module RapidRack::WithClaims
Constants
- InvalidClaim
Public Instance Methods
with_claims(env, assertion) { |claims| ... }
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 3 def with_claims(env, assertion) claims = JSON::JWT.decode(assertion, secret) validate_claims(claims) yield claims rescue JSON::JWT::Exception => e error_handler.handle(env, e) rescue InvalidClaim => e error_handler.handle(env, e) end
Private Instance Methods
reject_claim_if(claims, key) { |val| ... }
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 57 def reject_claim_if(claims, key) val = claims[key] fail(InvalidClaim, "nil #{key}") unless val fail(InvalidClaim, "bad #{key}: #{val}") if yield(val) end
validate_aud(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 53 def validate_aud(claims) reject_claim_if(claims, 'aud') { |v| v != audience } end
validate_claims(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 18 def validate_claims(claims) validate_aud(claims) validate_iss(claims) validate_typ(claims) validate_jti(claims) validate_nbf(claims) validate_exp(claims) validate_iat(claims) end
validate_exp(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 36 def validate_exp(claims) reject_claim_if(claims, 'exp') { |exp| Time.at(exp) < Time.now } end
validate_iat(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 32 def validate_iat(claims) reject_claim_if(claims, 'iat') { |iat| (iat - Time.now.to_i).abs > 60 } end
validate_iss(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 49 def validate_iss(claims) reject_claim_if(claims, 'iss') { |v| v != issuer } end
validate_jti(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 28 def validate_jti(claims) reject_claim_if(claims, 'jti') { |jti| !receiver.register_jti(jti) } end
validate_nbf(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 40 def validate_nbf(claims) reject_claim_if(claims, 'nbf', &:zero?) reject_claim_if(claims, 'nbf') { |nbf| Time.at(nbf) > Time.now } end
validate_typ(claims)
click to toggle source
# File lib/rapid_rack/with_claims.rb, line 45 def validate_typ(claims) reject_claim_if(claims, 'typ') { |v| v != 'authnresponse' } end