Module: JWT

Includes:

DefaultOptions

Defined in:

lib/jwt.rb,
lib/jwt/error.rb,
lib/jwt/decode.rb,
lib/jwt/encode.rb,
lib/jwt/verify.rb,
lib/jwt/version.rb,
lib/jwt/algos/rsa.rb,
lib/jwt/signature.rb,
lib/jwt/algos/hmac.rb,
lib/jwt/algos/ecdsa.rb,
lib/jwt/algos/eddsa.rb,
lib/jwt/security_utils.rb,
lib/jwt/default_options.rb,
lib/jwt/algos/unsupported.rb

Overview

JWT::Signature module

Defined Under Namespace

Modules: Algos, DefaultOptions, SecurityUtils, Signature, VERSION Classes: Decode, DecodeError, Encode, EncodeError, ExpiredSignature, ImmatureSignature, IncorrectAlgorithm, InvalidAudError, InvalidIatError, InvalidIssuerError, InvalidJtiError, InvalidPayload, InvalidSubError, VerificationError, Verify

Constant Summary

Constants included from DefaultOptions

DefaultOptions::DEFAULT_OPTIONS

Class Method Summary

• .allowed_algorithms(options) ⇒ Object
• .decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder) ⇒ Object
• .decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder) ⇒ Object
• .encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ Object
• .gem_version ⇒ Object
• .signature_algorithm_and_key(header, payload, key, &keyfinder) ⇒ Object

Class Method Details

.allowed_algorithms(options) ⇒ Object

# File 'lib/jwt.rb', line 56

def allowed_algorithms(options)
  if options.key?(:algorithm)
    [options[:algorithm]]
  else
    options[:algorithms] || []
  end
end

.decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder) ⇒ Object

Raises:

• (JWT::DecodeError)

# File 'lib/jwt.rb', line 25

def decode(jwt, key = nil, verify = true, custom_options = {}, &keyfinder)
  raise(JWT::DecodeError, 'Nil JSON web token') unless jwt

  merged_options = DEFAULT_OPTIONS.merge(custom_options)

  decoder = Decode.new jwt, verify
  header, payload, signature, signing_input = decoder.decode_segments
  decode_verify_signature(key, header, payload, signature, signing_input, merged_options, &keyfinder) if verify

  Verify.verify_claims(payload, merged_options) if verify

  raise(JWT::DecodeError, 'Not enough or too many segments') unless header && payload

  [payload, header]
end

.decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder) ⇒ Object

Raises:

• (JWT::IncorrectAlgorithm)

# File 'lib/jwt.rb', line 41

def decode_verify_signature(key, header, payload, signature, signing_input, options, &keyfinder)
  algo, key = signature_algorithm_and_key(header, payload, key, &keyfinder)

  raise(JWT::IncorrectAlgorithm, 'An algorithm must be specified') if allowed_algorithms(options).empty?
  raise(JWT::IncorrectAlgorithm, 'Expected a different algorithm') unless allowed_algorithms(options).include?(algo)

  Signature.verify(algo, key, signing_input, signature)
end

.encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ Object

# File 'lib/jwt.rb', line 20

def encode(payload, key, algorithm = 'HS256', header_fields = {})
  encoder = Encode.new payload, key, algorithm, header_fields
  encoder.segments
end

.gem_version ⇒ Object

# File 'lib/jwt/version.rb', line 6

def self.gem_version
  Gem::Version.new VERSION::STRING
end

.signature_algorithm_and_key(header, payload, key, &keyfinder) ⇒ Object

Raises:

• (JWT::DecodeError)

# File 'lib/jwt.rb', line 50

def signature_algorithm_and_key(header, payload, key, &keyfinder)
  key = (keyfinder.arity == 2 ? yield(header, payload) : yield(header)) if keyfinder
  raise JWT::DecodeError, 'No verification key available' unless key
  [header['alg'], key]
end