Class: JWT::Verify
- Inherits:
-
Object
- Object
- JWT::Verify
- Defined in:
- lib/jwt/verify.rb
Overview
JWT verify methods
Constant Summary collapse
- DEFAULTS =
{ leeway: 0 }.freeze
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(payload, options) ⇒ Verify
constructor
A new instance of Verify.
- #verify_aud ⇒ Object
- #verify_expiration ⇒ Object
- #verify_iat ⇒ Object
- #verify_iss ⇒ Object
- #verify_jti ⇒ Object
- #verify_not_before ⇒ Object
- #verify_required_claims ⇒ Object
- #verify_sub ⇒ Object
Constructor Details
Class Method Details
.verify_claims(payload, options) ⇒ Object
19 20 21 22 23 24 25 |
# File 'lib/jwt/verify.rb', line 19 def verify_claims(payload, ) .each do |key, val| next unless key.to_s =~ /verify/ Verify.send(key, payload, ) if val end end |
Instance Method Details
#verify_aud ⇒ Object
33 34 35 36 37 38 |
# File 'lib/jwt/verify.rb', line 33 def verify_aud return unless ( = @options[:aud]) aud = @payload['aud'] raise(JWT::InvalidAudError, "Invalid audience. Expected #{}, received #{aud || '<none>'}") if ([*aud] & [*]).empty? end |
#verify_expiration ⇒ Object
40 41 42 43 |
# File 'lib/jwt/verify.rb', line 40 def verify_expiration return unless contains_key?(@payload, 'exp') raise(JWT::ExpiredSignature, 'Signature has expired') if @payload['exp'].to_i <= (Time.now.to_i - exp_leeway) end |
#verify_iat ⇒ Object
45 46 47 48 49 50 |
# File 'lib/jwt/verify.rb', line 45 def verify_iat return unless contains_key?(@payload, 'iat') iat = @payload['iat'] raise(JWT::InvalidIatError, 'Invalid iat') if !iat.is_a?(Numeric) || iat.to_f > Time.now.to_f end |
#verify_iss ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/jwt/verify.rb', line 52 def verify_iss return unless ( = @options[:iss]) iss = @payload['iss'] = Array().map { |item| item.is_a?(Symbol) ? item.to_s : item } case iss when * nil else raise(JWT::InvalidIssuerError, "Invalid issuer. Expected #{}, received #{iss || '<none>'}") end end |
#verify_jti ⇒ Object
67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/jwt/verify.rb', line 67 def verify_jti = @options[:verify_jti] jti = @payload['jti'] if .respond_to?(:call) verified = .arity == 2 ? .call(jti, @payload) : .call(jti) raise(JWT::InvalidJtiError, 'Invalid jti') unless verified elsif jti.to_s.strip.empty? raise(JWT::InvalidJtiError, 'Missing jti') end end |
#verify_not_before ⇒ Object
79 80 81 82 |
# File 'lib/jwt/verify.rb', line 79 def verify_not_before return unless contains_key?(@payload, 'nbf') raise(JWT::ImmatureSignature, 'Signature nbf has not been reached') if @payload['nbf'].to_i > (Time.now.to_i + nbf_leeway) end |
#verify_required_claims ⇒ Object
91 92 93 94 95 96 97 |
# File 'lib/jwt/verify.rb', line 91 def verify_required_claims return unless ( = @options[:required_claims]) .each do |required_claim| raise(JWT::MissingRequiredClaim, "Missing required claim #{required_claim}") unless contains_key?(@payload, required_claim) end end |
#verify_sub ⇒ Object
84 85 86 87 88 89 |
# File 'lib/jwt/verify.rb', line 84 def verify_sub return unless ( = @options[:sub]) sub = @payload['sub'] raise(JWT::InvalidSubError, "Invalid subject. Expected #{}, received #{sub || '<none>'}") unless sub.to_s == .to_s end |