Class: GoInstant::Auth::Signer
- Inherits:
-
Object
- Object
- GoInstant::Auth::Signer
- Defined in:
- lib/goinstant/auth/signer.rb
Overview
Creates JWTs from user-hashes, signing with your GoInstant app secret key.
Instance Method Summary collapse
-
#initialize(secret_key) ⇒ Signer
constructor
Create a Signer with a particular key.
-
#sign(user_data, extra_headers = {}) ⇒ String
Create and sign a token for a user.
Constructor Details
#initialize(secret_key) ⇒ Signer
Create a Signer with a particular key.
A single Signer can be used to create multiple tokens.
representing the secret key for your GoInstant App.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/goinstant/auth/signer.rb', line 24 def initialize(secret_key) if secret_key.nil? then raise TypeError.new('Signer requires key in base64url or base64 format') end @binary_key = Auth.decode64(secret_key) if !@binary_key or @binary_key == '' then raise TypeError.new('Signer requires key in base64url or base64 format') end if @binary_key.size < 32 then raise StandardError.new( 'expected key length >= 32 bytes, got %d bytes' % @binary_key.size ) end end |
Instance Method Details
#sign(user_data, extra_headers = {}) ⇒ String
Create and sign a token for a user.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/goinstant/auth/signer.rb', line 51 def sign(user_data, extra_headers={}) if !user_data.is_a?(Hash) then raise SignerError.new('Signer#sign() requires a user_data Hash') end claims = user_data.clone Signer.map_required_claims(claims, REQUIRED_CLAIMS) Signer.map_optional_claims(claims, OPTIONAL_CLAIMS) claims[:aud] = 'goinstant.net' if claims.has_key?(:g) then groups = claims[:g] if !groups.is_a?(Array) then raise SignerError.new('groups must be an Array') end i = 0 claims[:g] = groups.map do |group| group = group.clone msg = "group #{i} missing required key: %s" i += 1 Signer.map_required_claims(group, REQUIRED_GROUP_CLAIMS, msg) end else claims[:g] = [] end headers = extra_headers.clone headers[:typ] = 'JWT' headers[:alg] = 'HS256' signing_input = '%s.%s' % [headers, claims].map{ |x| Auth.compact_encode(x) } sig = OpenSSL::HMAC::digest('SHA256', @binary_key, signing_input) return '%s.%s' % [ signing_input, Auth.encode64(sig) ] end |