Class: Nonnative::Token
- Inherits:
-
Object
- Object
- Nonnative::Token
- Defined in:
- lib/nonnative/token.rb
Overview
Builds signed tokens (JWT, PASETO, or SSH) for authenticating against services under test.
The consumer passes in the signing parameters they parsed from their own configuration; this class is not coupled to any particular service's configuration format. The generated token string is ready to pass to Header.auth_bearer.
Constant Summary collapse
- KINDS =
Supported token kinds mapped to their implementation.
{ 'jwt' => Nonnative::JwtToken, 'paseto' => Nonnative::PasetoToken, 'ssh' => Nonnative::SshToken }.freeze
Class Method Summary collapse
-
.grpc_audience(full_method) ⇒ String
Builds the audience string for a gRPC endpoint.
-
.http_audience(method, path) ⇒ String
Builds the audience string for an HTTP endpoint.
Instance Method Summary collapse
-
#generate(aud:, sub:, issued_at: nil, not_before: nil, expires_at: nil) ⇒ String
Generates a signed token.
-
#initialize(kind:, issuer:, key:, private_key:, expiration:) ⇒ Token
constructor
A new instance of Token.
Constructor Details
#initialize(kind:, issuer:, key:, private_key:, expiration:) ⇒ Token
Returns a new instance of Token.
50 51 52 53 |
# File 'lib/nonnative/token.rb', line 50 def initialize(kind:, issuer:, key:, private_key:, expiration:) klass = KINDS.fetch(kind) { raise ArgumentError, "Unsupported token kind '#{kind}'" } @token = klass.new(issuer: issuer, key: key, private_key: private_key, expiration: expiration) end |
Class Method Details
.grpc_audience(full_method) ⇒ String
Builds the audience string for a gRPC endpoint.
39 40 41 |
# File 'lib/nonnative/token.rb', line 39 def grpc_audience(full_method) full_method end |
.http_audience(method, path) ⇒ String
Builds the audience string for an HTTP endpoint.
31 32 33 |
# File 'lib/nonnative/token.rb', line 31 def http_audience(method, path) "#{method} #{path}" end |
Instance Method Details
#generate(aud:, sub:, issued_at: nil, not_before: nil, expires_at: nil) ⇒ String
Generates a signed token.
The optional time claims default to the current time (and the constructor expiration), so
omitting them reproduces the token's normal claims. Supply them to mint tokens with specific
time claims for negative auth tests, such as a not-yet-valid (future not_before) or
clock-skewed token. Times are absolute; the ssh kind has no nbf claim and rejects
not_before.
69 70 71 |
# File 'lib/nonnative/token.rb', line 69 def generate(aud:, sub:, issued_at: nil, not_before: nil, expires_at: nil) @token.generate(aud: aud, sub: sub, issued_at: issued_at, not_before: not_before, expires_at: expires_at) end |