Class: OmniAuth::Auth0::JWTValidator
- Inherits:
-
Object
- Object
- OmniAuth::Auth0::JWTValidator
- Defined in:
- lib/omniauth/auth0/jwt_validator.rb
Overview
JWT Validator class rubocop:disable Metrics/
Instance Attribute Summary collapse
-
#domain ⇒ Object
Returns the value of attribute domain.
-
#issuer ⇒ Object
Returns the value of attribute issuer.
Instance Method Summary collapse
-
#decode(jwt) ⇒ Object
Decodes a JWT and verifies it’s signature.
-
#initialize(options, authorize_params = {}) ⇒ JWTValidator
constructor
Initializer.
-
#jwks_key(key, kid) ⇒ Object
Return a specific key from a JWKS object.
-
#jwks_public_cert(x5c) ⇒ Object
Get the JWKS from the issuer and return a public key.
-
#token_head(jwt) ⇒ Object
Get the decoded head segment from a JWT.
-
#verify(jwt, authorize_params = {}) ⇒ Object
Verify a JWT.
-
#verify_signature(jwt) ⇒ Object
Verify a token’s signature.
Constructor Details
#initialize(options, authorize_params = {}) ⇒ JWTValidator
Initializer
21 22 23 24 25 26 27 28 29 30 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 21 def initialize(, = {}) @domain = uri_string(.domain) # Use custom issuer if provided, otherwise use domain @issuer = @domain @issuer = uri_string(.issuer) if .respond_to?(:issuer) @client_id = .client_id @client_secret = .client_secret end |
Instance Attribute Details
#domain ⇒ Object
Returns the value of attribute domain.
12 13 14 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 12 def domain @domain end |
#issuer ⇒ Object
Returns the value of attribute issuer.
12 13 14 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 12 def issuer @issuer end |
Instance Method Details
#decode(jwt) ⇒ Object
Decodes a JWT and verifies it’s signature. Only tokens signed with the RS256 or HS256 signatures are supported.
48 49 50 51 52 53 54 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 48 def decode(jwt) head = token_head(jwt) key, alg = extract_key(head) # Call decode to verify the signature JWT.decode(jwt, key, true, decode_opts(alg)) end |
#jwks_key(key, kid) ⇒ Object
Return a specific key from a JWKS object.
99 100 101 102 103 104 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 99 def jwks_key(key, kid) return nil if blank?(jwks[:keys]) matching_jwk = jwks[:keys].find { |jwk| jwk[:kid] == kid } matching_jwk[key] if matching_jwk end |
#jwks_public_cert(x5c) ⇒ Object
Get the JWKS from the issuer and return a public key.
88 89 90 91 92 93 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 88 def jwks_public_cert(x5c) x5c = Base64.decode64(x5c) # https://docs.ruby-lang.org/en/2.4.0/OpenSSL/X509/Certificate.html OpenSSL::X509::Certificate.new(x5c).public_key end |
#token_head(jwt) ⇒ Object
Get the decoded head segment from a JWT.
78 79 80 81 82 83 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 78 def token_head(jwt) jwt_parts = jwt.split('.') return {} if blank?(jwt_parts) || blank?(jwt_parts[0]) json_parse(Base64.decode64(jwt_parts[0])) end |
#verify(jwt, authorize_params = {}) ⇒ Object
Verify a JWT.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 60 def verify(jwt, = {}) if !jwt raise OmniAuth::Auth0::TokenValidationError.new('ID token is required but missing') end parts = jwt.split('.') if parts.length != 3 raise OmniAuth::Auth0::TokenValidationError.new('ID token could not be decoded') end id_token, header = decode(jwt) verify_claims(id_token, ) return id_token end |
#verify_signature(jwt) ⇒ Object
Verify a token’s signature. Only tokens signed with the RS256 or HS256 signatures are supported. Deprecated: Please use ‘decode` instead
35 36 37 38 39 40 41 42 |
# File 'lib/omniauth/auth0/jwt_validator.rb', line 35 def verify_signature(jwt) head = token_head(jwt) key, alg = extract_key(head) # Call decode to verify the signature JWT.decode(jwt, key, true, decode_opts(alg)) return key, alg end |