Module: JWT

Extended by:

Configuration

Defined in:

lib/jwt.rb,
lib/jwt/jwa.rb,
lib/jwt/jwk.rb,
lib/jwt/json.rb,
lib/jwt/error.rb,
lib/jwt/token.rb,
lib/jwt/base64.rb,
lib/jwt/claims.rb,
lib/jwt/decode.rb,
lib/jwt/encode.rb,
lib/jwt/jwa/ps.rb,
lib/jwt/jwk/ec.rb,
lib/jwt/jwa/rsa.rb,
lib/jwt/jwk/rsa.rb,
lib/jwt/jwk/set.rb,
lib/jwt/version.rb,
lib/jwt/jwa/hmac.rb,
lib/jwt/jwa/none.rb,
lib/jwt/jwk/hmac.rb,
lib/jwt/jwa/ecdsa.rb,
lib/jwt/claims/crit.rb,
lib/jwt/jwk/key_base.rb,
lib/jwt/claims/issuer.rb,
lib/jwt/claims/jwt_id.rb,
lib/jwt/configuration.rb,
lib/jwt/encoded_token.rb,
lib/jwt/claims/numeric.rb,
lib/jwt/claims/subject.rb,
lib/jwt/jwk/key_finder.rb,
lib/jwt/jwk/thumbprint.rb,
lib/jwt/x5c_key_finder.rb,
lib/jwt/claims/audience.rb,
lib/jwt/claims/required.rb,
lib/jwt/claims/verifier.rb,
lib/jwt/jwa/unsupported.rb,
lib/jwt/claims/issued_at.rb,
lib/jwt/claims/expiration.rb,
lib/jwt/claims/not_before.rb,
lib/jwt/jwa/signing_algorithm.rb,
lib/jwt/jwk/kid_as_key_digest.rb,
lib/jwt/claims/decode_verifier.rb,
lib/jwt/configuration/container.rb,
lib/jwt/configuration/jwk_configuration.rb,
lib/jwt/configuration/decode_configuration.rb

Overview

JSON Web Token implementation

Should be up to date with the latest spec: tools.ietf.org/html/rfc7519

Defined Under Namespace

Modules: Claims, Configuration, JWA, JWK, VERSION Classes: Base64, Base64DecodeError, Decode, DecodeError, Encode, EncodeError, EncodedToken, ExpiredSignature, ImmatureSignature, IncorrectAlgorithm, InvalidAudError, InvalidCritError, InvalidIatError, InvalidIssuerError, InvalidJtiError, InvalidPayload, InvalidSubError, JSON, JWKError, MissingRequiredClaim, RequiredDependencyError, Token, UnsupportedEcdsaCurve, VerificationError, X5cKeyFinder

Class Method Summary

• .decode(jwt, key = nil, verify = true, options = {}, &keyfinder) ⇒ Array<Hash>

  Decodes a JWT to extract the payload and header.

• .encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ String

  Encodes a payload into a JWT.

• .gem_version ⇒ Gem::Version

  Returns the gem version of the JWT library.

• .openssl_3? ⇒ Boolean private

  Checks if the OpenSSL version is 3 or greater.

• .openssl_3_hmac_empty_key_regression? ⇒ Boolean private

  Checks if there is an OpenSSL 3 HMAC empty key regression.

• .openssl_version ⇒ Gem::Version private

  Returns the OpenSSL version.

Methods included from Configuration

configuration, configure

Class Method Details

.decode(jwt, key = nil, verify = true, options = {}, &keyfinder) ⇒ Array<Hash>

Decodes a JWT to extract the payload and header

Parameters:

• jwt (String) —

  the JWT to decode.

• key (String) (defaults to: nil) —

  the key used to verify the JWT.

• verify (Boolean) (defaults to: true) —

  whether to verify the JWT signature.

• options (Hash) (defaults to: {}) —

  additional options for decoding.

Returns:

• (Array<Hash>) —

  the decoded payload and headers.

# File 'lib/jwt.rb', line 45

def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
  Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
end

.encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ String

Encodes a payload into a JWT.

Parameters:

• payload (Hash) —

  the payload to encode.

• key (String) —

  the key used to sign the JWT.

• algorithm (String) (defaults to: 'HS256') —

  the algorithm used to sign the JWT.

• header_fields (Hash) (defaults to: {}) —

  additional headers to include in the JWT.

Returns:

• (String) —

  the encoded JWT.

# File 'lib/jwt.rb', line 31

def encode(payload, key, algorithm = 'HS256', header_fields = {})
  Encode.new(payload: payload,
             key: key,
             algorithm: algorithm,
             headers: header_fields).segments
end

.gem_version ⇒ Gem::Version

Returns the gem version of the JWT library.

Returns:

• (Gem::Version) —

  the gem version.

# File 'lib/jwt/version.rb', line 11

def self.gem_version
  Gem::Version.new(VERSION::STRING)
end

.openssl_3? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if the OpenSSL version is 3 or greater.

Returns:

• (Boolean) —

  true if OpenSSL version is 3 or greater, false otherwise.

# File 'lib/jwt/version.rb', line 29

def self.openssl_3?
  return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')

  true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
end

.openssl_3_hmac_empty_key_regression? ⇒ Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if there is an OpenSSL 3 HMAC empty key regression.

Returns:

• (Boolean) —

  true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.

# File 'lib/jwt/version.rb', line 39

def self.openssl_3_hmac_empty_key_regression?
  openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
end

.openssl_version ⇒ Gem::Version

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the OpenSSL version.

Returns:

• (Gem::Version) —

  the OpenSSL version.

# File 'lib/jwt/version.rb', line 47

def self.openssl_version
  @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
end