Module: ApiGuard::JwtAuth::JsonWebToken

Included in:

Test::ControllerHelper

Defined in:

lib/api_guard/jwt_auth/json_web_token.rb

Overview

Common module for JWT operations

Instance Method Summary

• #create_token_and_set_header(resource, resource_name) ⇒ Object

  Create tokens and set response headers.

• #current_time ⇒ Object
• #decode(token, verify = true) ⇒ Object

  Decode the JWT token and return the payload.

• #encode(payload) ⇒ Object

  Encode the payload with the secret key and return the JWT token.

• #invalidate_old_jwt_tokens(resource) ⇒ Object

  Set token issued at to current timestamp to restrict access to old access(JWT) tokens.

• #jwt_and_refresh_token(resource, resource_name, expired_token = false) ⇒ Object

  Create a JWT token with resource detail in payload.

• #set_token_headers(token, refresh_token = nil) ⇒ Object

  Set token details in response headers.

• #token_expire_at ⇒ Object
• #token_issued_at ⇒ Object

Instance Method Details

#create_token_and_set_header(resource, resource_name) ⇒ Object

Create tokens and set response headers

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 46

def create_token_and_set_header(resource, resource_name)
  access_token, refresh_token = jwt_and_refresh_token(resource, resource_name)
  set_token_headers(access_token, refresh_token)
end

#current_time ⇒ Object

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 7

def current_time
  @current_time ||= Time.now.utc
end

#decode(token, verify = true) ⇒ Object

Decode the JWT token and return the payload

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 25

def decode(token, verify = true)
  HashWithIndifferentAccess.new(
    JWT.decode(token, ApiGuard.token_signing_secret, verify, verify_iat: true)[0]
  )
end

#encode(payload) ⇒ Object

Encode the payload with the secret key and return the JWT token

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 20

def encode(payload)
  JWT.encode(payload, ApiGuard.token_signing_secret)
end

#invalidate_old_jwt_tokens(resource) ⇒ Object

Set token issued at to current timestamp to restrict access to old access(JWT) tokens

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 60

def invalidate_old_jwt_tokens(resource)
  return unless ApiGuard.invalidate_old_tokens_on_password_change

  resource.token_issued_at = Time.at(token_issued_at).utc
end

#jwt_and_refresh_token(resource, resource_name, expired_token = false) ⇒ Object

Create a JWT token with resource detail in payload. Also, create refresh token if enabled for the resource.

This creates expired JWT token if the argument ‘expired_token’ is true which can be used for testing.

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 35

def jwt_and_refresh_token(resource, resource_name, expired_token = false)
  access_token = encode(
    "#{resource_name}_id": resource.id,
    exp: expired_token ? token_issued_at : token_expire_at,
    iat: token_issued_at
  )

  [access_token, new_refresh_token(resource)]
end

#set_token_headers(token, refresh_token = nil) ⇒ Object

Set token details in response headers

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 52

def set_token_headers(token, refresh_token = nil)
  response.headers['Access-Token'] = token
  response.headers['Refresh-Token'] = refresh_token if refresh_token
  response.headers['Expire-At'] = token_expire_at.to_s
end

#token_expire_at ⇒ Object

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 11

def token_expire_at
  @expire_at ||= (current_time + ApiGuard.token_validity).to_i
end

#token_issued_at ⇒ Object

# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 15

def token_issued_at
  @issued_at ||= current_time.to_i
end