class Rack::PrxAuth::AuthValidator

Attributes

issuer[R]
token[R]

Public Class Methods

new(token, certificate = nil, issuer = nil) click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 9
def initialize(token, certificate = nil, issuer = nil)
  @token = token
  @certificate = certificate
  @issuer = issuer
end

Public Instance Methods

claims() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 19
def claims
  @claims ||= decode_token
end
decode_token() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 27
def decode_token
  return {} if token.nil?

  begin
    JSON::JWT.decode(token, :skip_verification)
  rescue JSON::JWT::InvalidFormat
    {}
  end
end
expired?() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 37
def expired?
  (time_to_live + 30) <= 0 # 30 second clock jitter allowance
end
time_to_live() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 41
def time_to_live
  now = Time.now.to_i
  if claims['exp'].nil?
    0
  elsif claims['iat'].nil? || claims['iat'] <= claims['exp']
    claims['exp'] - now
  else
    # malformed - exp is a num-seconds offset from issued-at-time
    (claims['iat'] + claims['exp']) - now
  end
end
token_issuer_matches?() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 53
def token_issuer_matches?
  claims['iss'] == @issuer
end
valid?() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 15
def valid?
  valid_token_format? && !expired? && @certificate.valid?(token)
end
valid_token_format?() click to toggle source
# File lib/rack/prx_auth/auth_validator.rb, line 23
def valid_token_format?
  decode_token.present?
end