json-jwt 1.10.1 → 1.15.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 51a327761ea931101039a020adc776471ea89e73d4abe27267c0433916f6e327
-  data.tar.gz: 717bab99944dce15400c188ccd63e3556d60f2c498234884994966070c7b3068
+  metadata.gz: c3d9dceefdfb0168531cd68668848730898141b097c5541cde5cbb95a1bc24d7
+  data.tar.gz: 9dd27ddf48a2102ee1da5b8a7da411d10393fb622570a170b63dc328d50db7b3
 SHA512:
-  metadata.gz: fbcd1b698ce7c0f488bc7d6f873ec5c5bf8c5099f501b140bdc371e0a00f45ada1323df227a29d2ad16e4a971bd714904138b95d221bf76c4cf2b2fd2f444b2f
-  data.tar.gz: e53705c42a6f37833a1727bf14b86733502c06312bfab503217c2985de427aa4b0d68698e449f0d42a4e62415793e710f5d5ca412d7cade734bfb7b20455834a
+  metadata.gz: edbf0b0eb0521841aae74427293f66595ab30dee065b59b21bf0e3bd57f929b8d700caa67d8458e6e832819d962998862067eb8de0ea5530db967f89e4b19cbc
+  data.tar.gz: d7dcc87bf09ef1ddcf9b81306c41db9286e62f9f9b90c7838a1073f6d88cdc8a8114be0834dc54c2b1e4a69a7355771257b0093ec63b1554b3bfaeab685b022a

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: nov

data/.github/workflows/test_ruby.yml

@@ -0,0 +1,30 @@
+name: Test Ruby
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        os: ['ubuntu-20.04']
+        ruby-version: ['2.6', '2.7', '3.0', '3.1']
+        # ubuntu 22.04 only supports ssl 3 and thus only ruby 3.1
+        include:
+        - os: 'ubuntu-22.04'
+          ruby-version: '3.1'
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby-version }}
+        bundler-cache: true
+    - name: Run tests
+      run: bundle exec rake

data/.gitmodules

@@ -1,3 +1,3 @@
 [submodule "spec/helpers/json-jwt-nimbus"]
 	path = spec/helpers/json-jwt-nimbus
-	url = git://github.com/nov/json-jwt-nimbus.git
+	url = https://github.com/nov/json-jwt-nimbus.git

data/.travis.yml

@@ -3,9 +3,10 @@ before_install:
   - git submodule update --init --recursive
 
 rvm:
-  - 2.3.7
-  - 2.4.4
-  - 2.5.1
+  - 2.6.10
+  - 2.7.6
+  - 3.0.4
+  - 3.1.2
 
 jdk:
-  - oraclejdk8
+  - openjdk11

data/README.md

@@ -49,6 +49,17 @@ input = "jwt_header.jwt_claims.jwt_signature"
 JSON::JWT.decode(input, public_key)
 ```
 
+If you need to get a JWK from `jwks_uri` of OpenID Connect IdP, you can use `JSON::JWK::Set::Fetcher` to fetch (& optionally cache) it.
+
+```ruby
+# JWK Set Fetching & Caching
+# NOTE: Optionally by setting cache instance, JWKs are cached by kid.
+JSON::JWK::Set::Fetcher.cache = Rails.cache
+
+JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid: kid)
+# => returns JSON::JWK instance or raise JSON::JWK::Set::KidNotFound
+```
+
 For more details, read [Documentation Wiki](https://github.com/nov/json-jwt/wiki).
 
 ## Note on Patches/Pull Requests

data/VERSION

@@ -1 +1 @@
-1.10.1
+1.15.3.1

data/json-jwt.gemspec

@@ -12,12 +12,14 @@ Gem::Specification.new do |gem|
   end
   gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   gem.require_paths = ['lib']
-  gem.required_ruby_version = '>= 2.3'
+  gem.required_ruby_version = '>= 2.4'
   gem.add_runtime_dependency 'activesupport', '>= 4.2'
   gem.add_runtime_dependency 'bindata'
   gem.add_runtime_dependency 'aes_key_wrap'
+  gem.add_runtime_dependency 'httpclient'
   gem.add_development_dependency 'rake'
   gem.add_development_dependency 'simplecov'
+  gem.add_development_dependency 'webmock'
   gem.add_development_dependency 'rspec'
   gem.add_development_dependency 'rspec-its'
 end

data/lib/json/jose.rb

@@ -7,9 +7,11 @@ module JSON
     included do
       extend ClassMethods
       register_header_keys :alg, :jku, :jwk, :x5u, :x5t, :x5c, :kid, :typ, :cty, :crit
+
+      # NOTE: not used anymore in this gem, but keeping in case developers are calling it.
       alias_method :algorithm, :alg
 
-      attr_accessor :header
+      attr_writer :header
       def header
         @header ||= {}
       end
@@ -24,9 +26,7 @@ module JSON
       when JSON::JWK
         key.to_key
       when JSON::JWK::Set
-        key.detect do |jwk|
-          jwk[:kid] && jwk[:kid] == kid
-        end&.to_key or raise JWK::Set::KidNotFound
+        key[kid]&.to_key or raise JWK::Set::KidNotFound
       else
         key
       end

data/lib/json/jwe.rb

@@ -14,9 +14,10 @@ module JSON
 
     attr_accessor(
       :public_key_or_secret, :private_key_or_secret,
-      :plain_text, :cipher_text, :authentication_tag, :iv, :auth_data,
-      :content_encryption_key, :jwe_encrypted_key, :encryption_key, :mac_key
+      :plain_text, :cipher_text, :iv, :auth_data,
+      :content_encryption_key, :encryption_key, :mac_key
     )
+    attr_writer :jwe_encrypted_key, :authentication_tag
 
     register_header_keys :enc, :epk, :zip, :apu, :apv
     alias_method :encryption_method, :enc
@@ -106,7 +107,7 @@ module JSON
     end
 
     def dir?
-      :dir == algorithm&.to_sym
+      :dir == alg&.to_sym
     end
 
     def cipher
@@ -158,7 +159,7 @@ module JSON
     # encryption
 
     def jwe_encrypted_key
-      @jwe_encrypted_key ||= case algorithm&.to_sym
+      @jwe_encrypted_key ||= case alg&.to_sym
       when :RSA1_5
         public_key_or_secret.public_encrypt content_encryption_key
       when :'RSA-OAEP'
@@ -210,7 +211,7 @@ module JSON
 
     def decrypt_content_encryption_key
       fake_content_encryption_key = generate_content_encryption_key # NOTE: do this always not to make timing difference
-      case algorithm&.to_sym
+      case alg&.to_sym
       when :RSA1_5
         private_key_or_secret.private_decrypt jwe_encrypted_key
       when :'RSA-OAEP'
@@ -253,7 +254,7 @@ module JSON
           raise InvalidFormat.new("Invalid JWE Format. JWE should include #{NUM_OF_SEGMENTS} segments.")
         end
         jwe = new
-        _header_json_, jwe.jwe_encrypted_key, jwe.iv, jwe.cipher_text, jwe.authentication_tag = input.split('.').collect do |segment|
+        _header_json_, jwe.jwe_encrypted_key, jwe.iv, jwe.cipher_text, jwe.authentication_tag = input.split('.', NUM_OF_SEGMENTS).collect do |segment|
           begin
             Base64.urlsafe_decode64 segment
           rescue ArgumentError

data/lib/json/jwk/jwkizable.rb

@@ -44,6 +44,8 @@ module JSON
             :'P-384'
           when 'secp521r1'
             :'P-521'
+          when 'secp256k1'
+            :secp256k1
           else
             raise UnknownAlgorithm.new('Unknown EC Curve')
           end

data/lib/json/jwk/set/fetcher/debugger/request_filter.rb

@@ -0,0 +1,34 @@
+module JSON
+  class JWK
+    class Set
+      module Fetcher
+        module Debugger
+          class RequestFilter
+            # Callback called in HTTPClient (before sending a request)
+            # request:: HTTP::Message
+            def filter_request(request)
+              started = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST STARTED ======="
+              log started, request.dump
+            end
+
+            # Callback called in HTTPClient (after received a response)
+            # request::  HTTP::Message
+            # response:: HTTP::Message
+            def filter_response(request, response)
+              finished = "======= [JSON::JWK::Set::Fetcher] HTTP REQUEST FINISHED ======="
+              log '-' * 50, response.dump, finished
+            end
+
+            private
+
+            def log(*outputs)
+              outputs.each do |output|
+                JSON::JWK::Set::Fetcher.logger.info output
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/json/jwk/set/fetcher.rb

@@ -0,0 +1,87 @@
+module JSON
+  class JWK
+    class Set
+      module Fetcher
+        class Cache
+          def fetch(cache_key, options = {})
+            yield
+          end
+        end
+
+        def self.logger
+          @@logger
+        end
+        def self.logger=(logger)
+          @@logger = logger
+        end
+        self.logger = Logger.new(STDOUT)
+        self.logger.progname = 'JSON::JWK::Set::Fetcher'
+
+        def self.debugging?
+          @@debugging
+        end
+        def self.debugging=(boolean)
+          @@debugging = boolean
+        end
+        def self.debug!
+          self.debugging = true
+        end
+        def self.debug(&block)
+          original = self.debugging?
+          debug!
+          yield
+        ensure
+          self.debugging = original
+        end
+        self.debugging = false
+
+        def self.http_client
+          _http_client_ = HTTPClient.new(
+            agent_name: "JSON::JWK::Set::Fetcher (#{JSON::JWT::VERSION})"
+          )
+
+          # NOTE: httpclient gem seems stopped maintaining root certtificate set, use OS default.
+          _http_client_.ssl_config.clear_cert_store
+          _http_client_.ssl_config.cert_store.set_default_paths
+
+          _http_client_.request_filter << Debugger::RequestFilter.new if debugging?
+          http_config.try(:call, _http_client_)
+          _http_client_
+        end
+        def self.http_config(&block)
+          @@http_config ||= block
+        end
+
+        def self.cache=(cache)
+          @@cache = cache
+        end
+        def self.cache
+          @@cache
+        end
+        self.cache = Cache.new
+
+        def self.fetch(jwks_uri, kid:, auto_detect: true, **options)
+          cache_key = [
+            'json:jwk:set',
+            OpenSSL::Digest::MD5.hexdigest(jwks_uri),
+            kid
+          ].collect(&:to_s).join(':')
+
+          jwks = Set.new(
+            JSON.parse(
+              cache.fetch(cache_key, options) do
+                http_client.get_content(jwks_uri)
+              end
+            )
+          )
+
+          if auto_detect
+            jwks[kid] or raise KidNotFound
+          else
+            jwks
+          end
+        end
+      end
+    end
+  end
+end

data/lib/json/jwk/set.rb

@@ -19,6 +19,12 @@ module JSON
         'application/jwk-set+json'
       end
 
+      def [](kid)
+        detect do |jwk|
+          jwk[:kid] && jwk[:kid] == kid
+        end
+      end
+
       def as_json(options = {})
         # NOTE: Array.new wrapper is requied to avoid CircularReferenceError
         {keys: Array.new(self)}

data/lib/json/jwk.rb

@@ -50,8 +50,6 @@ module JSON
       end
     end
 
-    private
-
     def rsa?
       self[:kty]&.to_sym == :RSA
     end
@@ -64,12 +62,6 @@ module JSON
       self[:kty]&.to_sym == :oct
     end
 
-    def calculate_default_kid
-      self[:kid] = thumbprint
-    rescue
-      # ignore
-    end
-
     def normalize
       case
       when rsa?
@@ -95,28 +87,43 @@ module JSON
       end
     end
 
+    private
+
+    def calculate_default_kid
+      self[:kid] = thumbprint
+    rescue
+      # ignore
+    end
+
     def to_rsa_key
       e, n, d, p, q, dp, dq, qi = [:e, :n, :d, :p, :q, :dp, :dq, :qi].collect do |key|
         if self[key]
           OpenSSL::BN.new Base64.urlsafe_decode64(self[key]), 2
         end
       end
-      key = OpenSSL::PKey::RSA.new
-      if key.respond_to? :set_key
-        key.set_key n, e, d
-        key.set_factors p, q if p && q
-        key.set_crt_params dp, dq, qi if dp && dq && qi
-      else
-        key.e = e
-        key.n = n
-        key.d = d if d
-        key.p = p if p
-        key.q = q if q
-        key.dmp1 = dp if dp
-        key.dmq1 = dq if dq
-        key.iqmp = qi if qi
+
+      # Public key
+      data_sequence = OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::Integer(n),
+        OpenSSL::ASN1::Integer(e),
+      ])
+
+      if d && p && q && dp && dq && qi
+        data_sequence = OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer(0),
+          OpenSSL::ASN1::Integer(n),
+          OpenSSL::ASN1::Integer(e),
+          OpenSSL::ASN1::Integer(d),
+          OpenSSL::ASN1::Integer(p),
+          OpenSSL::ASN1::Integer(q),
+          OpenSSL::ASN1::Integer(dp),
+          OpenSSL::ASN1::Integer(dq),
+          OpenSSL::ASN1::Integer(qi),
+        ])
       end
-      key
+
+      asn1 = OpenSSL::ASN1::Sequence(data_sequence)
+      OpenSSL::PKey::RSA.new(asn1.to_der)
     end
 
     def to_ec_key
@@ -127,6 +134,8 @@ module JSON
         'secp384r1'
       when :'P-521'
         'secp521r1'
+      when :secp256k1
+        'secp256k1'
       else
         raise UnknownAlgorithm.new('Unknown EC Curve')
       end
@@ -135,13 +144,32 @@ module JSON
           Base64.urlsafe_decode64(self[key])
         end
       end
-      key = OpenSSL::PKey::EC.new curve_name
-      key.private_key = OpenSSL::BN.new(d, 2) if d
-      key.public_key = OpenSSL::PKey::EC::Point.new(
+
+      point = OpenSSL::PKey::EC::Point.new(
         OpenSSL::PKey::EC::Group.new(curve_name),
         OpenSSL::BN.new(['04' + x.unpack('H*').first + y.unpack('H*').first].pack('H*'), 2)
       )
-      key
+
+      # Public key
+      data_sequence = OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+          OpenSSL::ASN1::ObjectId(curve_name)
+        ]),
+        OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+      ])
+
+      if d
+        # Private key
+        data_sequence = OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::Integer(1),
+          OpenSSL::ASN1::OctetString(OpenSSL::BN.new(d, 2).to_s(2)),
+          OpenSSL::ASN1::ObjectId(curve_name, 0, :EXPLICIT),
+          OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed), 1, :EXPLICIT)
+        ])
+      end
+
+      OpenSSL::PKey::EC.new(data_sequence.to_der)
     end
   end
 end

data/lib/json/jws.rb

@@ -6,14 +6,14 @@ module JSON
 
     NUM_OF_SEGMENTS = 3
 
-    attr_accessor :signature_base_string
+    attr_writer :signature_base_string
 
     def initialize(jwt)
       update jwt
     end
 
     def sign!(private_key_or_secret)
-      self.alg = autodetected_algorithm_from(private_key_or_secret) if algorithm == :autodetect
+      self.alg = autodetected_algorithm_from(private_key_or_secret) if alg == :autodetect
       self.signature = sign signature_base_string, private_key_or_secret
       self
     end
@@ -43,31 +43,23 @@ module JSON
     private
 
     def digest
-      OpenSSL::Digest.new "SHA#{algorithm.to_s[2, 3]}"
+      OpenSSL::Digest.new "SHA#{alg.to_s[2, 3]}"
     end
 
     def hmac?
-      [:HS256, :HS384, :HS512].include? algorithm&.to_sym
+      [:HS256, :HS384, :HS512].include? alg&.to_sym
     end
 
     def rsa?
-      [:RS256, :RS384, :RS512].include? algorithm&.to_sym
+      [:RS256, :RS384, :RS512].include? alg&.to_sym
     end
 
     def rsa_pss?
-      if [:PS256, :PS384, :PS512].include? algorithm&.to_sym
-        if OpenSSL::VERSION < '2.1.0'
-          raise "#{alg} isn't supported. OpenSSL gem v2.1.0+ is required to use #{alg}."
-        else
-          true
-        end
-      else
-        false
-      end
+      [:PS256, :PS384, :PS512].include? alg&.to_sym
     end
 
     def ecdsa?
-      [:ES256, :ES384, :ES512].include? algorithm&.to_sym
+      [:ES256, :ES384, :ES512, :ES256K].include? alg&.to_sym
     end
 
     def autodetected_algorithm_from(private_key_or_secret)
@@ -85,6 +77,8 @@ module JSON
           :ES384
         when 'secp521r1'
           :ES512
+        when 'secp256k1'
+          :ES256K
         else
           raise UnknownAlgorithm.new('Unknown EC Curve')
         end
@@ -118,8 +112,7 @@ module JSON
         private_key = private_key_or_secret
         verify_ecdsa_group! private_key
         asn1_to_raw(
-          private_key.dsa_sign_asn1(digest.digest signature_base_string),
-          # private_key.sign(digest, signature_base_string), # NOTE: this causes `undefined method `private?'` error in ruby 2.3
+          private_key.sign(digest, signature_base_string),
           private_key
         )
       else
@@ -152,14 +145,19 @@ module JSON
     def verify_ecdsa_group!(key)
       group_name = case digest.digest_length * 8
       when 256
-        :prime256v1
+        case key.group.curve_name
+        when 'secp256k1'
+          :secp256k1
+        else
+          :prime256v1
+        end
       when 384
         :secp384r1
       when 512
         :secp521r1
       end
-      key.group = OpenSSL::PKey::EC::Group.new group_name.to_s
-      key.check_key
+      newkey = OpenSSL::PKey::EC.generate(group_name.to_s)
+      newkey.check_key
     end
 
     def raw_to_asn1(signature, public_key)
@@ -179,7 +177,7 @@ module JSON
         unless input.count('.') + 1 == NUM_OF_SEGMENTS
           raise InvalidFormat.new("Invalid JWS Format. JWS should include #{NUM_OF_SEGMENTS} segments.")
         end
-        header, claims, signature = input.split('.', JWS::NUM_OF_SEGMENTS).collect do |segment|
+        header, claims, signature = input.split('.', NUM_OF_SEGMENTS).collect do |segment|
           Base64.urlsafe_decode64 segment.to_s
         end
         header = JSON.parse(header).with_indifferent_access
@@ -191,7 +189,7 @@ module JSON
         jws = new claims
         jws.header = header
         jws.signature = signature
-        jws.signature_base_string = input.split('.')[0, JWS::NUM_OF_SEGMENTS - 1].join('.')
+        jws.signature_base_string = input.split('.')[0, NUM_OF_SEGMENTS - 1].join('.')
         jws.verify! public_key_or_secret, algorithms unless public_key_or_secret == :skip_verification
         jws
       end

data/lib/json/jwt.rb

@@ -1,11 +1,16 @@
 require 'openssl'
 require 'base64'
+require 'httpclient'
 require 'active_support'
 require 'active_support/core_ext'
 require 'json/jose'
 
 module JSON
   class JWT < ActiveSupport::HashWithIndifferentAccess
+    VERSION = ::File.read(
+      ::File.join(::File.dirname(__FILE__), '../../VERSION')
+    ).chomp
+
     attr_accessor :blank_payload
     attr_accessor :signature
 
@@ -103,7 +108,11 @@ module JSON
         when JWS::NUM_OF_SEGMENTS
           JWS.decode_compact_serialized jwt_string, key_or_secret, algorithms, allow_blank_payload
         when JWE::NUM_OF_SEGMENTS
-          JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
+          if allow_blank_payload
+            raise InvalidFormat.new("JWE w/ blank payload is not supported.")
+          else
+            JWE.decode_compact_serialized jwt_string, key_or_secret, algorithms, encryption_methods
+          end
         else
           raise InvalidFormat.new("Invalid JWT Format. JWT should include #{JWS::NUM_OF_SEGMENTS} or #{JWE::NUM_OF_SEGMENTS} segments.")
         end
@@ -132,3 +141,5 @@ require 'json/jwe'
 require 'json/jwk'
 require 'json/jwk/jwkizable'
 require 'json/jwk/set'
+require 'json/jwk/set/fetcher'
+require 'json/jwk/set/fetcher/debugger/request_filter'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: json-jwt
 version: !ruby/object:Gem::Version
-  version: 1.10.1
+  version: 1.15.3.1
 platform: ruby
 authors:
 - nov matake
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-05-07 00:00:00.000000000 Z
+date: 2024-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -52,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -80,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -116,6 +144,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/workflows/test_ruby.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".rspec"
@@ -131,13 +161,15 @@ files:
 - lib/json/jwk.rb
 - lib/json/jwk/jwkizable.rb
 - lib/json/jwk/set.rb
+- lib/json/jwk/set/fetcher.rb
+- lib/json/jwk/set/fetcher/debugger/request_filter.rb
 - lib/json/jws.rb
 - lib/json/jwt.rb
 homepage: https://github.com/nov/json-jwt
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -145,16 +177,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.5.3
+signing_key:
 specification_version: 4
 summary: JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and
   JSON Web Key) in Ruby