Class: Keratin::AuthN::IDTokenVerifier

Inherits:

Object

Object
Keratin::AuthN::IDTokenVerifier

Defined in:: lib/keratin/authn/id_token_verifier.rb

Constant Summary collapse

EXPECTATIONS =

[
  :token_exists?,
  :token_from_us?,
  :token_for_us?,
  :token_fresh?,
  :token_intact?
]

Instance Method Summary collapse

#initialize(str, keychain, audience) ⇒ IDTokenVerifier constructor

A new instance of IDTokenVerifier.
#subject ⇒ Object
#token_exists? ⇒ Boolean
#token_for_us? ⇒ Boolean
#token_fresh? ⇒ Boolean
#token_from_us? ⇒ Boolean
#token_intact? ⇒ Boolean
#verified? ⇒ Boolean

Constructor Details

#initialize(str, keychain, audience) ⇒ `IDTokenVerifier`

Returns a new instance of IDTokenVerifier.

# File 'lib/keratin/authn/id_token_verifier.rb', line 5

def initialize(str, keychain, audience)
  @id_token = str
  @keychain = keychain
  @audience = audience
  @time = Time.now.to_i
end

Instance Method Details

#subject ⇒ `Object`



12
13
14

# File 'lib/keratin/authn/id_token_verifier.rb', line 12

def subject
  jwt['sub']
end

#token_exists? ⇒ `Boolean`

Returns:

(Boolean)



35
36
37

# File 'lib/keratin/authn/id_token_verifier.rb', line 35

def token_exists?
  !jwt.nil? && !jwt.blank?
end

#token_for_us? ⇒ `Boolean`

Returns:

(Boolean)



45
46
47

# File 'lib/keratin/authn/id_token_verifier.rb', line 45

def token_for_us?
  Array(jwt[:aud]).include? @audience
end

#token_fresh? ⇒ `Boolean`

Returns:

(Boolean)



49
50
51

# File 'lib/keratin/authn/id_token_verifier.rb', line 49

def token_fresh?
  jwt[:exp] > @time
end

#token_from_us? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/keratin/authn/id_token_verifier.rb', line 39

def token_from_us?
  # the server or client may be configured with an extra trailing slash, unnecessary port number,
  # or something else that is an equivalent URI but not an equivalent string.
  URI.parse(jwt[:iss]) == URI.parse(Keratin::AuthN.config.issuer)
end

#token_intact? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/keratin/authn/id_token_verifier.rb', line 53

def token_intact?
  jwt.verify!(@keychain[jwt.kid])
rescue JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm
  false
end

#verified? ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/keratin/authn/id_token_verifier.rb', line 24

def verified?
  EXPECTATIONS.all? do |expectation|
    if send(expectation)
      true
    else
      Keratin::AuthN.debug{ "JWT failure: #{expectation}" }
      false
    end
  end
end

Class: Keratin::AuthN::IDTokenVerifier

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(str, keychain, audience) ⇒ IDTokenVerifier

Instance Method Details

#subject ⇒ Object

#token_exists? ⇒ Boolean

#token_for_us? ⇒ Boolean

#token_fresh? ⇒ Boolean

#token_from_us? ⇒ Boolean

#token_intact? ⇒ Boolean

#verified? ⇒ Boolean

#initialize(str, keychain, audience) ⇒ `IDTokenVerifier`

#subject ⇒ `Object`

#token_exists? ⇒ `Boolean`

#token_for_us? ⇒ `Boolean`

#token_fresh? ⇒ `Boolean`

#token_from_us? ⇒ `Boolean`

#token_intact? ⇒ `Boolean`

#verified? ⇒ `Boolean`