module Keratin::AuthN

Constants

VERSION

Public Class Methods

config() click to toggle source
# File lib/keratin/authn.rb, line 53
def self.config
  @config ||= Config.new.tap do |config|
    config.keychain_ttl = 3600
  end
end
debug() { || ... } click to toggle source
# File lib/keratin/authn.rb, line 59
def self.debug
  config.logger.debug{ yield } if config.logger
end
keychain() click to toggle source

The default keychain will fetch JWKs from AuthN and return the correct key by id. Keys are cached in memory to reduce network traffic.

# File lib/keratin/authn.rb, line 65
def self.keychain
  @keychain ||= FetchingKeychain.new(issuer: config.authn_url, ttl: config.keychain_ttl)
end
keychain=(val) click to toggle source

If the default keychain is not desired (as in host application tests), different keychain may be specified here. The keychain must define a `[](kid)` method.

# File lib/keratin/authn.rb, line 71
def self.keychain=(val)
  unless val.respond_to?(:[]) && val.method(:[]).arity == 1
    raise ArgumentError, 'Please ensure that your keychain has been instantiated and implements `[](kid)`.'
  end

  @keychain = val
end
subject_from(id_token, audience: Keratin::AuthN.config.audience) click to toggle source

safely fetches a subject from the id token after checking relevant claims and verifying the signature.

# File lib/keratin/authn.rb, line 82
def subject_from(id_token, audience: Keratin::AuthN.config.audience)
  verifier = IDTokenVerifier.new(id_token, keychain, audience)
  verifier.subject if verifier.verified?
end