module Devise::JWT::RevocationStrategies::JTIMatcher
This strategy must be included in the user model, and requires that it has a `jti` column. It adds the value of the `jti` column as the `jti` claim in dispatched tokens.
In order to tell whether a token is revoked, it just compares both `jti` values. On revocation, it changes column value so that the token is no longer valid.
Public Class Methods
generate_jti()
click to toggle source
Generates a random and unique string to be used as jti
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 33 def self.generate_jti SecureRandom.uuid end
jwt_revoked?(payload, user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#jwt_revoked?
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 23 def self.jwt_revoked?(payload, user) payload['jti'] != user.jti end
revoke_jwt(_payload, user)
click to toggle source
@see Warden::JWTAuth::Interfaces::RevocationStrategy#revoke_jwt
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 28 def self.revoke_jwt(_payload, user) user.update_column(:jti, generate_jti) end
Public Instance Methods
jwt_payload()
click to toggle source
Warden::JWTAuth::Interfaces::User#jwt_payload
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 39 def jwt_payload { 'jti' => jti } end
Private Instance Methods
initialize_jti()
click to toggle source
# File lib/devise/jwt/revocation_strategies/jti_matcher.rb, line 45 def initialize_jti self.jti = self.class.generate_jti end