module OmniAuth::Fishbrain::VerifiesIdToken

Public Instance Methods

decode_options() click to toggle source
# File lib/omniauth/fishbrain/verifies_id_token.rb, line 17
def decode_options
  {
    iss: iss,
    aud: options[:client_id],
    verify_aud: true,
    verify_expiration: true,
    verify_iat: true,
    verify_iss: true,
    verify_not_before: true,
    leeway: options[:jwt_leeway],
    algorithm: 'RS256',
    jwks: jwks,
  }
end
id_token() click to toggle source
# File lib/omniauth/fishbrain/verifies_id_token.rb, line 9
def id_token
  @_id_token ||= if raw_id_token&.strip&.empty?
                   {}
                 else
                   JWT.decode(raw_id_token, nil, true, decode_options).first
                 end
end
iss() click to toggle source
# File lib/omniauth/fishbrain/verifies_id_token.rb, line 32
def iss
  "https://cognito-idp.#{options[:aws_region]}.amazonaws.com/#{options[:user_pool_id]}"
end
jwks() click to toggle source
# File lib/omniauth/fishbrain/verifies_id_token.rb, line 36
def jwks
  get_json("#{iss}/.well-known/jwks.json")
end