Class: JWT::EncodedToken

Inherits:

Object

• Object
• JWT::EncodedToken

Includes:

Claims::VerificationMethods

Defined in:

lib/jwt/encoded_token.rb

Overview

Represents an encoded JWT token

Processing an encoded and signed token:

token = JWT::Token.new(payload: {pay: 'load'})
token.sign!(algorithm: 'HS256', key: 'secret')

encoded_token = JWT::EncodedToken.new(token.jwt)
encoded_token.verify_signature!algorithm: 'HS256', key: 'secret')
encoded_token.payload # => {'pay' => 'load'}

Instance Attribute Summary

• #encoded_header ⇒ String readonly

  Returns the encoded header of the JWT token.

• #encoded_payload ⇒ String

  Sets or returns the encoded payload of the JWT token.

• #encoded_signature ⇒ String readonly

  Returns the encoded signature of the JWT token.

• #jwt ⇒ String (also: #to_s) readonly

  Returns the original token provided to the class.

Instance Method Summary

• #header ⇒ Hash

  Returns the decoded header of the JWT token.

• #initialize(jwt) ⇒ EncodedToken constructor

  Initializes a new EncodedToken instance.

• #payload ⇒ Hash

  Returns the payload of the JWT token.

• #signature ⇒ String

  Returns the decoded signature of the JWT token.

• #signing_input ⇒ String

  Returns the signing input of the JWT token.

• #valid_signature?(algorithm:, key:) ⇒ Boolean

  Checks if the signature of the JWT token is valid.

• #verify_signature!(algorithm:, key: nil, key_finder: nil) ⇒ nil

  Verifies the signature of the JWT token.

Methods included from Claims::VerificationMethods

#claim_errors, #valid_claims?, #verify_claims!

Constructor Details

#initialize(jwt) ⇒ EncodedToken

Initializes a new EncodedToken instance.

Parameters:

• jwt (String) —

  the encoded JWT token.

Raises:

• (ArgumentError) —

  if the provided JWT is not a String.

# File 'lib/jwt/encoded_token.rb', line 25

def initialize(jwt)
  raise ArgumentError 'Provided JWT must be a String' unless jwt.is_a?(String)

  @jwt = jwt
  @encoded_header, @encoded_payload, @encoded_signature = jwt.split('.')
end

Instance Attribute Details

#encoded_header ⇒ String (readonly)

Returns the encoded header of the JWT token.

Returns:

• (String) —

  the encoded header.

# File 'lib/jwt/encoded_token.rb', line 54

def encoded_header
  @encoded_header
end

#encoded_payload ⇒ String

Sets or returns the encoded payload of the JWT token.

Parameters:

• value (String) —

  the encoded payload to set.

Returns:

• (String) —

  the encoded payload.

# File 'lib/jwt/encoded_token.rb', line 67

def encoded_payload
  @encoded_payload
end

#encoded_signature ⇒ String (readonly)

Returns the encoded signature of the JWT token.

Returns:

• (String) —

  the encoded signature.

# File 'lib/jwt/encoded_token.rb', line 42

def encoded_signature
  @encoded_signature
end

#jwt ⇒ String (readonly) Also known as: to_s

Returns the original token provided to the class.

Returns:

• (String) —

  The JWT token.

# File 'lib/jwt/encoded_token.rb', line 19

def jwt
  @jwt
end

Instance Method Details

#header ⇒ Hash

Returns the decoded header of the JWT token.

Returns:

• (Hash) —

  the header.

# File 'lib/jwt/encoded_token.rb', line 47

def header
  @header ||= parse_and_decode(@encoded_header)
end

#payload ⇒ Hash

Returns the payload of the JWT token.

Returns:

• (Hash) —

  the payload.

# File 'lib/jwt/encoded_token.rb', line 59

def payload
  @payload ||= encoded_payload == '' ? raise(JWT::DecodeError, 'Encoded payload is empty') : parse_and_decode(encoded_payload)
end

#signature ⇒ String

Returns the decoded signature of the JWT token.

Returns:

• (String) —

  the decoded signature.

# File 'lib/jwt/encoded_token.rb', line 35

def signature
  @signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
end

#signing_input ⇒ String

Returns the signing input of the JWT token.

Returns:

• (String) —

  the signing input.

# File 'lib/jwt/encoded_token.rb', line 72

def signing_input
  [encoded_header, encoded_payload].join('.')
end

#valid_signature?(algorithm:, key:) ⇒ Boolean

Checks if the signature of the JWT token is valid.

Parameters:

• algorithm (String, Array<String>, Object, Array<Object>) —

  the algorithm(s) to use for verification.

• key (String, Array<String>) —

  the key(s) to use for verification.

Returns:

• (Boolean) —

  true if the signature is valid, false otherwise.

# File 'lib/jwt/encoded_token.rb', line 98

def valid_signature?(algorithm:, key:)
  Array(JWA.resolve_and_sort(algorithms: algorithm, preferred_algorithm: header['alg'])).any? do |algo|
    Array(key).any? do |one_key|
      algo.verify(data: signing_input, signature: signature, verification_key: one_key)
    end
  end
end

#verify_signature!(algorithm:, key: nil, key_finder: nil) ⇒ nil

Verifies the signature of the JWT token.

Parameters:

• algorithm (String, Array<String>, Object, Array<Object>) —

  the algorithm(s) to use for verification.

• key (String, Array<String>) (defaults to: nil) —

  the key(s) to use for verification.

• key_finder (#call) (defaults to: nil) —

  an object responding to ‘call` to find the key for verification.

Returns:

• (nil)

Raises:

• (JWT::VerificationError) —

  if the signature verification fails.

• (ArgumentError) —

  if neither key nor key_finder is provided, or if both are provided.

# File 'lib/jwt/encoded_token.rb', line 84

def verify_signature!(algorithm:, key: nil, key_finder: nil)
  raise ArgumentError, 'Provide either key or key_finder, not both or neither' if key.nil? == key_finder.nil?

  key ||= key_finder.call(self)
  return if valid_signature?(algorithm: algorithm, key: key)

  raise JWT::VerificationError, 'Signature verification failed'
end