Class: Devise::Strategies::Auth0Jwt

Inherits:
Base
  • Object
show all
Defined in:
lib/devise_auth0_jwt_strategy/strategy.rb

Defined Under Namespace

Classes: ClaimInvalid

Instance Method Summary collapse

Instance Method Details

#auth0_client_idObject 



18
19
20
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 18

def auth0_client_id
  ( ENV['AUTH0_CLIENT_ID'] || 0 )
end

#auth0_client_id?Boolean

Returns:

  • (Boolean) 


22
23
24
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 22

def auth0_client_id?
  ( !auth0_client_id.nil? && auth0_client_id != 0 )
end

#auth0_client_secretObject 



10
11
12
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 10

def auth0_client_secret
  ( ENV['AUTH0_CLIENT_SECRET'] || 0 )
end

#auth0_client_secret?Boolean

Returns:

  • (Boolean) 


14
15
16
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 14

def auth0_client_secret?
  ( !auth0_client_secret.nil? && auth0_client_secret != 0 )
end

#authenticate!Object 



54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 54

def authenticate!

  if ENV['DEBUG_AUTH0_JWT']
    STDERR.puts ">>>>>>>>>>>>>>> DEBUG AUTH0 JWT"
    STDERR.puts "valid? #{valid?}"
    STDERR.puts @jwt_token
  end

  if valid?
    # This will throw JWT::DecodeError if it fails
    payload, header = ::JWT.decode(@jwt_token,
      ::JWT.base64url_decode(auth0_client_secret))

    STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']

    raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
    raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i

    u = ::User.find_for_devise_auth0_jwt_strategy(payload['email'])

    if u.nil?
      fail!("Could not log in")

    else
      u.ignore_timedout = true if u.respond_to?(:ignore_timedout=)
      success!(u)

    end

  else
    fail("No JWT token passed in")

  end

rescue ClaimInvalid => e
  fail! e.message

rescue ::JWT::DecodeError => e
  STDERR.puts "JWT::DecodeError -- #{e.message}"
  fail!("JWT token is invalid. Please get a new token and try again.")
end

#jwt_from_auth_headerObject 



31
32
33
34
35
36
37
38
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 31

def jwt_from_auth_header
  return nil unless request.authorization

  authorization_split = request.authorization.split(' ')
  return nil unless valid_jwt_auth_header?(authorization_split)

  return authorization_split.last
end

#jwt_tokenObject 



40
41
42
43
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 40

def jwt_token
  # Check for params['jwt'] or token = request.headers['Authorization'].split(' ').last
  @jwt_token ||= ( params['jwt'] || jwt_from_auth_header )
end

#store?Boolean

This login should be required on each request and not setup a session

Returns:

  • (Boolean) 


46
47
48
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 46

def store?
  false
end

#valid?Boolean

Returns:

  • (Boolean) 


50
51
52
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 50

def valid?
  ( auth0_client_secret? and auth0_client_id? and !!jwt_token )
end

#valid_jwt_auth_header?(header_split) ⇒ Boolean

Returns:

  • (Boolean) 


26
27
28
29
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 26

def valid_jwt_auth_header?(header_split)
  header_split.length == 2 &&
  header_split[0] == 'Bearer'
end