class Keratin::AuthN::IDTokenVerifier
Constants
- EXPECTATIONS
Public Class Methods
new(str, keychain, audience)
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 5 def initialize(str, keychain, audience) @id_token = str @keychain = keychain @audience = audience @time = Time.now.to_i end
Public Instance Methods
subject()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 12 def subject jwt['sub'] end
token_exists?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 35 def token_exists? !jwt.nil? && !jwt.blank? end
token_for_us?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 45 def token_for_us? Array(jwt[:aud]).include? @audience end
token_fresh?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 49 def token_fresh? jwt[:exp] > @time end
token_from_us?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 39 def token_from_us? # the server or client may be configured with an extra trailing slash, unnecessary port number, # or something else that is an equivalent URI but not an equivalent string. URI.parse(jwt[:iss]) == URI.parse(Keratin::AuthN.config.issuer) end
token_intact?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 53 def token_intact? jwt.verify!(@keychain[jwt.kid]) rescue JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm false end
verified?()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 24 def verified? EXPECTATIONS.all? do |expectation| if send(expectation) true else Keratin::AuthN.debug{ "JWT failure: #{expectation}" } false end end end
Private Instance Methods
jwt()
click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 59 def jwt return @jwt if defined? @jwt @jwt = JSON::JWT.decode(@id_token || '', :skip_verification) rescue JSON::JWT::InvalidFormat @jwt = nil end