Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix(client_id): include options.client_id in authorized id_info[:aud] #119

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(client_id): include options.client_id in authorized id_info[:aud] #119

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions lib/omniauth/strategies/apple.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,10 @@ def callback_url

private

def authorized_client_ids
[options.client_id].concat(options.authorized_client_ids)
end

def new_nonce
session['omniauth.nonce'] = SecureRandom.urlsafe_base64(16)
end
Expand Down Expand Up @@ -113,7 +117,7 @@ def verify_iss!(id_token)
end

def verify_aud!(id_token)
invalid_claim! :aud unless [options.client_id].concat(options.authorized_client_ids).include?(id_token[:aud])
invalid_claim! :aud unless authorized_client_ids.include?(id_token[:aud])
end

def verify_iat!(id_token)
Expand All @@ -135,8 +139,8 @@ def invalid_claim!(claim)
def client_id
@client_id ||= if id_info.nil?
options.client_id
else
id_info[:aud] if options.authorized_client_ids.include? id_info[:aud]
elsif authorized_client_ids.include?(id_info[:aud])
id_info[:aud]
end
end

Expand Down