Class: HoninClient::TokenVerifier

Inherits:
Object
  • Object
show all
Defined in:
lib/honin/client/token_verifier.rb

Instance Method Summary collapse

Constructor Details

#initialize(jwks_cache:, issuer:, client_id:) ⇒ TokenVerifier

Returns a new instance of TokenVerifier.



7
8
9
10
11
# File 'lib/honin/client/token_verifier.rb', line 7

def initialize(jwks_cache:, issuer:, client_id:)
  @jwks_cache = jwks_cache
  @issuer = issuer
  @client_id = client_id
end

Instance Method Details

#verify(token) ⇒ Object



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# File 'lib/honin/client/token_verifier.rb', line 13

def verify(token)
  # Pass a callable so the JWT gem can trigger a cache refresh on unknown kid
  # (it calls with invalidate: true on second attempt — RFC-standard key rotation).
  loader = ->(options) { options[:invalidate] ? @jwks_cache.refresh! : @jwks_cache.fetch }

  payload, = JWT.decode(token, nil, true, {
    algorithms: ["RS256"],
    verify_iss: true,
    iss: @issuer,
    verify_aud: true,
    aud: @client_id,
    jwks: loader
  })
  Identity.new(payload)
rescue JWT::DecodeError, JWT::VerificationError => e
  raise VerificationError, e.message
end