zaikio-jwt_auth 2.0.0 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +12 -0
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- data/lib/zaikio/jwt_auth.rb +9 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e030f7e4c7f0be8b37a722ff691b7bf1398cd31ca449b41a9923b51f5a008df8
|
|
4
|
+
data.tar.gz: 13a0d7a174af3ca58772b116e22d2fcc893291d59010ce127df82f1dca77ea5c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c91befdc7f28018a2e19bcafdcbd805ef87467a6fde8fc1b4899b6c6a327a6a89327902f84bdd07f42749c265535cdc3b83bd6289e958fcd2b4d520e46462d94
|
|
7
|
+
data.tar.gz: aa56620ee2936346ef5b6d73ff0e8189ad8cc46d7ab44ca36783ad744f577513fb4786fa48023f4918491b04f166d9f0db5b66ef8b9f9a7d6ee04a315938bde7
|
data/README.md
CHANGED
|
@@ -192,6 +192,18 @@ This client supports any implementation of
|
|
|
192
192
|
but you can also write your own client that supports these methods: `#read(key)`,
|
|
193
193
|
`#write(key, value)`, `#delete(key)`
|
|
194
194
|
|
|
195
|
+
### Pass custom options to JWT auth
|
|
196
|
+
|
|
197
|
+
In some cases you want to add custom options to the JWT check. For example you want to allow expired JWTs when revoking access tokens.
|
|
198
|
+
|
|
199
|
+
```rb
|
|
200
|
+
class API::RevokedAccessTokensController < API::ApplicationController
|
|
201
|
+
def jwt_options
|
|
202
|
+
{ verify_expiration: false }
|
|
203
|
+
end
|
|
204
|
+
end
|
|
205
|
+
```
|
|
206
|
+
|
|
195
207
|
## Contributing
|
|
196
208
|
|
|
197
209
|
**Make sure you have the dummy app running locally to validate your changes.**
|
data/lib/zaikio/jwt_auth.rb
CHANGED
|
@@ -54,14 +54,16 @@ module Zaikio
|
|
|
54
54
|
|
|
55
55
|
HEADER_FORMAT = /\ABearer (.+)\z/.freeze
|
|
56
56
|
|
|
57
|
-
def self.extract(authorization_header_string)
|
|
57
|
+
def self.extract(authorization_header_string, **options)
|
|
58
58
|
return TokenData.new(Zaikio::JWTAuth.mocked_jwt_payload) if Zaikio::JWTAuth.mocked_jwt_payload
|
|
59
59
|
|
|
60
60
|
return if authorization_header_string.blank?
|
|
61
61
|
|
|
62
62
|
return unless (token = authorization_header_string[HEADER_FORMAT, 1])
|
|
63
63
|
|
|
64
|
-
|
|
64
|
+
options.reverse_merge!(algorithms: ["RS256"], jwks: JWK.loader)
|
|
65
|
+
|
|
66
|
+
payload, = JWT.decode(token, nil, true, **options)
|
|
65
67
|
|
|
66
68
|
TokenData.new(payload)
|
|
67
69
|
end
|
|
@@ -93,7 +95,7 @@ module Zaikio
|
|
|
93
95
|
|
|
94
96
|
module InstanceMethods
|
|
95
97
|
def authenticate_by_jwt
|
|
96
|
-
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"])
|
|
98
|
+
token_data = Zaikio::JWTAuth.extract(request.headers["Authorization"], **jwt_options)
|
|
97
99
|
return render_error("no_jwt_passed", status: :unauthorized) unless token_data
|
|
98
100
|
|
|
99
101
|
return if show_error_if_token_is_revoked(token_data)
|
|
@@ -150,6 +152,10 @@ module Zaikio
|
|
|
150
152
|
def render_error(error, status: :forbidden)
|
|
151
153
|
render(status: status, json: { "errors" => [error] })
|
|
152
154
|
end
|
|
155
|
+
|
|
156
|
+
def jwt_options
|
|
157
|
+
{}
|
|
158
|
+
end
|
|
153
159
|
end
|
|
154
160
|
end
|
|
155
161
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zaikio-jwt_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- crispymtn
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-08-02 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: activejob
|