class Keycloak::Service

Public Class Methods

new(key_resolver) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 4
def initialize(key_resolver)
  @key_resolver                          = key_resolver
  @skip_paths                            = Keycloak.config.skip_paths
  @logger                                = Keycloak.config.logger
  @token_expiration_tolerance_in_seconds = Keycloak.config.token_expiration_tolerance_in_seconds
end

Public Instance Methods

decode_and_verify(token) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 11
def decode_and_verify(token)
  unless token.nil? || token&.empty?
    public_key    = @key_resolver.find_public_keys
    decoded_token = JSON::JWT.decode(token, public_key)

    unless expired?(decoded_token)
      decoded_token.verify!(public_key)
      decoded_token
    else
      raise TokenError.expired(token)
    end
  else
    raise TokenError.no_token(token)
  end
rescue JSON::JWT::VerificationFailed => e
  raise TokenError.verification_failed(token, e)
rescue JSON::JWK::Set::KidNotFound => e
  raise TokenError.verification_failed(token, e)
rescue JSON::JWT::InvalidFormat
  raise TokenError.invalid_format(token, e)
end
need_authentication?(method, path, headers) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 37
def need_authentication?(method, path, headers)
  !should_skip?(method, path) && !is_preflight?(method, headers)
end
read_token(uri, headers) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 33
def read_token(uri, headers)
  Helper.read_token_from_query_string(uri) || Helper.read_token_from_headers(headers)
end

Private Instance Methods

expired?(token) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 54
def expired?(token)
  token_expiration = Time.at(token["exp"]).to_datetime
  token_expiration < Time.now + @token_expiration_tolerance_in_seconds.seconds
end
is_preflight?(method, headers) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 49
def is_preflight?(method, headers)
  method_symbol = method&.downcase&.to_sym
  method_symbol == :options && !headers["HTTP_ACCESS_CONTROL_REQUEST_METHOD"].nil?
end
should_skip?(method, path) click to toggle source
# File lib/keycloak-api-rails/service.rb, line 43
def should_skip?(method, path)
  method_symbol = method&.downcase&.to_sym
  skip_paths    = @skip_paths[method_symbol]
  !skip_paths.nil? && !skip_paths.empty? && !skip_paths.find_index { |skip_path| skip_path.match(path) }.nil?
end