Class: Keyless::Jwt

Inherits:

Object

• Object
• Keyless::Jwt

Defined in:

lib/keyless/jwt.rb

Overview

A easy to use model for verification of JSON Web Tokens. This is just a wrapper class for the excellent ruby-jwt gem. It’s completely up to you to use it. But be aware, its a bit optinionated by default.

Constant Summary

RESCUE_JWT_EXCEPTIONS =

All the following JWT verification issues lead to a failed validation.

[
  ::JWT::DecodeError,
  ::JWT::VerificationError,
  ::JWT::ExpiredSignature,
  ::JWT::IncorrectAlgorithm,
  ::JWT::ImmatureSignature,
  ::JWT::InvalidIssuerError,
  ::JWT::InvalidIatError,
  ::JWT::InvalidAudError,
  ::JWT::InvalidSubError,
  ::JWT::InvalidJtiError,
  ::JWT::InvalidPayload
].freeze

Instance Attribute Summary

• #beholder ⇒ Object

  Returns the value of attribute beholder.

• #issuer ⇒ Object

  Returns the value of attribute issuer.

• #jwt_options ⇒ Hash

  This getter passes back the default JWT verification option hash which is optinionated.

• #payload ⇒ Object readonly

  :reek:Attribute because its fine to be extern-modifiable at these instances.

• #token ⇒ Object readonly

  :reek:Attribute because its fine to be extern-modifiable at these instances.

• #verification_key ⇒ OpenSSL::PKey::RSA|Mixed

  Deliver the public key for verification by default.

Instance Method Summary

• #access_token? ⇒ Boolean

  Checks if the payload says this is a refresh token.

• #expires_at ⇒ nil|ActiveSupport::TimeWithZone

  Retrives the expiration date from the payload when set.

• #initialize(token) ⇒ Jwt constructor

  Setup a new JWT instance.

• #refresh_token? ⇒ Boolean

  Checks if the payload says this is a refresh token.

• #valid? ⇒ Boolean

  Verify the current token by our hard and strict rules.

Constructor Details

#initialize(token) ⇒ Jwt

Setup a new JWT instance. You have to pass the raw JSON Web Token to the initializer. Example:

Jwt.new('j.w.t')
# => <Jwt>

# File 'lib/keyless/jwt.rb', line 36

def initialize(token)
  parsed_payload = JWT.decode(token, nil, false).first.symbolize_keys
  @token = token
  @payload = RecursiveOpenStruct.new(parsed_payload)
end

Instance Attribute Details

#beholder ⇒ Object

Returns the value of attribute beholder.

# File 'lib/keyless/jwt.rb', line 27

def beholder
  @beholder
end

#issuer ⇒ Object

Returns the value of attribute issuer.

# File 'lib/keyless/jwt.rb', line 27

def issuer
  @issuer
end

#jwt_options ⇒ Hash

This getter passes back the default JWT verification option hash which is optinionated. You can change this the way you like by configuring your options with the help of the same named setter.

Returns:

• (Hash) —

  The JWT verification options hash

# File 'lib/keyless/jwt.rb', line 85

def jwt_options
  unless @jwt_options
    conf = ::Keyless.configuration
    return conf.jwt_options.call
  end
  @jwt_options
end

#payload ⇒ Object (readonly)

:reek:Attribute because its fine to be extern-modifiable at these instances

# File 'lib/keyless/jwt.rb', line 25

def payload
  @payload
end

#token ⇒ Object (readonly)

:reek:Attribute because its fine to be extern-modifiable at these instances

# File 'lib/keyless/jwt.rb', line 25

def token
  @token
end

#verification_key ⇒ OpenSSL::PKey::RSA|Mixed

Deliver the public key for verification by default. This uses the RsaPublicKey class, but you can configure the verification key the way you like. (Especially for different algorithms, like HMAC or ECDSA) Just make use of the same named setter.

Returns:

• (OpenSSL::PKey::RSA|Mixed) —

  The verification key

# File 'lib/keyless/jwt.rb', line 72

def verification_key
  unless @verification_key
    conf = ::Keyless.configuration
    return conf.jwt_verification_key.call
  end
  @verification_key
end

Instance Method Details

#access_token? ⇒ Boolean

Checks if the payload says this is a refresh token.

Returns:

• (Boolean) —

  Whenever this is a access token

# File 'lib/keyless/jwt.rb', line 45

def access_token?
  payload.typ == 'access'
end

#expires_at ⇒ nil|ActiveSupport::TimeWithZone

Retrives the expiration date from the payload when set.

Returns:

• (nil|ActiveSupport::TimeWithZone) —

  The expiration date

# File 'lib/keyless/jwt.rb', line 59

def expires_at
  exp = payload.exp
  return nil unless exp

  Time.zone.at(exp)
end

#refresh_token? ⇒ Boolean

Checks if the payload says this is a refresh token.

Returns:

• (Boolean) —

  Whenever this is a refresh token

# File 'lib/keyless/jwt.rb', line 52

def refresh_token?
  payload.typ == 'refresh'
end

#valid? ⇒ Boolean

Verify the current token by our hard and strict rules. Whenever the token was not parsed from a string, we encode the current state to a JWT string representation and check this.

:reek:NilCheck because we have to check the token

origin and react on it

Returns:

• (Boolean) —

  Whenever the token is valid or not

# File 'lib/keyless/jwt.rb', line 101

def valid?
  JWT.decode(token, verification_key, true, jwt_options) && true
rescue *RESCUE_JWT_EXCEPTIONS
  false
end