Class: Teams::Auth::JwtValidator
- Inherits:
-
Object
- Object
- Teams::Auth::JwtValidator
- Defined in:
- lib/teams/auth/jwt_validator.rb
Instance Method Summary collapse
-
#initialize(client_id:, tenant_id: nil, cloud: PUBLIC_CLOUD, http: nil) ⇒ JwtValidator
constructor
A new instance of JwtValidator.
- #validate!(authorization_header, service_url: nil) ⇒ Object
Constructor Details
#initialize(client_id:, tenant_id: nil, cloud: PUBLIC_CLOUD, http: nil) ⇒ JwtValidator
Returns a new instance of JwtValidator.
10 11 12 13 14 15 16 17 18 19 |
# File 'lib/teams/auth/jwt_validator.rb', line 10 def initialize(client_id:, tenant_id: nil, cloud: PUBLIC_CLOUD, http: nil) @client_id = client_id @tenant_id = tenant_id @cloud = cloud @http = http || Common::HttpClient.new @jwks = {} # The validator is shared across request threads; the mutex keeps # concurrent cold-cache requests from fetching the JWKS repeatedly. @jwks_mutex = Mutex.new end |
Instance Method Details
#validate!(authorization_header, service_url: nil) ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/teams/auth/jwt_validator.rb', line 21 def validate!(, service_url: nil) raise AuthenticationError, "Authorization header is required" if .to_s.empty? scheme, token = .split(" ", 2) raise AuthenticationError, "Authorization must be Bearer" unless scheme&.casecmp("Bearer")&.zero? && token header, payload, signing_input, signature = decode(token) validate_claims!(payload) validate_service_url!(payload, service_url) if service_url verify_signature!(header, signing_input, signature) payload end |