Class: Auth0::Mixins::Validation::Algorithm::RS256

Inherits:

JWTAlgorithm

• Object
• JWTAlgorithm
• Auth0::Mixins::Validation::Algorithm::RS256

Includes:

HTTPProxy

Defined in:

lib/auth0/mixins/validation.rb

Overview

Represents the RS256 algorithm, which rely on public key certificates.

See Also:

• https://auth0.com/docs/tokens/concepts/signing-algorithms

Constant Summary

@@cache =

Zache.new.freeze

Constants included from HTTPProxy

HTTPProxy::BASE_DELAY, HTTPProxy::DEFAULT_RETRIES, HTTPProxy::MAX_ALLOWED_RETRIES, HTTPProxy::MAX_REQUEST_RETRY_DELAY, HTTPProxy::MAX_REQUEST_RETRY_JITTER, HTTPProxy::MIN_REQUEST_RETRY_DELAY

Instance Attribute Summary

Attributes included from HTTPProxy

#base_uri, #headers, #retry_count, #timeout

Class Method Summary

• .jwks_url(url, lifetime: 10 * 60) ⇒ RS256

  Create a new instance passing the JWK set url.

• .remove_jwks ⇒ Object

  Clear the JWK set cache.

Instance Method Summary

• #fetched_jwks? ⇒ boolean

  Returns whether or not the JWK set was fetched from the url.

• #initialize(jwks_url, lifetime) ⇒ RS256 constructor

  A new instance of RS256.

• #jwks(force: false) ⇒ hash

  Fetches the JWK set from the in-memory cache or from the url.

• #name ⇒ string

  Returns the algorithm name.

Methods included from HTTPProxy

#add_headers, #call, #encode_uri, #request, #request_with_retry, #retry_options, #safe_parse_json, #url

Constructor Details

#initialize(jwks_url, lifetime) ⇒ RS256

Returns a new instance of RS256.

Raises:

• (Auth0::InvalidParameter)

# File 'lib/auth0/mixins/validation.rb', line 306

def initialize(jwks_url, lifetime)
  raise Auth0::InvalidParameter, 'Must supply a valid jwks_url' if jwks_url.to_s.empty?
  raise Auth0::InvalidParameter, 'Must supply a valid lifetime' unless lifetime.is_a?(Integer) && lifetime >= 0

  @lifetime = lifetime
  @jwks_url = jwks_url
  @did_fetch_jwks = false
end

Class Method Details

.jwks_url(url, lifetime: 10 * 60) ⇒ RS256

Create a new instance passing the JWK set url.

Parameters:

• url (string) —

  The url where the JWK set is located.

• lifetime (integer) (defaults to: 10 * 60) —

  The lifetime of the JWK set in-memory cache in seconds. Must be a non-negative value. Defaults to *600 seconds* (10 minutes).

Returns:

• (RS256) —

  A new instance.

# File 'lib/auth0/mixins/validation.rb', line 296

def jwks_url(url, lifetime: 10 * 60)
  new url, lifetime
end

.remove_jwks ⇒ Object

Clear the JWK set cache.

# File 'lib/auth0/mixins/validation.rb', line 301

def remove_jwks
  @@cache.remove_by { true }
end

Instance Method Details

#fetched_jwks? ⇒ boolean

Returns whether or not the JWK set was fetched from the url.

Returns:

• (boolean) —

  true if a request to the JWK set url was made, false otherwise.

# File 'lib/auth0/mixins/validation.rb', line 344

def fetched_jwks?
  @did_fetch_jwks
end

#jwks(force: false) ⇒ hash

Fetches the JWK set from the in-memory cache or from the url.

Returns:

• (hash) —

  A JWK set.

# File 'lib/auth0/mixins/validation.rb', line 323

def jwks(force: false)
  result = fetch_jwks if force

  if result
    @@cache.put(@jwks_url, result, lifetime: @lifetime)
    return result
  end

  previous_value = @@cache.last(@jwks_url)

  @@cache.get(@jwks_url, lifetime: @lifetime, dirty: true) do
    new_value = fetch_jwks

    raise Auth0::InvalidIdToken, 'Could not fetch the JWK set' unless new_value || previous_value

    new_value || previous_value
  end
end

#name ⇒ string

Returns the algorithm name.

Returns:

• (string) —

  The algorithm name.

# File 'lib/auth0/mixins/validation.rb', line 317

def name
  'RS256'
end