zaikio-jwt_auth 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +12 -0
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +9 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e030f7e4c7f0be8b37a722ff691b7bf1398cd31ca449b41a9923b51f5a008df8
|
|
4
|
+
data.tar.gz: 13a0d7a174af3ca58772b116e22d2fcc893291d59010ce127df82f1dca77ea5c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c91befdc7f28018a2e19bcafdcbd805ef87467a6fde8fc1b4899b6c6a327a6a89327902f84bdd07f42749c265535cdc3b83bd6289e958fcd2b4d520e46462d94
|
|
7
|
+
data.tar.gz: aa56620ee2936346ef5b6d73ff0e8189ad8cc46d7ab44ca36783ad744f577513fb4786fa48023f4918491b04f166d9f0db5b66ef8b9f9a7d6ee04a315938bde7
|
data/README.md
CHANGED
|
@@ -192,6 +192,18 @@ This client supports any implementation of
|
|
|
192
192
|
but you can also write your own client that supports these methods: `#read(key)`,
|
|
193
193
|
`#write(key, value)`, `#delete(key)`
|
|
194
194
|
|
|
195
|
+
### Pass custom options to JWT auth
|
|
196
|
+
|
|
197
|
+
In some cases you want to add custom options to the JWT check. For example you want to allow expired JWTs when revoking access tokens.
|
|
198
|
+
|
|
199
|
+
```rb
|
|
200
|
+
class API::RevokedAccessTokensController < API::ApplicationController
|
|
201
|
+
def jwt_options
|
|
202
|
+
{ verify_expiration: false }
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
```
|
|
206
|
+
|
|
195
207
|
## Contributing
|
|
196
208
|
|
|
197
209
|
**Make sure you have the dummy app running locally to validate your changes.**
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -54,14 +54,16 @@ module Zaikio
|
|
|
54
54
|
|
|
55
55
|
HEADER_FORMAT = /\ABearer (.+)\z/.freeze
|
|
56
56
|
|
|
57
|
-
def self.extract(authorization_header_string)
|
|
57
|
+
def self.extract(authorization_header_string, **options)
|
|
58
58
|
return TokenData.new(Zaikio::JWTAuth.mocked_jwt_payload) if Zaikio::JWTAuth.mocked_jwt_payload
|
|
59
59
|
|
|
60
60
|
return if authorization_header_string.blank?
|
|
61
61
|
|
|
62
62
|
return unless (token = authorization_header_string[HEADER_FORMAT, 1])
|
|
63
63
|
|
|
64
|
-
|
|
64
|
+
options.reverse_merge!(algorithms: ["RS256"], jwks: JWK.loader)
|
|
65
|
+
|
|
66
|
+
payload, = JWT.decode(token, nil, true, **options)
|
|
65
67
|
|
|
66
68
|
TokenData.new(payload)
|
|
67
69
|
end
|
|
@@ -93,7 +95,7 @@ module Zaikio
|
|
|
93
95
|
|
|
94
96
|
module InstanceMethods
|
|
95
97
|
def authenticate_by_jwt
|
|
96
|
-
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"])
|
|
98
|
+
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"], **jwt_options)
|
|
97
99
|
return render_error("no_jwt_passed", status: :unauthorized) unless token_data
|
|
98
100
|
|
|
99
101
|
return if show_error_if_token_is_revoked(token_data)
|
|
@@ -150,6 +152,10 @@ module Zaikio
|
|
|
150
152
|
def render_error(error, status: :forbidden)
|
|
151
153
|
render(status: status, json: { "errors" => [error] })
|
|
152
154
|
end
|
|
155
|
+
|
|
156
|
+
def jwt_options
|
|
157
|
+
{}
|
|
158
|
+
end
|
|
153
159
|
end
|
|
154
160
|
end
|
|
155
161
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-08-02 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|