Sha256: 34e401fa0866bc33d5a8cfcebdfa39765199c5dd6fdfab5234f276ee17cb0d74
Contents?: true
Size: 1.59 KB
Versions: 3
Compression:
Stored size: 1.59 KB
Contents
# frozen-string-literal: true
require "rodauth/oauth/ttl_store"
module Rodauth
Feature.define(:oauth_jwt_bearer_grant, :OauthJwtBearerGrant) do
depends :oauth_assertion_base, :oauth_jwt
auth_value_methods(
:require_oauth_application_from_jwt_bearer_assertion_issuer,
:require_oauth_application_from_jwt_bearer_assertion_subject,
:account_from_jwt_bearer_assertion
)
private
def require_oauth_application_from_jwt_bearer_assertion_issuer(assertion)
claims = jwt_assertion(assertion)
return unless claims
db[oauth_applications_table].where(
oauth_applications_client_id_column => claims["iss"]
).first
end
def require_oauth_application_from_jwt_bearer_assertion_subject(assertion)
claims = jwt_assertion(assertion)
return unless claims
db[oauth_applications_table].where(
oauth_applications_client_id_column => claims["sub"]
).first
end
def account_from_jwt_bearer_assertion(assertion)
claims = jwt_assertion(assertion)
return unless claims
account_from_bearer_assertion_subject(claims["sub"])
end
def jwt_assertion(assertion)
claims = jwt_decode(assertion, verify_iss: false, verify_aud: false)
return unless verify_aud(token_url, claims["aud"])
claims
end
def oauth_server_metadata_body(*)
super.tap do |data|
data[:grant_types_supported] << "urn:ietf:params:oauth:grant-type:jwt-bearer"
data[:token_endpoint_auth_methods_supported] << "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems