module BsJwt

Module BsJwt Used to decode, verify, and process JSON Web Tokens (JWTs) issued by Auth0 in applications developed and used at the company Reverse-Retail GmbH (www.buddyandselly.com), Hamburg, Germany. BS stands for Buddy&Selly.

The purpose of this library is to avoid code duplication among different Rails apps, such as Buddy, B&S Inventory, or B&S Packing.

Constants

DEFAULT_ENDPOINT
VERSION

Public Class Methods

jwks_key() click to toggle source

# File lib/bs_jwt.rb, line 60
def jwks_key
  @jwks_key ||= update_jwks
end

verify_and_decode(jwt) click to toggle source

# File lib/bs_jwt.rb, line 52
def verify_and_decode(jwt)
  return if jwt.nil?
  decoded = JSON::JWT.decode(jwt, jwks_key)
  Authentication.from_jwt_payload(decoded, jwt)
rescue JSON::JWT::Exception
  nil
end

verify_and_decode!(jwt) click to toggle source

# File lib/bs_jwt.rb, line 44
def verify_and_decode!(jwt)
  raise InvalidToken, 'token is nil' if jwt.nil?
  decoded = JSON::JWT.decode(jwt, jwks_key)
  Authentication.from_jwt_payload(decoded, jwt)
rescue JSON::JWT::Exception
  raise InvalidToken
end

verify_and_decode_auth0_hash(auth0_hash) click to toggle source

# File lib/bs_jwt.rb, line 38
def verify_and_decode_auth0_hash(auth0_hash)
  raise ArgumentError, 'Auth0 Hash must be an instance of Hash' unless auth0_hash.is_a?(Hash)
  jwt = auth0_hash.dig('credentials', 'id_token')
  verify_and_decode(jwt)
end

verify_and_decode_auth0_hash!(auth0_hash) click to toggle source

# File lib/bs_jwt.rb, line 32
def verify_and_decode_auth0_hash!(auth0_hash)
  raise ArgumentError, 'Auth0 Hash must be an instance of Hash' unless auth0_hash.is_a?(Hash)
  jwt = auth0_hash.dig('credentials', 'id_token')
  verify_and_decode!(jwt)
end

Private Class Methods

check_config() click to toggle source

# File lib/bs_jwt.rb, line 72
def check_config
  %i[auth0_domain].each do |key|
    val = send(key)
    next if val && (val.respond_to?(:empty?) && !val.empty?) # present
    raise ConfigMissing, "#{key} is not set"
  end
end

fetch_jwks(domain: auth0_domain) click to toggle source

# File lib/bs_jwt.rb, line 80
def fetch_jwks(domain: auth0_domain)
  url = [domain, DEFAULT_ENDPOINT].join
  url = 'https://' + url unless url =~ %r{https?://}
  res = Faraday.get(url)
  # raise if response code is not HTTP success
  # Faraday's exception should fall through
  raise(NetworkError, 'Fetching JWKS key failed') unless res.success?
  JSON::JWK::Set.new(JSON.parse(res.body))
end

update_jwks() click to toggle source

Fetches and overwrites the JWKS

# File lib/bs_jwt.rb, line 67
def update_jwks
  check_config
  fetch_jwks
end