Class: Aspera::OAuth::Jwt
Overview
Authentication using private key
Instance Attribute Summary
Attributes inherited from Base
Instance Method Summary collapse
- #create_token ⇒ Object
-
#initialize(payload:, private_key_obj:, headers: {}, **base_params) ⇒ Jwt
constructor
A new instance of Jwt.
Methods inherited from Base
#create_token_call, #get_authorization, #optional_scope_client_id
Constructor Details
#initialize(payload:, private_key_obj:, headers: {}, **base_params) ⇒ Jwt
Returns a new instance of Jwt.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# File 'lib/aspera/oauth/jwt.rb', line 13 def initialize( payload:, private_key_obj:, headers: {}, **base_params ) Aspera.assert_type(payload, Hash){'payload'} Aspera.assert_type(private_key_obj, OpenSSL::PKey::RSA){'private_key_obj'} Aspera.assert_type(headers, Hash){'headers'} super(**base_params) @private_key_obj = private_key_obj @payload = payload @headers = headers @identifiers.push(@payload[:sub]) end |
Instance Method Details
#create_token ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/aspera/oauth/jwt.rb', line 29 def create_token # https://tools.ietf.org/html/rfc7523 # https://tools.ietf.org/html/rfc7519 require 'jwt' seconds_since_epoch = Time.new.to_i Log.log.info{"seconds=#{seconds_since_epoch}"} Aspera.assert(@payload.is_a?(Hash)){'missing JWT payload'} jwt_payload = { exp: seconds_since_epoch + OAuth::Factory.instance.globals[:jwt_expiry_offset_sec], # expiration time nbf: seconds_since_epoch - OAuth::Factory.instance.globals[:jwt_accepted_offset_sec], # not before iat: seconds_since_epoch - OAuth::Factory.instance.globals[:jwt_accepted_offset_sec] + 1, # issued at jti: SecureRandom.uuid # JWT id }.merge(@payload) Log.log.debug{"JWT jwt_payload=[#{jwt_payload}]"} Log.log.debug{"private=[#{@private_key_obj}]"} assertion = JWT.encode(jwt_payload, @private_key_obj, 'RS256', @headers) Log.log.debug{"assertion=[#{assertion}]"} return create_token_call(optional_scope_client_id.merge(grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer', assertion: assertion)) end |