Supports Ruby 3.0, Oauth2 2.0 , JWT 2.9.3

.reek.yml

@@ -53,7 +53,6 @@ detectors:
     enabled: true
     exclude: []
     max_allowed_nesting: 2
-    ignore_iterators: []
   NilCheck:
     enabled: false
     exclude: []

.rubocop.yml

@@ -1,7 +1,8 @@
 AllCops:
-  TargetRubyVersion:  2.5
+  TargetRubyVersion:  3.0
   Exclude:
     - lib/generators/apple_auth/apple_auth_controller/templates/**
+  NewCops: disable
 
 Style/Documentation:
   Enabled: false
@@ -13,6 +14,10 @@ Lint/AmbiguousBlockAssociation:
   Exclude:
     - spec/**/*
 
+Lint/ConstantDefinitionInBlock:
+  Exclude:
+    - spec/**/*
+
 Metrics/AbcSize:
   # The ABC size is a calculated magnitude, so this number can be an Integer or
   # a Float.
@@ -25,7 +30,7 @@ Metrics/BlockLength:
     - '*.gemspec'
     - config/**/*
     - spec/**/*
-  ExcludedMethods:
+  AllowedMethods:
     - class_methods
 
 Metrics/BlockNesting:

apple_auth.gemspec

@@ -6,39 +6,44 @@ Gem::Specification.new do |spec|
   spec.name          = 'apple_auth'
   spec.version       = AppleAuth::Base::VERSION
   spec.authors       = ['Timothy Peraza, Antonieta Alvarez, Martín Morón']
-  spec.email         = ['[email protected], [email protected], [email protected]']
+  spec.email         = ['[email protected], ' \
+                        '[email protected] ,' \
+                        '[email protected]']
 
-  spec.summary       = 'Integration with Apple Sign In and Devise for backend. Validate and Verify user token.'
+  spec.summary       = 'Integration with Apple Sign In and Devise for backend.' \
+                       'Validate and Verify user token.'
   spec.homepage      = 'https://github.com/rootstrap/apple_auth'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 3.0.0')
 
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://github.com/rootstrap/apple_auth'
   spec.metadata['changelog_uri'] = 'https://github.com/rootstrap/apple_auth'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
   # Production dependencies
-  spec.add_dependency 'jwt', '~> 2.2'
-  spec.add_dependency 'oauth2', '~> 1.4'
+  spec.add_dependency 'jwt', '~> 2.9.3'
+  spec.add_dependency 'oauth2', '~> 2.0'
 
   # Development dependencies
-  spec.add_development_dependency 'generator_spec', '~> 0.9.4'
   spec.add_development_dependency 'byebug', '~> 11.1'
+  spec.add_development_dependency 'drb' # Will be removed from the standard library in Ruby 3.4
+  spec.add_development_dependency 'generator_spec', '~> 0.9.4'
+  spec.add_development_dependency 'mutex_m' # Will be removed from the standard library in Ruby 3.4
+  spec.add_development_dependency 'parser', '~> 3.0'
   spec.add_development_dependency 'railties', '~> 6.0'
   spec.add_development_dependency 'rake', '~> 13.0'
-  spec.add_development_dependency 'reek', '~> 5.6'
+  spec.add_development_dependency 'reek', '~> 6.1'
   spec.add_development_dependency 'rspec', '~> 3.9'
-  spec.add_development_dependency 'rubocop', '~> 0.80'
-  spec.add_development_dependency 'parser', '~> 2.7.1.1'
+  spec.add_development_dependency 'rubocop', '~> 1.3'
   spec.add_development_dependency 'simplecov', '~> 0.17.1'
   spec.add_development_dependency 'webmock', '~> 3.8'
 end

lib/apple_auth/base/version.rb

@@ -2,6 +2,7 @@
 
 module AppleAuth
   module Base
-    VERSION = '1.1.0'
+    # Updated major version as the gem is now compatible with Ruby 3.0 and OAuth2 2.0
+    VERSION = '2.0.0'
   end
 end

lib/apple_auth/helpers/jwt_conditions.rb

@@ -19,8 +19,9 @@ def initialize(user_identity, decoded_jwt)
     end
 
     def validate!
-      JWT::ClaimsValidator.new(decoded_jwt).validate! && validate_sub! && jwt_conditions_validate!
-    rescue JWT::InvalidPayload => e
+      ::JWT::Claims.verify_payload!(decoded_jwt, :exp,
+                                    :iat).nil? && validate_sub! && jwt_conditions_validate!
+    rescue JWT::DecodeError => e
       raise JWTValidationError, e.message
     end
 

lib/apple_auth/helpers/jwt_server_conditions.rb

@@ -17,8 +17,8 @@ def initialize(decoded_jwt)
     end
 
     def validate!
-      JWT::ClaimsValidator.new(decoded_jwt).validate! && jwt_conditions_validate!
-    rescue JWT::InvalidPayload => e
+      ::JWT::Claims.verify_payload!(decoded_jwt, :iat).nil? && jwt_conditions_validate!
+    rescue JWT::DecodeError => e
       raise JWTValidationError, e.message
     end
 

lib/apple_auth/token.rb

@@ -63,7 +63,7 @@ def request_header
 
     def gen_private_key
       key = AppleAuth.config.apple_private_key
-      key = OpenSSL::PKey::EC.new(key) unless key.class == OpenSSL::PKey::EC
+      key = OpenSSL::PKey::EC.new(key) unless key.instance_of?(OpenSSL::PKey::EC)
       key
     end
 
@@ -75,6 +75,18 @@ def client_urls
       }
     end
 
+    # Apple seems to expect the auth_scheme to be on
+    # the body, the default is :basic_auth
+    def auth_scheme
+      {
+        auth_scheme: :request_body
+      }
+    end
+
+    def oauth_options
+      client_urls.merge(auth_scheme)
+    end
+
     def reponse_hash(access_token)
       token_hash = { access_token: access_token.token }
 
@@ -91,7 +103,7 @@ def reponse_hash(access_token)
     def apple_access_token
       client = ::OAuth2::Client.new(APPLE_CONFIG.apple_client_id,
                                     client_secret_from_jwt,
-                                    client_urls)
+                                    oauth_options)
       client.auth_code.get_token(code, { redirect_uri: APPLE_CONFIG.redirect_uri }, {})
     end
   end

spec/helpers/jwt_conditions_spec.rb

@@ -39,7 +39,7 @@
 
     context 'when jwt has incorrect type attributes' do
       context 'when exp is not a integer' do
-        let(:jwt_exp) { Time.now + 5.minutes }
+        let(:jwt_exp) { 'Invalid' } # Dates are now valid on JWT library
 
         it 'raises an exception' do
           expect { jwt_conditions_helper.validate! }.to raise_error(
@@ -94,7 +94,7 @@
 
       it 'raises an exception' do
         expect { jwt_conditions_helper.validate! }.to raise_error(
-          AppleAuth::Conditions::JWTValidationError, 'Expired jwt_exp'
+          AppleAuth::Conditions::JWTValidationError, 'Signature has expired'
         )
       end
     end
@@ -104,7 +104,7 @@
 
       it 'raises an exception' do
         expect { jwt_conditions_helper.validate! }.to raise_error(
-          AppleAuth::Conditions::JWTValidationError, 'jwt_iat is greater than now'
+          AppleAuth::Conditions::JWTValidationError, 'Invalid iat'
         )
       end
     end

spec/helpers/jwt_server_conditions_spec.rb

@@ -74,7 +74,7 @@
 
       it 'raises an exception' do
         expect { jwt_conditions_helper.validate! }.to raise_error(
-          AppleAuth::Conditions::JWTValidationError, 'jwt_iat is greater than now'
+          AppleAuth::Conditions::JWTValidationError, 'Invalid iat'
         )
       end
     end

spec/token_spec.rb

@@ -3,39 +3,38 @@
 RSpec.describe AppleAuth::Token do
   subject(:token_service) { described_class.new(code) }
 
+  MockedData = Struct.new(:token, :expired?, :expires?, :refresh_token, :expires_at) do
+    def refresh!
+      self
+    end
+  end
+
   context '#authenticate!' do
     context 'when parameters are valid' do
       let(:code) { 'valid_code' }
 
       before do
         AppleAuth.config.apple_client_id = 'client_id'
-        AppleAuth.config.apple_private_key = OpenSSL::PKey::EC.new('prime256v1').generate_key!
+        AppleAuth.config.apple_private_key = OpenSSL::PKey::EC.generate('prime256v1')
         AppleAuth.config.apple_key_id = 'apple_kid'
         AppleAuth.config.apple_team_id = 'team_id'
         AppleAuth.config.redirect_uri = 'www.example.com'
       end
 
-      context 'when the acces token is not expired' do
+      context 'when the access token is not expired' do
         before do
-          mocked_data = OpenStruct.new(token: '1234', 'expired?': false)
+          mocked_data = MockedData.new('1234', false)
           allow(token_service).to receive(:apple_access_token).and_return(mocked_data)
         end
 
         it 'returns a hash with the corresponding access_token and expired value' do
-          expect(token_service.authenticate!).to include(
-            {
-              access_token: '1234'
-            }
-          )
+          expect(token_service.authenticate!).to include({ access_token: '1234' })
         end
       end
 
-      context 'when the acces token is expired' do
+      context 'when the access token is expired' do
         before do
-          mocked_data = OpenStruct.new('expired?': true,
-                                       'expires?': true,
-                                       refresh_token: '4321',
-                                       expires_at: 1_594_667_034)
+          mocked_data = MockedData.new(nil, true, true, '4321', 1_594_667_034)
           allow(token_service).to receive(:apple_access_token).and_return(mocked_data)
         end