Module: Keratin::AuthN
- Defined in:
- lib/keratin/authn.rb,
lib/keratin/authn/api.rb,
lib/keratin/authn/engine.rb,
lib/keratin/authn/version.rb,
lib/keratin/authn/mock_keychain.rb,
lib/keratin/authn/fetching_keychain.rb,
lib/keratin/authn/id_token_verifier.rb
Defined Under Namespace
Modules: Test Classes: API, Config, Engine, FetchingKeychain, IDTokenVerifier, MockKeychain
Constant Summary collapse
- VERSION =
'1.0.1'
Class Method Summary collapse
- .config ⇒ Object
- .debug ⇒ Object
-
.keychain ⇒ Object
The default keychain will fetch JWKs from the configured issuer and return the correct key by id.
-
.keychain=(val) ⇒ Object
If the default keychain is not desired (as in host application tests), different keychain may be specified here.
-
.subject_from(id_token, audience: Keratin::AuthN.config.audience) ⇒ Object
safely fetches a subject from the id token after checking relevant claims and verifying the signature.
Class Method Details
.config ⇒ Object
49 50 51 52 53 |
# File 'lib/keratin/authn.rb', line 49 def self.config @config ||= Config.new.tap do |config| config.keychain_ttl = 3600 end end |
.debug ⇒ Object
55 56 57 |
# File 'lib/keratin/authn.rb', line 55 def self.debug config.logger.debug{ yield } if config.logger end |
.keychain ⇒ Object
The default keychain will fetch JWKs from the configured issuer and return the correct key by id. Keys are cached in memory to reduce network traffic.
61 62 63 |
# File 'lib/keratin/authn.rb', line 61 def self.keychain @keychain ||= FetchingKeychain.new(issuer: config.issuer, ttl: config.keychain_ttl) end |
.keychain=(val) ⇒ Object
If the default keychain is not desired (as in host application tests), different keychain may be specified here. The keychain must define a ‘[](kid)` method.
67 68 69 70 71 72 73 |
# File 'lib/keratin/authn.rb', line 67 def self.keychain=(val) unless val.respond_to?(:[]) && val.method(:[]).arity == 1 raise ArgumentError, 'Please ensure that your keychain has been instantiated and implements `[](kid)`.' end @keychain = val end |
.subject_from(id_token, audience: Keratin::AuthN.config.audience) ⇒ Object
safely fetches a subject from the id token after checking relevant claims and verifying the signature.
78 79 80 81 |
# File 'lib/keratin/authn.rb', line 78 def subject_from(id_token, audience: Keratin::AuthN.config.audience) verifier = IDTokenVerifier.new(id_token, keychain, audience) verifier.subject if verifier.verified? end |