Module: Sandal::Claims

Defined in:

lib/sandal/claims.rb

Overview

A module that can be mixed into Hash-like objects to provide claims-related functionality.

Instance Method Summary

• #validate_aud(valid_aud) ⇒ void

  Validates the audience claim.

• #validate_claims(options) ⇒ Hash

  Validates the set of claims.

• #validate_exp(max_clock_skew) ⇒ void

  Validates the expires claim.

• #validate_iss(valid_iss) ⇒ void

  Validates the issuer claim.

• #validate_nbf(max_clock_skew) ⇒ void

  Validates the not-before claim.

Instance Method Details

#validate_aud(valid_aud) ⇒ void

This method returns an undefined value.

Validates the audience claim.

Parameters:

• valid_aud (Array) —

  The valid audiences.

Raises:

• (Sandal::ClaimError) —

  The ‘aud’ claim value does not contain a valid audience.

# File 'lib/sandal/claims.rb', line 59

def validate_aud(valid_aud)
  if valid_aud && valid_aud.length > 0
    aud = self['aud']
    aud = [aud] unless aud.is_a?(Array)
    raise Sandal::ClaimError, 'The audence is invalid.' unless (aud & valid_aud).length > 0
  end
end

#validate_claims(options) ⇒ Hash

Validates the set of claims.

Parameters:

• options (Hash) —

  The validation options (see DEFAULT_OPTIONS for details).

Returns:

• (Hash) —

  A reference to self.

Raises:

• (Sandal::ClaimError) —

  One or more claims is invalid.

# File 'lib/sandal/claims.rb', line 10

def validate_claims(options)
  validate_exp(options[:max_clock_skew]) if options[:validate_exp]
  validate_nbf(options[:max_clock_skew]) if options[:validate_nbf]
  validate_iss(options[:valid_iss])
  validate_aud(options[:valid_aud])
  self
end

#validate_exp(max_clock_skew) ⇒ void

This method returns an undefined value.

Validates the expires claim.

Parameters:

• max_clock_skew (Numeric) —

  The maximum clock skew, in seconds.

Raises:

• (Sandal::ClaimError) —

  The ‘exp’ claim is invalid, or the token has expired.

# File 'lib/sandal/claims.rb', line 23

def validate_exp(max_clock_skew)
  exp = time_claim('exp')
  if exp && exp <= (Time.now - max_clock_skew)
    raise Sandal::ClaimError, 'The token has expired.' 
  end
  nil
end

#validate_iss(valid_iss) ⇒ void

This method returns an undefined value.

Validates the issuer claim.

Parameters:

• valid_iss (Array) —

  The valid issuers.

Raises:

• (Sandal::ClaimError) —

  The ‘iss’ claim value is not a valid issuer.

# File 'lib/sandal/claims.rb', line 48

def validate_iss(valid_iss)
  if valid_iss && valid_iss.length > 0
    raise Sandal::ClaimError, 'The issuer is invalid.' unless valid_iss.include?(self['iss'])
  end
end

#validate_nbf(max_clock_skew) ⇒ void

This method returns an undefined value.

Validates the not-before claim.

Parameters:

• max_clock_skew (Numeric) —

  The maximum clock skew, in seconds.

Raises:

• (Sandal::ClaimError) —

  The ‘nbf’ claim is invalid, or the token is not valid yet.

# File 'lib/sandal/claims.rb', line 36

def validate_nbf(max_clock_skew)
  nbf = time_claim('nbf')
  if nbf && nbf > (Time.now + max_clock_skew)
    raise Sandal::ClaimError, 'The token is not valid yet.'
  end
end