Class: Gitlab::CloudConnector::JsonWebToken

Inherits:

Object

Object
Gitlab::CloudConnector::JsonWebToken

show all

Defined in:: lib/gitlab/cloud_connector/json_web_token.rb

Constant Summary collapse

SIGNING_ALGORITHM =

'RS256'

NOT_BEFORE_TIME_SEC =

5.seconds.to_i

Instance Attribute Summary collapse

#expires_at ⇒ Object readonly

Returns the value of attribute expires_at.
#issued_at ⇒ Object readonly

Returns the value of attribute issued_at.

Instance Method Summary collapse

#encode(jwk) ⇒ Object

jwk: The key (pair) as an instance of JWT::JWK.
#initialize(issuer:, audience:, subject:, realm:, scopes:, ttl:, extra_claims: {}) ⇒ JsonWebToken constructor

A new instance of JsonWebToken.
#payload ⇒ Object

Constructor Details

#initialize(issuer:, audience:, subject:, realm:, scopes:, ttl:, extra_claims: {}) ⇒ `JsonWebToken`

Returns a new instance of JsonWebToken.

# File 'lib/gitlab/cloud_connector/json_web_token.rb', line 13

def initialize(issuer:, audience:, subject:, realm:, scopes:, ttl:, extra_claims: {})
  @id = SecureRandom.uuid
  @audience = audience
  @subject = subject
  @issuer = issuer
  @issued_at = Time.current.to_i
  @not_before = @issued_at - NOT_BEFORE_TIME_SEC
  @expires_at = (@issued_at + ttl).to_i
  @realm = realm
  @scopes = scopes
  @extra_claims = extra_claims
end

Instance Attribute Details

#expires_at ⇒ `Object` (readonly)

Returns the value of attribute expires_at.



11
12
13

# File 'lib/gitlab/cloud_connector/json_web_token.rb', line 11

def expires_at
  @expires_at
end

#issued_at ⇒ `Object` (readonly)

Returns the value of attribute issued_at.



11
12
13

# File 'lib/gitlab/cloud_connector/json_web_token.rb', line 11

def issued_at
  @issued_at
end

Instance Method Details

#encode(jwk) ⇒ `Object`

jwk:

The key (pair) as an instance of JWT::JWK.

Returns a signed and Base64-encoded JSON Web Token string, to be written to the HTTP Authorization header field.

# File 'lib/gitlab/cloud_connector/json_web_token.rb', line 31

def encode(jwk)
  header_fields = { typ: 'JWT', kid: jwk.kid }

  JWT.encode(payload, jwk.signing_key, SIGNING_ALGORITHM, header_fields)
end

#payload ⇒ `Object`

# File 'lib/gitlab/cloud_connector/json_web_token.rb', line 37

def payload
  {
    jti: @id,
    aud: @audience,
    sub: @subject,
    iss: @issuer,
    iat: @issued_at,
    nbf: @not_before,
    exp: @expires_at
  }.merge(cloud_connector_claims)
end