Class: AtomicAdmin::JwtToken::JwksDecoder

Inherits:
Object
  • Object
show all
Defined in:
lib/atomic_admin/jwt_token/jwks_decoder.rb

Overview

Decodes a JWT token using the JWKS endpoint This is used for decoding JWT tokens issued by the new admin app

Constant Summary collapse

ALGORITHMS = 
["RS256"].freeze

Instance Method Summary collapse

Constructor Details

#initialize(jwks_url, algorithms = ALGORITHMS) ⇒ JwksDecoder

Returns a new instance of JwksDecoder.



8
9
10
11
 
# File 'lib/atomic_admin/jwt_token/jwks_decoder.rb', line 8

def initialize(jwks_url, algorithms = ALGORITHMS)
  @jwks_url = jwks_url
  @algorithms = algorithms
end

Instance Method Details

#decode(token, validate = true) ⇒ Object 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/atomic_admin/jwt_token/jwks_decoder.rb', line 13

def decode(token, validate = true)
  load_admin_jwks = ->(options) do
    Rails.cache.delete("atomic_admin_jwks") if options[:kid_not_found]

    # NOTE: the cached keys only expire when we recieve a kid_not_found error
    keys = Rails.cache.fetch("atomic_admin_jwks") do
      HTTParty.get(@jwks_url).parsed_response
    end

    JWT::JWK::Set.new(keys).select { |k| k[:use] == "sig" }
  end

  JWT.decode(
    token,
    nil,
    validate,
    { algorithms: @algorithms, jwks: load_admin_jwks },
  )
end

#decode!(token) ⇒ Object

Raises:



33
34
35
36
37
38
39
 
# File 'lib/atomic_admin/jwt_token/jwks_decoder.rb', line 33

def decode!(token)
  token = decode(token)
  raise AtomicAdmin::JwtToken::InvalidTokenError, "Unable to decode jwt token" if token.blank?
  raise AtomicAdmin::JwtToken::InvalidTokenError, "Invalid token payload" if token.empty?

  token[0]
end