Method: OpenIDConnect::ResponseObject::IdToken.decode_self_issued

Defined in:
lib/openid_connect/response_object/id_token.rb

.decode_self_issued(jwt_string) ⇒ Object

Raises:



73
74
75
76
77
78
79
80
 
# File 'lib/openid_connect/response_object/id_token.rb', line 73

def decode_self_issued(jwt_string)
  jwt = JSON::JWT.decode jwt_string, :skip_verification
  jwk = JSON::JWK.new jwt[:sub_jwk]
  raise InvalidToken.new('Missing sub_jwk') if jwk.blank?
  raise InvalidToken.new('Invalid subject') unless jwt[:sub] == jwk.thumbprint
  jwt.verify! jwk
  new jwt
end