254
256
|
version: '0'
|
|
255
257
|
requirements: []
|
|
256
|
-
rubygems_version: 3.1
|
|
258
|
+
rubygems_version: 3.0.3.1
|
|
257
259
|
signing_key:
|
|
258
260
|
specification_version: 4
|
|
259
261
|
summary: JWT authentication for Warden.
|