Module: JwtUtilities
- Extended by:
- ActiveSupport::Concern
- Included in:
- Users::SessionsController
- Defined in:
- app/controllers/concerns/jwt_utilities.rb
Overview
Mix-in for handling JWTs
Constant Summary collapse
- ZITADEL_ROLES_CLAIM_PATTERN =
Matches Zitadel's role-grant claim, e.g. "urn:zitadel:iam:org:project:123:roles" or the project-agnostic "urn:zitadel:iam:org:project:roles".
/\Aurn:zitadel:iam:org:project:(?:[^:]+:)?roles\z/.freeze
Instance Method Summary collapse
Instance Method Details
#jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = []) ⇒ Boolean
11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'app/controllers/concerns/jwt_utilities.rb', line 11 def jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = []) payload = decode_jwt(jwt) return false unless payload scope_valid = scope_valid?(payload, scopes) nonce_valid = nonce_valid?(payload) condition_key_valid = condition_key_valid?(payload, condition_key) attributes_valid = attributes_valid?(payload, attributes) Rails.logger.info "scope_valid: #{scope_valid}, nonce_valid: #{nonce_valid}, condition_key_valid: #{condition_key_valid}, attributes_valid: #{attributes_valid}" scope_valid && nonce_valid && condition_key_valid && attributes_valid end |
#public_key ⇒ Object
25 26 27 28 29 30 31 |
# File 'app/controllers/concerns/jwt_utilities.rb', line 25 def public_key Rails.cache.fetch('jwt_utilities_public_key', expires_in: 1.day) do x5c_val = OpenIDConnect::Discovery::Provider::Config.discover!(ENV['IDENTITY_BASE_URL']).jwks.first['x5c'].first cert = OpenSSL::X509::Certificate.new(Base64.decode64(x5c_val)) cert.public_key end end |