Module: JWT
- Defined in:
- lib/jwt.rb
Defined Under Namespace
Classes: DecodeError
Class Method Summary collapse
- .base64url_decode(str) ⇒ Object
- .base64url_encode(str) ⇒ Object
- .decode(jwt, key = nil, verify = true) ⇒ Object
- .encode(payload, key, algorithm = 'HS256') ⇒ Object
- .sign(algorithm, msg, key) ⇒ Object
Class Method Details
.base64url_decode(str) ⇒ Object
19 20 21 22 |
# File 'lib/jwt.rb', line 19 def self.base64url_decode(str) str += '=' * (4 - str.length.modulo(4)) Base64.decode64(str.gsub("-", "+").gsub("_", "/")) end |
.base64url_encode(str) ⇒ Object
24 25 26 |
# File 'lib/jwt.rb', line 24 def self.base64url_encode(str) Base64.encode64(str).gsub("+", "-").gsub("/", "_").gsub("\n", "").gsub('=', '') end |
.decode(jwt, key = nil, verify = true) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/jwt.rb', line 39 def self.decode(jwt, key=nil, verify=true) segments = jwt.split('.') raise JWT::DecodeError.new("Not enough or too many segments") unless segments.length == 3 header_segment, payload_segment, crypto_segment = segments signing_input = [header_segment, payload_segment].join('.') begin header = JSON.parse(base64url_decode(header_segment)) payload = JSON.parse(base64url_decode(payload_segment)) signature = base64url_decode(crypto_segment) rescue JSON::ParserError raise JWT::DecodeError.new("Invalid segment encoding") end if verify begin if not signature == sign(header['alg'], signing_input, key) raise JWT::DecodeError.new("Signature verification failed") end rescue NotImplementedError raise JWT::DecodeError.new("Algorithm not supported") end end payload end |
.encode(payload, key, algorithm = 'HS256') ⇒ Object
28 29 30 31 32 33 34 35 36 37 |
# File 'lib/jwt.rb', line 28 def self.encode(payload, key, algorithm='HS256') segments = [] header = {"typ" => "JWT", "alg" => algorithm} segments << base64url_encode(header.to_json) segments << base64url_encode(payload.to_json) signing_input = segments.join('.') signature = sign(algorithm, signing_input, key) segments << base64url_encode(signature) segments.join('.') end |
.sign(algorithm, msg, key) ⇒ Object
14 15 16 17 |
# File 'lib/jwt.rb', line 14 def self.sign(algorithm, msg, key) raise NotImplementedError.new("Unsupported signing method") unless ["HS256", "HS384", "HS512"].include?(algorithm) OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new(algorithm.sub('HS', 'sha')), key, msg) end |