Class: Doorkeeper::OpenidConnect::IdToken

Inherits:

Object

Object
Doorkeeper::OpenidConnect::IdToken

show all

Includes:: ActiveModel::Validations

Defined in:: lib/doorkeeper/openid_connect/id_token.rb

Direct Known Subclasses

IdTokenToken

Instance Attribute Summary collapse

#nonce ⇒ Object readonly

Returns the value of attribute nonce.

Instance Method Summary collapse

#as_json(*_) ⇒ Object
#as_jws_token ⇒ Object
#claims ⇒ Object
#initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration) ⇒ IdToken constructor

A new instance of IdToken.

Constructor Details

#initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration) ⇒ `IdToken`

Returns a new instance of IdToken.

# File 'lib/doorkeeper/openid_connect/id_token.rb', line 10

def initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration)
  @access_token = access_token
  @nonce = nonce
  @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
  @issued_at = Time.zone.now
  @expires_in = expires_in
end

Instance Attribute Details

#nonce ⇒ `Object` (readonly)

Returns the value of attribute nonce.



8
9
10

# File 'lib/doorkeeper/openid_connect/id_token.rb', line 8

def nonce
  @nonce
end

Instance Method Details

#as_json(*_) ⇒ `Object`



33
34
35

# File 'lib/doorkeeper/openid_connect/id_token.rb', line 33

def as_json(*_)
  claims.reject { |_, value| value.nil? || value == "" }
end

#as_jws_token ⇒ `Object`

# File 'lib/doorkeeper/openid_connect/id_token.rb', line 37

def as_jws_token
  ::JWT.encode(as_json,
    Doorkeeper::OpenidConnect.signing_key.keypair,
    Doorkeeper::OpenidConnect.signing_algorithm.to_s,
    { typ: "JWT", kid: Doorkeeper::OpenidConnect.signing_key.kid }).to_s
end

#claims ⇒ `Object`

# File 'lib/doorkeeper/openid_connect/id_token.rb', line 18

def claims
  # NOTE: framework-controlled claims are merged last so a custom claim
  # block cannot override security-critical registered claims such as
  # `sub`, `aud`, `exp`, `iss` or `iat` in the signed ID token.
  ClaimsBuilder.generate(@access_token, :id_token).merge(
    iss: issuer,
    sub: subject,
    aud: audience,
    exp: expiration,
    iat: issued_at,
    nonce: nonce,
    auth_time: auth_time
  )
end

Class: Doorkeeper::OpenidConnect::IdToken

Direct Known Subclasses

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration) ⇒ IdToken

Instance Attribute Details

#nonce ⇒ Object (readonly)

Instance Method Details

#as_json(*_) ⇒ Object

#as_jws_token ⇒ Object

#claims ⇒ Object

#initialize(access_token, nonce = nil, expires_in = Doorkeeper::OpenidConnect.configuration.expiration) ⇒ `IdToken`

#nonce ⇒ `Object` (readonly)

#as_json(*_) ⇒ `Object`

#as_jws_token ⇒ `Object`

#claims ⇒ `Object`