class AzureJwtAuth::JwtManager

Attributes

providers[R]

Public Class Methods

find_provider(uid) click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 14
def find_provider(uid)
  return unless @providers
  @providers[uid]
end
load_provider(uid, config_uri, validations={}) click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 9
def load_provider(uid, config_uri, validations={})
  @providers ||= {}
  @providers[uid] = Provider.new(uid, config_uri, validations)
end
new(request, provider_id) click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 20
def initialize(request, provider_id)
  raise NotAuthorizationHeader unless request.env['HTTP_AUTHORIZATION']
  raise ProviderNotFound unless (@provider = self.class.find_provider(provider_id))

  @jwt = request.env['HTTP_AUTHORIZATION'].split.last # remove Bearer
  @jwt_info = JWT.decode(@jwt, nil, false)
end

Public Instance Methods

custom_valid?() click to toggle source

Check custom validations defined into provider

# File lib/azure_jwt_auth/jwt_manager.rb, line 43
def custom_valid?
  @provider.validations.each do |key, value|
    return false unless payload[key] == value
  end

  true
end
header() click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 32
def header
  @jwt_info ? @jwt_info.last : nil
end
iss_valid?() click to toggle source

Validates issuer

# File lib/azure_jwt_auth/jwt_manager.rb, line 37
def iss_valid?
  payload['iss'] == @provider.config['issuer'] || # b2c
    (payload['tid'] && @provider.config['issuer'] =~ /#{payload['tid']}/) # ac
end
payload() click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 28
def payload
  @jwt_info ? @jwt_info.first : nil
end
valid?() click to toggle source

Validates the payload hash for expiration and meta claims

# File lib/azure_jwt_auth/jwt_manager.rb, line 52
def valid?
  payload && iss_valid? && custom_valid? && rsa_decode
end

Private Instance Methods

rsa_decode() click to toggle source

Decodes the JWT with the signed secret

# File lib/azure_jwt_auth/jwt_manager.rb, line 59
def rsa_decode
  kid = header['kid']
  try = false

  begin
    rsa = @provider.keys[kid]
    raise KidNotFound, 'kid not found into provider keys' unless rsa

    JWT.decode(@jwt, rsa.public_key, true, algorithm: 'RS256')
  rescue JWT::VerificationError, KidNotFound
    raise if try

    @provider.load_keys # maybe keys have been changed
    try = true
    retry
  end
end