class Keratin::AuthN::IDTokenVerifier

Constants

EXPECTATIONS

Public Class Methods

new(str, keychain, audience) click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 5
def initialize(str, keychain, audience)
  @id_token = str
  @keychain = keychain
  @audience = audience
  @time = Time.now.to_i
end

Public Instance Methods

subject() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 12
def subject
  jwt['sub']
end
token_exists?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 35
def token_exists?
  !jwt.nil? && !jwt.blank?
end
token_for_us?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 45
def token_for_us?
  Array(jwt[:aud]).include? @audience
end
token_fresh?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 49
def token_fresh?
  jwt[:exp] > @time
end
token_from_us?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 39
def token_from_us?
  # the server or client may be configured with an extra trailing slash, unnecessary port number,
  # or something else that is an equivalent URI but not an equivalent string.
  URI.parse(jwt[:iss]) == URI.parse(Keratin::AuthN.config.issuer)
end
token_intact?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 53
def token_intact?
  jwt.verify!(@keychain[jwt.kid])
rescue JSON::JWT::VerificationFailed, JSON::JWT::UnexpectedAlgorithm
  false
end
verified?() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 24
def verified?
  EXPECTATIONS.all? do |expectation|
    if send(expectation)
      true
    else
      Keratin::AuthN.debug{ "JWT failure: #{expectation}" }
      false
    end
  end
end

Private Instance Methods

jwt() click to toggle source
# File lib/keratin/authn/id_token_verifier.rb, line 59
        def jwt
  return @jwt if defined? @jwt
  @jwt = JSON::JWT.decode(@id_token || '', :skip_verification)
rescue JSON::JWT::InvalidFormat
  @jwt = nil
end