Class: OpenIDConnect::ResponseObject::IdToken
Defined Under Namespace
Classes: InvalidToken
Instance Attribute Summary collapse
#raw_attributes
Class Method Summary
collapse
Instance Method Summary
collapse
Methods included from JWTnizable
#as_jwt, #to_jwt
all_attributes, #all_attributes, #as_json, #require_at_least_one_attributes, #validate!
Constructor Details
#initialize(attributes = {}) ⇒ IdToken
Returns a new instance of IdToken.
14
15
16
17
18
19
|
# File 'lib/openid_connect/response_object/id_token.rb', line 14
def initialize(attributes = {})
super
(all_attributes - [:aud, :exp, :iat, :auth_time, :sub_jwk]).each do |key|
self.send "#{key}=", self.send(key).try(:to_s)
end
end
|
Instance Attribute Details
#access_token ⇒ Object
Returns the value of attribute access_token.
10
11
12
|
# File 'lib/openid_connect/response_object/id_token.rb', line 10
def access_token
@access_token
end
|
#code ⇒ Object
Returns the value of attribute code.
10
11
12
|
# File 'lib/openid_connect/response_object/id_token.rb', line 10
def code
@code
end
|
Class Method Details
.decode(jwt_string, key) ⇒ Object
56
57
58
59
60
61
62
|
# File 'lib/openid_connect/response_object/id_token.rb', line 56
def decode(jwt_string, key)
if key == :self_issued
decode_self_issued jwt_string
else
new JSON::JWT.decode jwt_string, key
end
end
|
.decode_self_issued(jwt_string) ⇒ Object
64
65
66
67
68
69
70
71
72
|
# File 'lib/openid_connect/response_object/id_token.rb', line 64
def decode_self_issued(jwt_string)
jwt = JSON::JWT.decode jwt_string, :skip_verification
jwk = jwt[:sub_jwk]
raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
raise InvalidToken.new('Invalid subject') unless jwt[:sub] == self_issued_subject(jwk)
public_key = JSON::JWK.decode jwk
jwt = JSON::JWT.decode jwt_string, public_key
new jwt
end
|
.self_issued(attributes = {}) ⇒ Object
74
75
76
77
78
79
80
81
|
# File 'lib/openid_connect/response_object/id_token.rb', line 74
def self_issued(attributes = {})
attributes[:sub_jwk] ||= JSON::JWK.new attributes.delete(:public_key)
_attributes_ = {
iss: 'https://self-issued.me',
sub: self_issued_subject(attributes[:sub_jwk])
}.merge(attributes)
new _attributes_
end
|
.self_issued_subject(jwk) ⇒ Object
83
84
85
86
87
88
89
90
91
92
93
94
|
# File 'lib/openid_connect/response_object/id_token.rb', line 83
def self_issued_subject(jwk)
subject_base_string = case jwk[:kty].to_s
when 'RSA'
[jwk[:n], jwk[:e]].join
when 'EC'
raise NotImplementedError.new('Not Implemented Yet')
else
raise InvalidToken.new('Unknown Algorithm')
end
UrlSafeBase64.encode64 OpenSSL::Digest::SHA256.digest(subject_base_string)
end
|
Instance Method Details
#to_jwt_with_at_hash_and_c_hash(key, algorithm = :RS256, &block) ⇒ Object
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# File 'lib/openid_connect/response_object/id_token.rb', line 30
def to_jwt_with_at_hash_and_c_hash(key, algorithm = :RS256, &block)
hash_length = algorithm.to_s[2, 3].to_i
if access_token
token = case access_token
when Rack::OAuth2::AccessToken
access_token.access_token
else
access_token
end
self.at_hash = left_half_hash_of token, hash_length
end
if code
self.c_hash = left_half_hash_of code, hash_length
end
to_jwt_without_at_hash_and_c_hash key, algorithm, &block
end
|
#verify!(expected = {}) ⇒ Object
21
22
23
24
25
26
27
|
# File 'lib/openid_connect/response_object/id_token.rb', line 21
def verify!(expected = {})
exp.to_i > Time.now.to_i &&
iss == expected[:issuer] &&
Array(aud).include?(expected[:client_id]) && nonce == expected[:nonce] or
raise InvalidToken.new('Invalid ID Token')
end
|