Class: Devise::Strategies::Auth0Jwt

Inherits:
Base
  • Object
show all
Defined in:
lib/devise_auth0_jwt_strategy/strategy.rb

Defined Under Namespace

Classes: ClaimInvalid

Instance Method Summary collapse

Instance Method Details

#auth0_client_idObject 



19
20
21
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 19

def auth0_client_id
  ( ENV['AUTH0_CLIENT_ID'] || 0 )
end

#auth0_client_id?Boolean

Returns:

  • (Boolean) 


23
24
25
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 23

def auth0_client_id?
  ( !auth0_client_id.nil? && auth0_client_id != 0 )
end

#auth0_client_secretObject 



11
12
13
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 11

def auth0_client_secret
  ( ENV['AUTH0_CLIENT_SECRET'] || 0 )
end

#auth0_client_secret?Boolean

Returns:

  • (Boolean) 


15
16
17
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 15

def auth0_client_secret?
  ( !auth0_client_secret.nil? && auth0_client_secret != 0 )
end

#authenticate!Object 



82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 82

def authenticate!

  if ENV['DEBUG_AUTH0_JWT']
    STDERR.puts ">>>>>>>>>>>>>>> DEBUG AUTH0 JWT"
    STDERR.puts "valid? #{valid?}"
    STDERR.puts @jwt_token
  end

  if valid?
    # Passing true will cause #decode to verify the token signature
    # This will throw JWT::DecodeError if it fails
    payload, header = ::JWT.decode(@jwt_token, auth0_client_secret, true, decode_options)

    STDERR.puts payload.inspect if ENV['DEBUG_AUTH0_JWT']

    raise ClaimInvalid.new('JWT has the wrong client id') unless payload['aud'] == auth0_client_id
    raise ClaimInvalid.new('JWT has expired') unless payload['exp'].to_i > Time.now.to_i

    u = ::User.find_for_devise_auth0_jwt_strategy(payload['email'])

    if u.nil?
      fail!("Could not log in")

    else
      u.ignore_timedout = true if u.respond_to?(:ignore_timedout=)
      u.ignore_active = to_boolean(payload['ignore_active']) if u.respond_to?(:ignore_active=)

      ::RequestStore.store[:jwt_scopes] = payload['scopes']

      success!(u)

    end

  else
    fail("No JWT token passed in")

  end

rescue ClaimInvalid => e
  fail! e.message

rescue ::JWT::DecodeError => e
  STDERR.puts "JWT::DecodeError -- #{e.message}"
  fail!("JWT token is invalid. Please get a new token and try again.")
end

#decode_optionsObject 



69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 69

def decode_options
  # We will continue doing our own claim checks just for backwards compatibility
  {
    verify_expiration: false,
    verify_iat: false,
    verify_iss: false,
    verify_aud: false,
    verify_jti: false,
    verify_subj: false,
    verify_not_before: false
  }
end

#jwt_from_auth_headerObject 



32
33
34
35
36
37
38
39
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 32

def jwt_from_auth_header
  return nil unless request.authorization

  authorization_split = request.authorization.split(' ')
  return nil unless valid_jwt_auth_header?(authorization_split)

  return authorization_split.last
end

#jwt_tokenObject 



41
42
43
44
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 41

def jwt_token
  # Check for params['jwt'] or token = request.headers['Authorization'].split(' ').last
  @jwt_token ||= ( params['jwt'] || jwt_from_auth_header )
end

#store?Boolean

This login should be required on each request and not setup a session

Returns:

  • (Boolean) 


47
48
49
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 47

def store?
  false
end

#to_boolean(value) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 55

def to_boolean(value)
  # Most calls to this will pass in nil so have this guard clause first
  # as a performance optimization
  return false if value.nil?

  # We interpret a boolean true or the lowercase normalize strings 'true', and 't'
  # as a true value
  return value if value == !!value
  return !!(['true', 't'].index(value.downcase)) if value.kind_of?(::String)

  # All others are always false
  return false
end

#valid?Boolean

Returns:

  • (Boolean) 


51
52
53
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 51

def valid?
  ( auth0_client_secret? and auth0_client_id? and !!jwt_token )
end

#valid_jwt_auth_header?(header_split) ⇒ Boolean

Returns:

  • (Boolean) 


27
28
29
30
 
# File 'lib/devise_auth0_jwt_strategy/strategy.rb', line 27

def valid_jwt_auth_header?(header_split)
  header_split.length == 2 &&
  header_split[0] == 'Bearer'
end