Class: SignIn::ServiceAccountAccessTokenJwtDecoder

Inherits:

Object

• Object
• SignIn::ServiceAccountAccessTokenJwtDecoder

Defined in:

app/services/sign_in/service_account_access_token_jwt_decoder.rb

Instance Attribute Summary

• #service_account_access_token_jwt ⇒ Object readonly

  Returns the value of attribute service_account_access_token_jwt.

Instance Method Summary

• #decode_key_array ⇒ Object private
• #initialize(service_account_access_token_jwt:) ⇒ ServiceAccountAccessTokenJwtDecoder constructor

  A new instance of ServiceAccountAccessTokenJwtDecoder.

• #jwt_decode_service_account_access_token(with_validation) ⇒ Object private
• #perform(with_validation: true) ⇒ Object
• #public_key ⇒ Object private
• #public_key_old ⇒ Object private

Constructor Details

#initialize(service_account_access_token_jwt:) ⇒ ServiceAccountAccessTokenJwtDecoder

Returns a new instance of ServiceAccountAccessTokenJwtDecoder.

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 7

def initialize(service_account_access_token_jwt:)
  @service_account_access_token_jwt = service_account_access_token_jwt
end

Instance Attribute Details

#service_account_access_token_jwt ⇒ Object (readonly)

Returns the value of attribute service_account_access_token_jwt.

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 5

def service_account_access_token_jwt
  @service_account_access_token_jwt
end

Instance Method Details

#decode_key_array ⇒ Object (private)

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 47

def decode_key_array
  [public_key, public_key_old].compact
end

#jwt_decode_service_account_access_token(with_validation) ⇒ Object (private)

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 26

def jwt_decode_service_account_access_token(with_validation)
  decoded_jwt = JWT.decode(
    service_account_access_token_jwt,
    decode_key_array,
    with_validation,
    {
      verify_expiration: with_validation,
      algorithm: Constants::ServiceAccountAccessToken::JWT_ENCODE_ALGORITHM
    }
  )&.first
  OpenStruct.new(decoded_jwt)
rescue JWT::VerificationError
  raise Errors::AccessTokenSignatureMismatchError.new(
    message: 'Service Account access token body does not match signature'
  )
rescue JWT::ExpiredSignature
  raise Errors::AccessTokenExpiredError.new message: 'Service Account access token has expired'
rescue JWT::DecodeError
  raise Errors::AccessTokenMalformedJWTError.new message: 'Service Account access token JWT is malformed'
end

#perform(with_validation: true) ⇒ Object

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 11

def perform(with_validation: true)
  decoded_token = jwt_decode_service_account_access_token(with_validation)
  ServiceAccountAccessToken.new(service_account_id: decoded_token.service_account_id,
                                audience: decoded_token.aud,
                                scopes: decoded_token.scopes,
                                user_attributes: decoded_token.user_attributes,
                                user_identifier: decoded_token.sub,
                                uuid: decoded_token.jti,
                                version: decoded_token.version,
                                expiration_time: Time.zone.at(decoded_token.exp),
                                created_time: Time.zone.at(decoded_token.iat))
end

#public_key ⇒ Object (private)

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 51

def public_key
  OpenSSL::PKey::RSA.new(File.read(Settings.sign_in.jwt_encode_key)).public_key
end

#public_key_old ⇒ Object (private)

# File 'app/services/sign_in/service_account_access_token_jwt_decoder.rb', line 55

def public_key_old
  return unless Settings.sign_in.jwt_old_encode_key

  OpenSSL::PKey::RSA.new(File.read(Settings.sign_in.jwt_old_encode_key)).public_key
end