Class: NulogySSO::Authenticator

Inherits:

Object

• Object
• NulogySSO::Authenticator

Defined in:

app/services/nulogy_sso/authenticator.rb

Constant Summary

ACCESS_TOKEN_VERIFIER =

Auth0RS256JWTVerifier.new(
  issuer: "#{NulogySSO.sso_config.base_uri}/", # Auth0 requires a backslash on the Issuer
  audience: NulogySSO.sso_config.audience,
  jwks_url: "#{NulogySSO.sso_config.base_uri}/.well-known/jwks.json"
)

MissingUserError =

Class.new(StandardError)

MissingTokenError =

Class.new(StandardError)

InvalidTokenError =

Class.new(StandardError)

Instance Method Summary

• #authenticated_user(raw_access_token) ⇒ Object

  Returns the authenticated user that matches the provided JWT, or nil if the token is invalid or no such user can be found.

• #initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email) ⇒ Authenticator constructor

  A new instance of Authenticator.

• #validate_token(raw_access_token, on_success:, on_invalid_token:) ⇒ Object

  Validated the provided JWT, ensuring that an authenticated Auth0 user can be associated to the token and matches an existing app user.

Constructor Details

#initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email) ⇒ Authenticator

Returns a new instance of Authenticator.

# File 'app/services/nulogy_sso/authenticator.rb', line 17

def initialize(verifier: ACCESS_TOKEN_VERIFIER, find_user_by_email: NulogySSO.find_user_by_email)
  @verifier = verifier
  @find_user_by_email = find_user_by_email
end

Instance Method Details

#authenticated_user(raw_access_token) ⇒ Object

Returns the authenticated user that matches the provided JWT, or nil if the token is invalid or no such user can be found.

# File 'app/services/nulogy_sso/authenticator.rb', line 37

def authenticated_user(raw_access_token)
  access_token = decoded_validated_access_token(raw_access_token)

  return nil if access_token.nil?

  fetch_user(access_token)
end

#validate_token(raw_access_token, on_success:, on_invalid_token:) ⇒ Object

Validated the provided JWT, ensuring that an authenticated Auth0 user can be associated to the token and matches an existing app user

# File 'app/services/nulogy_sso/authenticator.rb', line 23

def validate_token(raw_access_token, on_success:, on_invalid_token:)
  return on_invalid_token.call(MissingTokenError.new) if raw_access_token.blank?

  access_token = decoded_validated_access_token(raw_access_token)
  return on_invalid_token.call(InvalidTokenError.new(raw_access_token)) if access_token.nil?

  user = fetch_user(access_token)
  return on_invalid_token.call(MissingUserError.new(access_token)) if user.blank?

  on_success.call(access_token)
end