diff --git a/.travis.yml b/.travis.yml index 6caee01..7fd147e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,7 @@ rvm: - 2.2.5 - 2.1 - 2.0.0 - - jruby-9000 + - jruby-9.1.9.0 script: "rake spec:all" before_install: - sudo apt-get update diff --git a/lib/signet/oauth_2/client.rb b/lib/signet/oauth_2/client.rb index bca3474..f74b89a 100644 --- a/lib/signet/oauth_2/client.rb +++ b/lib/signet/oauth_2/client.rb @@ -709,6 +709,7 @@ def id_token=(new_id_token) # # @return [String] The decoded ID token. def decoded_id_token(public_key=nil, options = {}) + options[:algorithm] ||= signing_algorithm payload, _header = JWT.decode(self.id_token, public_key, !!public_key, options) if !payload.has_key?('aud') raise Signet::UnsafeOperationError, 'No ID token audience declared.' diff --git a/signet.gemspec b/signet.gemspec index 7047651..74a5390 100644 --- a/signet.gemspec +++ b/signet.gemspec @@ -27,7 +27,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency 'addressable', '~> 2.3' s.add_runtime_dependency 'faraday', '~> 0.9' s.add_runtime_dependency 'multi_json', '~> 1.10' - s.add_runtime_dependency 'jwt', '~> 1.5' + s.add_runtime_dependency 'jwt', '>= 1.5', '< 3.0' s.add_development_dependency 'rake', '~> 10.0' s.add_development_dependency 'yard', '~> 0.8' diff --git a/spec/signet/oauth_2/client_spec.rb b/spec/signet/oauth_2/client_spec.rb index e4e4f8b..832b359 100644 --- a/spec/signet/oauth_2/client_spec.rb +++ b/spec/signet/oauth_2/client_spec.rb @@ -199,7 +199,7 @@ def build_form_encoded_response(payload) jwt = @client.to_jwt expect(jwt).not_to be_nil - claim, header = JWT.decode(jwt, @key.public_key, true) + claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256') expect(claim["iss"]).to eq 'app@example.com' expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile' expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token' @@ -210,7 +210,7 @@ def build_form_encoded_response(payload) jwt = @client.to_jwt expect(jwt).not_to be_nil - claim, header = JWT.decode(jwt, @key.public_key, true) + claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256') expect(claim["iss"]).to eq 'app@example.com' expect(claim["prn"]).to eq 'user@example.com' expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile' @@ -222,7 +222,7 @@ def build_form_encoded_response(payload) jwt = @client.to_jwt expect(jwt).not_to be_nil - claim, header = JWT.decode(jwt, @key.public_key, true) + claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256') expect(claim["iss"]).to eq 'app@example.com' expect(claim["prn"]).to eq 'user@example.com' expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile' @@ -234,7 +234,7 @@ def build_form_encoded_response(payload) jwt = @client.to_jwt expect(jwt).not_to be_nil - claim, header = JWT.decode(jwt, @key.public_key, true) + claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256') expect(claim["iss"]).to eq 'app@example.com' expect(claim["sub"]).to eq 'user@example.com' expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile' @@ -258,7 +258,7 @@ def build_form_encoded_response(payload) stubs = Faraday::Adapter::Test::Stubs.new do |stub| stub.post('/o/oauth2/token') do |env| params = Addressable::URI.form_unencode(env[:body]) - claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key) + claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key, true, algorithm: 'RS256') expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer'] build_json_response({ "access_token" => "1/abcdef1234567890", @@ -294,7 +294,7 @@ def build_form_encoded_response(payload) jwt = @client.to_jwt expect(jwt).not_to be_nil - claim, header = JWT.decode(jwt, @key, true) + claim, header = JWT.decode(jwt, @key, true, algorithm: 'HS256') expect(claim["iss"]).to eq 'app@example.com' expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile' expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'