From 3cca830f53204f3bde09ae35f5940934abe8bf1d Mon Sep 17 00:00:00 2001
From: Jurriaan Pruis <email@jurriaanpruis.nl>
Date: Fri, 15 Sep 2017 15:25:22 +0200
Subject: [PATCH 1/2] Support ruby-jwt 2.0

This version of ruby-jwt requires specification of the algorithm (see
https://github.com/jwt/ruby-jwt/pull/184) for more information.
---
 lib/signet/oauth_2/client.rb       |  1 +
 signet.gemspec                     |  2 +-
 spec/signet/oauth_2/client_spec.rb | 12 ++++++------
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/lib/signet/oauth_2/client.rb b/lib/signet/oauth_2/client.rb
index bca3474..f74b89a 100644
--- a/lib/signet/oauth_2/client.rb
+++ b/lib/signet/oauth_2/client.rb
@@ -709,6 +709,7 @@ def id_token=(new_id_token)
       #
       # @return [String] The decoded ID token.
       def decoded_id_token(public_key=nil, options = {})
+        options[:algorithm] ||= signing_algorithm
         payload, _header = JWT.decode(self.id_token, public_key, !!public_key, options)
         if !payload.has_key?('aud')
           raise Signet::UnsafeOperationError, 'No ID token audience declared.'
diff --git a/signet.gemspec b/signet.gemspec
index 7047651..74a5390 100644
--- a/signet.gemspec
+++ b/signet.gemspec
@@ -27,7 +27,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'addressable', '~> 2.3'
   s.add_runtime_dependency 'faraday', '~> 0.9'
   s.add_runtime_dependency 'multi_json', '~> 1.10'
-  s.add_runtime_dependency 'jwt', '~> 1.5'
+  s.add_runtime_dependency 'jwt', '>= 1.5', '< 3.0'
 
   s.add_development_dependency 'rake', '~> 10.0'
   s.add_development_dependency 'yard', '~> 0.8'
diff --git a/spec/signet/oauth_2/client_spec.rb b/spec/signet/oauth_2/client_spec.rb
index e4e4f8b..832b359 100644
--- a/spec/signet/oauth_2/client_spec.rb
+++ b/spec/signet/oauth_2/client_spec.rb
@@ -199,7 +199,7 @@ def build_form_encoded_response(payload)
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
       expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
@@ -210,7 +210,7 @@ def build_form_encoded_response(payload)
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -222,7 +222,7 @@ def build_form_encoded_response(payload)
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -234,7 +234,7 @@ def build_form_encoded_response(payload)
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key.public_key, true)
+      claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["sub"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
@@ -258,7 +258,7 @@ def build_form_encoded_response(payload)
       stubs = Faraday::Adapter::Test::Stubs.new do |stub|
         stub.post('/o/oauth2/token') do |env|
           params = Addressable::URI.form_unencode(env[:body])
-          claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key)
+          claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key, true, algorithm: 'RS256')
           expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
           build_json_response({
             "access_token" => "1/abcdef1234567890",
@@ -294,7 +294,7 @@ def build_form_encoded_response(payload)
       jwt = @client.to_jwt
       expect(jwt).not_to be_nil
 
-      claim, header = JWT.decode(jwt, @key, true)
+      claim, header = JWT.decode(jwt, @key, true, algorithm: 'HS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
       expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'

From 246d51ef1579ff333b7704af1d5abfda92305a46 Mon Sep 17 00:00:00 2001
From: Jurriaan Pruis <email@jurriaanpruis.nl>
Date: Mon, 18 Sep 2017 13:54:51 +0200
Subject: [PATCH 2/2] Use specific version of JRuby to fix CI for now

---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 6caee01..7fd147e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@ rvm:
   - 2.2.5
   - 2.1
   - 2.0.0
-  - jruby-9000
+  - jruby-9.1.9.0
 script: "rake spec:all"
 before_install:
  - sudo apt-get update