Class: JWT::EncodedToken
- Inherits:
-
Object
- Object
- JWT::EncodedToken
- Includes:
- Claims::VerificationMethods
- Defined in:
- lib/jwt/encoded_token.rb
Overview
Represents an encoded JWT token
Processing an encoded and signed token:
token = JWT::Token.new(payload: {pay: 'load'})
token.sign!(algorithm: 'HS256', key: 'secret')
encoded_token = JWT::EncodedToken.new(token.jwt)
encoded_token.verify_signature!(algorithm: 'HS256', key: 'secret')
encoded_token.payload # => {'pay' => 'load'}
Instance Attribute Summary collapse
-
#encoded_header ⇒ String
readonly
Returns the encoded header of the JWT token.
-
#encoded_payload ⇒ String
Sets or returns the encoded payload of the JWT token.
-
#encoded_signature ⇒ String
readonly
Returns the encoded signature of the JWT token.
-
#jwt ⇒ String
(also: #to_s)
readonly
Returns the original token provided to the class.
Instance Method Summary collapse
-
#header ⇒ Hash
Returns the decoded header of the JWT token.
-
#initialize(jwt) ⇒ EncodedToken
constructor
Initializes a new EncodedToken instance.
-
#payload ⇒ Hash
Returns the payload of the JWT token.
-
#signature ⇒ String
Returns the decoded signature of the JWT token.
-
#signing_input ⇒ String
Returns the signing input of the JWT token.
-
#valid_signature?(algorithm:, key:) ⇒ Boolean
Checks if the signature of the JWT token is valid.
-
#verify_signature!(algorithm:, key: nil, key_finder: nil) ⇒ nil
Verifies the signature of the JWT token.
Methods included from Claims::VerificationMethods
#claim_errors, #valid_claims?, #verify_claims!
Constructor Details
#initialize(jwt) ⇒ EncodedToken
Initializes a new EncodedToken instance.
25 26 27 28 29 30 |
# File 'lib/jwt/encoded_token.rb', line 25 def initialize(jwt) raise ArgumentError, 'Provided JWT must be a String' unless jwt.is_a?(String) @jwt = jwt @encoded_header, @encoded_payload, @encoded_signature = jwt.split('.') end |
Instance Attribute Details
#encoded_header ⇒ String (readonly)
Returns the encoded header of the JWT token.
54 55 56 |
# File 'lib/jwt/encoded_token.rb', line 54 def encoded_header @encoded_header end |
#encoded_payload ⇒ String
Sets or returns the encoded payload of the JWT token.
67 68 69 |
# File 'lib/jwt/encoded_token.rb', line 67 def encoded_payload @encoded_payload end |
#encoded_signature ⇒ String (readonly)
Returns the encoded signature of the JWT token.
42 43 44 |
# File 'lib/jwt/encoded_token.rb', line 42 def encoded_signature @encoded_signature end |
#jwt ⇒ String (readonly) Also known as: to_s
Returns the original token provided to the class.
19 20 21 |
# File 'lib/jwt/encoded_token.rb', line 19 def jwt @jwt end |
Instance Method Details
#header ⇒ Hash
Returns the decoded header of the JWT token.
47 48 49 |
# File 'lib/jwt/encoded_token.rb', line 47 def header @header ||= parse_and_decode(@encoded_header) end |
#payload ⇒ Hash
Returns the payload of the JWT token.
59 60 61 |
# File 'lib/jwt/encoded_token.rb', line 59 def payload @payload ||= decode_payload end |
#signature ⇒ String
Returns the decoded signature of the JWT token.
35 36 37 |
# File 'lib/jwt/encoded_token.rb', line 35 def signature @signature ||= ::JWT::Base64.url_decode(encoded_signature || '') end |
#signing_input ⇒ String
Returns the signing input of the JWT token.
72 73 74 |
# File 'lib/jwt/encoded_token.rb', line 72 def signing_input [encoded_header, encoded_payload].join('.') end |
#valid_signature?(algorithm:, key:) ⇒ Boolean
Checks if the signature of the JWT token is valid.
99 100 101 102 103 104 105 |
# File 'lib/jwt/encoded_token.rb', line 99 def valid_signature?(algorithm:, key:) Array(JWA.resolve_and_sort(algorithms: algorithm, preferred_algorithm: header['alg'])).any? do |algo| Array(key).any? do |one_key| algo.verify(data: signing_input, signature: signature, verification_key: one_key) end end end |
#verify_signature!(algorithm:, key: nil, key_finder: nil) ⇒ nil
Verifies the signature of the JWT token.
84 85 86 87 88 89 90 91 92 |
# File 'lib/jwt/encoded_token.rb', line 84 def verify_signature!(algorithm:, key: nil, key_finder: nil) raise ArgumentError, 'Provide either key or key_finder, not both or neither' if key.nil? == key_finder.nil? key ||= key_finder.call(self) return if valid_signature?(algorithm: algorithm, key: key) raise JWT::VerificationError, 'Signature verification failed' end |