Module: JsonWebToken::Jws
- Defined in:
- lib/json_web_token/jws.rb
Overview
Represent content to be secured with digital signatures or Message Authentication Codes (MACs)
Constant Summary collapse
- MESSAGE_SIGNATURE_PARTS =
3
Class Method Summary collapse
-
.sign(header, payload, key) ⇒ String
A JSON Web Signature, representing a digitally signed payload.
-
.unsecured_message(header, payload) ⇒ String
A JWS that provides no integrity protection (i.e. lacks a signature).
-
.verify(jws, algorithm, key = nil) ⇒ Hash
{ok: <the jws string>} if the mac verifies, or {error: ‘invalid’} otherwise.
Class Method Details
.sign(header, payload, key) ⇒ String
Returns a JSON Web Signature, representing a digitally signed payload.
26 27 28 29 30 |
# File 'lib/json_web_token/jws.rb', line 26 def sign(header, payload, key) alg = alg_parameter(header) signing_input = encode_input(header, payload) "#{signing_input}.#{signature(alg, key, signing_input)}" end |
.unsecured_message(header, payload) ⇒ String
Returns a JWS that provides no integrity protection (i.e. lacks a signature).
40 41 42 43 |
# File 'lib/json_web_token/jws.rb', line 40 def (header, payload) fail("Invalid 'alg' header parameter") unless alg_parameter(header) == 'none' "#{encode_input(header, payload)}." # note trailing '.' end |
.verify(jws, algorithm, key = nil) ⇒ Hash
Returns {ok: <the jws string>} if the mac verifies, or {error: ‘invalid’} otherwise.
57 58 59 60 61 |
# File 'lib/json_web_token/jws.rb', line 57 def verify(jws, algorithm, key = nil) validate_alg_match(jws, algorithm) return {ok: jws} if algorithm == 'none' signature_verify?(jws, algorithm, key) ? {ok: jws} : {error: 'invalid'} end |