Spec version 4.2

- Reword several paragraphs for improved clarity.

- Improved typographic consistency. **Bold** words are used exclusively for
  [RFC2199][rfc2119] keywords. _Italic_ words are used for emphasis. `Code`
  words are used for core algorithmic concepts (`id`, `secret`, `padlock`,
  etc.).

- Reordered example code to show the Typescript versions _first_ as that is the
  variation most people will be familiar with.

Fix Elixir builds by removing purely development and release tooling from
dependencies lower than the most recent supported version of Elixir (1.15).
This also causes formatter changes.

Signed-off-by: Austin Ziegler <[email protected]>

.github/workflows/elixir.yml

@@ -42,13 +42,13 @@ jobs:
           - elixir: '1.14'
             otp: '25'
             os: ubuntu-22.04
+          - elixir: '1.15'
+            otp: '26'
+            os: ubuntu-22.04
             check_formatted: true
             warnings_as_errors: true
             dialyzer: true
             credo: true
-          - elixir: '1.15'
-            otp: '26'
-            os: ubuntu-22.04
 
     runs-on: ${{ matrix.os }}
 

Changelog.md

@@ -8,6 +8,18 @@
 > - [Ruby](ruby/Changelog.md)
 > - [Typescript](ts/Changelog.md)
 
+## 4.2 / 2023-11-23
+
+- Reword several paragraphs for improved clarity.
+
+- Improved typographic consistency. **Bold** words are used exclusively for
+  [RFC2199][rfc2119] keywords. _Italic_ words are used for emphasis. `Code`
+  words are used for core algorithmic concepts (`id`, `secret`, `padlock`,
+  etc.).
+
+- Reordered example code to show the Typescript versions _first_ as that is the
+  variation most people will be familiar with.
+
 ## 4.1 / 2023-07-07
 
 - Security recommendations for the generation and in-memory use of application
@@ -16,3 +28,5 @@
 ## 4.0 / 2022-09-07
 
 - Initial public release as specification version 4.
+
+[rfc2119]: https://datatracker.ietf.org/doc/html/rfc2119

elixir/lib/app_identity/app.ex

@@ -45,7 +45,7 @@ defmodule AppIdentity.App do
   A 0-arity loader function that returns a map or struct that can be converted
   into an App struct.
   """
-  @type loader :: (() -> input | t | {:ok, input | t} | invalid_input)
+  @type loader :: (-> input | t | {:ok, input | t} | invalid_input)
 
   @typedoc """
   A finder function accepting a Proof struct parameter that returns a map or
@@ -66,7 +66,7 @@ defmodule AppIdentity.App do
   """
   @type t :: %__MODULE__{
           id: AppIdentity.id(),
-          secret: (() -> AppIdentity.secret()),
+          secret: (-> AppIdentity.secret()),
           version: AppIdentity.version(),
           config: config(),
           source: nil | term(),

elixir/mix.exs

@@ -50,32 +50,30 @@ defmodule AppIdentity.MixProject do
   end
 
   defp deps do
-    dialyxir =
-      if Version.compare(System.version(), "1.12.0") == :lt, do: "~> 1.3.0", else: "~> 1.4"
-
     poison =
       if Version.compare(System.version(), "1.11.0") == :lt,
         do: ">= 3.0.0 and < 6.0.0",
         else: ">= 3.0.0"
 
-    {ex_doc, extra} =
-      if Version.compare(System.version(), "1.11.0") == :lt do
-        {"~> 0.27.0", [{:earmark_parser, "1.4.19"}]}
-      else
-        {"~> 0.29", []}
-      end
-
     [
       {:jason, "~> 1.0", optional: true},
       {:plug, "~> 1.0", optional: true},
       {:poison, poison, optional: true},
       {:telemetry, "~> 0.4 or ~> 1.0", optional: true},
-      {:tesla, "~> 1.0", optional: true},
-      {:credo, "~> 1.0", only: [:dev], runtime: false},
-      {:dialyxir, dialyxir, only: [:dev], runtime: false},
-      {:ex_doc, ex_doc, only: [:dev], runtime: false},
-      {:secure_random, "~> 0.5", only: [:dev, :test]}
-    ] ++ extra
+      {:tesla, "~> 1.0", optional: true}
+    ] ++ dev_deps()
+  end
+
+  defp dev_deps do
+    if Version.compare(System.version(), "1.15.0") == :lt do
+      []
+    else
+      [
+        {:credo, "~> 1.0", only: [:dev], runtime: false},
+        {:dialyxir, "~> 1.4", only: [:dev], runtime: false},
+        {:ex_doc, "~> 0.29", only: [:dev], runtime: false}
+      ]
+    end
   end
 
   defp elixirc_paths(:test) do

elixir/support/support.ex

@@ -19,11 +19,11 @@ defmodule AppIdentity.Support do
   end
 
   def v1(fuzz \\ nil) do
-    secret = SecureRandom.hex(32)
+    secret = random_hex(32)
 
     output = %{
       version: 1,
-      id: SecureRandom.uuid(),
+      id: uuidv4(),
       secret: fn -> secret end
     }
 
@@ -118,4 +118,36 @@ defmodule AppIdentity.Support do
   def adjust_timestamp(timestamp, diff, :hours) do
     DateTime.add(timestamp, diff * 24 * 60, :second)
   end
+
+  # The following code is adapted from https://hex.pm/packages/secure_random,
+  # released under the Apache 2.0 license, copyright 2017 Patrick Robertson and
+  # contributors.
+
+  defp uuidv4 do
+    <<u0::48, _::4, u1::12, _::2, u2::62>> = :crypto.strong_rand_bytes(16)
+    <<g0::32, g1::16, g2::16, g3::16, g4::48>> = <<u0::48, 4::4, u1::12, 2::2, u2::62>>
+
+    hex_pad(g0, 8) <>
+      "-" <>
+      hex_pad(g1, 4) <>
+      "-" <>
+      hex_pad(g2, 4) <>
+      "-" <>
+      hex_pad(g3, 4) <>
+      "-" <>
+      hex_pad(g4, 12)
+  end
+
+  defp random_hex(length) do
+    Base.encode16(:crypto.strong_rand_bytes(length), case: :lower)
+  end
+
+  defp hex_pad(hex, count) do
+    hex = Integer.to_string(hex, 16)
+    lower(hex, :binary.copy("0", count - byte_size(hex)))
+  end
+
+  defp lower(<<h, t::binary>>, acc) when h in ?A..?F, do: lower(t, acc <> <<h + 32>>)
+  defp lower(<<h, t::binary>>, acc), do: lower(t, acc <> <<h>>)
+  defp lower(<<>>, acc), do: acc
 end