class Auth0RS256JWTVerifier::JWTDecoderWrapper

Constants

CertNotFoundError
Error
InvalidAlgError
InvalidAudienceError
InvalidExpError
InvalidIssuerError
InvalidJWTError
InvalidSubError
JWTExpiredError
MissingExpError
MissingSubError
Payload
VerificationError

Public Class Methods

new(audience, issuer, certificates, exp_verifier:, jwt_decoder:) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 20
def initialize(audience, issuer, certificates, exp_verifier:, jwt_decoder:)
  @audience     = audience
  @issuer       = issuer
  @certificates = certificates
  @exp_verifier = exp_verifier
  @jwt_decoder  = jwt_decoder
end

Public Instance Methods

decode(jwt_str) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 28
def decode(jwt_str)
  jwt_str = String(jwt_str)

  decoded_jwt = raw_decode(jwt_str)

  verify_alg(decoded_jwt)

  public_key = find_public_key_for(decoded_jwt)
  verify_is_signed(jwt_str, public_key)

  # verify JWT
  verify_expiration_time(decoded_jwt)
  verify_audience(decoded_jwt)
  verify_issuer(decoded_jwt)
  verify_sub(decoded_jwt)

  Payload.new(decoded_jwt[:sub])
end

Private Instance Methods

find_public_key_for(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 60
def find_public_key_for(decoded_jwt)
  kid = decoded_jwt[:kid]
  @certificates.find(kid).public_key
rescue CertsSet::NotFoundError => e
  raise CertNotFoundError, e.message
end
raw_decode(jwt_str) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 49
def raw_decode(jwt_str)
  @jwt_decoder.decode(jwt_str)
rescue StandardError => e
  raise InvalidJWTError, e.message
end
verify_alg(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 55
def verify_alg(decoded_jwt)
  alg = decoded_jwt[:alg]
  raise InvalidAlgError, "alg should be RS256 but is #{alg}" unless alg == "RS256"
end
verify_audience(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 88
def verify_audience(decoded_jwt)
  raise InvalidAudienceError unless Array(decoded_jwt[:aud]).include?(@audience)
end
verify_exp_exist(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 79
def verify_exp_exist(decoded_jwt)
  raise MissingExpError, "missing 'exp' jwt key" unless decoded_jwt.key?(:exp)
end
verify_exp_is_int(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 83
def verify_exp_is_int(decoded_jwt)
  return if decoded_jwt[:exp].is_a?(Integer)
  raise InvalidExpError, "jwt 'exp' field must be an integer"
end
verify_expiration_time(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 73
def verify_expiration_time(decoded_jwt)
  verify_exp_exist(decoded_jwt)
  verify_exp_is_int(decoded_jwt)
  raise JWTExpiredError, "jwt expired" if @exp_verifier.expired?(decoded_jwt[:exp])
end
verify_is_signed(jwt_str, public_key) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 67
def verify_is_signed(jwt_str, public_key)
  raise VerificationError unless @jwt_decoder.signed_with?(jwt_str, public_key)
rescue StandardError => e
  raise VerificationError, e.message
end
verify_issuer(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 92
def verify_issuer(decoded_jwt)
  raise InvalidIssuerError unless decoded_jwt[:iss] == @issuer
end
verify_sub(decoded_jwt) click to toggle source
# File lib/auth0_rs256_jwt_verifier/jwt_decoder_wrapper.rb, line 96
def verify_sub(decoded_jwt)
  raise MissingSubError unless decoded_jwt.key?(:sub)
  raise InvalidSubError unless decoded_jwt[:sub].is_a?(String)
end