Module: Keratin::AuthN

Defined in:
lib/keratin/authn.rb,
lib/keratin/authn/api.rb,
lib/keratin/authn/engine.rb,
lib/keratin/authn/version.rb,
lib/keratin/authn/mock_keychain.rb,
lib/keratin/authn/fetching_keychain.rb,
lib/keratin/authn/id_token_verifier.rb

Defined Under Namespace

Modules: Test Classes: API, Config, Engine, FetchingKeychain, IDTokenVerifier, MockKeychain

Constant Summary collapse

VERSION = 
'1.0.2'

Class Method Summary collapse

Class Method Details

.configObject 



53
54
55
56
57
 
# File 'lib/keratin/authn.rb', line 53

def self.config
  @config ||= Config.new.tap do |config|
    config.keychain_ttl = 3600
  end
end

.debugObject 



59
60
61
 
# File 'lib/keratin/authn.rb', line 59

def self.debug
  config.logger.debug{ yield } if config.logger
end

.keychainObject

The default keychain will fetch JWKs from AuthN and return the correct key by id. Keys are cached in memory to reduce network traffic.



65
66
67
 
# File 'lib/keratin/authn.rb', line 65

def self.keychain
  @keychain ||= FetchingKeychain.new(issuer: config.authn_url, ttl: config.keychain_ttl)
end

.keychain=(val) ⇒ Object

If the default keychain is not desired (as in host application tests), different keychain may be specified here. The keychain must define a ‘[](kid)` method.



71
72
73
74
75
76
77
 
# File 'lib/keratin/authn.rb', line 71

def self.keychain=(val)
  unless val.respond_to?(:[]) && val.method(:[]).arity == 1
    raise ArgumentError, 'Please ensure that your keychain has been instantiated and implements `[](kid)`.'
  end

  @keychain = val
end

.subject_from(id_token, audience: Keratin::AuthN.config.audience) ⇒ Object

safely fetches a subject from the id token after checking relevant claims and verifying the signature.



82
83
84
85
 
# File 'lib/keratin/authn.rb', line 82

def subject_from(id_token, audience: Keratin::AuthN.config.audience)
  verifier = IDTokenVerifier.new(id_token, keychain, audience)
  verifier.subject if verifier.verified?
end