class FireJWT::Validator
Validator
validates tokens applying guidelines outlined in firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library.
Public Class Methods
new(project_id)
click to toggle source
@param [String] project_id the unique identifier for your Firebase project, which can be found in the URL of that project's console.
# File lib/firejwt/validator.rb, line 12 def initialize(project_id) project_id = project_id.to_s @certs = Certificates.new @opts = { algorithms: %w[RS256].freeze, # exp must be in the future, iat must be in the past verify_expiration: true, verify_iat: true, # aud must be your Firebase project ID verify_aud: true, aud: project_id, # iss must be "https://securetoken.google.com/<projectId>" verify_iss: true, iss: "https://securetoken.google.com/#{project_id}", } end
Public Instance Methods
decode(token)
click to toggle source
@param [String] token the token string @return [FireJWT::Token] the token @raises [JWT::DecodeError] validation errors
# File lib/firejwt/validator.rb, line 34 def decode(token) payload, header = JWT.decode token, nil, true, **@opts do |header| @certs.get(header['kid']) end # sub must be a non-empty string sub = payload['sub'] raise(JWT::InvalidSubError, 'Invalid subject. Expected non-empty string') unless sub.is_a?(String) && !sub.empty? # auth_time must be in the past aut = payload['auth_time'] raise(InvalidAuthTimeError, 'Invalid auth_time') if !aut.is_a?(Numeric) || aut.to_f > Time.now.to_f Token.new(payload, header) end