lib/jwt_keeper/token.rb in jwt_keeper-5.0.0 vs lib/jwt_keeper/token.rb in jwt_keeper-5.0.1
- old
+ new
@@ -34,15 +34,15 @@
# Decodes and validates an existing token
# @param raw_token [String] the raw token
# @param cookie_secret [String] the cookie secret
# @return [Token] token object
- def self.find(raw_token, secret: nil, cookie_secret: nil)
- claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret)
+ def self.find(raw_token, secret: nil, cookie_secret: nil, iss: nil)
+ claims = decode(raw_token, secret: secret, cookie_secret: cookie_secret, iss: iss)
return nil if claims.nil?
- new_token = new(secret: secret, cookie_secret: cookie_secret)
+ new_token = new(secret: secret, cookie_secret: cookie_secret, iss: iss)
new_token.claims = claims
return nil if new_token.revoked?
new_token
end
@@ -71,10 +71,11 @@
# Revokes and creates a new web token
# @param new_claims [Hash] Used to override and update claims during rotation
# @return [Token]
def rotate(new_claims = nil)
+ return self if claims[:iss] != JWTKeeper.configuration.issuer
revoke
new_claims ||= claims.except(:iss, :aud, :exp, :nbf, :iat, :jti)
new_token = self.class.create(new_claims)
@@ -139,21 +140,22 @@
expires: Time.at(claims[:exp])
}.merge(JWTKeeper.configuration.cookie_options)
end
# @!visibility private
- def self.decode(raw_token, secret: nil, cookie_secret: nil)
+ def self.decode(raw_token, secret: nil, cookie_secret: nil, iss: nil)
secret ||= JWTKeeper.configuration.secret
+ iss ||= JWTKeeper.configuration.issuer
JWT.decode(raw_token, secret.to_s + cookie_secret.to_s, true,
algorithm: JWTKeeper.configuration.algorithm,
verify_iss: true,
verify_aud: true,
verify_iat: true,
verify_sub: false,
verify_jti: false,
leeway: 0,
- iss: JWTKeeper.configuration.issuer,
+ iss: iss,
aud: JWTKeeper.configuration.audience
).first.symbolize_keys
rescue JWT::DecodeError
return nil