module RapidRack::WithClaims

Constants

InvalidClaim

Public Instance Methods

with_claims(env, assertion) { |claims| ... } click to toggle source
# File lib/rapid_rack/with_claims.rb, line 3
def with_claims(env, assertion)
  claims = JSON::JWT.decode(assertion, secret)
  validate_claims(claims)
  yield claims
rescue JSON::JWT::Exception => e
  error_handler.handle(env, e)
rescue InvalidClaim => e
  error_handler.handle(env, e)
end

Private Instance Methods

reject_claim_if(claims, key) { |val| ... } click to toggle source
# File lib/rapid_rack/with_claims.rb, line 57
def reject_claim_if(claims, key)
  val = claims[key]
  fail(InvalidClaim, "nil #{key}") unless val
  fail(InvalidClaim, "bad #{key}: #{val}") if yield(val)
end
validate_aud(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 53
def validate_aud(claims)
  reject_claim_if(claims, 'aud') { |v| v != audience }
end
validate_claims(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 18
def validate_claims(claims)
  validate_aud(claims)
  validate_iss(claims)
  validate_typ(claims)
  validate_jti(claims)
  validate_nbf(claims)
  validate_exp(claims)
  validate_iat(claims)
end
validate_exp(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 36
def validate_exp(claims)
  reject_claim_if(claims, 'exp') { |exp| Time.at(exp) < Time.now }
end
validate_iat(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 32
def validate_iat(claims)
  reject_claim_if(claims, 'iat') { |iat| (iat - Time.now.to_i).abs > 60 }
end
validate_iss(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 49
def validate_iss(claims)
  reject_claim_if(claims, 'iss') { |v| v != issuer }
end
validate_jti(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 28
def validate_jti(claims)
  reject_claim_if(claims, 'jti') { |jti| !receiver.register_jti(jti) }
end
validate_nbf(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 40
def validate_nbf(claims)
  reject_claim_if(claims, 'nbf', &:zero?)
  reject_claim_if(claims, 'nbf') { |nbf| Time.at(nbf) > Time.now }
end
validate_typ(claims) click to toggle source
# File lib/rapid_rack/with_claims.rb, line 45
def validate_typ(claims)
  reject_claim_if(claims, 'typ') { |v| v != 'authnresponse' }
end