Class: KeycloakRack::DecodedToken
Overview
PORO that wraps the result of decoding the JWT into something slightly more usable,
with some type-safety and role checking features.
Defined Under Namespace
Classes: UnknownAttribute
Constant Summary
collapse
- Audience =
Types::Coercible::Array.of(Types::String)
- ALIAS_MAP =
KEY_MAP.invert.freeze
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Instance Attribute Details
#allowed_origins ⇒ <String>
121
|
# File 'lib/keycloak_rack/decoded_token.rb', line 121
attribute? :allowed_origins, Types::StringList
|
#audience ⇒ String
90
|
# File 'lib/keycloak_rack/decoded_token.rb', line 90
attribute :audience, Audience.optional
|
#authorized_at ⇒ Time
The auth_time
value from Keycloak.
82
|
# File 'lib/keycloak_rack/decoded_token.rb', line 82
attribute? :authorized_at, Types::Timestamp
|
#authorized_party ⇒ String
100
|
# File 'lib/keycloak_rack/decoded_token.rb', line 100
attribute? :authorized_party, Types::String
|
#email ⇒ String?
65
|
# File 'lib/keycloak_rack/decoded_token.rb', line 65
attribute? :email, Types::String.optional
|
#email_verified ⇒ Boolean
45
|
# File 'lib/keycloak_rack/decoded_token.rb', line 45
attribute? :email_verified, Types::Bool
|
#expires_at ⇒ Time
72
|
# File 'lib/keycloak_rack/decoded_token.rb', line 72
attribute? :expires_at, Types::Timestamp
|
#family_name ⇒ String?
Also known as:
last_name
61
|
# File 'lib/keycloak_rack/decoded_token.rb', line 61
attribute? :family_name, Types::String.optional
|
#given_name ⇒ String?
Also known as:
first_name
57
|
# File 'lib/keycloak_rack/decoded_token.rb', line 57
attribute? :given_name, Types::String.optional
|
The JWT headers, provided for debugging
126
|
# File 'lib/keycloak_rack/decoded_token.rb', line 126
attribute? :headers, Types::IndifferentHash
|
#issued_at ⇒ Time
77
|
# File 'lib/keycloak_rack/decoded_token.rb', line 77
attribute? :issued_at, Types::Timestamp
|
#jti ⇒ String
86
|
# File 'lib/keycloak_rack/decoded_token.rb', line 86
attribute :jti, Types::String
|
#locale ⇒ String?
117
|
# File 'lib/keycloak_rack/decoded_token.rb', line 117
attribute? :locale, Types::String.optional
|
#name ⇒ String?
49
|
# File 'lib/keycloak_rack/decoded_token.rb', line 49
attribute? :name, Types::String.optional
|
#nonce ⇒ String
Cryptographic nonce for the token
105
|
# File 'lib/keycloak_rack/decoded_token.rb', line 105
attribute? :nonce, Types::String
|
#original_payload ⇒ ActiveSupport::HashWithIndifferentAccess
The original JWT payload, unmodified, for extracting potential additional attributes.
131
|
# File 'lib/keycloak_rack/decoded_token.rb', line 131
attribute? :original_payload, Types::IndifferentHash
|
#preferred_username ⇒ String?
53
|
# File 'lib/keycloak_rack/decoded_token.rb', line 53
attribute? :preferred_username, Types::String.optional
|
37
|
# File 'lib/keycloak_rack/decoded_token.rb', line 37
attribute :realm_access, RoleMap
|
41
|
# File 'lib/keycloak_rack/decoded_token.rb', line 41
attribute :resource_access, ResourceRoleMap
|
#scope ⇒ String
109
|
# File 'lib/keycloak_rack/decoded_token.rb', line 109
attribute? :scope, Types::String
|
#session_state ⇒ String
113
|
# File 'lib/keycloak_rack/decoded_token.rb', line 113
attribute? :session_state, Types::String
|
#sub ⇒ String
Also known as:
keycloak_id
The user id / subject for the JWT. Corresponds to user_id
in Keycloak's rest API,
and suitable for linking your local user records to Keycloak's.
33
|
# File 'lib/keycloak_rack/decoded_token.rb', line 33
attribute :sub, Types::String
|
#type ⇒ String
The typ
claim in the JWT. Keycloak sets this to "JWT"
.
95
|
# File 'lib/keycloak_rack/decoded_token.rb', line 95
attribute :type, Types::String
|
Class Method Details
.maybe_unalias_key(key) ⇒ Symbol
198
199
200
|
# File 'lib/keycloak_rack/decoded_token.rb', line 198
def maybe_unalias_key(key)
ALIAS_MAP.fetch(key, key).to_sym
end
|
Instance Method Details
#fetch(key) ⇒ Object
150
151
152
153
154
155
156
157
158
159
160
161
162
|
# File 'lib/keycloak_rack/decoded_token.rb', line 150
def fetch(key)
key = key.to_sym
if key.in?(attribute_names)
self[key]
elsif key.in?(ALIASES)
public_send(key)
elsif key.in?(original_payload)
original_payload[key]
else
raise UnknownAttribute, "Cannot fetch #{key.inspect}"
end
end
|
#has_realm_role?(name) ⇒ Boolean
Check if the current user has a certain realm role
167
168
169
|
# File 'lib/keycloak_rack/decoded_token.rb', line 167
def has_realm_role?(name)
name.to_s.in? realm_access.roles
end
|
#has_resource_role?(resource_name, role_name) ⇒ Boolean
Check if the user has a certain role on a certain resource.
175
176
177
|
# File 'lib/keycloak_rack/decoded_token.rb', line 175
def has_resource_role?(resource_name, role_name)
resource_access[resource_name.to_s]&.has_role?(role_name)
end
|
#slice(*keys) ⇒ ActiveSupport::HashWithIndifferentAccess
Extract keys into something hash-like
183
184
185
186
187
188
189
|
# File 'lib/keycloak_rack/decoded_token.rb', line 183
def slice(*keys)
keys.flatten!
keys.each_with_object({}.with_indifferent_access) do |key, h|
h[key] = fetch(key)
end
end
|