Module: WhopSDK::Helpers::VerifyUserToken

Defined in:: lib/whop_sdk/helpers/verify_user_token.rb

Defined Under Namespace

Constant Summary collapse

USER_TOKEN_HEADER_NAME =

"x-whop-user-token"

USER_TOKEN_VERIFICATION_KEY =

<<~PEM
  -----BEGIN PUBLIC KEY-----
  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErz8a8vxvexHC0TLT91g7llOdDOsN
  uYiGEfic4Qhni+HMfRBuUphOh7F3k8QgwZc9UlL0AHmyYqtbhL9NuJes6w==
  -----END PUBLIC KEY-----
PEM

Class Method Summary collapse

.get_user_token(token_or_headers, header_name: nil) ⇒ String^?

Extracts the user token from various input types.
.verify_user_token!(token_or_headers, app_id: nil, public_key: nil, header_name: nil) ⇒ UserTokenPayload

Verifies a Whop user token.

Class Method Details

.get_user_token(token_or_headers, header_name: nil) ⇒ `String`^?

Extracts the user token from various input types

Parameters:

token_or_headers (String, Hash, nil) —

The token string or headers hash
header_name (String, nil) (defaults to: nil) —

The header name to use (defaults to x-whop-user-token)

Returns:

(String, nil) —

The extracted token or nil

# File 'lib/whop_sdk/helpers/verify_user_token.rb', line 36

def self.get_user_token(token_or_headers, header_name: nil)
  header_name ||= USER_TOKEN_HEADER_NAME

  case token_or_headers
  when String
    token_or_headers
  when Hash
    token_or_headers[header_name] ||
      token_or_headers[header_name.downcase] ||
      token_or_headers[header_name.upcase]
  end
end

.verify_user_token!(token_or_headers, app_id: nil, public_key: nil, header_name: nil) ⇒ `UserTokenPayload`

Verifies a Whop user token

Parameters:

token_or_headers (String, Hash, nil) —

The token string or headers hash
app_id (String, nil) (defaults to: nil) —

The app id to verify against
public_key (String, nil) (defaults to: nil) —

Optional custom public key (PEM format)
header_name (String, nil) (defaults to: nil) —

The header name to use (defaults to x-whop-user-token)

Returns:

(UserTokenPayload) —

The verified token payload

Raises:

(StandardError) —

If verification fails

# File 'lib/whop_sdk/helpers/verify_user_token.rb', line 57

def self.verify_user_token!(
  token_or_headers,
  app_id: nil,
  public_key: nil,
  header_name: nil
)
  token_string = get_user_token(token_or_headers, header_name: header_name)

  if token_string.nil? || token_string.empty?
    raise StandardError, <<~ERROR
      Whop user token not found.
      If you are the app developer, ensure you are developing in the whop.com iframe and have the dev proxy enabled.
    ERROR
  end

  pem_string = public_key || USER_TOKEN_VERIFICATION_KEY
  key = OpenSSL::PKey::EC.new(pem_string)

  # Verify the JWT
  payload, _header = JWT.decode(
    token_string,
    key,
    true,
    algorithm: "ES256",
    iss: "urn:whopcom:exp-proxy",
    verify_iss: true
  )

  # Validate required fields
  unless payload["sub"] && payload["aud"] && !payload["aud"].is_a?(Array)
    raise StandardError, "Invalid user token provided to verifyUserToken"
  end

  # Validate app_id if provided
  if app_id && payload["aud"] != app_id
    raise StandardError, "Invalid app id provided to verifyUserToken"
  end

  UserTokenPayload.new(
    user_id: payload["sub"],
    app_id: payload["aud"]
  )
end

Module: WhopSDK::Helpers::VerifyUserToken

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.get_user_token(token_or_headers, header_name: nil) ⇒ String?

.verify_user_token!(token_or_headers, app_id: nil, public_key: nil, header_name: nil) ⇒ UserTokenPayload

.get_user_token(token_or_headers, header_name: nil) ⇒ `String`^?

.verify_user_token!(token_or_headers, app_id: nil, public_key: nil, header_name: nil) ⇒ `UserTokenPayload`