Class: FireJWT::Validator
- Inherits:
-
Object
- Object
- FireJWT::Validator
- Defined in:
- lib/firejwt/validator.rb
Overview
Validator validates tokens applying guidelines outlined in firebase.google.com/docs/auth/admin/verify-id-tokens#verify_id_tokens_using_a_third-party_jwt_library.
Instance Method Summary collapse
-
#decode(token) ⇒ FireJWT::Token
The token.
-
#initialize(project_id) ⇒ Validator
constructor
A new instance of Validator.
Constructor Details
#initialize(project_id) ⇒ Validator
Returns a new instance of Validator.
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/firejwt/validator.rb', line 12 def initialize(project_id) project_id = project_id.to_s @certs = Certificates.new @opts = { algorithms: %w[RS256].freeze, # exp must be in the future, iat must be in the past verify_expiration: true, verify_iat: true, # aud must be your Firebase project ID verify_aud: true, aud: project_id, # iss must be "https://securetoken.google.com/<projectId>" verify_iss: true, iss: "https://securetoken.google.com/#{project_id}", } end |
Instance Method Details
#decode(token) ⇒ FireJWT::Token
Returns the token.
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/firejwt/validator.rb', line 34 def decode(token) payload, header = JWT.decode token, nil, true, **@opts do |header| @certs.get(header['kid']) end # sub must be a non-empty string sub = payload['sub'] raise(JWT::InvalidSubError, 'Invalid subject. Expected non-empty string') unless sub.is_a?(String) && !sub.empty? # auth_time must be in the past aut = payload['auth_time'] raise(InvalidAuthTimeError, 'Invalid auth_time') if !aut.is_a?(Numeric) || aut.to_f > Time.now.to_f Token.new(payload, header) end |