jwt-authorizer 1.0.0.beta1 → 1.0.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 428eced648fcb226781a748396f9bf30f3647af418ab5c6e059ef3312f92b416
-  data.tar.gz: ec06ac75857191c25081b8a179067a1c216712b05c7bfb11b742f42d45d03509
+  metadata.gz: 6e324a064b198c930d1085ec1b633517467b9fb2d2acd5951be2c3613a17190b
+  data.tar.gz: d5f1aac2b3638c7ba12e74f74bd365463079140c5789a88da77cbd9c60e5abd7
 SHA512:
-  metadata.gz: 12889b5f4b086638b400f5b7fe49182a68b06e054d80e97409334cc5f88a239fbabfdbb643bf1451f07f3b33ce222ce795cb7ab53025255ca17a9f618b9c1e0e
-  data.tar.gz: 2a7d53727bd6d7defa4567f218c5b84914edbad8100ad9ea80e6bb281fa53444661c73c3989bf32c3ce4225bd64e50e21017e19a720a1e9e66ca21e5a77ab997
+  metadata.gz: 23899cec2c6898756fdec308310cd39be9b3ba4da9c9537342678103502bb922a714645ed7c736b78d852abd123e926f1d8918af5f1e352d7ff4ee556ca0eb41
+  data.tar.gz: 4aa067249c8a651a8f1b68c6cd73f887350fe1ca10536e238912421cf34e0f3557ad4926cc7f0c0520eea83f8d6f220f33b4e6db8b090fda3ce848b6ac1a7d65

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    jwt-authorizer (1.0.0.beta1)
+    jwt-authorizer (1.0.0.beta2)
       jwt (~> 2.1)
 
 GEM

data/README.md

@@ -1,8 +1,8 @@
-[![Build Status](https://travis-ci.org/codesthq/jwt-authorizer.svg?branch=master)](https://travis-ci.org/codesthq/jwt-authorizer) [![Test Coverage](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/test_coverage)](https://codeclimate.com/github/codesthq/jwt-authorizer/test_coverage) [![Maintainability](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/maintainability)](https://codeclimate.com/github/codesthq/jwt-authorizer/maintainability)
+[![Gem Version](https://badge.fury.io/rb/jwt-authorizer.svg)](https://badge.fury.io/rb/jwt-authorizer) [![Build Status](https://travis-ci.org/codesthq/jwt-authorizer.svg?branch=master)](https://travis-ci.org/codesthq/jwt-authorizer) [![Test Coverage](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/test_coverage)](https://codeclimate.com/github/codesthq/jwt-authorizer/test_coverage) [![Maintainability](https://api.codeclimate.com/v1/badges/5f975bb8720b7ee04326/maintainability)](https://codeclimate.com/github/codesthq/jwt-authorizer/maintainability)
 
 # JWT::Authorizer
 
-`JWT::Authorizer` makes authorization with [JWT tokens](https://jwt.io/) simple. It allows creating and verifying JWT tokens according to rules (validations) set on specific `Authorizer` class.
+`JWT::Authorizer` makes authorization with [JWT tokens](https://jwt.io/) simple. It allows creating and verifying JWT tokens according to claims set on specific `JWT::Token` class.
 
 ## Installation
 
@@ -24,19 +24,19 @@ Or install it yourself as:
 
 ### Configuration
 
-You can configure your `JWT::Authorizer` classes with `.configuration` and `.configure` options:
+You can configure your `JWT::Token` classes with `.configuration` and `.configure` options:
 
 ```ruby
-JWT::Authorizer.configuration
+JWT::Token.configuration
 
-JWT::Authorizer.configure do |config|
+JWT::Token.configure do |config|
   config.expiry = 12 * 60 * 60
   config.algorithm = "RS256"
   config.secret = { private_key: nil, public_key: ENV["SECRET_KEY"] }
 end
 ```
 
-`JWT::Authorizer` have following options available:
+`JWT::Token` have following options available:
 
 * `algorithm` - determines algorithm used on signing and verifying JWT tokens. Defaults to `"HS256"`.
 * `secret` - for [`HMAC`](https://en.wikipedia.org/wiki/HMAC) algorithms it accepts simple `String` with symmetric key, for [`RSA`](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) and [`ECDSA`](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) it requires hash with `:private_key` and `:public_key` keys.
@@ -44,75 +44,129 @@ end
 * `issuer` - sets `iss` claim in the token. Defaults to `nil`.
 * `allowed_issuers` - array of issuers that will be allowed on token verification. Defaults to empty array, tokens with any value in `iss` claim (and without this claim) will be valid. If array contains any elements, *only* listed issuers will be valid.
 
-Default options can be overriden during instantiation of `JWT::Authorizer` classes:
+Default claims can be overriden during instantiation of `JWT::Token` classes:
 
 ```ruby
-JWT::Authorizer.configuration.expiry #=> 3600
-JWT::Authorizer.new(expiry: 60).expiry #=> 60
+JWT::Token.configuration.expiry #=> 3600 (offset)
+JWT::Token.new(expiry: Time.utc(2018, 3, 1)).expiry #=> 1519862400 (timestamp)
 ```
 
 ### Generating tokens
 
-To generate JWT token, create instance of `JWT::Authorizer` and call `#build` method. It accepts hash of additional claims you want in your token.
+To generate JWT token, create instance of `JWT::Token`. It accepts hash of additional claims you want in your token.
 
 ```ruby
-JWT::Authorizer.configuration.secret = "hmac"
-JWT::Authorizer.new.build(level: :admin)
-#=> "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODQ3MTcsImxldmVsIjoiYWRtaW4ifQ.nHRIBBjzteHuzygij-BlfXx3YIvfeO39Qh84hq729KQ"
+class MyToken < JWT::Token
+  claim :level, required: true
+end
+token = MyToken.new(level: :admin)
+token.to_s # or token.to_jwt
+#=> "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjA0MTI2MTcsImxldmVsIjoiYWRtaW4ifQ.Ak8qDlxSG9IcPVHYnelQHPK5U6Rj5hBYQ5mmoznuYso"
 ```
 
 ### Verifying tokens
 
-To verify token, use `JWT::Authorizer#verify` method.
+To verify token, use `JWT::Token.verify` method.
 
 ```ruby
-JWT::Authorizer.configuration.secret = "hmac"
-token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUwMzd9.CO8K_mqXCZfu8W12tpYcBo1WyrLZAmEMmr8R-HM3a5E"
-JWT::Authorizer.new.verify(token)
-#=> [{"exp"=>1520285037}, {"alg"=>"HS256"}]
-JWT::Authorizer.new.verify(nil)
+token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjA0MTI2Nzd9.EgiqWfDjXzlJHTwaFn26X3iOl2gBkQv3fADtMsFIQDY"
+JWT::Token.verify(token)
+#=> #<JWT::Token @claims={"exp"=>1520412677, "iss"=>nil}>
+JWT::Token.verify(nil)
 # JWT::DecodeError: Nil JSON web token
-JWT::Authorizer.new.verify("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjB9.nooope")
+JWT::Token.verify("eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjB9.nooope")
 # JWT::VerificationError: Signature verification raised
 ```
 
-### Validators
+### Claims
 
-You can use validators to verify non-standard claims.
+You can use claims to define and verify non-standard claims.
 
 ```ruby
-class AdminAuthorizer < JWT::Authorizer
-  validate :level, required: true do |value, _context|
+class AdminToken < JWT::Token
+  claim :level, key: "lvl", required: true do |value|
     raise JWT::DecodeError, "Level must be admin" unless value == "admin"
   end
 end
 
-valid_token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUzMzksImxldmVsIjoiYWRtaW4ifQ.OeIPSbtqlmcSJ1tUkLb7HhhMSlcAXKkrZhSOhgvYRHE"
-AdminAuthorizer.new.verify(valid_token)
-# [{"exp"=>1520285339, "level"=>"admin"}, {"alg"=>"HS256"}]
-missing_claim = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODUzODd9.ncXmy81O64OjLNP4eCdAyVklAfGqdYiWp0K6FoI1pec"
-AdminAuthorizer.new.verify(missing_claim)
-# JWT::Authorizer::MissingClaim: Token is missing required claim: level
-invalid_value = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjAyODU0MzQsImxldmVsIjoicmVndWxhciJ9.z16nhJcOpRJmDZdkrDrdo1TetQ9YZpYiQmBdc53lnV0"
-AdminAuthorizer.new.verify(invalid_value)
+valid_token = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjA0MTI3ODksImxldmVsIjoiYWRtaW4ifQ.GGD0dXWg7v8BiEg8fsjmdCXQBryAHRpx_8AihyNVmgs"
+AdminToken.verify(valid_token)
+#=> #<AdminToken @claims={"exp"=>1520412789, "iss"=>nil, "lvl"=>"admin"}>
+missing_claim = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjA0MTI3ODl9.efq_LuSpfp5VRwFl3rIf0FC_b2CCrpEC_oeDssvLDy4"
+AdminToken.verify(missing_claim)
+# JWT::Token::MissingClaim: Token is missing required claim: lvl
+invalid_value = "eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1MjA0NTI3ODksImx2bCI6InJlZ3VsYXIifQ.EjXX9zhE4SpzFSlGIPD5l0xKtMKgWSbWa5smw3OvBEo"
+AdminToken.verify(invalid_value)
 # JWT::DecodeError: Level must be admin
 ```
 
 `required` option is by default set to `false`. If set to `true`, given claim *must* be present in verified token.
+`key` options is by default the same as claim name. It corresponds to JSON inside JWT.
 
-You can pass additional context to validators:
+You can pass additional context to claims:
 
 ```ruby
-class AdminAuthorizer < JWT::Authorizer
-  validate :path do |value, rack_request|
+class AdminToken < JWT::Token
+  claim :path do |value, rack_request|
     raise JWT::DecodeError, "invalid path" unless value == rack_request.path
   end
 end
 
-AdminAuthorizer.new.verify(token, rack_request)
+AdminToken.verify(token, rack_request)
+```
+
+See [`JWT::EndpointToken`](lib/jwt/endpoint_token.rb) and it's [spec](spec/jwt/endpoint_token_spec.rb) for examples.
+
+### Default claims
+
+Gem currently supports two of the standard claims: `exp` and `iss`.
+
+#### Expiry
+
+You can set `expiry` option on configuration to a preferred offset for generated tokens:
+
+```ruby
+class LongLivedToken < JWT::Token
+  configuration.expiry = 2 * 365 * 24 * 60 * 60
+end
+
+token = LongLivedToken.new
+Time.at token.expiry
+#=> 2020-03-06 08:59:52 +0100
+```
+
+Note that `expiry` option in configuration is an offset, while on token instance it's a timestamp.
+
+On instance you can either assign timestamp, or a `Time` instance.
+
+```ruby
+token = JWT::Token.new
+token.expiry = Time.utc(2021, 1, 1)
+token.expiry
+#=> 1609459200
+
+JWT::Token.new(expiry: Time.utc(2021, 1, 1)).expiry
+#=> 1609459200
 ```
 
-See [`JWT::RequestAuthorizer`](lib/jwt/request_authorizer.rb) and it's [spec](spec/jwt/request_authorizer_spec.rb) for examples.
+`exp` claim will be validated if present.
+
+### Issuer
+
+In order to validate `issuer` claim, set `allowed_issuers` on token class:
+
+```ruby
+class MicroserviceToken < JWT::Token
+  configuration.allowed_issuers = ["apiservice", "cronservice"]
+end
+
+MicroserviceToken.verify(MicroserviceToken.new(issuer: "apiservice").to_jwt)
+#=> #<MicroserviceToken @claims={"exp"=>1520413510, "iss"=>"apiservice"}>
+MicroserviceToken.verify(MicroserviceToken.new(issuer: "otherservice").to_jwt)
+# JWT::InvalidIssuerError: Invalid issuer. Expected ["apiservice", "cronservice"], received otherservice
+MicroserviceToken.verify(MicroserviceToken.new(issuer: nil).to_jwt)
+# JWT::InvalidIssuerError: Invalid issuer. Expected ["apiservice", "cronservice"], received <none>
+```
 
 ## Development
 
@@ -122,7 +176,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/jwt-authorizer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+Bug reports and pull requests are welcome on GitHub at https://github.com/codesthq/jwt-authorizer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
 
 ## License
 
@@ -130,4 +184,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
 
 ## Code of Conduct
 
-Everyone interacting in the JWT::Authorizer project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/jwt-authorizer/blob/master/CODE_OF_CONDUCT.md).
+Everyone interacting in the JWT::Token project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/codesthq/jwt-authorizer/blob/master/CODE_OF_CONDUCT.md).

data/bin/console

@@ -7,5 +7,9 @@ require "jwt/authorizer"
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
+JWT::Token.configure do |config|
+  config.secret = "hmac"
+end
+
 require "pry"
 Pry.start

data/jwt-authorizer.gemspec

@@ -10,6 +10,8 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Michał Begejowicz"]
   spec.email         = ["michal.begejowicz@codesthq.com"]
 
+  spec.required_ruby_version = "~> 2.4"
+
   spec.summary       = "Authorization of requests for microservices based on JWT"
   spec.description   = "Authorization of requests for microservices based on JWT"
   spec.homepage      = "https://github.com/codesthq/jwt-authorizer"

data/lib/jwt/authorizer.rb

@@ -3,21 +3,20 @@
 require "jwt/authorizer/version"
 require "jwt"
 
-require "jwt/authorizer/builder"
-require "jwt/authorizer/configuration"
-require "jwt/authorizer/configurable"
-require "jwt/authorizer/verifier"
+require "jwt/token/builder"
+require "jwt/token/configuration"
+require "jwt/token/configurable"
+require "jwt/token/verifier"
 
-require "jwt/authorizer/claim_validator"
-require "jwt/authorizer/validation"
+require "jwt/token/default_claims"
+require "jwt/token/claim"
+require "jwt/token/claim_builder"
+
+require "jwt/token"
 
 module JWT
-  class Authorizer
-    include Configurable
-    include Builder
-    include Verifier
-    include Validation
+  module Authorizer
   end
 end
 
-require "jwt/request_authorizer"
+require "jwt/endpoint_token"

data/lib/jwt/authorizer/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module JWT
-  class Authorizer
-    VERSION = "1.0.0.beta1"
+  module Authorizer
+    VERSION = "1.0.0.beta2"
   end
 end

data/lib/jwt/{request_authorizer.rb → endpoint_token.rb}

@@ -1,27 +1,27 @@
 # frozen_string_literal: true
 
 module JWT
-  class RequestAuthorizer < Authorizer
+  class EndpointToken < Token
     class << self
       attr_writer :token_extractor
 
       def token_extractor
         @token_extractor ||= proc { |req| req.env["X-Auth-Token"] || req.params["_t"] }
       end
+
+      def verify(rack_request)
+        token = token_extractor.call(rack_request)
+
+        super(token, rack_request)
+      end
     end
 
-    validate :path, required: true do |value, rack_req|
+    claim :path, required: true do |value, rack_req|
       raise JWT::DecodeError, "Unexpected path: #{value}" unless value == rack_req.path
     end
 
-    validate :verb, required: true do |value, rack_req|
+    claim :verb, required: true do |value, rack_req|
       raise JWT::DecodeError, "Unexpected request method: #{value}" unless value.to_s.upcase == rack_req.request_method
     end
-
-    def verify(rack_request)
-      token = self.class.token_extractor.call(rack_request)
-
-      super(token, rack_request)
-    end
   end
 end

data/lib/jwt/token.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    include Configurable
+
+    include DefaultClaims
+    include ClaimBuilder
+
+    include Builder
+    include Verifier
+  end
+end

data/lib/jwt/token/builder.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    module Builder
+      def initialize(claims = {})
+        claims.each { |claim, value| send("#{claim}=", value) }
+      end
+
+      def to_jwt
+        JWT.encode claims.compact, secret[:private], algorithm
+      end; alias to_s to_jwt
+    end
+  end
+end

data/lib/jwt/token/claim.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    class MissingClaim < JWT::DecodeError
+      attr_reader :claim
+
+      def initialize(claim)
+        @claim = claim
+        super("Token is missing required claim: #{claim}")
+      end
+    end
+
+    class Claim
+      attr_reader :name, :key, :required, :verifier
+
+      def initialize(name, key, required, verifier)
+        @name = name
+        @key = key
+        @required = required
+        @verifier = verifier
+      end
+
+      def verify(token, context = nil)
+        value = token.send(name)
+
+        raise(MissingClaim, key)      if required && value.nil?
+        verifier.call(value, context) if value
+      end
+    end
+  end
+end

data/lib/jwt/token/claim_builder.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    module ClaimBuilder
+      class << self
+        def define_accessor_methods(token_class, claim)
+          define_getter(token_class, claim)
+          define_setter(token_class, claim)
+        end
+
+        def define_getter(token_class, claim)
+          token_class.send(:define_method, claim.name) { claims[claim.key] }
+          token_class.send(:alias_method, claim.key, claim.name)
+        end
+
+        def define_setter(token_class, claim)
+          method_name = "#{claim.name}="
+          token_class.send(:define_method, method_name) { |value| claims[claim.key] = value }
+          token_class.send(:alias_method, "#{claim.key}=", method_name)
+        end
+
+        def included(base)
+          base.extend(ClassMethods)
+          super
+        end
+      end
+
+      module ClassMethods
+        def inherited(subclass)
+          subclass.claims.concat(claims)
+          super
+        end
+
+        def claims
+          @claims ||= []
+        end
+
+        def claim(name, key: name.to_s, required: false, &verifier)
+          claim = JWT::Token::Claim.new(name, key, required, verifier).tap(&:freeze)
+
+          claims << claim
+          JWT::Token::ClaimBuilder.define_accessor_methods(self, claim)
+        end
+      end
+    end
+  end
+end

data/lib/jwt/{authorizer → token}/configurable.rb

@@ -1,16 +1,12 @@
 # frozen_string_literal: true
 
 module JWT
-  class Authorizer
+  class Token
     module Configurable
       def self.included(base)
         base.extend(ClassMethods)
         base.extend(Forwardable)
-        base.delegate %i[algorithm secret expiry issuer allowed_issuers] => :@config
-      end
-
-      def initialize(**options)
-        @config = self.class.configuration.dup.merge(options)
+        base.delegate %i[algorithm secret allowed_issuers] => "self.class.configuration"
       end
 
       module ClassMethods

data/lib/jwt/{authorizer → token}/configuration.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module JWT
-  class Authorizer
+  class Token
     class Configuration
       ATTRIBUTES = %i[algorithm secret expiry issuer allowed_issuers].freeze
 

data/lib/jwt/token/default_claims.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    module DefaultClaims
+      def expiry
+        claims["exp"]
+      end; alias exp expiry
+
+      def issuer
+        claims["iss"]
+      end; alias iss issuer
+
+      def expiry=(value)
+        claims["exp"] = value.is_a?(Time) ? value.to_i : value
+      end; alias exp= expiry=
+
+      def issuer=(value)
+        claims["iss"] = value
+      end; alias iss= issuer=
+
+      def claims
+        @claims ||= { "exp" => fetch_expiry, "iss" => self.class.configuration.issuer }
+      end
+
+      private
+
+      def fetch_expiry
+        (Time.now + self.class.configuration.expiry).to_i if self.class.configuration.expiry
+      end
+    end
+  end
+end

data/lib/jwt/token/verifier.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module JWT
+  class Token
+    module Verifier
+      def self.included(base)
+        base.extend(ClassMethods)
+        super
+      end
+
+      module ClassMethods
+        def verify(jwt_token, context = nil)
+          decoded = JWT.decode(jwt_token, configuration.secret[:public], true, decode_options)
+
+          new(decoded[0]).tap do |token|
+            claims.each do |claim|
+              claim.verify(token, context)
+            end
+          end
+        end
+
+        private
+
+        def decode_options
+          {}.tap do |result|
+            if configuration.allowed_issuers.any?
+              result[:iss] = configuration.allowed_issuers
+              result[:verify_iss] = true
+            end
+            result[:algorithm] = configuration.algorithm
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt-authorizer
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta1
+  version: 1.0.0.beta2
 platform: ruby
 authors:
 - Michał Begejowicz
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-06 00:00:00.000000000 Z
+date: 2018-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -159,14 +159,16 @@ files:
 - bin/setup
 - jwt-authorizer.gemspec
 - lib/jwt/authorizer.rb
-- lib/jwt/authorizer/builder.rb
-- lib/jwt/authorizer/claim_validator.rb
-- lib/jwt/authorizer/configurable.rb
-- lib/jwt/authorizer/configuration.rb
-- lib/jwt/authorizer/validation.rb
-- lib/jwt/authorizer/verifier.rb
 - lib/jwt/authorizer/version.rb
-- lib/jwt/request_authorizer.rb
+- lib/jwt/endpoint_token.rb
+- lib/jwt/token.rb
+- lib/jwt/token/builder.rb
+- lib/jwt/token/claim.rb
+- lib/jwt/token/claim_builder.rb
+- lib/jwt/token/configurable.rb
+- lib/jwt/token/configuration.rb
+- lib/jwt/token/default_claims.rb
+- lib/jwt/token/verifier.rb
 homepage: https://github.com/codesthq/jwt-authorizer
 licenses:
 - MIT
@@ -177,9 +179,9 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - "~>"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.4'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"

data/lib/jwt/authorizer/builder.rb

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  class Authorizer
-    module Builder
-      def build(claims = {})
-        payload = default_claims.merge!(claims)
-        JWT.encode payload, secret[:private], algorithm
-      end
-
-      private
-
-      def default_claims
-        {}.tap do |result|
-          result[:exp] = (Time.now + expiry).to_i if expiry
-          result[:iss] = issuer if issuer
-        end
-      end
-    end
-  end
-end

data/lib/jwt/authorizer/claim_validator.rb

@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  class Authorizer
-    class MissingClaim < StandardError
-      attr_reader :claim
-
-      def initialize(claim)
-        @claim = claim
-        super("Token is missing required claim: #{claim}")
-      end
-    end
-
-    class ClaimValidator
-      attr_reader :name, :required, :verifier
-
-      def initialize(name:, required: false, &block)
-        @name = name.to_s
-        @required = required
-        @verifier = block
-      end
-
-      def validate(token, context)
-        value = token.dig(0, name)
-        raise MissingClaim, name if required && !value
-        return unless value
-
-        verifier.call(value, context)
-      end
-    end
-  end
-end

data/lib/jwt/authorizer/validation.rb

@@ -1,40 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  class Authorizer
-    module Validation
-      def self.included(base)
-        base.extend(ClassMethods)
-      end
-
-      def verify(token, context = nil)
-        super(token).tap do |decoded|
-          validate_token(decoded, context)
-        end
-      end
-
-      private
-
-      def validate_token(token, context)
-        self.class.validators.each do |validator|
-          validator.validate(token, context)
-        end
-      end
-
-      module ClassMethods
-        def inherited(subclass)
-          subclass.instance_variable_set("@validators", validators.dup)
-          super
-        end
-
-        def validators
-          @validators ||= []
-        end
-
-        def validate(claim_name, required: false, &block)
-          validators << ClaimValidator.new(name: claim_name, required: required, &block)
-        end
-      end
-    end
-  end
-end

data/lib/jwt/authorizer/verifier.rb

@@ -1,23 +0,0 @@
-# frozen_string_literal: true
-
-module JWT
-  class Authorizer
-    module Verifier
-      def verify(token)
-        JWT.decode token, secret[:public], true, decode_options
-      end
-
-      private
-
-      def decode_options
-        {}.tap do |result|
-          if allowed_issuers.any?
-            result[:iss] = allowed_issuers
-            result[:verify_iss] = true
-          end
-          result[:algorithm] = algorithm
-        end
-      end
-    end
-  end
-end