Class: JWT::EncodedToken

Inherits:
Object
  • Object
show all
Includes:
Claims::VerificationMethods
Defined in:
lib/jwt/encoded_token.rb

Overview

Represents an encoded JWT token

Processing an encoded and signed token:

token = JWT::Token.new(payload: {pay: 'load'})
token.sign!(algorithm: 'HS256', key: 'secret')

encoded_token = JWT::EncodedToken.new(token.jwt)
encoded_token.verify_signature!(algorithm: 'HS256', key: 'secret')
encoded_token.payload # => {'pay' => 'load'}

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Claims::VerificationMethods

#claim_errors, #valid_claims?, #verify_claims!

Constructor Details

#initialize(jwt) ⇒ EncodedToken

Initializes a new EncodedToken instance.

Parameters:

  • jwt (String)

    the encoded JWT token.

Raises:

  • (ArgumentError)

    if the provided JWT is not a String.



25
26
27
28
29
30
# File 'lib/jwt/encoded_token.rb', line 25

def initialize(jwt)
  raise ArgumentError, 'Provided JWT must be a String' unless jwt.is_a?(String)

  @jwt = jwt
  @encoded_header, @encoded_payload, @encoded_signature = jwt.split('.')
end

Instance Attribute Details

#encoded_headerString (readonly)

Returns the encoded header of the JWT token.

Returns:

  • (String)

    the encoded header.



54
55
56
# File 'lib/jwt/encoded_token.rb', line 54

def encoded_header
  @encoded_header
end

#encoded_payloadString

Sets or returns the encoded payload of the JWT token.

Parameters:

  • value (String)

    the encoded payload to set.

Returns:

  • (String)

    the encoded payload.



67
68
69
# File 'lib/jwt/encoded_token.rb', line 67

def encoded_payload
  @encoded_payload
end

#encoded_signatureString (readonly)

Returns the encoded signature of the JWT token.

Returns:

  • (String)

    the encoded signature.



42
43
44
# File 'lib/jwt/encoded_token.rb', line 42

def encoded_signature
  @encoded_signature
end

#jwtString (readonly) Also known as: to_s

Returns the original token provided to the class.

Returns:

  • (String)

    The JWT token.



19
20
21
# File 'lib/jwt/encoded_token.rb', line 19

def jwt
  @jwt
end

Instance Method Details

#headerHash

Returns the decoded header of the JWT token.

Returns:

  • (Hash)

    the header.



47
48
49
# File 'lib/jwt/encoded_token.rb', line 47

def header
  @header ||= parse_and_decode(@encoded_header)
end

#payloadHash

Returns the payload of the JWT token.

Returns:

  • (Hash)

    the payload.



59
60
61
# File 'lib/jwt/encoded_token.rb', line 59

def payload
  @payload ||= decode_payload
end

#signatureString

Returns the decoded signature of the JWT token.

Returns:

  • (String)

    the decoded signature.



35
36
37
# File 'lib/jwt/encoded_token.rb', line 35

def signature
  @signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
end

#signing_inputString

Returns the signing input of the JWT token.

Returns:

  • (String)

    the signing input.



72
73
74
# File 'lib/jwt/encoded_token.rb', line 72

def signing_input
  [encoded_header, encoded_payload].join('.')
end

#valid_signature?(algorithm:, key:) ⇒ Boolean

Checks if the signature of the JWT token is valid.

Parameters:

  • algorithm (String, Array<String>, Object, Array<Object>)

    the algorithm(s) to use for verification.

  • key (String, Array<String>)

    the key(s) to use for verification.

Returns:

  • (Boolean)

    true if the signature is valid, false otherwise.



99
100
101
102
103
104
105
# File 'lib/jwt/encoded_token.rb', line 99

def valid_signature?(algorithm:, key:)
  Array(JWA.resolve_and_sort(algorithms: algorithm, preferred_algorithm: header['alg'])).any? do |algo|
    Array(key).any? do |one_key|
      algo.verify(data: signing_input, signature: signature, verification_key: one_key)
    end
  end
end

#verify_signature!(algorithm:, key: nil, key_finder: nil) ⇒ nil

Verifies the signature of the JWT token.

Parameters:

  • algorithm (String, Array<String>, Object, Array<Object>)

    the algorithm(s) to use for verification.

  • key (String, Array<String>) (defaults to: nil)

    the key(s) to use for verification.

  • key_finder (#call) (defaults to: nil)

    an object responding to ‘call` to find the key for verification.

Returns:

  • (nil)

Raises:

  • (JWT::VerificationError)

    if the signature verification fails.

  • (ArgumentError)

    if neither key nor key_finder is provided, or if both are provided.



84
85
86
87
88
89
90
91
92
# File 'lib/jwt/encoded_token.rb', line 84

def verify_signature!(algorithm:, key: nil, key_finder: nil)
  raise ArgumentError, 'Provide either key or key_finder, not both or neither' if key.nil? == key_finder.nil?

  key ||= key_finder.call(self)

  return if valid_signature?(algorithm: algorithm, key: key)

  raise JWT::VerificationError, 'Signature verification failed'
end