Class: GoogleIDToken::Validator
- Inherits:
-
Object
- Object
- GoogleIDToken::Validator
- Includes:
- MonitorMixin
- Defined in:
- lib/google-id-token.rb
Constant Summary collapse
- GOOGLE_CERTS_URI =
'https://www.googleapis.com/oauth2/v1/certs'- GOOGLE_CERTS_EXPIRY =
1 hour
3600- GOOGLE_ISSUERS =
['accounts.google.com', 'https://accounts.google.com']
Instance Method Summary collapse
-
#check(token, aud, cid = nil) ⇒ Hash
If it validates, returns a hash with the JWT payload from the ID Token.
-
#initialize(options = {}) ⇒ Validator
constructor
A new instance of Validator.
Constructor Details
#initialize(options = {}) ⇒ Validator
Returns a new instance of Validator.
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
# File 'lib/google-id-token.rb', line 50 def initialize( = {}) super() if [:x509_cert] @certs_mode = :literal @certs = { :_ => [:x509_cert] } # elsif options[:jwk_uri] # TODO # @certs_mode = :jwk # @certs = {} else @certs_mode = :old_skool @certs = {} end @certs_expiry = .fetch(:expiry, GOOGLE_CERTS_EXPIRY) end |
Instance Method Details
#check(token, aud, cid = nil) ⇒ Hash
If it validates, returns a hash with the JWT payload from the ID Token.
You have to provide an "aud" value, which must match the
token's field with that name, and will similarly check cid if provided.
If something fails, raises an error
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/google-id-token.rb', line 82 def check(token, aud, cid = nil) synchronize do payload = check_cached_certs(token, aud, cid) unless payload # no certs worked, might've expired, refresh if refresh_certs payload = check_cached_certs(token, aud, cid) unless payload raise SignatureError, 'Token not verified as issued by Google' end else raise CertificateError, 'Unable to retrieve Google public keys' end end payload end end |