Module: IapJwtAssertion

Defined in:
lib/iap_jwt_assertion.rb

Constant Summary collapse

ALGORITHM = 
'ES256'
PUBLIC_KEYS_URL = 
'https://www.gstatic.com/iap/verify/public_key'

Class Method Summary collapse

Class Method Details

.authenticate?(token, aud:) ⇒ Boolean

Returns:

  • (Boolean) 


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/iap_jwt_assertion.rb', line 11

def authenticate? token, aud:
  kid = get_kid(token)
  pubkey = get_key(kid)

  begin
    payload, header = JWT.decode(token, pubkey, true, {algorithm: ALGORITHM})

    if payload['aud'] != aud
      return false
    end
  rescue => e
    return false
  end

  return true
end

.decode(token) ⇒ Object 



28
29
30
31
32
33
 
# File 'lib/iap_jwt_assertion.rb', line 28

def decode token
  kid = get_kid(token)
  pubkey = get_key(kid)

  return JWT.decode(token, pubkey, false, {algorithm: ALGORITHM})
end

.fetch_public_keysObject 



52
53
54
55
56
57
58
 
# File 'lib/iap_jwt_assertion.rb', line 52

def fetch_public_keys
  response = Net::HTTP.get(URI(PUBLIC_KEYS_URL))
  response_hash = JSON.parse(response)
  public_keys = response_hash.map {|kid, pubkey| [kid, OpenSSL::PKey::EC.new(pubkey)]}.to_h

  return public_keys
end

.get_key(kid) ⇒ Object 



40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/iap_jwt_assertion.rb', line 40

def get_key kid
  if @public_keys.nil? || !@public_keys.has_key?(kid)
    @public_keys = fetch_public_keys

    if !@public_keys.has_key?(kid)
      raise "kid was not found in the list of public keys."
    end
  end

  return @public_keys[kid]
end

.get_kid(token) ⇒ Object 



35
36
37
38
 
# File 'lib/iap_jwt_assertion.rb', line 35

def get_kid token
  payload, header = JWT.decode(token, nil, false)
  return header['kid']
end