Module: JWT

Extended by:
Configuration
Defined in:
lib/jwt.rb,
lib/jwt/jwa.rb,
lib/jwt/jwk.rb,
lib/jwt/json.rb,
lib/jwt/error.rb,
lib/jwt/token.rb,
lib/jwt/base64.rb,
lib/jwt/claims.rb,
lib/jwt/decode.rb,
lib/jwt/encode.rb,
lib/jwt/jwa/ps.rb,
lib/jwt/jwk/ec.rb,
lib/jwt/jwa/rsa.rb,
lib/jwt/jwk/rsa.rb,
lib/jwt/jwk/set.rb,
lib/jwt/version.rb,
lib/jwt/jwa/hmac.rb,
lib/jwt/jwa/none.rb,
lib/jwt/jwk/hmac.rb,
lib/jwt/jwa/ecdsa.rb,
lib/jwt/claims/crit.rb,
lib/jwt/jwk/key_base.rb,
lib/jwt/claims/issuer.rb,
lib/jwt/claims/jwt_id.rb,
lib/jwt/configuration.rb,
lib/jwt/encoded_token.rb,
lib/jwt/claims/numeric.rb,
lib/jwt/claims/subject.rb,
lib/jwt/jwk/key_finder.rb,
lib/jwt/jwk/thumbprint.rb,
lib/jwt/x5c_key_finder.rb,
lib/jwt/claims/audience.rb,
lib/jwt/claims/required.rb,
lib/jwt/claims/verifier.rb,
lib/jwt/jwa/unsupported.rb,
lib/jwt/claims/issued_at.rb,
lib/jwt/claims/expiration.rb,
lib/jwt/claims/not_before.rb,
lib/jwt/jwa/signing_algorithm.rb,
lib/jwt/jwk/kid_as_key_digest.rb,
lib/jwt/claims/decode_verifier.rb,
lib/jwt/configuration/container.rb,
lib/jwt/configuration/jwk_configuration.rb,
lib/jwt/configuration/decode_configuration.rb

Overview

JSON Web Token implementation

Should be up to date with the latest spec: tools.ietf.org/html/rfc7519

Defined Under Namespace

Modules: Claims, Configuration, JWA, JWK, VERSION Classes: Base64, Base64DecodeError, Decode, DecodeError, Encode, EncodeError, EncodedToken, ExpiredSignature, ImmatureSignature, IncorrectAlgorithm, InvalidAudError, InvalidCritError, InvalidIatError, InvalidIssuerError, InvalidJtiError, InvalidPayload, InvalidSubError, JSON, JWKError, MissingRequiredClaim, RequiredDependencyError, Token, UnsupportedEcdsaCurve, VerificationError, X5cKeyFinder

Class Method Summary collapse

Methods included from Configuration

configuration, configure

Class Method Details

.decode(jwt, key = nil, verify = true, options = {}, &keyfinder) ⇒ Array<Hash>

Decodes a JWT to extract the payload and header

Parameters:

  • jwt (String)

    the JWT to decode.

  • key (String) (defaults to: nil)

    the key used to verify the JWT.

  • verify (Boolean) (defaults to: true)

    whether to verify the JWT signature.

  • options (Hash) (defaults to: {})

    additional options for decoding.

Returns:

  • (Array<Hash>)

    the decoded payload and headers.



45
46
47
# File 'lib/jwt.rb', line 45

def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
  Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
end

.encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ String

Encodes a payload into a JWT.

Parameters:

  • payload (Hash)

    the payload to encode.

  • key (String)

    the key used to sign the JWT.

  • algorithm (String) (defaults to: 'HS256')

    the algorithm used to sign the JWT.

  • header_fields (Hash) (defaults to: {})

    additional headers to include in the JWT.

Returns:

  • (String)

    the encoded JWT.



31
32
33
34
35
36
# File 'lib/jwt.rb', line 31

def encode(payload, key, algorithm = 'HS256', header_fields = {})
  Encode.new(payload: payload,
             key: key,
             algorithm: algorithm,
             headers: header_fields).segments
end

.gem_versionGem::Version

Returns the gem version of the JWT library.

Returns:

  • (Gem::Version)

    the gem version.



11
12
13
# File 'lib/jwt/version.rb', line 11

def self.gem_version
  Gem::Version.new(VERSION::STRING)
end

.openssl_3?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if the OpenSSL version is 3 or greater.

Returns:

  • (Boolean)

    true if OpenSSL version is 3 or greater, false otherwise.



29
30
31
32
33
# File 'lib/jwt/version.rb', line 29

def self.openssl_3?
  return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')

  true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
end

.openssl_3_hmac_empty_key_regression?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if there is an OpenSSL 3 HMAC empty key regression.

Returns:

  • (Boolean)

    true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.



39
40
41
# File 'lib/jwt/version.rb', line 39

def self.openssl_3_hmac_empty_key_regression?
  openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
end

.openssl_versionGem::Version

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the OpenSSL version.

Returns:

  • (Gem::Version)

    the OpenSSL version.



47
48
49
# File 'lib/jwt/version.rb', line 47

def self.openssl_version
  @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
end