Module: OmniAuth::Fishbrain::VerifiesIdToken

Included in:

Strategies::Fishbrain, Strategies::FishbrainId

Defined in:

lib/omniauth/fishbrain/verifies_id_token.rb

Instance Method Summary

• #decode_options ⇒ Object
• #id_token ⇒ Object
• #iss ⇒ Object
• #jwks ⇒ Object

Instance Method Details

#decode_options ⇒ Object

# File 'lib/omniauth/fishbrain/verifies_id_token.rb', line 17

def decode_options
  {
    iss: iss,
    aud: options[:client_id],
    verify_aud: true,
    verify_expiration: true,
    verify_iat: true,
    verify_iss: true,
    verify_not_before: true,
    leeway: options[:jwt_leeway],
    algorithm: 'RS256',
    jwks: jwks,
  }
end

#id_token ⇒ Object

# File 'lib/omniauth/fishbrain/verifies_id_token.rb', line 9

def id_token
  @_id_token ||= if raw_id_token&.strip&.empty?
                   {}
                 else
                   JWT.decode(raw_id_token, nil, true, decode_options).first
                 end
end

#iss ⇒ Object

# File 'lib/omniauth/fishbrain/verifies_id_token.rb', line 32

def iss
  "https://cognito-idp.#{options[:aws_region]}.amazonaws.com/#{options[:user_pool_id]}"
end

#jwks ⇒ Object

# File 'lib/omniauth/fishbrain/verifies_id_token.rb', line 36

def jwks
  @_jwks ||= \
    "#{iss}/.well-known/jwks.json"
      .yield_self(&URI.method(:parse))
      .yield_self(&Net::HTTP.method(:get))
      .yield_self { |it| JSON.parse(it, symbolize_names: true) }
end