Class: Keratin::AuthN::IDTokenVerifier
- Inherits:
-
Object
- Object
- Keratin::AuthN::IDTokenVerifier
- Defined in:
- lib/keratin/authn/id_token_verifier.rb
Constant Summary collapse
- EXPECTATIONS =
[ :token_exists?, :token_from_us?, :token_for_us?, :token_fresh?, :token_intact? ]
Instance Method Summary collapse
-
#initialize(str, keychain, audience) ⇒ IDTokenVerifier
constructor
A new instance of IDTokenVerifier.
- #subject ⇒ Object
- #token_exists? ⇒ Boolean
- #token_for_us? ⇒ Boolean
- #token_fresh? ⇒ Boolean
- #token_from_us? ⇒ Boolean
- #token_intact? ⇒ Boolean
- #verified? ⇒ Boolean
Constructor Details
#initialize(str, keychain, audience) ⇒ IDTokenVerifier
Returns a new instance of IDTokenVerifier.
5 6 7 8 9 10 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 5 def initialize(str, keychain, audience) @id_token = str @keychain = keychain @audience = audience @time = Time.now.to_i end |
Instance Method Details
#subject ⇒ Object
12 13 14 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 12 def subject jwt['sub'] end |
#token_exists? ⇒ Boolean
35 36 37 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 35 def token_exists? !jwt.nil? && !jwt.blank? end |
#token_for_us? ⇒ Boolean
45 46 47 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 45 def token_for_us? Array(jwt[:aud]).include? @audience end |
#token_fresh? ⇒ Boolean
49 50 51 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 49 def token_fresh? jwt[:exp] > @time end |
#token_from_us? ⇒ Boolean
39 40 41 42 43 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 39 def token_from_us? # the server or client may be configured with an extra trailing slash, unnecessary port number, # or something else that is an equivalent URI but not an equivalent string. URI.parse(jwt[:iss]) == URI.parse(Keratin::AuthN.config.issuer) end |
#token_intact? ⇒ Boolean
53 54 55 56 57 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 53 def token_intact? jwt.verify!(@keychain[jwt.kid]) rescue JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm false end |
#verified? ⇒ Boolean
24 25 26 27 28 29 30 31 32 33 |
# File 'lib/keratin/authn/id_token_verifier.rb', line 24 def verified? EXPECTATIONS.all? do |expectation| if send(expectation) true else Keratin::AuthN.debug{ "JWT failure: #{expectation}" } false end end end |