class OmniAuth::Fishbrain::DecodeIdToken

Constants

AWS_REGION
USER_POOL_ID

Attributes

aws_region[R]
client_id[R]
jwt_leeway[R]
user_pool_id[R]

Public Class Methods

new(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION) click to toggle source
# File lib/omniauth/fishbrain/decode_id_token.rb, line 16
def initialize(client_id, user_pool_id = USER_POOL_ID, aws_region = AWS_REGION)
  @client_id = client_id
  @user_pool_id = user_pool_id
  @aws_region = aws_region
  @jwt_leeway = 60
end

Public Instance Methods

decode(raw_id_token) click to toggle source
# File lib/omniauth/fishbrain/decode_id_token.rb, line 23
def decode(raw_id_token)
  JWT.decode(raw_id_token, nil, true, decode_options).first
end

Private Instance Methods

decode_options() click to toggle source
# File lib/omniauth/fishbrain/decode_id_token.rb, line 29
def decode_options
  {
    iss: iss,
    aud: client_id,
    verify_aud: false,
    verify_expiration: true,
    verify_iat: true,
    verify_iss: true,
    verify_not_before: true,
    leeway: jwt_leeway,
    algorithm: 'RS256',
    jwks: jwks,
  }
end
iss() click to toggle source
# File lib/omniauth/fishbrain/decode_id_token.rb, line 44
def iss
  "https://cognito-idp.#{aws_region}.amazonaws.com/#{user_pool_id}"
end
jwks() click to toggle source
# File lib/omniauth/fishbrain/decode_id_token.rb, line 48
def jwks
  get_json("#{iss}/.well-known/jwks.json")
end