Class: NulogySSO::Authenticator::JWTVerifier

Inherits:
Object
  • Object
show all
Defined in:
app/services/nulogy_sso/authenticator.rb

Overview

Verifier class that uses ruby-jwt for JWT verification with JWKS support

Defined Under Namespace

Classes: VerificationResult

Instance Method Summary collapse

Constructor Details

#initialize(issuer:, audience:, jwks_url:) ⇒ JWTVerifier

Returns a new instance of JWTVerifier.



15
16
17
18
19
 
# File 'app/services/nulogy_sso/authenticator.rb', line 15

def initialize(issuer:, audience:, jwks_url:)
  @issuer = issuer
  @audience = audience
  @jwks_url = jwks_url
end

Instance Method Details

#verify(token) ⇒ Object 



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'app/services/nulogy_sso/authenticator.rb', line 21

def verify(token)
  begin
    jwks = fetch_jwks
    payload, = JWT.decode(
      token,
      nil,
      true,
      {
        jwks: jwks,
        algorithms: ["RS256"],
        iss: @issuer,
        verify_iss: true,
        aud: @audience,
        verify_aud: true
      }
    )
    VerificationResult.new(true, payload)
  rescue JWT::DecodeError, JWT::InvalidIssuerError, JWT::InvalidAudienceError, JWT::ExpiredSignature, JWT::JWKError
    VerificationResult.new(false, nil)
  end
end