Class: Hanko::WebhookVerifier

Inherits:
Object
  • Object
show all
Defined in:
lib/hanko/webhook_verifier.rb

Overview

Verifies Hanko webhook JWT tokens against a remote JWKS endpoint.

Examples:

Verify a webhook token

payload = Hanko::WebhookVerifier.verify(token, jwks_url: "https://example.hanko.io/.well-known/jwks.json")
puts payload["sub"]

Constant Summary collapse

ALGORITHM = 
'RS256'

Class Method Summary collapse

Class Method Details

.verify(token, jwks_url:) ⇒ Hash

Decodes and verifies a JWT token using keys from the given JWKS URL.

Parameters:

  • token (String)

    the JWT token to verify

  • jwks_url (String)

    URL of the JWKS endpoint

Returns:

  • (Hash)

    the decoded JWT payload

Raises:



23
24
25
26
27
28
29
30
31
 
# File 'lib/hanko/webhook_verifier.rb', line 23

def self.verify(token, jwks_url:)
  jwks = fetch_jwks(jwks_url)
  decoded = JWT.decode(token, nil, true, algorithms: [ALGORITHM], jwks: jwks)
  decoded.first
rescue JWT::ExpiredSignature => e
  raise ExpiredTokenError, e.message
rescue JWT::DecodeError => e
  raise InvalidTokenError, e.message
end