class IDTokenDecoder
Attributes
claims[R]
client_id[R]
id_token[R]
keyset[R]
nonce[R]
Public Class Methods
new(id_token:, client_id:, nonce:, keyset:)
click to toggle source
# File lib/omniauth/azure_adv2/id_token_decoder.rb, line 2 def initialize(id_token:, client_id:, nonce:, keyset:) @id_token = id_token @client_id = client_id @nonce = nonce @keyset = keyset end
Public Instance Methods
run()
click to toggle source
# File lib/omniauth/azure_adv2/id_token_decoder.rb, line 9 def run fail(JWT::DecodeError, 'Nil JSON web token') unless id_token decoder = JWT::Decode.new(id_token, nil, true, verify_options) @header, payload, signature, signing_input = decoder.decode_segments decoder.verify algo, key = JWT.signature_algorithm_and_key(@header, matching_key) if 'RS256' != algo fail JWT::IncorrectAlgorithm, 'Expected a different algorithm' end JWT.verify_signature(algo, key, signing_input, signature) fail JWT::DecodeError, 'Returned nonce did not match.' unless payload['nonce'] == nonce [payload, @header] end
Private Instance Methods
matching_key()
click to toggle source
# File lib/omniauth/azure_adv2/id_token_decoder.rb, line 45 def matching_key @_matching_key ||= keyset.find(@header['kid']) end
verify_options()
click to toggle source
# File lib/omniauth/azure_adv2/id_token_decoder.rb, line 33 def verify_options { verify_expiration: true, verify_not_before: true, verify_iat: true, verify_jti: false, verify_aud: true, aud: client_id, leeway: 0, } end