class AppleID::IdToken

Attributes

original_jwt_string[RW]

Public Class Methods

decode(jwt_string) click to toggle source
Calls superclass method
# File lib/apple_id/id_token.rb, line 35
def decode(jwt_string)
  id_token = super jwt_string, :skip_verification
  id_token.original_jwt_string = jwt_string
  id_token
end
new(attributes = {}) click to toggle source
Calls superclass method
# File lib/apple_id/id_token.rb, line 21
def initialize(attributes = {})
  super
  unless self.real_user_status.nil?
    self.real_user_status = RealUserStatus.new(self.real_user_status)
  end
end

Public Instance Methods

verify!(verify_signature: true, client: nil, nonce: nil, state: nil, access_token: nil, code: nil) click to toggle source
# File lib/apple_id/id_token.rb, line 28
def verify!(verify_signature: true, client: nil, nonce: nil, state: nil, access_token: nil, code: nil)
  verify_signature! if verify_signature
  verify_claims! client, nonce, state, access_token, code
  self
end

Private Instance Methods

verify_claims!(client, nonce, state, access_token, code) click to toggle source
# File lib/apple_id/id_token.rb, line 50
def verify_claims!(client, nonce, state, access_token, code)
  aud = if client.respond_to?(:identifier)
    client.identifier
  else
    client
  end

  hash_length = original_jwt.alg.to_s[2, 3].to_i
  s_hash = if state.present?
    left_half_hash_of state, hash_length
  end
  at_hash = if access_token.present?
    left_half_hash_of access_token, hash_length
  end
  c_hash = if code.present?
    left_half_hash_of code, hash_length
  end

  failure_reasons = []
  if self.iss != ISSUER
    failure_reasons << :iss
  end
  if aud.present? && self.aud != aud
    failure_reasons << :aud
  end
  if !nonce_supported? && self.nonce.blank?
    AppleID.logger.warn 'nonce is\'nt supported on this platform'
  else
    if nonce.present? && self.nonce != nonce
      failure_reasons << :nonce
    end
  end
  if s_hash.present? && self.s_hash != s_hash
    failure_reasons << :s_hash
  end
  if at_hash.present? && self.at_hash != at_hash
    failure_reasons << :at_hash
  end
  if c_hash.present? && self.c_hash != c_hash
    failure_reasons << :c_hash
  end
  if Time.now.to_i < iat
    failure_reasons << :iat
  end
  if Time.now.to_i >= exp
    failure_reasons << :exp
  end

  if failure_reasons.present?
    raise VerificationFailed, "Claims Verification Failed at #{failure_reasons}"
  end
end
verify_signature!() click to toggle source
# File lib/apple_id/id_token.rb, line 44
def verify_signature!
  original_jwt.verify! JWKS.fetch(original_jwt.kid)
rescue
  raise VerificationFailed, 'Signature Verification Failed'
end