Class: Teams::Auth::JwtValidator

Inherits:
Object
  • Object
show all
Defined in:
lib/teams/auth/jwt_validator.rb

Instance Method Summary collapse

Constructor Details

#initialize(client_id:, tenant_id: nil, cloud: PUBLIC_CLOUD, http: nil) ⇒ JwtValidator

Returns a new instance of JwtValidator.



10
11
12
13
14
15
16
17
18
19
# File 'lib/teams/auth/jwt_validator.rb', line 10

def initialize(client_id:, tenant_id: nil, cloud: PUBLIC_CLOUD, http: nil)
  @client_id = client_id
  @tenant_id = tenant_id
  @cloud = cloud
  @http = http || Common::HttpClient.new
  @jwks = {}
  # The validator is shared across request threads; the mutex keeps
  # concurrent cold-cache requests from fetching the JWKS repeatedly.
  @jwks_mutex = Mutex.new
end

Instance Method Details

#validate!(authorization_header, service_url: nil) ⇒ Object



21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/teams/auth/jwt_validator.rb', line 21

def validate!(authorization_header, service_url: nil)
  raise AuthenticationError, "Authorization header is required" if authorization_header.to_s.empty?

  scheme, token = authorization_header.split(" ", 2)
  raise AuthenticationError, "Authorization must be Bearer" unless scheme&.casecmp("Bearer")&.zero? && token

  header, payload, signing_input, signature = decode(token)
  validate_claims!(payload)
  validate_service_url!(payload, service_url) if service_url
  verify_signature!(header, signing_input, signature)
  payload
end