Module: JwtUtilities

Extended by:
ActiveSupport::Concern
Included in:
Users::SessionsController
Defined in:
app/controllers/concerns/jwt_utilities.rb

Overview

Mix-in for handling JWTs

Constant Summary collapse

ZITADEL_ROLES_CLAIM_PATTERN =

Matches Zitadel's role-grant claim, e.g. "urn:zitadel:iam:org:project:123:roles" or the project-agnostic "urn:zitadel:iam:org:project:roles".

/\Aurn:zitadel:iam:org:project:(?:[^:]+:)?roles\z/.freeze

Instance Method Summary collapse

Instance Method Details

#jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = []) ⇒ Boolean

Returns:

  • (Boolean)


11
12
13
14
15
16
17
18
19
20
21
22
23
# File 'app/controllers/concerns/jwt_utilities.rb', line 11

def jwt_valid?(jwt, condition_key = nil, scopes = [], attributes = [])
  payload = decode_jwt(jwt)
  return false unless payload

  scope_valid = scope_valid?(payload, scopes)
  nonce_valid = nonce_valid?(payload)
  condition_key_valid = condition_key_valid?(payload, condition_key)
  attributes_valid = attributes_valid?(payload, attributes)

  Rails.logger.info "scope_valid: #{scope_valid}, nonce_valid: #{nonce_valid}, condition_key_valid: #{condition_key_valid}, attributes_valid: #{attributes_valid}"

  scope_valid && nonce_valid && condition_key_valid && attributes_valid
end

#public_keyObject



25
26
27
28
29
30
31
# File 'app/controllers/concerns/jwt_utilities.rb', line 25

def public_key
  Rails.cache.fetch('jwt_utilities_public_key', expires_in: 1.day) do
    x5c_val = OpenIDConnect::Discovery::Provider::Config.discover!(ENV['IDENTITY_BASE_URL']).jwks.first['x5c'].first
    cert = OpenSSL::X509::Certificate.new(Base64.decode64(x5c_val))
    cert.public_key
  end
end