From 2e9841e08401f8cca5f2ac5db10c5999f8eaab5f Mon Sep 17 00:00:00 2001
From: Jurriaan Pruis <email@jurriaanpruis.nl>
Date: Fri, 15 Sep 2017 15:53:38 +0200
Subject: [PATCH] Support ruby-jwt 2.0

This version of ruby-jwt requires specification of the algorithm (see
jwt/ruby-jwt#184) for more information.

I've created a PR on signet to. That has to be merged before ruby-jwt
2.0 can be really used (see https://github.com/google/signet/pull/93).

Tested locally against ruby-jwt 2.0 and 1.5.6.
---
 googleauth.gemspec                      | 2 +-
 spec/googleauth/service_account_spec.rb | 5 +++--
 spec/googleauth/signet_spec.rb          | 3 ++-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/googleauth.gemspec b/googleauth.gemspec
index c604a6d..370857f 100755
--- a/googleauth.gemspec
+++ b/googleauth.gemspec
@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'faraday', '~> 0.12'
   s.add_dependency 'logging', '~> 2.0'
-  s.add_dependency 'jwt', '~> 1.4'
+  s.add_dependency 'jwt', '>= 1.4', '< 3.0'
   s.add_dependency 'memoist', '~> 0.12'
   s.add_dependency 'multi_json', '~> 1.11'
   s.add_dependency 'os', '~> 0.9'
diff --git a/spec/googleauth/service_account_spec.rb b/spec/googleauth/service_account_spec.rb
index 679c0ef..26bbcba 100644
--- a/spec/googleauth/service_account_spec.rb
+++ b/spec/googleauth/service_account_spec.rb
@@ -54,7 +54,7 @@ shared_examples 'jwt header auth' do
       expect(hdr).to_not be_nil
       expect(hdr.start_with?(auth_prefix)).to be true
       authorization = hdr[auth_prefix.length..-1]
-      payload, = JWT.decode(authorization, @key.public_key)
+      payload, = JWT.decode(authorization, @key.public_key, true, algorithm: 'RS256')
       expect(payload['aud']).to eq(test_uri)
       expect(payload['iss']).to eq(client_email)
     end
@@ -135,7 +135,8 @@ describe Google::Auth::ServiceAccountCredentials do
     blk = proc do |request|
       params = Addressable::URI.form_unencode(request.body)
       _claim, _header = JWT.decode(params.assoc('assertion').last,
-                                   @key.public_key)
+                                   @key.public_key, true,
+                                   algorithm: 'RS256')
     end
     stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token')
       .with(body: hash_including(
diff --git a/spec/googleauth/signet_spec.rb b/spec/googleauth/signet_spec.rb
index dab6ed5..608dfb0 100644
--- a/spec/googleauth/signet_spec.rb
+++ b/spec/googleauth/signet_spec.rb
@@ -57,7 +57,8 @@ describe Signet::OAuth2::Client do
     blk = proc do |request|
       params = Addressable::URI.form_unencode(request.body)
       _claim, _header = JWT.decode(params.assoc('assertion').last,
-                                   @key.public_key)
+                                   @key.public_key, true,
+                                   algorithm: 'RS256')
     end
     stub_request(:post, 'https://accounts.google.com/o/oauth2/token')
       .with(body: hash_including(