Module: ApiGuard::JwtAuth::JsonWebToken

Included in:
Test::ControllerHelper
Defined in:
lib/api_guard/jwt_auth/json_web_token.rb

Overview

Common module for JWT operations

Instance Method Summary collapse

Instance Method Details

#create_token_and_set_header(resource, resource_name) ⇒ Object

Create tokens and set response headers



52
53
54
55
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 52

def create_token_and_set_header(resource, resource_name)
  access_token, refresh_token = jwt_and_refresh_token(resource, resource_name)
  set_token_headers(access_token, refresh_token)
end

#current_timeObject 



9
10
11
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 9

def current_time
  @current_time ||= Time.now.utc
end

#decode(token, verify = true) ⇒ Object

Decode the JWT token and return the payload



27
28
29
30
31
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 27

def decode(token, verify = true)
  HashWithIndifferentAccess.new(
    JWT.decode(token, ApiGuard.token_signing_secret, verify, verify_iat: true)[0]
  )
end

#encode(payload) ⇒ Object

Encode the payload with the secret key and return the JWT token



22
23
24
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 22

def encode(payload)
  JWT.encode(payload, ApiGuard.token_signing_secret)
end

#invalidate_old_jwt_tokens(resource) ⇒ Object

Set token issued at to current timestamp to restrict access to old access(JWT) tokens



66
67
68
69
70
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 66

def invalidate_old_jwt_tokens(resource)
  return unless ApiGuard.invalidate_old_tokens_on_password_change

  resource.token_issued_at = Time.at(token_issued_at).utc
end

#jwt_and_refresh_token(resource, resource_name, expired_token = false, expired_refresh_token = false) ⇒ Object

Create a JWT token with resource detail in payload. Also, create refresh token if enabled for the resource.

This creates expired JWT token if the argument 'expired_token' is true which can be used for testing. This creates expired refresh token if the argument 'expired_refresh_token' is true which can be used for testing.



38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 38

def jwt_and_refresh_token(resource, resource_name, expired_token = false, expired_refresh_token = false)
  payload = {
    "#{resource_name}_id": resource.id,
    exp: expired_token ? token_issued_at : token_expire_at,
    iat: token_issued_at
  }

  # Add custom data in the JWT token payload
  payload.merge!(resource.jwt_token_payload) if resource.respond_to?(:jwt_token_payload)

  [encode(payload), new_refresh_token(resource, expired_refresh_token)]
end

#set_token_headers(token, refresh_token = nil) ⇒ Object

Set token details in response headers



58
59
60
61
62
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 58

def set_token_headers(token, refresh_token = nil)
  response.headers['Access-Token'] = token
  response.headers['Refresh-Token'] = refresh_token if refresh_token
  response.headers['Expire-At'] = token_expire_at.to_s
end

#token_expire_atObject 



13
14
15
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 13

def token_expire_at
  @token_expire_at ||= (current_time + ApiGuard.token_validity).to_i
end

#token_issued_atObject 



17
18
19
 
# File 'lib/api_guard/jwt_auth/json_web_token.rb', line 17

def token_issued_at
  @token_issued_at ||= current_time.to_i
end