Class: JSON::JWT

Inherits:

ActiveSupport::HashWithIndifferentAccess

• Object
• ActiveSupport::HashWithIndifferentAccess
• JSON::JWT

Defined in:

lib/json/jwt.rb

Direct Known Subclasses

JOSE

Defined Under Namespace

Classes: Exception, InvalidFormat, UnexpectedAlgorithm, VerificationFailed

Instance Attribute Summary

• #header ⇒ Object

  Returns the value of attribute header.

• #signature ⇒ Object

  Returns the value of attribute signature.

Class Method Summary

• .decode(jwt_string, key_or_secret = nil) ⇒ Object
• .register_header_keys(*keys) ⇒ Object

Instance Method Summary

• #content_type ⇒ Object
• #encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256') ⇒ Object
• #initialize(claims = {}) ⇒ JWT constructor

  A new instance of JWT.

• #sign(private_key_or_secret, algorithm = :HS256) ⇒ Object
• #to_s ⇒ Object
• #verify(signature_base_string, public_key_or_secret = nil) ⇒ Object

Constructor Details

#initialize(claims = {}) ⇒ JWT

Returns a new instance of JWT.

# File 'lib/json/jwt.rb', line 31

def initialize(claims = {})
  self.typ = :JWT
  self.alg = :none
  [:exp, :nbf, :iat].each do |key|
    claims[key] = claims[key].to_i if claims[key]
  end
  update claims
end

Instance Attribute Details

#header ⇒ Object

Returns the value of attribute header.

# File 'lib/json/jwt.rb', line 9

def header
  @header
end

#signature ⇒ Object

Returns the value of attribute signature.

# File 'lib/json/jwt.rb', line 9

def signature
  @signature
end

Class Method Details

.decode(jwt_string, key_or_secret = nil) ⇒ Object

# File 'lib/json/jwt.rb', line 81

def decode(jwt_string, key_or_secret = nil)
  case jwt_string.count('.') + 1
  when JWS::NUM_OF_SEGMENTS # JWT / JWS
    header, claims, signature = jwt_string.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
      UrlSafeBase64.decode64 segment.to_s
    end
    header, claims = [header, claims].collect do |json|
      MultiJson.load(json).with_indifferent_access
    end
    signature_base_string = jwt_string.split('.')[0, JWS::NUM_OF_SEGMENTS - 1].join('.')
    jwt = new claims
    jwt.header = header
    jwt.signature = signature

    # NOTE:
    #  Some JSON libraries generates wrong format of JSON (spaces between keys and values etc.)
    #  So we need to use raw base64 strings for signature verification.
    jwt.verify signature_base_string, key_or_secret unless key_or_secret == :skip_verification
    jwt
  when JWE::NUM_OF_SEGMENTS
    jwe = JWE.new jwt_string
    jwe.header = MultiJson.load(
      UrlSafeBase64.decode64 jwt_string.split('.').first
    ).with_indifferent_access
    if key_or_secret == :skip_decryption
      jwe
    else
      jwe.decrypt! key_or_secret
      JSON::JWT.decode jwe.plain_text, :skip_verification
    end
  else
    raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
  end
rescue MultiJson::DecodeError
  raise InvalidFormat.new("Invalid JSON Format")
end

.register_header_keys(*keys) ⇒ Object

# File 'lib/json/jwt.rb', line 17

def register_header_keys(*keys)
  keys.each do |header_key|
    define_method header_key do
      self.header[header_key]
    end
    define_method "#{header_key}=" do |value|
      self.header[header_key] = value
    end
  end
end

Instance Method Details

#content_type ⇒ Object

# File 'lib/json/jwt.rb', line 40

def content_type
  'application/jwt'
end

#encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256') ⇒ Object

# File 'lib/json/jwt.rb', line 63

def encrypt(public_key_or_secret, algorithm = :RSA1_5, encryption_method = :'A128CBC-HS256')
  jwe = JWE.new(self)
  jwe.alg = algorithm
  jwe.enc = encryption_method
  jwe.encrypt! public_key_or_secret
end

#sign(private_key_or_secret, algorithm = :HS256) ⇒ Object

# File 'lib/json/jwt.rb', line 48

def sign(private_key_or_secret, algorithm = :HS256)
  jws = JWS.new(self)
  jws.alg = algorithm
  jws.sign! private_key_or_secret
end

#to_s ⇒ Object

# File 'lib/json/jwt.rb', line 70

def to_s
  [
    header.to_json,
    self.to_json,
    signature
  ].collect do |segment|
    UrlSafeBase64.encode64 segment.to_s
  end.join('.')
end

#verify(signature_base_string, public_key_or_secret = nil) ⇒ Object

# File 'lib/json/jwt.rb', line 54

def verify(signature_base_string, public_key_or_secret = nil)
  if alg.try(:to_sym) == :none
    raise UnexpectedAlgorithm if public_key_or_secret
    signature == '' or raise VerificationFailed
  else
    JWS.new(self).verify(signature_base_string, public_key_or_secret)
  end
end