Skip to content

Commit

Permalink
feat: remove json-jwt, migrate ruby-jwt
Browse files Browse the repository at this point in the history
  • Loading branch information
kristof-mattei committed Nov 2, 2022
1 parent e8f2d13 commit 9eea736
Show file tree
Hide file tree
Showing 8 changed files with 36 additions and 30 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

- [#] Add here

## Unreleased next

- [#???] Replace `json-jwt` with `ruby-jwt` to align with doorkeeper-jwt.

## v1.8.2 (2022-07-13)

- [#168] Allow to use custom doorkeeper access grant model (thanks @nov).
Expand Down
2 changes: 1 addition & 1 deletion doorkeeper-openid_connect.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Gem::Specification.new do |spec|
spec.required_ruby_version = '>= 2.6'

spec.add_runtime_dependency 'doorkeeper', '>= 5.5', '< 5.7'
spec.add_runtime_dependency 'json-jwt', '>= 1.15.0'
spec.add_runtime_dependency 'jwt', '>= 2.5'

spec.add_development_dependency 'conventional-changelog', '~> 1.2'
spec.add_development_dependency 'factory_bot'
Expand Down
14 changes: 3 additions & 11 deletions lib/doorkeeper/openid_connect.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

require 'doorkeeper'
require 'active_model'
require 'json/jwt'
require 'jwt'

require 'doorkeeper/request'
require 'doorkeeper/request/id_token'
Expand Down Expand Up @@ -48,19 +48,11 @@ def self.signing_key
else
OpenSSL::PKey.read(configuration.signing_key)
end
JSON::JWK.new(key)
JWT::JWK.new(key)
end

def self.signing_key_normalized
key = signing_key
case key[:kty].to_sym
when :RSA
key.slice(:kty, :kid, :e, :n)
when :EC
key.slice(:kty, :kid, :crv, :x, :y)
when :oct
key.slice(:kty, :kid)
end
signing_key.export
end

Doorkeeper::GrantFlow.register(
Expand Down
7 changes: 4 additions & 3 deletions lib/doorkeeper/openid_connect/id_token.rb
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,10 @@ def as_json(*_)
end

def as_jws_token
JSON::JWT.new(as_json).sign(
Doorkeeper::OpenidConnect.signing_key,
Doorkeeper::OpenidConnect.signing_algorithm
JWT.encode(as_json,
Doorkeeper::OpenidConnect.signing_key.keypair,
Doorkeeper::OpenidConnect.signing_algorithm.to_s,
{ kid: Doorkeeper::OpenidConnect.signing_key.kid }
).to_s
end

Expand Down
3 changes: 3 additions & 0 deletions spec/dummy/config/initializers/jwt.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# frozen_string_literal: true

JWT.configuration.jwk.kid_generator_type = :rfc7638_thumbprint
9 changes: 7 additions & 2 deletions spec/lib/id_token_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,13 @@
describe '#as_jws_token' do
shared_examples 'a jws token' do
it 'returns claims encoded as JWT' do
jwt = JSON::JWT.decode_compact_serialized subject.as_jws_token, Doorkeeper::OpenidConnect.signing_key
expect(jwt.to_hash).to eq subject.as_json.stringify_keys
algorithms = [Doorkeeper::OpenidConnect.signing_algorithm.to_s]

data, headers = JWT.decode subject.as_jws_token, Doorkeeper::OpenidConnect.signing_key.keypair, true, { algorithms: algorithms }

expect(data.to_hash).to eq subject.as_json.stringify_keys
expect(headers["kid"]).to eq Doorkeeper::OpenidConnect.signing_key.kid
expect(headers["alg"]).to eq Doorkeeper::OpenidConnect.signing_algorithm.to_s
end
end

Expand Down
26 changes: 13 additions & 13 deletions spec/lib/openid_connect_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,19 @@

describe '.signing_key' do
it 'returns the private key as JWK instance' do
expect(subject.signing_key).to be_instance_of JSON::JWK
expect(subject.signing_key[:kid]).to eq 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA'
expect(subject.signing_key).to be_a JWT::JWK::KeyBase
expect(subject.signing_key.kid).to eq 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA'
end
end

describe '.signing_key_normalized' do
context 'when signing key is RSA' do
it 'returns the RSA public key parameters' do
expect(subject.signing_key_normalized).to eq(
'kty' => :RSA,
'kid' => 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA',
'e' => 'AQAB',
'n' => 'sjdnSA6UWUQQHf6BLIkIEUhMRNBJC1NN_pFt1EJmEiI88GS0ceROO5B5Ooo9Y3QOWJ_n-u1uwTHBz0HCTN4wgArWd1TcqB5GQzQRP4eYnWyPfi4CfeqAHzQp-v4VwbcK0LW4FqtW5D0dtrFtI281FDxLhARzkhU2y7fuYhL8fVw5rUhE8uwvHRZ5CEZyxf7BSHxIvOZAAymhuzNLATt2DGkDInU1BmF75tEtBJAVLzWG_j4LPZh1EpSdfezqaXQlcy9PJi916UzTl0P7Yy-ulOdUsMlB6yo8qKTY1-AbZ5jzneHbGDU_O8QjYvii1WDmJ60t0jXicmOkGrOhruOptw'
:kty => 'RSA',
:kid => 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA',
:e => 'AQAB',
:n => 'sjdnSA6UWUQQHf6BLIkIEUhMRNBJC1NN_pFt1EJmEiI88GS0ceROO5B5Ooo9Y3QOWJ_n-u1uwTHBz0HCTN4wgArWd1TcqB5GQzQRP4eYnWyPfi4CfeqAHzQp-v4VwbcK0LW4FqtW5D0dtrFtI281FDxLhARzkhU2y7fuYhL8fVw5rUhE8uwvHRZ5CEZyxf7BSHxIvOZAAymhuzNLATt2DGkDInU1BmF75tEtBJAVLzWG_j4LPZh1EpSdfezqaXQlcy9PJi916UzTl0P7Yy-ulOdUsMlB6yo8qKTY1-AbZ5jzneHbGDU_O8QjYvii1WDmJ60t0jXicmOkGrOhruOptw'
)
end
end
Expand All @@ -33,11 +33,11 @@

it 'returns the EC public key parameters' do
expect(subject.signing_key_normalized).to eq(
'kty' => :EC,
'kid' => 'dOx_AhaepicN2r2M-sxZhgkYZMCX7dYhPsNOw1ZiFnI',
'crv' => :'P-521',
'x' => 'AeYVvbl3zZcFCdE-0msqOowYODjzeXAhjsZKhdNjGlDREvko3UFOw6S43g-s8bvVBmBz3fCodEzFRYQqJVI4UFvF',
'y' => 'AYJ7GYeBm_Fb6liN53xGASdbRSzF34h4BDSVYzjtQc7I-1LK17fwwS3VfQCJwaT6zX33HTrhR4VoUEUJHKwR3dNs'
:kty => 'EC',
:kid => 'dOx_AhaepicN2r2M-sxZhgkYZMCX7dYhPsNOw1ZiFnI',
:crv => 'P-521',
:x => 'AeYVvbl3zZcFCdE-0msqOowYODjzeXAhjsZKhdNjGlDREvko3UFOw6S43g-s8bvVBmBz3fCodEzFRYQqJVI4UFvF',
:y => 'AYJ7GYeBm_Fb6liN53xGASdbRSzF34h4BDSVYzjtQc7I-1LK17fwwS3VfQCJwaT6zX33HTrhR4VoUEUJHKwR3dNs'
)
end
end
Expand All @@ -47,8 +47,8 @@

it 'returns the HMAC public key parameters' do
expect(subject.signing_key_normalized).to eq(
'kty' => :oct,
'kid' => 'lyAW7LdxryFWQtLdgxZpOrI87APHrzJKgWLT0BkWVog'
:kty => 'oct',
:kid => 'lyAW7LdxryFWQtLdgxZpOrI87APHrzJKgWLT0BkWVog'
)
end
end
Expand Down
1 change: 1 addition & 0 deletions spec/rails_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@

# Reinitialize configuration after each example
config.after do
load Rails.root.join('config/initializers/jwt.rb')
load Rails.root.join('config/initializers/doorkeeper.rb')
load Rails.root.join('config/initializers/doorkeeper_openid_connect.rb')
end
Expand Down

0 comments on commit 9eea736

Please sign in to comment.