class Rack::PrxAuth::AuthValidator
Attributes
issuer[R]
token[R]
Public Class Methods
new(token, certificate = nil, issuer = nil)
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 9 def initialize(token, certificate = nil, issuer = nil) @token = token @certificate = certificate @issuer = issuer end
Public Instance Methods
claims()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 19 def claims @claims ||= decode_token end
decode_token()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 27 def decode_token return {} if token.nil? begin JSON::JWT.decode(token, :skip_verification) rescue JSON::JWT::InvalidFormat {} end end
expired?()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 37 def expired? (time_to_live + 30) <= 0 # 30 second clock jitter allowance end
time_to_live()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 41 def time_to_live now = Time.now.to_i if claims['exp'].nil? 0 elsif claims['iat'].nil? || claims['iat'] <= claims['exp'] claims['exp'] - now else # malformed - exp is a num-seconds offset from issued-at-time (claims['iat'] + claims['exp']) - now end end
token_issuer_matches?()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 53 def token_issuer_matches? claims['iss'] == @issuer end
valid?()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 15 def valid? valid_token_format? && !expired? && @certificate.valid?(token) end
valid_token_format?()
click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 23 def valid_token_format? decode_token.present? end