Class: Google::Auth::IDTokens::Verifier

Inherits:
Object
  • Object
show all
Defined in:
lib/googleauth/id_tokens/verifier.rb

Overview

An object that can verify ID tokens.

A verifier maintains a set of default settings, including the key source and fields to verify. However, individual verification calls can override any of these settings.

Instance Method Summary collapse

Constructor Details

#initialize(key_source: nil, aud: nil, azp: nil, iss: nil) ⇒ Verifier

Create a verifier.



44
45
46
47
48
49
50
51
52
 
# File 'lib/googleauth/id_tokens/verifier.rb', line 44

def initialize key_source: nil,
               aud:        nil,
               azp:        nil,
               iss:        nil
  @key_source = key_source
  @aud = aud
  @azp = azp
  @iss = iss
end

Instance Method Details

#verify(token, key_source: :default, aud: :default, azp: :default, iss: :default) ⇒ Hash

Verify the given token.

Raises:



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/googleauth/id_tokens/verifier.rb', line 67

def verify token,
           key_source: :default,
           aud:        :default,
           azp:        :default,
           iss:        :default
  key_source = @key_source if key_source == :default
  aud = @aud if aud == :default
  azp = @azp if azp == :default
  iss = @iss if iss == :default

  raise KeySourceError, "No key sources" unless key_source
  keys = key_source.current_keys
  payload = decode_token token, keys, aud, azp, iss
  unless payload
    keys = key_source.refresh_keys
    payload = decode_token token, keys, aud, azp, iss
  end
  raise SignatureError, "Token not verified as issued by Google" unless payload
  payload
end