class IntuitOAuth::Flow::OpenID
Public Instance Methods
get_user_info(access_token)
click to toggle source
Get the User Info
@param [access_token] the access token needs to access the user info @return [Response] the response object
# File lib/intuit-oauth/flow/openid.rb, line 28 def get_user_info(access_token) headers = { Authorization: "Bearer #{access_token}" } IntuitOAuth::Transport.request('GET', @client.user_info_url, headers=headers) end
validate_id_token(id_token)
click to toggle source
If the token can be correctly validated, returns True. Otherwise, return false The validation rules are: 1.You have to provide the client_id value, which must match the token's aud field 2.The payload issuer is from Intuit 3.The expire time is not expired. 4.The signature is correct
If something fails, raises an error
@param [String] id_token
The string form of the token
@return [Boolean]
# File lib/intuit-oauth/flow/openid.rb, line 52 def validate_id_token(id_token) id_token_header_raw, id_token_payload_raw, id_token_signature_raw = id_token.split(".") # base 64 decode id_token_header_json = JSON.parse(Base64.decode64(id_token_header_raw.strip)) id_token_payload_json = JSON.parse(Base64.decode64(id_token_payload_raw.strip)) id_token_signature = Base64.decode64(id_token_signature_raw.strip) # 1. check if payload's issuer is from Intuit issue = id_token_payload_json.fetch('iss') unless issue.eql? @client.issuer_uri return false end # 2. check if the aud matches the client id aud = id_token_payload_json.fetch('aud').first unless aud.eql? @client.id return false end # 3. check if the expire time is not expired exp = id_token_payload_json.fetch('exp') if exp < Time.now.to_i return false end # 4. check if the signature is correct response = IntuitOAuth::Transport.request('GET', @client.jwks_uri, nil, nil, false) body = response.body keys = JSON.parse(body).fetch('keys').first standard_kid = keys.fetch('kid') kid_in_id_token = id_token_header_json.fetch('kid') unless standard_kid.eql? kid_in_id_token return false end return true end