Module: Zaikio::JWTAuth

Defined in:

lib/zaikio/jwt_auth.rb,
lib/zaikio/jwt_auth/jwk.rb,
lib/zaikio/jwt_auth/engine.rb,
lib/zaikio/jwt_auth/railtie.rb,
lib/zaikio/jwt_auth/version.rb,
lib/zaikio/jwt_auth/token_data.rb,
lib/zaikio/jwt_auth/test_helper.rb,
lib/zaikio/jwt_auth/configuration.rb,
lib/zaikio/jwt_auth/directory_cache.rb,
lib/zaikio/jwt_auth/rack_middleware.rb,
app/jobs/zaikio/jwt_auth/revoke_access_token_job.rb

Defined Under Namespace

Modules: ClassMethods, InstanceMethods, TestHelper Classes: Configuration, DirectoryCache, Engine, JWK, RackMiddleware, Railtie, RevokeAccessTokenJob, TokenData

Constant Summary

DOCS_LINK =

"For more information check our docs: https://docs.zaikio.com/guide/oauth/scopes.html".freeze

HEADER_FORMAT =

/\ABearer (.+)\z/.freeze

VERSION =

"2.8.1".freeze

Class Attribute Summary

• .configuration ⇒ Object

  Returns the value of attribute configuration.

Class Method Summary

• .configure {|configuration| ... } ⇒ Object
• .decode_jwt(token, **options) ⇒ Object
• .extract(authorization_header_string, **options) ⇒ Object
• .included(base) ⇒ Object
• .mocked_jwt_payload ⇒ Object
• .mocked_jwt_payload=(payload) ⇒ Object
• .revoked_jwt?(jti) ⇒ Boolean
• .revoked_token_ids ⇒ Object

Class Attribute Details

.configuration ⇒ Object

Returns the value of attribute configuration.

# File 'lib/zaikio/jwt_auth.rb', line 18

def configuration
  @configuration
end

Class Method Details

.configure {|configuration| ... } ⇒ Object

Yields:

• (configuration)

# File 'lib/zaikio/jwt_auth.rb', line 21

def self.configure
  self.configuration ||= Configuration.new

  if Zaikio.const_defined?("Webhooks", false)
    Zaikio::Webhooks.on "directory.revoked_access_token", Zaikio::JWTAuth::RevokeAccessTokenJob,
                        perform_now: true
  end

  yield(configuration)
end

.decode_jwt(token, **options) ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 86

def self.decode_jwt(token, **options)
  options = options.reverse_merge(algorithms: ["RS256"], jwks: JWK.loader)
  payload, = JWT.decode(token, nil, true, **options)
  TokenData.new(payload, token: token)
end

.extract(authorization_header_string, **options) ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 64

def self.extract(authorization_header_string, **options)
  if Zaikio::JWTAuth.mocked_jwt_payload
    jwk = Zaikio::JWTAuth::TestHelper.jwk
    return TokenData.new(Zaikio::JWTAuth.mocked_jwt_payload, token: JWT.encode(
      Zaikio::JWTAuth.mocked_jwt_payload,
      jwk.signing_key,
      jwk[:alg],
      kid: jwk[:kid]
    ))
  end

  return if authorization_header_string.blank?

  return unless (token = authorization_header_string[HEADER_FORMAT, 1])

  options.reverse_merge!(algorithms: ["RS256"], jwks: JWK.loader)

  payload, = JWT.decode(token, nil, true, **options)

  TokenData.new(payload, token: token)
end

.included(base) ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 49

def self.included(base)
  base.send :include, InstanceMethods
  base.send :extend, ClassMethods
end

.mocked_jwt_payload ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 54

def self.mocked_jwt_payload
  instance_variable_defined?(:@mocked_jwt_payload) && @mocked_jwt_payload
end

.mocked_jwt_payload=(payload) ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 58

def self.mocked_jwt_payload=(payload)
  @mocked_jwt_payload = payload
end

.revoked_jwt?(jti) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/zaikio/jwt_auth.rb', line 32

def self.revoked_jwt?(jti)
  revoked_token_ids.include?(jti)
end

.revoked_token_ids ⇒ Object

# File 'lib/zaikio/jwt_auth.rb', line 36

def self.revoked_token_ids
  return [] if mocked_jwt_payload

  return configuration.revoked_token_ids if configuration.revoked_token_ids

  result = DirectoryCache.fetch(
    "api/v1/revoked_access_tokens.json",
    expires_after: 60.minutes
  ) || {}

  result.fetch("revoked_token_ids", [])
end