Class: JSON::JWT

Inherits:
ActiveSupport::HashWithIndifferentAccess
  • Object
show all
Defined in:
lib/json/jwt.rb

Direct Known Subclasses

JWE, JWS

Defined Under Namespace

Classes: Exception, InvalidFormat, UnexpectedAlgorithm, VerificationFailed

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(claims) ⇒ JWT

Returns a new instance of JWT.



34
35
36
37
38
39
40
41
 
# File 'lib/json/jwt.rb', line 34

def initialize(claims)
  self.typ = :JWT
  self.alg = :none
  [:exp, :nbf, :iat].each do |key|
    claims[key] = claims[key].to_i if claims[key]
  end
  replace claims
end

Instance Attribute Details

#headerObject

Returns the value of attribute header.



8
9
10
 
# File 'lib/json/jwt.rb', line 8

def header
  @header
end

#signatureObject

Returns the value of attribute signature.



8
9
10
 
# File 'lib/json/jwt.rb', line 8

def signature
  @signature
end

Class Method Details

.decode(jwt_string, key_or_secret = nil) ⇒ Object 



76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/json/jwt.rb', line 76

def decode(jwt_string, key_or_secret = nil)
  case jwt_string.count('.')
  when 2 # JWT / JWS
    header, claims, signature = jwt_string.split('.', 3).collect do |segment|
      UrlSafeBase64.decode64 segment.to_s
    end
    header, claims = [header, claims].collect do |json|
      MultiJson.load(json).with_indifferent_access
    end
    signature_base_string = jwt_string.split('.')[0, 2].join('.')
    jwt = new claims
    jwt.header = header
    jwt.signature = signature

    # NOTE:
    #  Some JSON libraries generates wrong format of JSON (spaces between keys and values etc.)
    #  So we need to use raw base64 strings for signature verification.
    jwt.verify signature_base_string, key_or_secret unless key_or_secret == :skip_verification
    jwt
  when 4 # JWE
    jwe = JWE.new jwt_string
    jwe.header = MultiJson.load(
      UrlSafeBase64.decode64 jwt_string.split('.').first
    ).with_indifferent_access
    jwe.decrypt! key_or_secret
  else
    raise InvalidFormat.new('Invalid JWT Format. JWT should include 2 or 3 dots.')
  end
rescue MultiJson::DecodeError
  raise InvalidFormat.new("Invalid JSON Format")
end

.register_header_keys(*keys) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
 
# File 'lib/json/jwt.rb', line 20

def register_header_keys(*keys)
  keys.each do |header_key|
    define_method header_key do
      self.header[header_key]
    end
    define_method "#{header_key}=" do |value|
      self.header[header_key] = value
    end
  end
end

Instance Method Details

#encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC+HS256') ⇒ Object 



58
59
60
61
62
63
 
# File 'lib/json/jwt.rb', line 58

def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC+HS256')
  jwe = JWE.new(self)
  jwe.alg = algorithm
  jwe.enc = encryption_method
  jwe.encrypt! public_key_or_secret
end

#sign(private_key_or_secret, algorithm = :HS256) ⇒ Object 



43
44
45
46
47
 
# File 'lib/json/jwt.rb', line 43

def sign(private_key_or_secret, algorithm = :HS256)
  jws = JWS.new(self)
  jws.alg = algorithm
  jws.sign! private_key_or_secret
end

#to_sObject 



65
66
67
68
69
70
71
72
73
 
# File 'lib/json/jwt.rb', line 65

def to_s
  [
    header.to_json,
    self.to_json,
    signature
  ].collect do |segment|
    UrlSafeBase64.encode64 segment.to_s
  end.join('.')
end

#verify(signature_base_string, public_key_or_secret = nil) ⇒ Object 



49
50
51
52
53
54
55
56
 
# File 'lib/json/jwt.rb', line 49

def verify(signature_base_string, public_key_or_secret = nil)
  if alg.to_s == 'none'
    raise UnexpectedAlgorithm if public_key_or_secret
    signature == '' or raise VerificationFailed
  else
    JWS.new(self).verify(signature_base_string, public_key_or_secret)
  end
end