Class: Aspera::OAuth::Jwt

Inherits:

Base

• Object
• Base
• Aspera::OAuth::Jwt

Defined in:

lib/aspera/oauth/jwt.rb

Overview

Authentication using private key tools.ietf.org/html/rfc7523 tools.ietf.org/html/rfc7519

Constant Summary

GRANT_TYPE =

'urn:ietf:params:oauth:grant-type:jwt-bearer'

Instance Method Summary

• #create_token ⇒ Object
• #initialize(private_key_obj:, payload:, headers: {}, cache_ids: [], **base_params) ⇒ Jwt constructor

  A new instance of Jwt.

Methods inherited from Base

#authorization, #create_token_call, #optional_scope_client_id, #scope=, #token

Constructor Details

#initialize(private_key_obj:, payload:, headers: {}, cache_ids: [], **base_params) ⇒ Jwt

Returns a new instance of Jwt.

Parameters:

• private_key_obj —

  private key object

• payload —

  payload to be included in the JWT

• headers (defaults to: {}) —

  headers to be included in the JWT

# File 'lib/aspera/oauth/jwt.rb', line 20

def initialize(
  private_key_obj:,
  payload:,
  headers: {},
  cache_ids: [],
  **base_params
)
  Aspera.assert_type(private_key_obj, OpenSSL::PKey::RSA){'private_key_obj'}
  Aspera.assert_type(payload, Hash){'payload'}
  Aspera.assert_type(headers, Hash){'headers'}
  Aspera.assert_type(cache_ids, Array){'cache ids'}
  new_cache_ids = cache_ids.clone.push(payload[:sub])
  super(**base_params, cache_ids: new_cache_ids)
  @private_key_obj = private_key_obj
  @additional_payload = payload
  @headers = headers
end

Instance Method Details

#create_token ⇒ Object

# File 'lib/aspera/oauth/jwt.rb', line 38

def create_token
  require 'jwt'
  seconds_since_epoch = Time.new.to_i
  Log.log.debug{"seconds_since_epoch=#{seconds_since_epoch}"}
  jwt_payload = {
    exp: seconds_since_epoch + OAuth::Factory.instance.parameters[:jwt_expiry_offset_sec], # expiration time
    nbf: seconds_since_epoch - OAuth::Factory.instance.parameters[:jwt_accepted_offset_sec], # not before
    iat: seconds_since_epoch - OAuth::Factory.instance.parameters[:jwt_accepted_offset_sec] + 1, # issued at
    jti: SecureRandom.uuid # JWT id
  }.merge(@additional_payload)
  Log.log.debug{Log.dump(:jwt_payload, jwt_payload)}
  Log.log.debug{"private=[#{@private_key_obj}]"}
  assertion = JWT.encode(jwt_payload, @private_key_obj, 'RS256', @headers)
  Log.log.debug{"assertion=[#{assertion}]"}
  return create_token_call(optional_scope_client_id.merge(grant_type: GRANT_TYPE, assertion: assertion))
end