module Devise::JWT::RevocationStrategies::JTIMatcher

This strategy must be included in the user model, and requires that it has a `jti` column. It adds the value of the `jti` column as the `jti` claim in dispatched tokens.

In order to tell whether a token is revoked, it just compares both `jti` values. On revocation, it changes column value so that the token is no longer valid.

Public Class Methods

generate_jti() click to toggle source

Generates a random and unique string to be used as jti

# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 33
def self.generate_jti
  SecureRandom.uuid
end
jwt_revoked?(payload, user) click to toggle source

@see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?

# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 23
def self.jwt_revoked?(payload, user)
  payload['jti'] != user.jti
end
revoke_jwt(_payload, user) click to toggle source

@see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt

# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 28
def self.revoke_jwt(_payload, user)
  user.update_column(:jti, generate_jti)
end

Public Instance Methods

jwt_payload() click to toggle source

Warden::JWTAuth::Interfaces::User#jwt_payload

# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 39
def jwt_payload
  { 'jti' => jti }
end

Private Instance Methods

initialize_jti() click to toggle source
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 45
def initialize_jti
  self.jti = self.class.generate_jti
end