Method: Signet::OAuth2::Client#decoded_id_token

Defined in:
lib/signet/oauth_2/client.rb

#decoded_id_token(public_key = nil, options = {}, &keyfinder) ⇒ String

Returns the decoded ID token associated with this client.

Parameters:

  • public_key (OpenSSL::PKey::RSA, Object) (defaults to: nil)

    The public key to use to verify the ID token. Skips verification if omitted.

Returns:

  • (String)

    The decoded ID token.

Raises:



753
754
755
756
757
758
759
760
761
762
763
 
# File 'lib/signet/oauth_2/client.rb', line 753

def decoded_id_token public_key = nil, options = {}, &keyfinder
  options[:algorithm] ||= signing_algorithm
  verify = !public_key.nil? || block_given?
  payload, _header = JWT.decode(id_token, public_key, verify, options, &keyfinder)
  raise Signet::UnsafeOperationError, "No ID token audience declared." unless payload.key? "aud"
  unless Array(payload["aud"]).include?(client_id)
    raise Signet::UnsafeOperationError,
          "ID token audience did not match Client ID."
  end
  payload
end