class AzureJwtAuth::JwtManager
Attributes
providers[R]
Public Class Methods
find_provider(uid)
click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 14 def find_provider(uid) return unless @providers @providers[uid] end
load_provider(uid, config_uri, validations={})
click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 9 def load_provider(uid, config_uri, validations={}) @providers ||= {} @providers[uid] = Provider.new(uid, config_uri, validations) end
new(request, provider_id)
click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 20 def initialize(request, provider_id) raise NotAuthorizationHeader unless request.env['HTTP_AUTHORIZATION'] raise ProviderNotFound unless (@provider = self.class.find_provider(provider_id)) @jwt = request.env['HTTP_AUTHORIZATION'].split.last # remove Bearer @jwt_info = JWT.decode(@jwt, nil, false) end
Public Instance Methods
custom_valid?()
click to toggle source
Check custom validations defined into provider
# File lib/azure_jwt_auth/jwt_manager.rb, line 43 def custom_valid? @provider.validations.each do |key, value| return false unless payload[key] == value end true end
header()
click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 32 def header @jwt_info ? @jwt_info.last : nil end
iss_valid?()
click to toggle source
Validates issuer
# File lib/azure_jwt_auth/jwt_manager.rb, line 37 def iss_valid? payload['iss'] == @provider.config['issuer'] || # b2c (payload['tid'] && @provider.config['issuer'] =~ /#{payload['tid']}/) # ac end
payload()
click to toggle source
# File lib/azure_jwt_auth/jwt_manager.rb, line 28 def payload @jwt_info ? @jwt_info.first : nil end
valid?()
click to toggle source
Validates the payload hash for expiration and meta claims
# File lib/azure_jwt_auth/jwt_manager.rb, line 52 def valid? payload && iss_valid? && custom_valid? && rsa_decode end
Private Instance Methods
rsa_decode()
click to toggle source
Decodes the JWT with the signed secret
# File lib/azure_jwt_auth/jwt_manager.rb, line 59 def rsa_decode kid = header['kid'] try = false begin rsa = @provider.keys[kid] raise KidNotFound, 'kid not found into provider keys' unless rsa JWT.decode(@jwt, rsa.public_key, true, algorithm: 'RS256') rescue JWT::VerificationError, KidNotFound raise if try @provider.load_keys # maybe keys have been changed try = true retry end end