class OpenIDTokenProxy::Token
Attributes
access_token[RW]
id_token[RW]
refresh_token[RW]
Public Class Methods
decode!(access_token, keys = OpenIDTokenProxy.config.public_keys)
click to toggle source
Decodes given access token and validates its signature by public key(s) Use :skip_verification as second argument to skip signature validation
# File lib/openid_token_proxy/token.rb, line 66 def self.decode!(access_token, keys = OpenIDTokenProxy.config.public_keys) raise Required if access_token.blank? Array(keys).each do |key| begin object = OpenIDConnect::RequestObject.decode(access_token, key) rescue JSON::JWT::InvalidFormat => e raise Malformed.new(e.message) rescue JSON::JWT::VerificationFailed # Iterate through remaining public keys (if any) # Raises UnverifiableSignature if none applied (see below) # A failure in Certificate#verify leaves messages on the error queue, # which can lead to errors in SSL communication down the road. # See: https://bugs.ruby-lang.org/issues/7215 OpenSSL.errors.clear else return Token.new(access_token, object.raw_attributes) end end raise UnverifiableSignature end
new(access_token, id_token = nil, refresh_token = nil)
click to toggle source
# File lib/openid_token_proxy/token.rb, line 12 def initialize(access_token, id_token = nil, refresh_token = nil) @access_token = access_token if id_token.is_a? Hash id_token = OpenIDConnect::ResponseObject::IdToken.new(id_token) end @id_token = id_token @refresh_token = refresh_token end
Public Instance Methods
[](key)
click to toggle source
Retrieves data from identity attributes
# File lib/openid_token_proxy/token.rb, line 26 def [](key) id_token.raw_attributes[key] end
expired?()
click to toggle source
# File lib/openid_token_proxy/token.rb, line 60 def expired? id_token.exp.to_i <= Time.now.to_i end
expiry_time()
click to toggle source
# File lib/openid_token_proxy/token.rb, line 56 def expiry_time Time.at(id_token.exp.to_i).utc end
to_s()
click to toggle source
# File lib/openid_token_proxy/token.rb, line 21 def to_s @access_token end
valid?(assertions = {})
click to toggle source
Whether this token is valid
# File lib/openid_token_proxy/token.rb, line 50 def valid?(assertions = {}) validate!(assertions) rescue OpenIDTokenProxy::Error false end
validate!(assertions = {})
click to toggle source
Validates this token's expiration state, application, audience and issuer
# File lib/openid_token_proxy/token.rb, line 31 def validate!(assertions = {}) raise Expired if expired? # TODO: Nonce validation if assertions[:audience] audiences = Array(id_token.aud) raise InvalidAudience unless audiences.include? assertions[:audience] end if assertions[:issuer] issuer = id_token.iss raise InvalidIssuer unless issuer == assertions[:issuer] end true end