Class: Verikloak::Rails::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/verikloak/rails/configuration.rb

Overview

Configuration for verikloak-rails.

Controls how the Rack middleware is initialized (discovery, audience, issuer, leeway, skip paths) and Rails-specific behavior such as controller inclusion, logging tags, and error rendering.

Constant Summary collapse

DEFAULT_TOKEN_ENV_KEY =

Default Rack env keys. These mirror the defaults used by the core Verikloak::Middleware and are the fallback when token_env_key / user_env_key are left unset.

'verikloak.token'
DEFAULT_USER_ENV_KEY =
'verikloak.user'

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializevoid

Initialize configuration with sensible defaults for Rails apps.



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File 'lib/verikloak/rails/configuration.rb', line 79

def initialize
  @discovery_url = nil
  @audience      = 'rails-api'
  @issuer        = nil
  @leeway        = 60
  @skip_paths    = ['/up', '/health', '/rails/health'].freeze
  @logger_tags    = %i[request_id sub]
  @error_renderer = Verikloak::Rails::ErrorRenderer.new
  @auto_include_controller = true
  @render_500_json = false
  @rescue_pundit = true
  @middleware_insert_before = nil
  @middleware_insert_after = nil
  @auto_insert_bff_header_guard = true
  @bff_header_guard_insert_before = nil
  @bff_header_guard_insert_after = nil
  @token_verify_options = {}
  @decoder_cache_limit = nil
  @token_env_key = nil
  @user_env_key = nil
  @bff_header_guard_options = {}
  @allow_http = false
  @jwks_refresh_interval = nil
  @skip_path_matcher = nil
end

Instance Attribute Details

#allow_httpObject

Returns the value of attribute allow_http.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def allow_http
  @allow_http
end

#audienceString, ...

Expected audience (aud) claim. Accepts String or Array.

Returns:

  • (String, Array<String>, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#auto_include_controllerBoolean

Auto-include the controller concern into ActionController::Base.

Returns:

  • (Boolean)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#auto_insert_bff_header_guardBoolean

Auto-insert Verikloak::Bff::HeaderGuard when available.

Returns:

  • (Boolean)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#bff_header_guard_insert_afterObject, ...

Rack middleware to insert the header guard after.

Returns:

  • (Object, String, Symbol, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#bff_header_guard_insert_beforeObject, ...

Rack middleware to insert the header guard before.

Returns:

  • (Object, String, Symbol, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#bff_header_guard_optionsObject

Returns the value of attribute bff_header_guard_options.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def bff_header_guard_options
  @bff_header_guard_options
end

#decoder_cache_limitObject

Returns the value of attribute decoder_cache_limit.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def decoder_cache_limit
  @decoder_cache_limit
end

#discovery_urlString?

OIDC discovery document URL.

Returns:

  • (String, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#error_rendererObject

Custom error renderer object responding to render(controller, error).

Returns:

  • (Object)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#issuerString?

Expected issuer (iss) claim.

Returns:

  • (String, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#jwks_refresh_intervalObject

Returns the value of attribute jwks_refresh_interval.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def jwks_refresh_interval
  @jwks_refresh_interval
end

#leewayInteger

Clock skew allowance in seconds.

Returns:

  • (Integer)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#logger_tagsArray<Symbol>

Log tags to include (supports :request_id, :sub).

Returns:

  • (Array<Symbol>)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#middleware_insert_afterObject, ...

Rack middleware to insert Verikloak::Middleware after.

Returns:

  • (Object, String, Symbol, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#middleware_insert_beforeObject, ...

Rack middleware to insert Verikloak::Middleware before.

Returns:

  • (Object, String, Symbol, nil)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#render_500_jsonBoolean

Rescue StandardError and render a JSON 500 response.

Returns:

  • (Boolean)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#rescue_punditBoolean

Rescue Pundit::NotAuthorizedError and render JSON 403 responses.

Returns:

  • (Boolean)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#skip_pathsArray<String>

Paths to skip verification.

Returns:

  • (Array<String>)


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# File 'lib/verikloak/rails/configuration.rb', line 58

class Configuration
  # Default Rack env keys. These mirror the defaults used by the core
  # `Verikloak::Middleware` and are the fallback when `token_env_key` /
  # `user_env_key` are left unset.
  DEFAULT_TOKEN_ENV_KEY = 'verikloak.token'
  DEFAULT_USER_ENV_KEY  = 'verikloak.user'

  attr_accessor :discovery_url, :audience, :issuer, :leeway,
                :logger_tags, :error_renderer, :auto_include_controller,
                :render_500_json, :rescue_pundit,
                :middleware_insert_before, :middleware_insert_after,
                :auto_insert_bff_header_guard,
                :bff_header_guard_insert_before, :bff_header_guard_insert_after,
                :token_verify_options, :decoder_cache_limit,
                :token_env_key, :user_env_key, :bff_header_guard_options,
                :allow_http, :jwks_refresh_interval

  attr_reader :skip_paths

  # Initialize configuration with sensible defaults for Rails apps.
  # @return [void]
  def initialize
    @discovery_url = nil
    @audience      = 'rails-api'
    @issuer        = nil
    @leeway        = 60
    @skip_paths    = ['/up', '/health', '/rails/health'].freeze
    @logger_tags    = %i[request_id sub]
    @error_renderer = Verikloak::Rails::ErrorRenderer.new
    @auto_include_controller = true
    @render_500_json = false
    @rescue_pundit = true
    @middleware_insert_before = nil
    @middleware_insert_after = nil
    @auto_insert_bff_header_guard = true
    @bff_header_guard_insert_before = nil
    @bff_header_guard_insert_after = nil
    @token_verify_options = {}
    @decoder_cache_limit = nil
    @token_env_key = nil
    @user_env_key = nil
    @bff_header_guard_options = {}
    @allow_http = false
    @jwks_refresh_interval = nil
    @skip_path_matcher = nil
  end

  # @param value [Array<String, Regexp>]
  def skip_paths=(value)
    @skip_paths = Array(value).freeze
    @skip_path_matcher = nil
  end

  # Pre-compiled skip-path matcher shared with the controller layer.
  # @return [Verikloak::Rails::SkipPathChecker]
  def skip_path_matcher
    @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
  end

  # Rack env key actually used for the bearer token: the configured
  # `token_env_key`, or the core middleware default when unset/blank.
  # The value is whitespace-stripped to match the normalization the core
  # middleware applies before writing to the env, so readers and writer
  # always agree on the key. Shared by the controller helpers,
  # RequestStore mirroring, and the testing middleware stub so all
  # layers stay in sync.
  # @return [String]
  def effective_token_env_key
    presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
  end

  # Rack env key actually used for decoded claims: the configured
  # `user_env_key`, or the core middleware default when unset/blank.
  # Whitespace-stripped like {#effective_token_env_key}.
  # @return [String]
  def effective_user_env_key
    presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
  end

  # Options forwarded to the base Verikloak Rack middleware.
  # @return [Hash]
  # @example
  #   Verikloak::Rails.config.middleware_options
  #   #=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }
  def middleware_options
    {
      discovery_url: discovery_url,
      audience: audience,
      issuer: issuer,
      leeway: leeway,
      skip_paths: skip_paths,
      token_verify_options: token_verify_options,
      decoder_cache_limit: decoder_cache_limit,
      token_env_key: token_env_key,
      user_env_key: user_env_key,
      allow_http: allow_http,
      jwks_refresh_interval: jwks_refresh_interval
    }.compact
  end

  private

  # @param value [String, nil]
  # @param default [String]
  # @return [String] the stripped value, or the default when blank.
  #   Stripping mirrors the core middleware's env-key normalization
  #   (`value.to_s.strip`); without it a padded key would make the
  #   middleware write one env key while the helpers read another.
  def presence_or_default(value, default)
    str = value.to_s.strip
    str.empty? ? default : str
  end
end

#token_env_keyObject

Returns the value of attribute token_env_key.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def token_env_key
  @token_env_key
end

#token_verify_optionsObject

Returns the value of attribute token_verify_options.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def token_verify_options
  @token_verify_options
end

#user_env_keyObject

Returns the value of attribute user_env_key.



65
66
67
# File 'lib/verikloak/rails/configuration.rb', line 65

def user_env_key
  @user_env_key
end

Instance Method Details

#effective_token_env_keyString

Rack env key actually used for the bearer token: the configured token_env_key, or the core middleware default when unset/blank. The value is whitespace-stripped to match the normalization the core middleware applies before writing to the env, so readers and writer always agree on the key. Shared by the controller helpers, RequestStore mirroring, and the testing middleware stub so all layers stay in sync.

Returns:

  • (String)


125
126
127
# File 'lib/verikloak/rails/configuration.rb', line 125

def effective_token_env_key
  presence_or_default(token_env_key, DEFAULT_TOKEN_ENV_KEY)
end

#effective_user_env_keyString

Rack env key actually used for decoded claims: the configured user_env_key, or the core middleware default when unset/blank. Whitespace-stripped like #effective_token_env_key.

Returns:

  • (String)


133
134
135
# File 'lib/verikloak/rails/configuration.rb', line 133

def effective_user_env_key
  presence_or_default(user_env_key, DEFAULT_USER_ENV_KEY)
end

#middleware_optionsHash

Options forwarded to the base Verikloak Rack middleware.

Examples:

Verikloak::Rails.config.middleware_options
#=> { discovery_url: 'https://example/.well-known/openid-configuration', leeway: 60, ... }

Returns:

  • (Hash)


142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
# File 'lib/verikloak/rails/configuration.rb', line 142

def middleware_options
  {
    discovery_url: discovery_url,
    audience: audience,
    issuer: issuer,
    leeway: leeway,
    skip_paths: skip_paths,
    token_verify_options: token_verify_options,
    decoder_cache_limit: decoder_cache_limit,
    token_env_key: token_env_key,
    user_env_key: user_env_key,
    allow_http: allow_http,
    jwks_refresh_interval: jwks_refresh_interval
  }.compact
end

#skip_path_matcherVerikloak::Rails::SkipPathChecker

Pre-compiled skip-path matcher shared with the controller layer.



113
114
115
# File 'lib/verikloak/rails/configuration.rb', line 113

def skip_path_matcher
  @skip_path_matcher ||= SkipPathChecker.new(skip_paths)
end