Module: Philiprehberger::JwtKit

Defined in:
lib/philiprehberger/jwt_kit.rb,
lib/philiprehberger/jwt_kit/decoder.rb,
lib/philiprehberger/jwt_kit/encoder.rb,
lib/philiprehberger/jwt_kit/version.rb,
lib/philiprehberger/jwt_kit/revocation.rb,
lib/philiprehberger/jwt_kit/token_pair.rb,
lib/philiprehberger/jwt_kit/configuration.rb

Defined Under Namespace

Modules: Decoder, Encoder, Revocation, TokenPair Classes: Configuration, DecodeError, Error, InvalidAudience, InvalidIssuer, InvalidSignature, InvalidToken, RevokedToken, TokenExpired, TokenNotYetValid

Constant Summary collapse

VERSION = 
'0.4.0'

Class Attribute Summary collapse

Class Method Summary collapse

Class Attribute Details

.revocation_store#revoke, ...

Returns the revocation store.

Returns:

  • (#revoke, #revoked?, #clear, #size) 


141
142
143
 
# File 'lib/philiprehberger/jwt_kit.rb', line 141

def revocation_store
  @revocation_store ||= Revocation::MemoryStore.new
end

Class Method Details

.configurationConfiguration

Returns the current configuration.

Returns:



38
39
40
 
# File 'lib/philiprehberger/jwt_kit.rb', line 38

def configuration
  @configuration ||= Configuration.new
end

.configure {|config| ... } ⇒ void

This method returns an undefined value.

Configures JwtKit using a block.

Yield Parameters:



31
32
33
 
# File 'lib/philiprehberger/jwt_kit.rb', line 31

def configure
  yield(configuration)
end

.decode(token) ⇒ Hash

Decodes a JWT token and validates its claims.

Parameters:

  • token (String)

    JWT token

Returns:

  • (Hash)

    decoded payload

Raises:



89
90
91
92
93
94
 
# File 'lib/philiprehberger/jwt_kit.rb', line 89

def decode(token)
  payload = Decoder.decode(token, configuration)
  raise RevokedToken, 'Token has been revoked' if revocation_store.revoked?(token)

  payload
end

.encode(payload = {}) ⇒ String

Encodes a payload into a signed JWT token.

Parameters:

  • payload (Hash) (defaults to: {})

    custom claims

Returns:

  • (String)

    signed JWT token



80
81
82
 
# File 'lib/philiprehberger/jwt_kit.rb', line 80

def encode(payload = {})
  Encoder.encode(payload, configuration)
end

.expired?(token) ⇒ Boolean

Checks whether a token’s ‘exp` claim is in the past without verifying the signature. Useful for proactive refresh decisions. Returns `true` for malformed tokens or when `exp` is missing.

Parameters:

  • token (String)

    JWT token

Returns:

  • (Boolean) 


66
67
68
69
70
71
72
73
74
 
# File 'lib/philiprehberger/jwt_kit.rb', line 66

def expired?(token)
  payload = peek(token)[:payload]
  exp = payload['exp']
  return true unless exp.is_a?(Numeric)

  Time.now.to_i >= exp
rescue DecodeError
  true
end

.peek(token) ⇒ Hash

Decodes a JWT token WITHOUT verifying the signature. Useful for inspecting the header and payload before choosing a key.

Parameters:

  • token (String)

    JWT token

Returns:

  • (Hash)

    with :header and :payload keys

Raises:



102
103
104
 
# File 'lib/philiprehberger/jwt_kit.rb', line 102

def peek(token)
  Decoder.peek(token)
end

.refresh(refresh_token) ⇒ String

Generates a new access token from a refresh token.

Parameters:

  • refresh_token (String)

    valid refresh token

Returns:

  • (String)

    new access token



118
119
120
 
# File 'lib/philiprehberger/jwt_kit.rb', line 118

def refresh(refresh_token)
  TokenPair.refresh(refresh_token, configuration)
end

.reset_configuration!Configuration

Resets the configuration to defaults.

Returns:



45
46
47
 
# File 'lib/philiprehberger/jwt_kit.rb', line 45

def reset_configuration!
  @configuration = Configuration.new
end

.reset_revocation_store!Revocation::MemoryStore

Resets the revocation store to the default MemoryStore.

Returns:



154
155
156
 
# File 'lib/philiprehberger/jwt_kit.rb', line 154

def reset_revocation_store!
  @revocation_store = Revocation::MemoryStore.new
end

.revoke(token) ⇒ void

This method returns an undefined value.

Revokes a token.

Parameters:

  • token (String)

    JWT token to revoke



126
127
128
 
# File 'lib/philiprehberger/jwt_kit.rb', line 126

def revoke(token)
  revocation_store.revoke(token)
end

.revoked?(token) ⇒ Boolean

Checks whether a token has been revoked.

Parameters:

  • token (String)

    JWT token

Returns:

  • (Boolean) 


134
135
136
 
# File 'lib/philiprehberger/jwt_kit.rb', line 134

def revoked?(token)
  revocation_store.revoked?(token)
end

.token_pair(payload = {}) ⇒ Array<String>

Generates an access/refresh token pair.

Parameters:

  • payload (Hash) (defaults to: {})

    custom claims

Returns:

  • (Array<String>)

    ‘[access_token, refresh_token]`



110
111
112
 
# File 'lib/philiprehberger/jwt_kit.rb', line 110

def token_pair(payload = {})
  TokenPair.generate(payload, configuration)
end

.validate(token) ⇒ Hash

Validates a token and returns a result hash instead of raising.

Parameters:

  • token (String)

    JWT token

Returns:

  • (Hash)

    { valid: Boolean, payload: Hash or nil, error: String or nil }



53
54
55
56
57
58
 
# File 'lib/philiprehberger/jwt_kit.rb', line 53

def validate(token)
  payload = decode(token)
  { valid: true, payload: payload, error: nil }
rescue DecodeError, RevokedToken => e
  { valid: false, payload: nil, error: e.message }
end