Class: Himari::IdToken

Inherits:

Object

• Object
• Himari::IdToken

Defined in:

lib/himari/id_token.rb

Instance Attribute Summary

• #claims ⇒ Object readonly

  Returns the value of attribute claims.

• #nonce ⇒ Object readonly

  Returns the value of attribute nonce.

• #signing_key ⇒ Object readonly

  Returns the value of attribute signing_key.

Class Method Summary

• .from_authz(authz, **kwargs) ⇒ Object

Instance Method Summary

• #at_hash ⇒ Object
• #final_claims ⇒ Object
• #initialize(claims:, client_id:, nonce:, signing_key:, issuer:, access_token: nil, time: Time.now, lifetime: 3600) ⇒ IdToken constructor

  A new instance of IdToken.

• #to_jwt ⇒ Object

Constructor Details

#initialize(claims:, client_id:, nonce:, signing_key:, issuer:, access_token: nil, time: Time.now, lifetime: 3600) ⇒ IdToken

Returns a new instance of IdToken.

# File 'lib/himari/id_token.rb', line 20

def initialize(claims:, client_id:, nonce:, signing_key:, issuer:, access_token: nil, time: Time.now, lifetime: 3600)
  @claims = claims
  @client_id = client_id
  @nonce = nonce
  @signing_key = signing_key
  @issuer = issuer
  @access_token = access_token
  @time = time
  @lifetime = lifetime
end

Instance Attribute Details

#claims ⇒ Object (readonly)

Returns the value of attribute claims.

# File 'lib/himari/id_token.rb', line 31

def claims
  @claims
end

#nonce ⇒ Object (readonly)

Returns the value of attribute nonce.

# File 'lib/himari/id_token.rb', line 31

def nonce
  @nonce
end

#signing_key ⇒ Object (readonly)

Returns the value of attribute signing_key.

# File 'lib/himari/id_token.rb', line 31

def signing_key
  @signing_key
end

Class Method Details

.from_authz(authz, **kwargs) ⇒ Object

Parameters:

• authz (Himari::AuthorizationCode)

# File 'lib/himari/id_token.rb', line 9

def self.from_authz(authz, **kwargs)
  
  new(
    claims: authz.claims,
    client_id: authz.client_id,
    nonce: authz.nonce,
    lifetime: authz.lifetime.is_a?(Integer) ? authz.lifetime : authz.lifetime.id_token, # compat
    **kwargs
  )
end

Instance Method Details

#at_hash ⇒ Object

# File 'lib/himari/id_token.rb', line 48

def at_hash
  return nil unless @access_token
  dgst = @signing_key.hash_function.digest(@access_token)
  Base64.urlsafe_encode64(dgst[0, dgst.size/2], padding: false)
end

#final_claims ⇒ Object

# File 'lib/himari/id_token.rb', line 33

def final_claims
  # https://openid.net/specs/openid-connect-core-1_0.html#IDToken
  claims.merge(
    iss: @issuer,
    aud: @client_id,
    iat: @time.to_i,
    nbf: @time.to_i,
    exp: (@time + @lifetime).to_i,
  ).merge(
    @nonce ? { nonce: @nonce } : {}
  ).merge(
    @access_token ? { at_hash: at_hash } : {}
  )
end

#to_jwt ⇒ Object

# File 'lib/himari/id_token.rb', line 54

def to_jwt
  jwt = JSON::JWT.new(final_claims)
  jwt.kid = @signing_key.id
  jwt.sign(@signing_key.pkey, @signing_key.alg.to_sym).to_s
end