Class: LcpRuby::Authentication::TestSupport::Signer
- Inherits:
-
Object
- Object
- LcpRuby::Authentication::TestSupport::Signer
- Defined in:
- lib/lcp_ruby/authentication/test_support.rb
Overview
Produces signed RS256 JWTs with sensible defaults plus convenience methods for rejection cases. All defaults are derived from the provider/issuer/audience passed to install_provider!; per-claim overrides via kwargs.
Constant Summary collapse
- DEFAULT_TTL =
seconds
3600
Instance Method Summary collapse
-
#initialize(provider:, issuer:, audience:, kid:, rsa_key:) ⇒ Signer
constructor
A new instance of Signer.
-
#sign(sub:, **overrides) ⇒ Object
Produces a signed JWT.
- #sign_expired(sub:, **overrides) ⇒ Object
-
#sign_tampered(sub:, **overrides) ⇒ Object
Sign cleanly, then flip the last character so the signature no longer verifies.
- #sign_unknown_kid(sub:, **overrides) ⇒ Object
- #sign_wrong_audience(sub:, **overrides) ⇒ Object
Constructor Details
#initialize(provider:, issuer:, audience:, kid:, rsa_key:) ⇒ Signer
Returns a new instance of Signer.
203 204 205 206 207 208 209 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 203 def initialize(provider:, issuer:, audience:, kid:, rsa_key:) @provider = provider @issuer = issuer @audience = audience @kid = kid @rsa_key = rsa_key end |
Instance Method Details
#sign(sub:, **overrides) ⇒ Object
Produces a signed JWT. Only ‘sub:` is required; anything else (email, name, roles, exp, …) flows through as a claim override.
213 214 215 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 213 def sign(sub:, **overrides) encode(default_claims(sub: sub).merge(overrides), kid: @kid) end |
#sign_expired(sub:, **overrides) ⇒ Object
217 218 219 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 217 def sign_expired(sub:, **overrides) sign(sub: sub, exp: (Time.now.to_i - DEFAULT_TTL), **overrides) end |
#sign_tampered(sub:, **overrides) ⇒ Object
Sign cleanly, then flip the last character so the signature no longer verifies. Result still parses as a JWT shape but verify fails.
231 232 233 234 235 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 231 def sign_tampered(sub:, **overrides) token = sign(sub: sub, **overrides) last = token[-1] token[0..-2] + (last == "A" ? "B" : "A") end |
#sign_unknown_kid(sub:, **overrides) ⇒ Object
225 226 227 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 225 def sign_unknown_kid(sub:, **overrides) encode(default_claims(sub: sub).merge(overrides), kid: "rogue-kid") end |
#sign_wrong_audience(sub:, **overrides) ⇒ Object
221 222 223 |
# File 'lib/lcp_ruby/authentication/test_support.rb', line 221 def sign_wrong_audience(sub:, **overrides) sign(sub: sub, aud: "wrong-aud", **overrides) end |