Class: GoogleIDToken::Validator

Inherits:
Object
  • Object
show all
Defined in:
lib/google-id-token.rb

Constant Summary collapse

GOOGLE_CERTS_URI =
'https://www.googleapis.com/oauth2/v1/certs'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(keyopts = {}) ⇒ Validator

Returns a new instance of Validator.



39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/google-id-token.rb', line 39

def initialize(keyopts = {})
  if keyopts[:x509_cert]
    @certs_mode = :literal
    @certs = { :_ => keyopts[:x509_cert] }
  # elsif keyopts[:jwk_uri]  # TODO
  #   @certs_mode = :jwk
  #   @certs = {}
  else
    @certs_mode = :old_skool
    @certs = {}
  end
    
end

Instance Attribute Details

#problemObject (readonly)

Returns the value of attribute problem.



37
38
39
# File 'lib/google-id-token.rb', line 37

def problem
  @problem
end

Instance Method Details

#check(token, aud, cid = nil) ⇒ Hash

If it validates, returns a hash with the JWT fields from the ID Token.

You have to provide an "aud" value, which must match the
token's field with that name, and will similarly check cid if provided.

If something fails, returns nil; #problem returns error text

Parameters:

  • token (String)

    The string form of the token

  • aud (String)

    The required audience value

  • cid (String) (defaults to: nil)

    The optional client-id (“azp” field) value

Returns:

  • (Hash)

    The decoded ID token, or null



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# File 'lib/google-id-token.rb', line 68

def check(token, aud, cid = nil)
  case check_cached_certs(token, aud, cid)
  when :valid
    @token
  when :problem
    nil
  else
    # no certs worked, might've expired, refresh
    if refresh_certs
      @problem = 'Unable to retrieve Google public keys'
      nil
    else
      case check_cached_certs(token, aud, cid)
      when :valid
        @token
      when :problem
        nil
      else
        @problem = 'Token not verified as issued by Google'
        nil
      end
    end
  end
end