Class: OmniAuth::Strategies::Jwt

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omni_auth/strategies/jwt.rb

Constant Summary collapse

ClaimInvalid =
Class.new(StandardError)

Instance Method Summary collapse

Instance Method Details

#callback_phaseObject


68
69
70
71
72
# File 'lib/omni_auth/strategies/jwt.rb', line 68

def callback_phase
  super
rescue ClaimInvalid => e
  fail! :claim_invalid, e
end

#decodedObject

Raises:


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/omni_auth/strategies/jwt.rb', line 40

def decoded
  secret =
    case options.algorithm
    when *%w[RS256 RS384 RS512]
      OpenSSL::PKey::RSA.new(options.secret).public_key
    when *%w[ES256 ES384 ES512]
      OpenSSL::PKey::EC.new(options.secret).tap { |key| key.private_key = nil }
    when *%w(HS256 HS384 HS512)
      options.secret
    else
      raise NotImplementedError, "Unsupported algorithm: #{options.algorithm}"
    end

  @decoded ||= ::JWT.decode(request.params['jwt'], secret, true, { algorithm: options.algorithm }).first

  (options.required_claims || []).each do |field|
    raise ClaimInvalid, "Missing required '#{field}' claim" unless @decoded.key?(field.to_s)
  end

  raise ClaimInvalid, "Missing required 'iat' claim" if options.valid_within && !@decoded["iat"]

  if options.valid_within && (Time.now.to_i - @decoded["iat"]).abs > options.valid_within.to_i
    raise ClaimInvalid, "'iat' timestamp claim is too skewed from present"
  end

  @decoded
end

#request_phaseObject


36
37
38
# File 'lib/omni_auth/strategies/jwt.rb', line 36

def request_phase
  redirect options.auth_url
end