Sha256: ae7b8a94cdc5f9d7308e5b93b6082c04774ef6a2a3e4c125b8151d5437c9b28b
Contents?: true
Size: 1.6 KB
Versions: 4
Compression:
Stored size: 1.6 KB
Contents
# frozen_string_literal: true
module Doorkeeper
module OpenidConnect
class IdToken
include ActiveModel::Validations
attr_reader :nonce
def initialize(access_token, nonce = nil)
@access_token = access_token
@nonce = nonce
@resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
@issued_at = Time.zone.now
end
def claims
{
iss: issuer,
sub: subject,
aud: audience,
exp: expiration,
iat: issued_at,
nonce: nonce,
auth_time: auth_time
}.merge ClaimsBuilder.generate(@access_token, :id_token)
end
def as_json(*_)
claims.reject { |_, value| value.nil? || value == '' }
end
def as_jws_token
JSON::JWT.new(as_json).sign(
Doorkeeper::OpenidConnect.signing_key,
Doorkeeper::OpenidConnect.signing_algorithm
).to_s
end
private
def issuer
Doorkeeper::OpenidConnect.configuration.issuer
end
def subject
Doorkeeper::OpenidConnect.configuration.subject.call(@resource_owner, @access_token.application).to_s
end
def audience
@access_token.application.try(:uid)
end
def expiration
(@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
end
def issued_at
@issued_at.utc.to_i
end
def auth_time
Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner.call(@resource_owner).try(:to_i)
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems