Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unscope JWT class to avoid conflict with JWT strategy #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+7 −7
Open

Unscope JWT class to avoid conflict with JWT strategy #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions lib/omniauth/strategies/azure_activedirectory.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -347,19 +347,19 @@ def validate_and_parse_id_token(id_token)
# If you're thinking that this looks ugly with the raw nil and boolean,
# see https://github.com/jwt/ruby-jwt/issues/59.
jwt_claims, jwt_header =
JWT.decode(id_token, nil, true, verify_options) do |header|
::JWT.decode(id_token, nil, true, verify_options) do |header|
# There should always be one key from the discovery endpoint that
# matches the id in the JWT header.
unless key = signing_keys.find{|k|
k['kid'] == header['kid']
}
fail JWT::VerificationError, 'No keys from key endpoint match the id token'
fail ::JWT::VerificationError, 'No keys from key endpoint match the id token'
end

# The key also contains other fields, such as n and e, that are
# redundant. x5c is sufficient to verify the id token.
if x5c = key['x5c'] and !x5c.empty?
OpenSSL::X509::Certificate.new(JWT::Decode.base64url_decode(x5c.first)).public_key
OpenSSL::X509::Certificate.new(::JWT::Decode.base64url_decode(x5c.first)).public_key
# no x5c, so we resort to e and n
elsif exp = key['e'] and mod = key['n']
key = OpenSSL::PKey::RSA.new
Expand All @@ -375,11 +375,11 @@ def validate_and_parse_id_token(id_token)
end
key.public_key
else
fail JWT::VerificationError, 'Key has no info for verification'
fail ::JWT::VerificationError, 'Key has no info for verification'
end
end
return jwt_claims, jwt_header if jwt_claims['nonce'] == read_nonce
fail JWT::DecodeError, 'Returned nonce did not match.'
fail ::JWT::DecodeError, 'Returned nonce did not match.'
end

def openssl_bn_for(s)
Expand All @@ -405,9 +405,9 @@ def validate_chash(code, claims, header)
# This maps RS256 -> sha256, ES384 -> sha384, etc.
algorithm = (header['alg'] || 'RS256').sub(/RS|ES|HS/, 'sha')
full_hash = OpenSSL::Digest.new(algorithm).digest code
c_hash = JWT::Encode.base64url_encode full_hash[0..full_hash.length / 2 - 1]
c_hash = ::JWT::Encode.base64url_encode full_hash[0..full_hash.length / 2 - 1]
return if c_hash == claims['c_hash']
fail JWT::VerificationError,
fail ::JWT::VerificationError,
'c_hash in id token does not match auth code.'
end

Expand Down