Module: Keratin::AuthN

Defined in:
lib/keratin/authn.rb,
lib/keratin/authn/api.rb,
lib/keratin/authn/engine.rb,
lib/keratin/authn/version.rb,
lib/keratin/authn/mock_keychain.rb,
lib/keratin/authn/fetching_keychain.rb,
lib/keratin/authn/id_token_verifier.rb

Defined Under Namespace

Modules: Test Classes: API, Config, Engine, FetchingKeychain, IDTokenVerifier, MockKeychain

Constant Summary collapse

VERSION = 
'1.0.1'

Class Method Summary collapse

Class Method Details

.configObject 



49
50
51
52
53
 
# File 'lib/keratin/authn.rb', line 49

def self.config
  @config ||= Config.new.tap do |config|
    config.keychain_ttl = 3600
  end
end

.debugObject 



55
56
57
 
# File 'lib/keratin/authn.rb', line 55

def self.debug
  config.logger.debug{ yield } if config.logger
end

.keychainObject

The default keychain will fetch JWKs from the configured issuer and return the correct key by id. Keys are cached in memory to reduce network traffic.



61
62
63
 
# File 'lib/keratin/authn.rb', line 61

def self.keychain
  @keychain ||= FetchingKeychain.new(issuer: config.issuer, ttl: config.keychain_ttl)
end

.keychain=(val) ⇒ Object

If the default keychain is not desired (as in host application tests), different keychain may be specified here. The keychain must define a ‘[](kid)` method.



67
68
69
70
71
72
73
 
# File 'lib/keratin/authn.rb', line 67

def self.keychain=(val)
  unless val.respond_to?(:[]) && val.method(:[]).arity == 1
    raise ArgumentError, 'Please ensure that your keychain has been instantiated and implements `[](kid)`.'
  end

  @keychain = val
end

.subject_from(id_token, audience: Keratin::AuthN.config.audience) ⇒ Object

safely fetches a subject from the id token after checking relevant claims and verifying the signature.



78
79
80
81
 
# File 'lib/keratin/authn.rb', line 78

def subject_from(id_token, audience: Keratin::AuthN.config.audience)
  verifier = IDTokenVerifier.new(id_token, keychain, audience)
  verifier.subject if verifier.verified?
end