Class: NulogySSO::Authenticator

Inherits:

Object

Object
NulogySSO::Authenticator

show all

Defined in:: app/services/nulogy_sso/authenticator.rb

Defined Under Namespace

Classes: JWTVerifier

Constant Summary collapse

ACCESS_TOKEN_VERIFIER =

JWTVerifier.new(
  issuer: "#{NulogySSO.sso_config.base_uri}/", # Auth0 requires a backslash on the Issuer
  audience: NulogySSO.sso_config.audience,
  jwks_url: "#{NulogySSO.sso_config.base_uri}/.well-known/jwks.json"
)

MissingUserError =

Class.new(StandardError)

MissingTokenError =

Class.new(StandardError)

InvalidTokenError =

Class.new(StandardError)

Instance Method Summary collapse

#authenticated_user(raw_access_token) ⇒ Object

Returns the authenticated user that matches the provided JWT, or nil if the token is invalid or no such user can be found.
#initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email) ⇒ Authenticator constructor

A new instance of Authenticator.
#validate_token(raw_access_token, on_success:, on_invalid_token:) ⇒ Object

Validated the provided JWT, ensuring that an authenticated Auth0 user can be associated to the token and matches an existing app user.

Constructor Details

#initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email) ⇒ `Authenticator`

Returns a new instance of Authenticator.

# File 'app/services/nulogy_sso/authenticator.rb', line 61

def initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email)
  @verifier = verifier
  @find_user_by_email = find_user_by_email
end

Instance Method Details

#authenticated_user(raw_access_token) ⇒ `Object`

Returns the authenticated user that matches the provided JWT, or nil if the token is invalid or no such user can be found.

# File 'app/services/nulogy_sso/authenticator.rb', line 81

def authenticated_user(raw_access_token)
  access_token = decoded_validated_access_token(raw_access_token)

  return nil if access_token.nil?

  fetch_user(access_token)
end

#validate_token(raw_access_token, on_success:, on_invalid_token:) ⇒ `Object`

Validated the provided JWT, ensuring that an authenticated Auth0 user can be associated to the token and matches an existing app user

# File 'app/services/nulogy_sso/authenticator.rb', line 67

def validate_token(raw_access_token, on_success:, on_invalid_token:)
  return on_invalid_token.call(MissingTokenError.new) if raw_access_token.blank?

  access_token = decoded_validated_access_token(raw_access_token)
  return on_invalid_token.call(InvalidTokenError.new(raw_access_token)) if access_token.nil?

  user = fetch_user(access_token)
  return on_invalid_token.call(MissingUserError.new(access_token)) if user.blank?

  on_success.call(access_token)
end