Class: SSO::Jwt

Inherits:
Base show all
Defined in:
app/services/sso/jwt.rb

Constant Summary

Constants inherited from Base

Base::OIDC_ACCESS_TOKEN

Instance Attribute Summary collapse

Attributes inherited from Base

#controller, #has_rendered, #user

Instance Method Summary collapse

Methods inherited from Base

#http_token, #initialize, #login_url, #logout_url, #support_expiration?, #support_fallback?, #support_login?

Constructor Details

This class inherits a constructor from SSO::Base

Instance Attribute Details

#current_userObject (readonly)

Returns the value of attribute current_user


3
4
5
# File 'app/services/sso/jwt.rb', line 3

def current_user
  @current_user
end

Instance Method Details

#authenticate!Object


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'app/services/sso/jwt.rb', line 9

def authenticate!
  payload = jwt_token.decode || {}
  user_id = payload['user_id']

  unless valid_scope?(payload['scope'])
    Rails.logger.warn "JWT SSO: Invalid scope for '#{controller.controller_permission}' controller."
    return
  end

  user = User.unscoped.except_hidden.find_by(id: user_id) if user_id
  @current_user = user
  user&.
rescue JWT::ExpiredSignature
  Rails.logger.warn "JWT SSO: Expired JWT token."
  nil
rescue JWT::DecodeError
  Rails.logger.warn "JWT SSO: Failed to decode JWT."
  nil
end

#authenticated?Boolean

Returns:

  • (Boolean)

29
30
31
# File 'app/services/sso/jwt.rb', line 29

def authenticated?
  self.user = User.current.presence || authenticate!
end

#available?Boolean

Returns:

  • (Boolean)

5
6
7
# File 'app/services/sso/jwt.rb', line 5

def available?
  controller.api_request? && bearer_token_set? && no_issuer?
end