Class: JWT::Token

Inherits:

Object

• Object
• JWT::Token

Includes:

Claims::VerificationMethods

Defined in:

lib/jwt/token.rb

Overview

Represents a JWT token

Basic token signed using the HS256 algorithm:

token = JWT::Token.new(payload: {pay: 'load'})
token.sign!(algorithm: 'HS256', key: 'secret')
token.jwt # => eyJhb....

Custom headers will be combined with generated headers:

token = JWT::Token.new(payload: {pay: 'load'}, header: {custom: "value"})
token.sign!(algorithm: 'HS256', key: 'secret')
token.header # => {"custom"=>"value", "alg"=>"HS256"}

Instance Attribute Summary

• #header ⇒ Hash readonly

  Returns the decoded header of the JWT token.

• #payload ⇒ Hash readonly

  Returns the payload of the JWT token.

Instance Method Summary

• #detach_payload! ⇒ Object

  Detaches the payload according to datatracker.ietf.org/doc/html/rfc7515#appendix-F.

• #encoded_header ⇒ String

  Returns the encoded header of the JWT token.

• #encoded_payload ⇒ String

  Returns the encoded payload of the JWT token.

• #encoded_signature ⇒ String

  Returns the encoded signature of the JWT token.

• #initialize(payload:, header: {}) ⇒ Token constructor

  Initializes a new Token instance.

• #jwt ⇒ String (also: #to_s)

  Returns the JWT token as a string.

• #sign!(algorithm:, key:) ⇒ void

  Signs the JWT token.

• #signature ⇒ String

  Returns the decoded signature of the JWT token.

• #signing_input ⇒ String

  Returns the signing input of the JWT token.

Methods included from Claims::VerificationMethods

#claim_errors, #valid_claims?, #verify_claims!

Constructor Details

#initialize(payload:, header: {}) ⇒ Token

Initializes a new Token instance.

Parameters:

• header (Hash) (defaults to: {}) —

  the header of the JWT token.

• payload (Hash) —

  the payload of the JWT token.

# File 'lib/jwt/token.rb', line 24

def initialize(payload:, header: {})
  @header  = header&.transform_keys(&:to_s)
  @payload = payload
end

Instance Attribute Details

#header ⇒ Hash (readonly)

Returns the decoded header of the JWT token.

Returns:

• (Hash) —

  the header of the JWT token.

# File 'lib/jwt/token.rb', line 46

def header
  @header
end

#payload ⇒ Hash (readonly)

Returns the payload of the JWT token.

Returns:

• (Hash) —

  the payload of the JWT token.

# File 'lib/jwt/token.rb', line 58

def payload
  @payload
end

Instance Method Details

#detach_payload! ⇒ Object

Detaches the payload according to datatracker.ietf.org/doc/html/rfc7515#appendix-F

# File 'lib/jwt/token.rb', line 84

def detach_payload!
  @detached_payload = true

  nil
end

#encoded_header ⇒ String

Returns the encoded header of the JWT token.

Returns:

• (String) —

  the encoded header of the JWT token.

# File 'lib/jwt/token.rb', line 51

def encoded_header
  @encoded_header ||= ::JWT::Base64.url_encode(JWT::JSON.generate(header))
end

#encoded_payload ⇒ String

Returns the encoded payload of the JWT token.

Returns:

• (String) —

  the encoded payload of the JWT token.

# File 'lib/jwt/token.rb', line 63

def encoded_payload
  @encoded_payload ||= ::JWT::Base64.url_encode(JWT::JSON.generate(payload))
end

#encoded_signature ⇒ String

Returns the encoded signature of the JWT token.

Returns:

• (String) —

  the encoded signature of the JWT token.

# File 'lib/jwt/token.rb', line 39

def encoded_signature
  @encoded_signature ||= ::JWT::Base64.url_encode(signature)
end

#jwt ⇒ String Also known as: to_s

Returns the JWT token as a string.

Returns:

• (String) —

  the JWT token as a string.

Raises:

• (JWT::EncodeError) —

  if the token is not signed or other encoding issues

# File 'lib/jwt/token.rb', line 78

def jwt
  @jwt ||= (@signature && [encoded_header, @detached_payload ? '' : encoded_payload, encoded_signature].join('.')) || raise(::JWT::EncodeError, 'Token is not signed')
end

#sign!(algorithm:, key:) ⇒ void

This method returns an undefined value.

Signs the JWT token.

Parameters:

• algorithm (String, Object) —

  the algorithm to use for signing.

• key (String) —

  the key to use for signing.

Raises:

• (JWT::EncodeError) —

  if the token is already signed or other problems when signing

# File 'lib/jwt/token.rb', line 96

def sign!(algorithm:, key:)
  raise ::JWT::EncodeError, 'Token already signed' if @signature

  JWA.resolve(algorithm).tap do |algo|
    header.merge!(algo.header)
    @signature = algo.sign(data: signing_input, signing_key: key)
  end

  nil
end

#signature ⇒ String

Returns the decoded signature of the JWT token.

Returns:

• (String) —

  the decoded signature of the JWT token.

# File 'lib/jwt/token.rb', line 32

def signature
  @signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
end

#signing_input ⇒ String

Returns the signing input of the JWT token.

Returns:

• (String) —

  the signing input of the JWT token.

# File 'lib/jwt/token.rb', line 70

def signing_input
  @signing_input ||= [encoded_header, encoded_payload].join('.')
end