Class: SMARTAppLaunch::ClientAssertionBuilder

Inherits:

Object

• Object
• SMARTAppLaunch::ClientAssertionBuilder

Defined in:

lib/smart_app_launch/client_assertion_builder.rb

Instance Attribute Summary

• #aud ⇒ Object readonly

  Returns the value of attribute aud.

• #client_assertion_type ⇒ Object readonly

  Returns the value of attribute client_assertion_type.

• #client_auth_encryption_method ⇒ Object readonly

  Returns the value of attribute client_auth_encryption_method.

• #content_type ⇒ Object readonly

  Returns the value of attribute content_type.

• #custom_jwks ⇒ Object readonly

  Returns the value of attribute custom_jwks.

• #exp ⇒ Object readonly

  Returns the value of attribute exp.

• #grant_type ⇒ Object readonly

  Returns the value of attribute grant_type.

• #iss ⇒ Object readonly

  Returns the value of attribute iss.

• #jti ⇒ Object readonly

  Returns the value of attribute jti.

• #kid ⇒ Object readonly

  Returns the value of attribute kid.

• #sub ⇒ Object readonly

  Returns the value of attribute sub.

Class Method Summary

• .build ⇒ Object

Instance Method Summary

• #client_assertion ⇒ Object
• #initialize(client_auth_encryption_method:, iss:, sub:, aud:, exp: 5.minutes.from_now.to_i, jti: SecureRandom.hex(32), kid: nil, custom_jwks: nil) ⇒ ClientAssertionBuilder constructor

  A new instance of ClientAssertionBuilder.

• #jwks ⇒ Object
• #jwt_payload ⇒ Object
• #key_id ⇒ Object
• #private_key ⇒ Object
• #signing_key ⇒ Object

Constructor Details

#initialize(client_auth_encryption_method:, iss:, sub:, aud:, exp: 5.minutes.from_now.to_i, jti: SecureRandom.hex(32), kid: nil, custom_jwks: nil) ⇒ ClientAssertionBuilder

Returns a new instance of ClientAssertionBuilder.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 23

def initialize(
  client_auth_encryption_method:,
  iss:,
  sub:,
  aud:,
  exp: 5.minutes.from_now.to_i,
  jti: SecureRandom.hex(32),
  kid: nil,
  custom_jwks: nil
)
  @client_auth_encryption_method = client_auth_encryption_method
  @iss = iss
  @sub = sub
  @aud = aud
  @content_type = content_type
  @grant_type = grant_type
  @client_assertion_type = client_assertion_type
  @exp = exp
  @jti = jti
  @kid = kid.presence
  @custom_jwks = custom_jwks
end

Instance Attribute Details

#aud ⇒ Object (readonly)

Returns the value of attribute aud.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def aud
  @aud
end

#client_assertion_type ⇒ Object (readonly)

Returns the value of attribute client_assertion_type.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def client_assertion_type
  @client_assertion_type
end

#client_auth_encryption_method ⇒ Object (readonly)

Returns the value of attribute client_auth_encryption_method.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def client_auth_encryption_method
  @client_auth_encryption_method
end

#content_type ⇒ Object (readonly)

Returns the value of attribute content_type.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def content_type
  @content_type
end

#custom_jwks ⇒ Object (readonly)

Returns the value of attribute custom_jwks.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def custom_jwks
  @custom_jwks
end

#exp ⇒ Object (readonly)

Returns the value of attribute exp.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def exp
  @exp
end

#grant_type ⇒ Object (readonly)

Returns the value of attribute grant_type.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def grant_type
  @grant_type
end

#iss ⇒ Object (readonly)

Returns the value of attribute iss.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def iss
  @iss
end

#jti ⇒ Object (readonly)

Returns the value of attribute jti.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def jti
  @jti
end

#kid ⇒ Object (readonly)

Returns the value of attribute kid.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def kid
  @kid
end

#sub ⇒ Object (readonly)

Returns the value of attribute sub.

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 11

def sub
  @sub
end

Class Method Details

.build ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 7

def self.build(...)
  new(...).client_assertion
end

Instance Method Details

#client_assertion ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 80

def client_assertion
  @client_assertion ||=
    JWT.encode jwt_payload, signing_key, client_auth_encryption_method,
               { alg: client_auth_encryption_method, kid: key_id, typ: 'JWT' }
end

#jwks ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 46

def jwks
  @jwks ||=
    if custom_jwks.present?
      JWT::JWK::Set.new(JSON.parse(custom_jwks))
    else
      JWKS.jwks
    end
end

#jwt_payload ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 63

def jwt_payload
  { iss:, sub:, aud:, exp:, jti: }.compact
end

#key_id ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 76

def key_id
  @private_key['kid']
end

#private_key ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 55

def private_key
  @private_key ||=
    jwks
      .select { |key| key[:key_ops]&.include?('sign') }
      .select { |key| key[:alg] == client_auth_encryption_method }
      .find { |key| !kid || key[:kid] == kid }
end

#signing_key ⇒ Object

# File 'lib/smart_app_launch/client_assertion_builder.rb', line 67

def signing_key
  if private_key.nil?
    raise Inferno::Exceptions::AssertionException,
          "No signing key found for inputs: encryption method = '#{client_auth_encryption_method}' and kid = '#{kid}'"
  end

  @private_key.signing_key
end