class JWT::Rack::Token

Token encoding and decoding

Constants

DEFAULT_HEADERS
TOKEN_REGEX

abc123.abc123.abc123 (w/ signature) abc123.abc123. ('none')

Public Class Methods

decode(token, secret, verify, options = {}) click to toggle source
# File lib/jwt/rack/token.rb, line 26
def self.decode(token, secret, verify, options = {})
  raise 'Invalid token format.'     unless valid_token_format?(token)
  raise 'Invalid secret type.'      unless secret_of_valid_type?(secret)
  raise 'Unsupported verify value.' unless verify_of_valid_type?(verify)

  options[:algorithm] = 'HS256'     if options[:algorithm].nil?
  raise 'Unsupported algorithm'     unless algorithm_supported?(options[:algorithm])

  # If using an unsigned 'none' algorithm token you *must* set the
  # `secret` to `nil` and `verify` to `false` or it won't work per
  # the ruby-jwt docs. Using 'none' is probably not recommended.
  if options[:algorithm] == 'none'
    ::JWT.decode(token, nil, false, options)
  else
    ::JWT.decode(token, secret, verify, options)
  end
end
encode(payload, secret, alg = 'HS256') click to toggle source
# File lib/jwt/rack/token.rb, line 12
def self.encode(payload, secret, alg = 'HS256')
  raise 'Invalid payload. Must be a Hash.' unless payload.is_a?(Hash)
  raise 'Invalid secret type.'             unless secret_of_valid_type?(secret)
  raise 'Unsupported algorithm'            unless algorithm_supported?(alg)

  # if using an unsigned token ('none' alg) you *must* set the `secret`
  # to `nil` in which case any user provided `secret` will be ignored.
  if alg == 'none'
    ::JWT.encode(payload, nil, alg, DEFAULT_HEADERS)
  else
    ::JWT.encode(payload, secret, alg, DEFAULT_HEADERS)
  end
end
secret_of_valid_type?(secret) click to toggle source
# File lib/jwt/rack/token.rb, line 44
def self.secret_of_valid_type?(secret)
  secret.nil? ||
    secret.is_a?(String) ||
    secret.is_a?(OpenSSL::PKey::RSA) ||
    secret.is_a?(OpenSSL::PKey::EC)  ||
    (defined?(RbNaCl) && secret.is_a?(RbNaCl::Signatures::Ed25519::SigningKey)) ||
    (defined?(RbNaCl) && secret.is_a?(RbNaCl::Signatures::Ed25519::VerifyKey))
end

Private Class Methods

algorithm_supported?(alg) click to toggle source
# File lib/jwt/rack/token.rb, line 61
def self.algorithm_supported?(alg)
  JWT::Rack::Auth::SUPPORTED_ALGORITHMS.include?(alg)
end
valid_token_format?(token) click to toggle source

Private Utility Class Methods See : gist.github.com/Integralist/bb8760d11a03c88da151

# File lib/jwt/rack/token.rb, line 56
def self.valid_token_format?(token)
  token =~ TOKEN_REGEX
end
verify_of_valid_type?(verify) click to toggle source
# File lib/jwt/rack/token.rb, line 66
def self.verify_of_valid_type?(verify)
  verify.nil? || verify.is_a?(FalseClass) || verify.is_a?(TrueClass)
end