module JWT
Encode claims for transmission as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure, enabling the claims to be integrity protected with a signature for later verification @see tools.ietf.org/html/rfc7519
Constants
- VERSION
Public Instance Methods
decoded_claims(str)
click to toggle source
# File lib/jwt_nacl.rb, line 50 def decoded_claims(str) Util.symbolize_keys( JSON.parse( Base64Url.decode(str) ) ) end
sign(claims, private_key = nil)
click to toggle source
@param claims [Hash] input for a digital signature computation @param private_key [String] 32 random bytes (optional) @return [Hash] a hash with a signed jwt, private_key, and public_key @example
claims = {iss: "mike", exp: 1300819380, :"http://example.com/is_root" => false} private_hex = "d2c5c54bc205266f12a8a21809aa2989536959f666a5d68710e6fab94674041a" private_key = [private_hex].pack("H*") public_hex = "1e10af4b79b8d005c8b4237161f1350844b2e6c1a8d6aa4817151c04a2751731" public_key = [public_hex].pack("H*") JwtNacl.sign(claims, private_key) # => {jwt: "eyJhbGciOiJFZDI1NTE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJtaWtlIiwiZXhwIjoxMzAwODE5MzgwLCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6ZmFsc2V9.f2y6Sax9eK9M3JiFCt4ZfzzOL56SWNhydHpPPIoVkm21D3_bJq5DmFLgH8ee2OlzSlZMoq009jLSg6AC0mn4DA", private_key: private_key, public_key: public_key}
# File lib/jwt_nacl.rb, line 22 def sign(claims, private_key = nil) Jws.sign(validated_payload(claims), private_key) end
validated_payload(claims)
click to toggle source
# File lib/jwt_nacl.rb, line 40 def validated_payload(claims) raise("invalid claims") if !claims || claims.empty? || !claims.is_a?(Hash) claims.to_json end
verified_claims(hsh)
click to toggle source
# File lib/jwt_nacl.rb, line 45 def verified_claims(hsh) return {error: "invalid"} if hsh[:error] {claims: decoded_claims(hsh[:jwt].split(".")[1])} end
verify(jwt, public_key)
click to toggle source
@param jwt [String] a JSON Web Token @param public_key [String] 32 byte verifying key @return [Hash] +{claims: < the jwt claims set hash >}+ if the jwt verifies,
or +{error: "invalid"}+ otherwise
@example
jwt = "eyJhbGciOiJFZDI1NTE5IiwidHlwIjoiSldUIn0.eyJpc3MiOiJtaWtlIiwiZXhwIjoxMzAwODE5MzgwLCJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6ZmFsc2V9.f2y6Sax9eK9M3JiFCt4ZfzzOL56SWNhydHpPPIoVkm21D3_bJq5DmFLgH8ee2OlzSlZMoq009jLSg6AC0mn4DA" hex = "1e10af4b79b8d005c8b4237161f1350844b2e6c1a8d6aa4817151c04a2751731" public_key = [hex].pack("H*") JwtNacl.verify(jwt, public_key) # => {claims: {iss: "mike", exp: 1300819380, :"http://example.com/is_root" => false}}
# File lib/jwt_nacl.rb, line 36 def verify(jwt, public_key) verified_claims(Jws.verify(jwt, public_key)) end