Module: SignIn::AudienceValidator

Extended by:

ActiveSupport::Concern

Included in:

AuthenticationAndSSOConcerns

Defined in:

app/controllers/concerns/sign_in/audience_validator.rb

Instance Method Summary

• #authenticate ⇒ Object protected
• #validate_audience! ⇒ Object private

Instance Method Details

#authenticate ⇒ Object (protected)

# File 'app/controllers/concerns/sign_in/audience_validator.rb', line 22

def authenticate
  validate_audience!
  super
rescue Errors::InvalidAudienceError => e
  render json: { errors: e }, status: :unauthorized
rescue Errors::AccessTokenExpiredError => e
  render json: { errors: e }, status: :forbidden
rescue Errors::StandardError => e
  handle_authenticate_error(e)
end

#validate_audience! ⇒ Object (private)

Raises:

• (Errors::InvalidAudienceError)

# File 'app/controllers/concerns/sign_in/audience_validator.rb', line 35

def validate_audience!
  valid_audience = self.class.valid_audience

  return if valid_audience.blank?
  return if access_token.audience.any? { |aud| valid_audience.include?(aud) }

  Rails.logger.error('[SignIn][AudienceValidator] Invalid audience',
                     { invalid_audience: access_token.audience, valid_audience: })
  raise Errors::InvalidAudienceError.new(message: 'Invalid audience')
end