Class: RackJwtAegis::JwtValidator

Inherits:

Object

Object
RackJwtAegis::JwtValidator

show all

Defined in:: lib/rack_jwt_aegis/jwt_validator.rb

Overview

JWT token validation and payload verification

Handles JWT token decoding, signature verification, and payload validation including claims verification and type checking based on configuration.

Examples:

Basic usage

config = Configuration.new(jwt_secret: 'your-secret')
validator = JwtValidator.new(config)
payload = validator.validate(jwt_token)

With multi-tenant validation

config = Configuration.new(
  jwt_secret: 'your-secret',
  validate_tenant_id: true,
  validate_subdomain: true,
  validate_pathname_slug: true
)
validator = JwtValidator.new(config)
payload = validator.validate(jwt_token) # Will validate tenant claims

Author:

Ken Camajalan Demanawa

Since:

0.1.0

Instance Method Summary collapse

#initialize(config) ⇒ JwtValidator constructor

Initialize the JWT validator.
#validate(token) ⇒ Hash

Validate and decode a JWT token.

Constructor Details

#initialize(config) ⇒ `JwtValidator`

Initialize the JWT validator

Parameters:

config (Configuration) —

the configuration instance

Since:

0.1.0



32
33
34

# File 'lib/rack_jwt_aegis/jwt_validator.rb', line 32

def initialize(config)
  @config = config
end

Instance Method Details

#validate(token) ⇒ `Hash`

Validate and decode a JWT token

Parameters:

token (String) —

the JWT token to validate

Returns:

(Hash) —

the decoded JWT payload

Raises:

(AuthenticationError) —

if token is invalid, expired, or malformed
(AuthenticationError) —

if required claims are missing or invalid

Since:

0.1.0

# File 'lib/rack_jwt_aegis/jwt_validator.rb', line 42

def validate(token)
  # Decode JWT with verification
  payload, _header = JWT.decode(
    token,
    @config.jwt_secret,
    true, # verify signature
    {
      algorithm: @config.jwt_algorithm,
      verify_expiration: true,
      verify_not_before: true,
      verify_iat: true,
      verify_aud: false, # Not validating audience by default
      verify_iss: false, # Not validating issuer by default
      verify_sub: false, # Not validating subject by default
    },
  )

  # Validate payload structure
  validate_payload_structure(payload)

  payload
rescue JWT::ExpiredSignature
  raise AuthenticationError, 'JWT token has expired'
rescue JWT::ImmatureSignature
  raise AuthenticationError, 'JWT token not yet valid'
rescue JWT::InvalidIatError
  raise AuthenticationError, 'JWT token issued in the future'
rescue JWT::VerificationError
  raise AuthenticationError, 'JWT signature verification failed'
rescue JWT::DecodeError => e
  raise AuthenticationError, "Invalid JWT token: #{e.message}"
rescue StandardError => e
  raise AuthenticationError, "JWT validation error: #{e.message}"
end

Class: RackJwtAegis::JwtValidator

Overview

Examples:

Basic usage

With multi-tenant validation

Instance Method Summary collapse

Constructor Details

#initialize(config) ⇒ JwtValidator

Instance Method Details

#validate(token) ⇒ Hash

#initialize(config) ⇒ `JwtValidator`

#validate(token) ⇒ `Hash`