class Auth0RS256JWTVerifier::JWTDecoderWrapper
Constants
- CertNotFoundError
- Error
- InvalidAlgError
- InvalidAudienceError
- InvalidExpError
- InvalidIssuerError
- InvalidJWTError
- InvalidSubError
- JWTExpiredError
- MissingExpError
- MissingSubError
- Payload
- VerificationError
Public Class Methods
new(audience, issuer, certificates, exp_verifier:, jwt_decoder:)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 20 def initialize(audience, issuer, certificates, exp_verifier:, jwt_decoder:) @audience = audience @issuer = issuer @certificates = certificates @exp_verifier = exp_verifier @jwt_decoder = jwt_decoder end
Public Instance Methods
decode(jwt_str)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 28 def decode(jwt_str) jwt_str = String(jwt_str) decoded_jwt = raw_decode(jwt_str) verify_alg(decoded_jwt) public_key = find_public_key_for(decoded_jwt) verify_is_signed(jwt_str, public_key) # verify JWT verify_expiration_time(decoded_jwt) verify_audience(decoded_jwt) verify_issuer(decoded_jwt) verify_sub(decoded_jwt) Payload.new(decoded_jwt[:sub]) end
Private Instance Methods
find_public_key_for(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 60 def find_public_key_for(decoded_jwt) kid = decoded_jwt[:kid] @certificates.find(kid).public_key rescue CertsSet::NotFoundError => e raise CertNotFoundError, e.message end
raw_decode(jwt_str)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 49 def raw_decode(jwt_str) @jwt_decoder.decode(jwt_str) rescue StandardError => e raise InvalidJWTError, e.message end
verify_alg(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 55 def verify_alg(decoded_jwt) alg = decoded_jwt[:alg] raise InvalidAlgError, "alg should be RS256 but is #{alg}" unless alg == "RS256" end
verify_audience(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 88 def verify_audience(decoded_jwt) raise InvalidAudienceError unless Array(decoded_jwt[:aud]).include?(@audience) end
verify_exp_exist(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 79 def verify_exp_exist(decoded_jwt) raise MissingExpError, "missing 'exp' jwt key" unless decoded_jwt.key?(:exp) end
verify_exp_is_int(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 83 def verify_exp_is_int(decoded_jwt) return if decoded_jwt[:exp].is_a?(Integer) raise InvalidExpError, "jwt 'exp' field must be an integer" end
verify_expiration_time(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 73 def verify_expiration_time(decoded_jwt) verify_exp_exist(decoded_jwt) verify_exp_is_int(decoded_jwt) raise JWTExpiredError, "jwt expired" if @exp_verifier.expired?(decoded_jwt[:exp]) end
verify_is_signed(jwt_str, public_key)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 67 def verify_is_signed(jwt_str, public_key) raise VerificationError unless @jwt_decoder.signed_with?(jwt_str, public_key) rescue StandardError => e raise VerificationError, e.message end
verify_issuer(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 92 def verify_issuer(decoded_jwt) raise InvalidIssuerError unless decoded_jwt[:iss] == @issuer end
verify_sub(decoded_jwt)
click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 96 def verify_sub(decoded_jwt) raise MissingSubError unless decoded_jwt.key?(:sub) raise InvalidSubError unless decoded_jwt[:sub].is_a?(String) end