Class: StandardId::JwtService

Inherits:

Object

Object
StandardId::JwtService

show all

Defined in:: lib/standard_id/jwt_service.rb

Constant Summary collapse

ALGORITHM =

"HS256"

RESERVED_JWT_KEYS =

%i[sub client_id scope grant_type exp iat aud iss nbf jti]

BASE_SESSION_FIELDS =

%i[account_id client_id scopes grant_type]

SESSION_CLASS =

Concurrent::Delay.new do
  Struct.new(*(BASE_SESSION_FIELDS + claim_resolver_keys), keyword_init: true) do
    def active?
      true
    end
  end
end

Class Method Summary collapse

.claim_resolver_keys ⇒ Object
.decode(token) ⇒ Object
.decode_session(token) ⇒ Object
.encode(payload, expires_in: 1.hour) ⇒ Object
.secret_key ⇒ Object
.session_class ⇒ Object

Class Method Details

.claim_resolver_keys ⇒ `Object`

# File 'lib/standard_id/jwt_service.rb', line 61

def self.claim_resolver_keys
  resolvers = StandardId.config.oauth.claim_resolvers
  keys = Hash.try_convert(resolvers)&.keys
  keys.compact.map(&:to_sym).uniq.excluding(*RESERVED_JWT_KEYS)
rescue StandardError
  []
end

.decode(token) ⇒ `Object`

# File 'lib/standard_id/jwt_service.rb', line 29

def self.decode(token)
  decoded = JWT.decode(token, secret_key, true, { algorithm: ALGORITHM })
  decoded.first.with_indifferent_access
rescue JWT::DecodeError, JWT::ExpiredSignature, JWT::InvalidIatError
  nil
end

.decode_session(token) ⇒ `Object`

# File 'lib/standard_id/jwt_service.rb', line 36

def self.decode_session(token)
  payload = decode(token)
  return unless payload

  scopes = if payload[:scope].is_a?(String)
    payload[:scope].split(" ")
  else
    Array(payload[:scope]).compact
  end

  session_class.new(
    **payload.slice(*claim_resolver_keys),
    account_id: payload[:sub],
    client_id: payload[:client_id],
    scopes: scopes,
    grant_type: payload[:grant_type],
  )
end

.encode(payload, expires_in: 1.hour) ⇒ `Object`

# File 'lib/standard_id/jwt_service.rb', line 22

def self.encode(payload, expires_in: 1.hour)
  payload[:exp] = expires_in.from_now.to_i
  payload[:iat] = Time.current.to_i

  JWT.encode(payload, secret_key, ALGORITHM)
end

.secret_key ⇒ `Object`



57
58
59

# File 'lib/standard_id/jwt_service.rb', line 57

def self.secret_key
  Rails.application.secret_key_base
end

.session_class ⇒ `Object`



18
19
20

# File 'lib/standard_id/jwt_service.rb', line 18

def self.session_class
  SESSION_CLASS.value
end

Class: StandardId::JwtService

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.claim_resolver_keys ⇒ Object

.decode(token) ⇒ Object

.decode_session(token) ⇒ Object

.encode(payload, expires_in: 1.hour) ⇒ Object

.secret_key ⇒ Object

.session_class ⇒ Object

.claim_resolver_keys ⇒ `Object`

.decode(token) ⇒ `Object`

.decode_session(token) ⇒ `Object`

.encode(payload, expires_in: 1.hour) ⇒ `Object`

.secret_key ⇒ `Object`

.session_class ⇒ `Object`