class AppleID::IdToken
Attributes
original_jwt_string[RW]
Public Class Methods
decode(jwt_string)
click to toggle source
Calls superclass method
# File lib/apple_id/id_token.rb, line 35 def decode(jwt_string) id_token = super jwt_string, :skip_verification id_token.original_jwt_string = jwt_string id_token end
new(attributes = {})
click to toggle source
Calls superclass method
# File lib/apple_id/id_token.rb, line 21 def initialize(attributes = {}) super unless self.real_user_status.nil? self.real_user_status = RealUserStatus.new(self.real_user_status) end end
Public Instance Methods
verify!(verify_signature: true, client: nil, nonce: nil, state: nil, access_token: nil, code: nil)
click to toggle source
# File lib/apple_id/id_token.rb, line 28 def verify!(verify_signature: true, client: nil, nonce: nil, state: nil, access_token: nil, code: nil) verify_signature! if verify_signature verify_claims! client, nonce, state, access_token, code self end
Private Instance Methods
verify_claims!(client, nonce, state, access_token, code)
click to toggle source
# File lib/apple_id/id_token.rb, line 50 def verify_claims!(client, nonce, state, access_token, code) aud = if client.respond_to?(:identifier) client.identifier else client end hash_length = original_jwt.alg.to_s[2, 3].to_i s_hash = if state.present? left_half_hash_of state, hash_length end at_hash = if access_token.present? left_half_hash_of access_token, hash_length end c_hash = if code.present? left_half_hash_of code, hash_length end failure_reasons = [] if self.iss != ISSUER failure_reasons << :iss end if aud.present? && self.aud != aud failure_reasons << :aud end if !nonce_supported? && self.nonce.blank? AppleID.logger.warn 'nonce is\'nt supported on this platform' else if nonce.present? && self.nonce != nonce failure_reasons << :nonce end end if s_hash.present? && self.s_hash != s_hash failure_reasons << :s_hash end if at_hash.present? && self.at_hash != at_hash failure_reasons << :at_hash end if c_hash.present? && self.c_hash != c_hash failure_reasons << :c_hash end if Time.now.to_i < iat failure_reasons << :iat end if Time.now.to_i >= exp failure_reasons << :exp end if failure_reasons.present? raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}" end end
verify_signature!()
click to toggle source
# File lib/apple_id/id_token.rb, line 44 def verify_signature! original_jwt.verify! JWKS.fetch(original_jwt.kid) rescue raise VerificationFailed, 'Signature Verification Failed' end