Class: KeycloakRack::DecodedToken

Inherits:
FlexibleStruct show all
Defined in:
lib/keycloak_rack/decoded_token.rb

Overview

PORO that wraps the result of decoding the JWT into something slightly more usable, with some type-safety and role checking features.

Defined Under Namespace

Classes: UnknownAttribute

Token Details collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#allowed_origins<String> (readonly) 



117
 
# File 'lib/keycloak_rack/decoded_token.rb', line 117

attribute :allowed_origins, Types::StringList

#audienceString (readonly) 



86
 
# File 'lib/keycloak_rack/decoded_token.rb', line 86

attribute :audience, Types::String

#authorized_atTime (readonly)

The auth_time value from Keycloak.



78
 
# File 'lib/keycloak_rack/decoded_token.rb', line 78

attribute :authorized_at, Types::Timestamp

#authorized_partyString (readonly)

The azp claim



96
 
# File 'lib/keycloak_rack/decoded_token.rb', line 96

attribute :authorized_party, Types::String

#emailString? (readonly) 



61
 
# File 'lib/keycloak_rack/decoded_token.rb', line 61

attribute? :email, Types::String.optional

#email_verifiedBoolean (readonly) 



41
 
# File 'lib/keycloak_rack/decoded_token.rb', line 41

attribute? :email_verified, Types::Bool

#expires_atTime (readonly)

The exp claim



68
 
# File 'lib/keycloak_rack/decoded_token.rb', line 68

attribute :expires_at, Types::Timestamp

#family_nameString? (readonly) Also known as: last_name 



57
 
# File 'lib/keycloak_rack/decoded_token.rb', line 57

attribute? :family_name, Types::String.optional

#given_nameString? (readonly) Also known as: first_name 



53
 
# File 'lib/keycloak_rack/decoded_token.rb', line 53

attribute? :given_name, Types::String.optional

#headersActiveSupport::HashWithindifferentAccess (readonly)

The JWT headers, provided for debugging



122
 
# File 'lib/keycloak_rack/decoded_token.rb', line 122

attribute? :headers, Types::IndifferentHash

#issued_atTime (readonly)

The iat claim



73
 
# File 'lib/keycloak_rack/decoded_token.rb', line 73

attribute :issued_at, Types::Timestamp

#jtiString (readonly) 



82
 
# File 'lib/keycloak_rack/decoded_token.rb', line 82

attribute :jti, Types::String

#localeString? (readonly) 



113
 
# File 'lib/keycloak_rack/decoded_token.rb', line 113

attribute? :locale, Types::String.optional

#nameString? (readonly) 



45
 
# File 'lib/keycloak_rack/decoded_token.rb', line 45

attribute? :name, Types::String.optional

#nonceString (readonly)

Cryptographic nonce for the token



101
 
# File 'lib/keycloak_rack/decoded_token.rb', line 101

attribute :nonce, Types::String

#original_payloadActiveSupport::HashWithIndifferentAccess (readonly)

The original JWT payload, unmodified, for extracting potential additional attributes.



127
 
# File 'lib/keycloak_rack/decoded_token.rb', line 127

attribute? :original_payload, Types::IndifferentHash

#preferred_usernameString? (readonly) 



49
 
# File 'lib/keycloak_rack/decoded_token.rb', line 49

attribute? :preferred_username, Types::String.optional

#realm_accessKeycloakRack::RoleMap (readonly) 



33
 
# File 'lib/keycloak_rack/decoded_token.rb', line 33

attribute :realm_access, RoleMap

#resource_access{ String => KeycloakRack::RoleMap } (readonly) 



37
 
# File 'lib/keycloak_rack/decoded_token.rb', line 37

attribute :resource_access, ResourceRoleMap

#scopeString (readonly) 



105
 
# File 'lib/keycloak_rack/decoded_token.rb', line 105

attribute :scope, Types::String

#session_stateString (readonly) 



109
 
# File 'lib/keycloak_rack/decoded_token.rb', line 109

attribute :session_state, Types::String

#subString (readonly) Also known as: keycloak_id

The user id / subject for the JWT. Corresponds to user_id in Keycloak's rest API, and suitable for linking your local user records to Keycloak's.



29
 
# File 'lib/keycloak_rack/decoded_token.rb', line 29

attribute :sub, Types::String

#typeString (readonly)

The typ claim in the JWT. Keycloak sets this to "JWT".



91
 
# File 'lib/keycloak_rack/decoded_token.rb', line 91

attribute :type, Types::String

Instance Method Details

#fetch(key) ⇒ Object

Raises:



146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/keycloak_rack/decoded_token.rb', line 146

def fetch(key)
  key = key.to_sym

  if key.in?(attribute_names)
    self[key]
  elsif key.in?(ALIASES)
    public_send(key)
  elsif key.in?(original_payload)
    original_payload[key]
  else
    raise UnknownAttribute, "Cannot fetch #{key.inspect}"
  end
end

#has_realm_role?(name) ⇒ Boolean

Check if the current user has a certain realm role



163
164
165
 
# File 'lib/keycloak_rack/decoded_token.rb', line 163

def has_realm_role?(name)
  name.to_s.in? realm_access.roles
end

#has_resource_role?(resource_name, role_name) ⇒ Boolean

Check if the user has a certain role on a certain resource.



171
172
173
 
# File 'lib/keycloak_rack/decoded_token.rb', line 171

def has_resource_role?(resource_name, role_name)
  resource_access[resource_name.to_s]&.has_role?(role_name)
end

#slice(*keys) ⇒ ActiveSupport::HashWithIndifferentAccess

Extract keys into something hash-like



179
180
181
182
183
184
185
 
# File 'lib/keycloak_rack/decoded_token.rb', line 179

def slice(*keys)
  keys.flatten!

  keys.each_with_object({}.with_indifferent_access) do |key, h|
    h[key] = fetch(key)
  end
end