FEATURE: Support latest version of ruby-jwt to support core changes

This change is not backwards compatible. If you install the plugin on an earlier version of Discourse, the plugin will not initialize.

Author: davidtaylorhq

lib/omniauth_open_id_connect.rb

@@ -104,18 +104,23 @@ def id_token_info
  # Verify the claims in the JWT
  # The signature does not need to be verified because the
  # token was acquired via a direct server-server connection to the issuer
- @id_token_info ||= JWT.decode(
- access_token['id_token'], nil, false,
- :verify_iss => true,
- 'iss' => options[:client_options][:site],
- :verify_aud => true,
- 'aud' => options.client_id,
- :verify_sub => false,
- :verify_expiration => true,
- :verify_not_before => true,
- :verify_iat => true,
- :verify_jti => false
- ).first
+ @id_token_info ||= begin
+ decoded = JWT.decode(access_token['id_token'], nil, false).first
+
+ JWT::Verify.verify_claims(decoded,
+ verify_iss: true,
+ iss: options[:client_options][:site],
+ verify_aud: true,
+ aud: options.client_id,
+ verify_sub: false,
+ verify_expiration: true,
+ verify_not_before: true,
+ verify_iat: true,
+ verify_jti: false
+ )
+
+ decoded
+ end
  end
 
  def userinfo_response

plugin.rb

@@ -54,5 +54,10 @@ def register_middleware(omniauth)
  end
 end
 
-auth_provider authenticator: OpenIDConnectAuthenticator.new(),
- full_screen_login: true
+# TODO: remove this check once Discourse 2.2 is released
+if Gem.loaded_specs['jwt'].version > Gem::Version.create('2.0')
+ auth_provider authenticator: OpenIDConnectAuthenticator.new(),
+ full_screen_login: true
+else
+ STDERR.puts "WARNING: discourse-openid-connect requires Discourse v2.2.0.beta7 or above. The plugin will not be loaded."
+end