Class: JSON::JWT

Inherits:
ActiveSupport::HashWithIndifferentAccess
  • Object
show all
Includes:
JOSE
Defined in:
lib/json/jwt.rb

Direct Known Subclasses

JWS

Defined Under Namespace

Classes: Exception, InvalidFormat, UnexpectedAlgorithm, VerificationFailed

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from JOSE

#with_jwk_support

Constructor Details

#initialize(claims = {}) ⇒ JWT

Returns a new instance of JWT.



19
20
21
22
23
24
25
26
27
 
# File 'lib/json/jwt.rb', line 19

def initialize(claims = {})
  @content_type = 'application/jwt'
  self.typ = :JWT
  self.alg = :none
  [:exp, :nbf, :iat].each do |key|
    claims[key] = claims[key].to_i if claims[key]
  end
  update claims
end

Instance Attribute Details

#signatureObject

Returns the value of attribute signature.



10
11
12
 
# File 'lib/json/jwt.rb', line 10

def signature
  @signature
end

Class Method Details

.decode_compact_serialized(jwt_string, key_or_secret) ⇒ Object 



83
84
85
86
87
88
89
90
91
92
 
# File 'lib/json/jwt.rb', line 83

def decode_compact_serialized(jwt_string, key_or_secret)
  case jwt_string.count('.') + 1
  when JWS::NUM_OF_SEGMENTS
    JWS.decode_compact_serialized jwt_string, key_or_secret
  when JWE::NUM_OF_SEGMENTS
    JWE.decode_compact_serialized jwt_string, key_or_secret
  else
    raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
  end
end

.decode_json_serialized(input, key_or_secret) ⇒ Object 



94
95
96
97
98
99
100
101
102
103
 
# File 'lib/json/jwt.rb', line 94

def decode_json_serialized(input, key_or_secret)
  input = input.with_indifferent_access
  if (input[:signatures] || input[:signature]).present?
    JWS.decode_json_serialized input, key_or_secret
  elsif input[:ciphertext].present?
    JWE.decode_json_serialized input, key_or_secret
  else
    raise InvalidFormat.new("Unexpected JOSE JSON Serialization Format.")
  end
end

Instance Method Details

#as_json(options = {}) ⇒ Object 



61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/json/jwt.rb', line 61

def as_json(options = {})
  case options[:syntax]
  when :general
    {
      payload: UrlSafeBase64.encode64(self.to_json),
      signatures: [{
        protected: UrlSafeBase64.encode64(header.to_json),
        signature: UrlSafeBase64.encode64(signature.to_s)
      }]
    }
  when :flattened
    {
      protected: UrlSafeBase64.encode64(header.to_json),
      payload:   UrlSafeBase64.encode64(self.to_json),
      signature: UrlSafeBase64.encode64(signature.to_s)
    }
  else
    super
  end
end

#encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256') ⇒ Object 



43
44
45
46
47
48
49
 
# File 'lib/json/jwt.rb', line 43

def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
  jwe = JWE.new self
  jwe.kid ||= public_key_or_secret[:kid] if public_key_or_secret.is_a? JSON::JWK
  jwe.alg = algorithm
  jwe.enc = encryption_method
  jwe.encrypt! public_key_or_secret
end

#sign(private_key_or_secret, algorithm = :autodetect) ⇒ Object 



29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/json/jwt.rb', line 29

def sign(private_key_or_secret, algorithm = :autodetect)
  if algorithm == :autodetect
    # NOTE:
    #  I'd like to make :RS256 default.
    #  However, by histrical reasons, :HS256 was default.
    #  This code is needed to keep legacy behavior.
    algorithm = private_key_or_secret.is_a?(String) ? :HS256 : :RS256
  end
  jws = JWS.new self
  jws.kid ||= private_key_or_secret[:kid] if private_key_or_secret.is_a? JSON::JWK
  jws.alg = algorithm
  jws.sign! private_key_or_secret
end

#to_sObject 



51
52
53
54
55
56
57
58
59
 
# File 'lib/json/jwt.rb', line 51

def to_s
  [
    header.to_json,
    self.to_json,
    signature
  ].collect do |segment|
    UrlSafeBase64.encode64 segment.to_s
  end.join('.')
end