Class: JWT::Token

Inherits:

Object

• Object
• JWT::Token

Defined in:

lib/jwt/token.rb

Overview

Represents a JWT token

Basic token signed using the HS256 algorithm:

token = JWT::Token.new(payload: {pay: 'load'})
token.sign!(algorithm: 'HS256', key: 'secret')
token.jwt # => eyJhb....

Custom headers will be combined with generated headers:

token = JWT::Token.new(payload: {pay: 'load'}, header: {custom: "value"})
token.sign!(algorithm: 'HS256', key: 'secret')
token.header # => {"custom"=>"value", "alg"=>"HS256"}

Instance Attribute Summary

• #header ⇒ Hash readonly

  Returns the decoded header of the JWT token.

• #payload ⇒ Hash readonly

  Returns the payload of the JWT token.

Instance Method Summary

• #claim_errors(*options) ⇒ Array<Symbol>

  Returns the errors of the claims of the token.

• #detach_payload! ⇒ Object

  Detaches the payload according to datatracker.ietf.org/doc/html/rfc7515#appendix-F.

• #encoded_header ⇒ String

  Returns the encoded header of the JWT token.

• #encoded_payload ⇒ String

  Returns the encoded payload of the JWT token.

• #encoded_signature ⇒ String

  Returns the encoded signature of the JWT token.

• #initialize(payload:, header: {}) ⇒ Token constructor

  Initializes a new Token instance.

• #jwt ⇒ String (also: #to_s)

  Returns the JWT token as a string.

• #sign!(algorithm:, key:) ⇒ void

  Signs the JWT token.

• #signature ⇒ String

  Returns the decoded signature of the JWT token.

• #signing_input ⇒ String

  Returns the signing input of the JWT token.

• #valid_claims?(*options) ⇒ Boolean

  Returns whether the claims of the token are valid.

• #verify_claims!(*options) ⇒ Object

  Verifies the claims of the token.

Constructor Details

#initialize(payload:, header: {}) ⇒ Token

Initializes a new Token instance.

Parameters:

• header (Hash) (defaults to: {}) —

  the header of the JWT token.

• payload (Hash) —

  the payload of the JWT token.

# File 'lib/jwt/token.rb', line 22

def initialize(payload:, header: {})
  @header  = header&.transform_keys(&:to_s)
  @payload = payload
end

Instance Attribute Details

#header ⇒ Hash (readonly)

Returns the decoded header of the JWT token.

Returns:

• (Hash) —

  the header of the JWT token.

# File 'lib/jwt/token.rb', line 44

def header
  @header
end

#payload ⇒ Hash (readonly)

Returns the payload of the JWT token.

Returns:

• (Hash) —

  the payload of the JWT token.

# File 'lib/jwt/token.rb', line 56

def payload
  @payload
end

Instance Method Details

#claim_errors(*options) ⇒ Array<Symbol>

Returns the errors of the claims of the token.

Parameters:

• options (Array<Symbol>, Hash) —

  the claims to verify.

Returns:

• (Array<Symbol>) —

  the errors of the claims.

# File 'lib/jwt/token.rb', line 115

def claim_errors(*options)
  Claims::Verifier.errors(self, *options)
end

#detach_payload! ⇒ Object

Detaches the payload according to datatracker.ietf.org/doc/html/rfc7515#appendix-F

# File 'lib/jwt/token.rb', line 82

def detach_payload!
  @detached_payload = true

  nil
end

#encoded_header ⇒ String

Returns the encoded header of the JWT token.

Returns:

• (String) —

  the encoded header of the JWT token.

# File 'lib/jwt/token.rb', line 49

def encoded_header
  @encoded_header ||= ::JWT::Base64.url_encode(JWT::JSON.generate(header))
end

#encoded_payload ⇒ String

Returns the encoded payload of the JWT token.

Returns:

• (String) —

  the encoded payload of the JWT token.

# File 'lib/jwt/token.rb', line 61

def encoded_payload
  @encoded_payload ||= ::JWT::Base64.url_encode(JWT::JSON.generate(payload))
end

#encoded_signature ⇒ String

Returns the encoded signature of the JWT token.

Returns:

• (String) —

  the encoded signature of the JWT token.

# File 'lib/jwt/token.rb', line 37

def encoded_signature
  @encoded_signature ||= ::JWT::Base64.url_encode(signature)
end

#jwt ⇒ String Also known as: to_s

Returns the JWT token as a string.

Returns:

• (String) —

  the JWT token as a string.

Raises:

• (JWT::EncodeError) —

  if the token is not signed or other encoding issues

# File 'lib/jwt/token.rb', line 76

def jwt
  @jwt ||= (@signature && [encoded_header, @detached_payload ? '' : encoded_payload, encoded_signature].join('.')) || raise(::JWT::EncodeError, 'Token is not signed')
end

#sign!(algorithm:, key:) ⇒ void

This method returns an undefined value.

Signs the JWT token.

Parameters:

• algorithm (String, Object) —

  the algorithm to use for signing.

• key (String) —

  the key to use for signing.

Raises:

• (JWT::EncodeError) —

  if the token is already signed or other problems when signing

# File 'lib/jwt/token.rb', line 94

def sign!(algorithm:, key:)
  raise ::JWT::EncodeError, 'Token already signed' if @signature

  JWA.resolve(algorithm).tap do |algo|
    header.merge!(algo.header) { |_key, old, _new| old }
    @signature = algo.sign(data: signing_input, signing_key: key)
  end

  nil
end

#signature ⇒ String

Returns the decoded signature of the JWT token.

Returns:

• (String) —

  the decoded signature of the JWT token.

# File 'lib/jwt/token.rb', line 30

def signature
  @signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
end

#signing_input ⇒ String

Returns the signing input of the JWT token.

Returns:

• (String) —

  the signing input of the JWT token.

# File 'lib/jwt/token.rb', line 68

def signing_input
  @signing_input ||= [encoded_header, encoded_payload].join('.')
end

#valid_claims?(*options) ⇒ Boolean

Returns whether the claims of the token are valid.

Parameters:

• options (Array<Symbol>, Hash) —

  the claims to verify.

Returns:

• (Boolean) —

  whether the claims are valid.

# File 'lib/jwt/token.rb', line 122

def valid_claims?(*options)
  claim_errors(*options).empty?
end

#verify_claims!(*options) ⇒ Object

Verifies the claims of the token.

Parameters:

• options (Array<Symbol>, Hash) —

  the claims to verify.

Raises:

• (JWT::DecodeError) —

  if the claims are invalid.

# File 'lib/jwt/token.rb', line 108

def verify_claims!(*options)
  Claims::Verifier.verify!(self, *options)
end