jwt 2.9.1 → 2.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +47 -0
- data/README.md +170 -82
- data/lib/jwt/base64.rb +3 -0
- data/lib/jwt/claims/audience.rb +10 -0
- data/lib/jwt/claims/crit.rb +35 -0
- data/lib/jwt/claims/decode_verifier.rb +40 -0
- data/lib/jwt/claims/expiration.rb +10 -0
- data/lib/jwt/claims/issued_at.rb +7 -0
- data/lib/jwt/claims/issuer.rb +10 -0
- data/lib/jwt/claims/jwt_id.rb +10 -0
- data/lib/jwt/claims/not_before.rb +10 -0
- data/lib/jwt/claims/numeric.rb +47 -13
- data/lib/jwt/claims/required.rb +10 -0
- data/lib/jwt/claims/subject.rb +10 -0
- data/lib/jwt/claims/verification_methods.rb +20 -0
- data/lib/jwt/claims/verifier.rb +61 -0
- data/lib/jwt/claims.rb +52 -16
- data/lib/jwt/claims_validator.rb +18 -0
- data/lib/jwt/configuration/container.rb +20 -0
- data/lib/jwt/configuration/decode_configuration.rb +24 -0
- data/lib/jwt/configuration/jwk_configuration.rb +1 -0
- data/lib/jwt/configuration.rb +8 -0
- data/lib/jwt/decode.rb +28 -67
- data/lib/jwt/deprecations.rb +1 -0
- data/lib/jwt/encode.rb +17 -56
- data/lib/jwt/encoded_token.rb +139 -0
- data/lib/jwt/error.rb +34 -0
- data/lib/jwt/json.rb +1 -1
- data/lib/jwt/jwa/compat.rb +32 -0
- data/lib/jwt/jwa/ecdsa.rb +7 -6
- data/lib/jwt/jwa/eddsa.rb +7 -6
- data/lib/jwt/jwa/hmac.rb +6 -3
- data/lib/jwt/jwa/hmac_rbnacl.rb +5 -0
- data/lib/jwt/jwa/hmac_rbnacl_fixed.rb +5 -0
- data/lib/jwt/jwa/none.rb +1 -0
- data/lib/jwt/jwa/ps.rb +2 -3
- data/lib/jwt/jwa/rsa.rb +2 -3
- data/lib/jwt/jwa/signing_algorithm.rb +4 -0
- data/lib/jwt/jwa/unsupported.rb +1 -0
- data/lib/jwt/jwa/wrapper.rb +1 -0
- data/lib/jwt/jwa.rb +17 -4
- data/lib/jwt/jwk/ec.rb +2 -3
- data/lib/jwt/jwk/hmac.rb +2 -3
- data/lib/jwt/jwk/key_base.rb +1 -0
- data/lib/jwt/jwk/key_finder.rb +1 -0
- data/lib/jwt/jwk/kid_as_key_digest.rb +1 -0
- data/lib/jwt/jwk/okp_rbnacl.rb +3 -4
- data/lib/jwt/jwk/rsa.rb +2 -3
- data/lib/jwt/jwk/set.rb +2 -0
- data/lib/jwt/jwk.rb +1 -0
- data/lib/jwt/token.rb +112 -0
- data/lib/jwt/verify.rb +40 -0
- data/lib/jwt/version.rb +30 -9
- data/lib/jwt.rb +19 -0
- metadata +13 -7
@@ -1,8 +1,11 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module JWT
|
4
|
+
# JSON Web Algorithms
|
4
5
|
module JWA
|
6
|
+
# Base functionality for signing algorithms
|
5
7
|
module SigningAlgorithm
|
8
|
+
# Class methods for the SigningAlgorithm module
|
6
9
|
module ClassMethods
|
7
10
|
def register_algorithm(algo)
|
8
11
|
::JWT::JWA.register_algorithm(algo)
|
@@ -11,6 +14,7 @@ module JWT
|
|
11
14
|
|
12
15
|
def self.included(klass)
|
13
16
|
klass.extend(ClassMethods)
|
17
|
+
klass.include(JWT::JWA::Compat)
|
14
18
|
end
|
15
19
|
|
16
20
|
attr_reader :alg
|
data/lib/jwt/jwa/unsupported.rb
CHANGED
data/lib/jwt/jwa/wrapper.rb
CHANGED
data/lib/jwt/jwa.rb
CHANGED
@@ -8,6 +8,7 @@ rescue LoadError
|
|
8
8
|
raise if defined?(RbNaCl)
|
9
9
|
end
|
10
10
|
|
11
|
+
require_relative 'jwa/compat'
|
11
12
|
require_relative 'jwa/signing_algorithm'
|
12
13
|
require_relative 'jwa/ecdsa'
|
13
14
|
require_relative 'jwa/hmac'
|
@@ -17,9 +18,7 @@ require_relative 'jwa/rsa'
|
|
17
18
|
require_relative 'jwa/unsupported'
|
18
19
|
require_relative 'jwa/wrapper'
|
19
20
|
|
20
|
-
if JWT.rbnacl?
|
21
|
-
require_relative 'jwa/eddsa'
|
22
|
-
end
|
21
|
+
require_relative 'jwa/eddsa' if JWT.rbnacl?
|
23
22
|
|
24
23
|
if JWT.rbnacl_6_or_greater?
|
25
24
|
require_relative 'jwa/hmac_rbnacl'
|
@@ -28,18 +27,32 @@ elsif JWT.rbnacl?
|
|
28
27
|
end
|
29
28
|
|
30
29
|
module JWT
|
30
|
+
# The JWA module contains all supported algorithms.
|
31
31
|
module JWA
|
32
32
|
class << self
|
33
|
+
# @api private
|
33
34
|
def resolve(algorithm)
|
34
35
|
return find(algorithm) if algorithm.is_a?(String) || algorithm.is_a?(Symbol)
|
35
36
|
|
36
37
|
unless algorithm.is_a?(SigningAlgorithm)
|
37
|
-
Deprecations.warning('Custom algorithms are required to include JWT::JWA::SigningAlgorithm')
|
38
|
+
Deprecations.warning('Custom algorithms are required to include JWT::JWA::SigningAlgorithm. Custom algorithms that do not include this module may stop working in the next major version of ruby-jwt.')
|
38
39
|
return Wrapper.new(algorithm)
|
39
40
|
end
|
40
41
|
|
41
42
|
algorithm
|
42
43
|
end
|
44
|
+
|
45
|
+
# @api private
|
46
|
+
def resolve_and_sort(algorithms:, preferred_algorithm:)
|
47
|
+
algs = Array(algorithms).map { |alg| JWA.resolve(alg) }
|
48
|
+
algs.partition { |alg| alg.valid_alg?(preferred_algorithm) }.flatten
|
49
|
+
end
|
50
|
+
|
51
|
+
# @deprecated The `::JWT::JWA.create` method is deprecated and will be removed in the next major version of ruby-jwt.
|
52
|
+
def create(algorithm)
|
53
|
+
Deprecations.warning('The ::JWT::JWA.create method is deprecated and will be removed in the next major version of ruby-jwt.')
|
54
|
+
resolve(algorithm)
|
55
|
+
end
|
43
56
|
end
|
44
57
|
end
|
45
58
|
end
|
data/lib/jwt/jwk/ec.rb
CHANGED
@@ -4,6 +4,7 @@ require 'forwardable'
|
|
4
4
|
|
5
5
|
module JWT
|
6
6
|
module JWK
|
7
|
+
# JWK representation for Elliptic Curve (EC) keys
|
7
8
|
class EC < KeyBase # rubocop:disable Metrics/ClassLength
|
8
9
|
KTY = 'EC'
|
9
10
|
KTYS = [KTY, OpenSSL::PKey::EC, JWT::JWK::EC].freeze
|
@@ -65,9 +66,7 @@ module JWT
|
|
65
66
|
end
|
66
67
|
|
67
68
|
def []=(key, value)
|
68
|
-
if EC_KEY_ELEMENTS.include?(key.to_sym)
|
69
|
-
raise ArgumentError, 'cannot overwrite cryptographic key attributes'
|
70
|
-
end
|
69
|
+
raise ArgumentError, 'cannot overwrite cryptographic key attributes' if EC_KEY_ELEMENTS.include?(key.to_sym)
|
71
70
|
|
72
71
|
super(key, value)
|
73
72
|
end
|
data/lib/jwt/jwk/hmac.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWK
|
5
|
+
# JWK for HMAC keys
|
5
6
|
class HMAC < KeyBase
|
6
7
|
KTY = 'oct'
|
7
8
|
KTYS = [KTY, String, JWT::JWK::HMAC].freeze
|
@@ -61,9 +62,7 @@ module JWT
|
|
61
62
|
end
|
62
63
|
|
63
64
|
def []=(key, value)
|
64
|
-
if HMAC_KEY_ELEMENTS.include?(key.to_sym)
|
65
|
-
raise ArgumentError, 'cannot overwrite cryptographic key attributes'
|
66
|
-
end
|
65
|
+
raise ArgumentError, 'cannot overwrite cryptographic key attributes' if HMAC_KEY_ELEMENTS.include?(key.to_sym)
|
67
66
|
|
68
67
|
super(key, value)
|
69
68
|
end
|
data/lib/jwt/jwk/key_base.rb
CHANGED
data/lib/jwt/jwk/key_finder.rb
CHANGED
data/lib/jwt/jwk/okp_rbnacl.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWK
|
5
|
+
# JSON Web Key (JWK) representation for Ed25519 keys
|
5
6
|
class OKPRbNaCl < KeyBase
|
6
7
|
KTY = 'OKP'
|
7
8
|
KTYS = [KTY, JWT::JWK::OKPRbNaCl, RbNaCl::Signatures::Ed25519::SigningKey, RbNaCl::Signatures::Ed25519::VerifyKey].freeze
|
@@ -10,7 +11,7 @@ module JWT
|
|
10
11
|
|
11
12
|
def initialize(key, params = nil, options = {})
|
12
13
|
params ||= {}
|
13
|
-
|
14
|
+
Deprecations.warning('Using the OKP JWK for Ed25519 keys is deprecated and will be removed in a future version of ruby-jwt. Please use the ruby-eddsa gem instead.')
|
14
15
|
# For backwards compatibility when kid was a String
|
15
16
|
params = { kid: params } if params.is_a?(String)
|
16
17
|
|
@@ -83,9 +84,7 @@ module JWT
|
|
83
84
|
x: ::JWT::Base64.url_encode(verify_key.to_bytes)
|
84
85
|
}
|
85
86
|
|
86
|
-
if signing_key
|
87
|
-
params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes)
|
88
|
-
end
|
87
|
+
params[:d] = ::JWT::Base64.url_encode(signing_key.to_bytes) if signing_key
|
89
88
|
|
90
89
|
params
|
91
90
|
end
|
data/lib/jwt/jwk/rsa.rb
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
|
3
3
|
module JWT
|
4
4
|
module JWK
|
5
|
+
# JSON Web Key (JWK) representation of a RSA key
|
5
6
|
class RSA < KeyBase # rubocop:disable Metrics/ClassLength
|
6
7
|
BINARY = 2
|
7
8
|
KTY = 'RSA'
|
@@ -64,9 +65,7 @@ module JWT
|
|
64
65
|
end
|
65
66
|
|
66
67
|
def []=(key, value)
|
67
|
-
if RSA_KEY_ELEMENTS.include?(key.to_sym)
|
68
|
-
raise ArgumentError, 'cannot overwrite cryptographic key attributes'
|
69
|
-
end
|
68
|
+
raise ArgumentError, 'cannot overwrite cryptographic key attributes' if RSA_KEY_ELEMENTS.include?(key.to_sym)
|
70
69
|
|
71
70
|
super(key, value)
|
72
71
|
end
|
data/lib/jwt/jwk/set.rb
CHANGED
data/lib/jwt/jwk.rb
CHANGED
data/lib/jwt/token.rb
ADDED
@@ -0,0 +1,112 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module JWT
|
4
|
+
# Represents a JWT token
|
5
|
+
#
|
6
|
+
# Basic token signed using the HS256 algorithm:
|
7
|
+
#
|
8
|
+
# token = JWT::Token.new(payload: {pay: 'load'})
|
9
|
+
# token.sign!(algorithm: 'HS256', key: 'secret')
|
10
|
+
# token.jwt # => eyJhb....
|
11
|
+
#
|
12
|
+
# Custom headers will be combined with generated headers:
|
13
|
+
# token = JWT::Token.new(payload: {pay: 'load'}, header: {custom: "value"})
|
14
|
+
# token.sign!(algorithm: 'HS256', key: 'secret')
|
15
|
+
# token.header # => {"custom"=>"value", "alg"=>"HS256"}
|
16
|
+
#
|
17
|
+
class Token
|
18
|
+
include Claims::VerificationMethods
|
19
|
+
|
20
|
+
# Initializes a new Token instance.
|
21
|
+
#
|
22
|
+
# @param header [Hash] the header of the JWT token.
|
23
|
+
# @param payload [Hash] the payload of the JWT token.
|
24
|
+
def initialize(payload:, header: {})
|
25
|
+
@header = header&.transform_keys(&:to_s)
|
26
|
+
@payload = payload
|
27
|
+
end
|
28
|
+
|
29
|
+
# Returns the decoded signature of the JWT token.
|
30
|
+
#
|
31
|
+
# @return [String] the decoded signature of the JWT token.
|
32
|
+
def signature
|
33
|
+
@signature ||= ::JWT::Base64.url_decode(encoded_signature || '')
|
34
|
+
end
|
35
|
+
|
36
|
+
# Returns the encoded signature of the JWT token.
|
37
|
+
#
|
38
|
+
# @return [String] the encoded signature of the JWT token.
|
39
|
+
def encoded_signature
|
40
|
+
@encoded_signature ||= ::JWT::Base64.url_encode(signature)
|
41
|
+
end
|
42
|
+
|
43
|
+
# Returns the decoded header of the JWT token.
|
44
|
+
#
|
45
|
+
# @return [Hash] the header of the JWT token.
|
46
|
+
attr_reader :header
|
47
|
+
|
48
|
+
# Returns the encoded header of the JWT token.
|
49
|
+
#
|
50
|
+
# @return [String] the encoded header of the JWT token.
|
51
|
+
def encoded_header
|
52
|
+
@encoded_header ||= ::JWT::Base64.url_encode(JWT::JSON.generate(header))
|
53
|
+
end
|
54
|
+
|
55
|
+
# Returns the payload of the JWT token.
|
56
|
+
#
|
57
|
+
# @return [Hash] the payload of the JWT token.
|
58
|
+
attr_reader :payload
|
59
|
+
|
60
|
+
# Returns the encoded payload of the JWT token.
|
61
|
+
#
|
62
|
+
# @return [String] the encoded payload of the JWT token.
|
63
|
+
def encoded_payload
|
64
|
+
@encoded_payload ||= ::JWT::Base64.url_encode(JWT::JSON.generate(payload))
|
65
|
+
end
|
66
|
+
|
67
|
+
# Returns the signing input of the JWT token.
|
68
|
+
#
|
69
|
+
# @return [String] the signing input of the JWT token.
|
70
|
+
def signing_input
|
71
|
+
@signing_input ||= [encoded_header, encoded_payload].join('.')
|
72
|
+
end
|
73
|
+
|
74
|
+
# Returns the JWT token as a string.
|
75
|
+
#
|
76
|
+
# @return [String] the JWT token as a string.
|
77
|
+
# @raise [JWT::EncodeError] if the token is not signed or other encoding issues
|
78
|
+
def jwt
|
79
|
+
@jwt ||= (@signature && [encoded_header, @detached_payload ? '' : encoded_payload, encoded_signature].join('.')) || raise(::JWT::EncodeError, 'Token is not signed')
|
80
|
+
end
|
81
|
+
|
82
|
+
# Detaches the payload according to https://datatracker.ietf.org/doc/html/rfc7515#appendix-F
|
83
|
+
#
|
84
|
+
def detach_payload!
|
85
|
+
@detached_payload = true
|
86
|
+
|
87
|
+
nil
|
88
|
+
end
|
89
|
+
|
90
|
+
# Signs the JWT token.
|
91
|
+
#
|
92
|
+
# @param algorithm [String, Object] the algorithm to use for signing.
|
93
|
+
# @param key [String] the key to use for signing.
|
94
|
+
# @return [void]
|
95
|
+
# @raise [JWT::EncodeError] if the token is already signed or other problems when signing
|
96
|
+
def sign!(algorithm:, key:)
|
97
|
+
raise ::JWT::EncodeError, 'Token already signed' if @signature
|
98
|
+
|
99
|
+
JWA.resolve(algorithm).tap do |algo|
|
100
|
+
header.merge!(algo.header)
|
101
|
+
@signature = algo.sign(data: signing_input, signing_key: key)
|
102
|
+
end
|
103
|
+
|
104
|
+
nil
|
105
|
+
end
|
106
|
+
|
107
|
+
# Returns the JWT token as a string.
|
108
|
+
#
|
109
|
+
# @return [String] the JWT token as a string.
|
110
|
+
alias to_s jwt
|
111
|
+
end
|
112
|
+
end
|
data/lib/jwt/verify.rb
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'error'
|
4
|
+
|
5
|
+
module JWT
|
6
|
+
# @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
|
7
|
+
class Verify
|
8
|
+
DEFAULTS = { leeway: 0 }.freeze
|
9
|
+
METHODS = %w[verify_aud verify_expiration verify_iat verify_iss verify_jti verify_not_before verify_sub verify_required_claims].freeze
|
10
|
+
|
11
|
+
private_constant(:DEFAULTS, :METHODS)
|
12
|
+
class << self
|
13
|
+
METHODS.each do |method_name|
|
14
|
+
define_method(method_name) do |payload, options|
|
15
|
+
new(payload, options).send(method_name)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# @deprecated This method is deprecated and will be removed in the next major version of ruby-jwt.
|
20
|
+
def verify_claims(payload, options)
|
21
|
+
Deprecations.warning('The ::JWT::Verify.verify_claims method is deprecated and will be removed in the next major version of ruby-jwt')
|
22
|
+
::JWT::Claims.verify!(payload, options)
|
23
|
+
true
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
# @deprecated This class is deprecated and will be removed in the next major version of ruby-jwt.
|
28
|
+
def initialize(payload, options)
|
29
|
+
Deprecations.warning('The ::JWT::Verify class is deprecated and will be removed in the next major version of ruby-jwt')
|
30
|
+
@payload = payload
|
31
|
+
@options = DEFAULTS.merge(options)
|
32
|
+
end
|
33
|
+
|
34
|
+
METHODS.each do |method_name|
|
35
|
+
define_method(method_name) do
|
36
|
+
::JWT::Claims.verify!(@payload, @options.merge(method_name => true))
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
data/lib/jwt/version.rb
CHANGED
@@ -1,44 +1,65 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
#
|
3
|
+
# JSON Web Token implementation
|
4
|
+
#
|
5
|
+
# Should be up to date with the latest spec:
|
6
|
+
# https://tools.ietf.org/html/rfc7519
|
4
7
|
module JWT
|
8
|
+
# Returns the gem version of the JWT library.
|
9
|
+
#
|
10
|
+
# @return [Gem::Version] the gem version.
|
5
11
|
def self.gem_version
|
6
|
-
Gem::Version.new
|
12
|
+
Gem::Version.new(VERSION::STRING)
|
7
13
|
end
|
8
14
|
|
9
|
-
#
|
15
|
+
# @api private
|
10
16
|
module VERSION
|
11
|
-
# major version
|
12
17
|
MAJOR = 2
|
13
|
-
|
14
|
-
MINOR = 9
|
15
|
-
# tiny version
|
18
|
+
MINOR = 10
|
16
19
|
TINY = 1
|
17
|
-
# alpha, beta, etc. tag
|
18
20
|
PRE = nil
|
19
21
|
|
20
|
-
# Build version string
|
21
22
|
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
|
22
23
|
end
|
23
24
|
|
25
|
+
# Checks if the OpenSSL version is 3 or greater.
|
26
|
+
#
|
27
|
+
# @return [Boolean] true if OpenSSL version is 3 or greater, false otherwise.
|
28
|
+
# @api private
|
24
29
|
def self.openssl_3?
|
25
30
|
return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')
|
26
31
|
|
27
32
|
true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
|
28
33
|
end
|
29
34
|
|
35
|
+
# Checks if the RbNaCl library is defined.
|
36
|
+
#
|
37
|
+
# @return [Boolean] true if RbNaCl is defined, false otherwise.
|
38
|
+
# @api private
|
30
39
|
def self.rbnacl?
|
31
40
|
defined?(::RbNaCl)
|
32
41
|
end
|
33
42
|
|
43
|
+
# Checks if the RbNaCl library version is 6.0.0 or greater.
|
44
|
+
#
|
45
|
+
# @return [Boolean] true if RbNaCl version is 6.0.0 or greater, false otherwise.
|
46
|
+
# @api private
|
34
47
|
def self.rbnacl_6_or_greater?
|
35
48
|
rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
|
36
49
|
end
|
37
50
|
|
51
|
+
# Checks if there is an OpenSSL 3 HMAC empty key regression.
|
52
|
+
#
|
53
|
+
# @return [Boolean] true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.
|
54
|
+
# @api private
|
38
55
|
def self.openssl_3_hmac_empty_key_regression?
|
39
56
|
openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
|
40
57
|
end
|
41
58
|
|
59
|
+
# Returns the OpenSSL version.
|
60
|
+
#
|
61
|
+
# @return [Gem::Version] the OpenSSL version.
|
62
|
+
# @api private
|
42
63
|
def self.openssl_version
|
43
64
|
@openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
|
44
65
|
end
|
data/lib/jwt.rb
CHANGED
@@ -10,6 +10,11 @@ require 'jwt/encode'
|
|
10
10
|
require 'jwt/error'
|
11
11
|
require 'jwt/jwk'
|
12
12
|
require 'jwt/claims'
|
13
|
+
require 'jwt/encoded_token'
|
14
|
+
require 'jwt/token'
|
15
|
+
|
16
|
+
require 'jwt/claims_validator'
|
17
|
+
require 'jwt/verify'
|
13
18
|
|
14
19
|
# JSON Web Token implementation
|
15
20
|
#
|
@@ -20,6 +25,13 @@ module JWT
|
|
20
25
|
|
21
26
|
module_function
|
22
27
|
|
28
|
+
# Encodes a payload into a JWT.
|
29
|
+
#
|
30
|
+
# @param payload [Hash] the payload to encode.
|
31
|
+
# @param key [String] the key used to sign the JWT.
|
32
|
+
# @param algorithm [String] the algorithm used to sign the JWT.
|
33
|
+
# @param header_fields [Hash] additional headers to include in the JWT.
|
34
|
+
# @return [String] the encoded JWT.
|
23
35
|
def encode(payload, key, algorithm = 'HS256', header_fields = {})
|
24
36
|
Encode.new(payload: payload,
|
25
37
|
key: key,
|
@@ -27,6 +39,13 @@ module JWT
|
|
27
39
|
headers: header_fields).segments
|
28
40
|
end
|
29
41
|
|
42
|
+
# Decodes a JWT to extract the payload and header
|
43
|
+
#
|
44
|
+
# @param jwt [String] the JWT to decode.
|
45
|
+
# @param key [String] the key used to verify the JWT.
|
46
|
+
# @param verify [Boolean] whether to verify the JWT signature.
|
47
|
+
# @param options [Hash] additional options for decoding.
|
48
|
+
# @return [Array<Hash>] the decoded payload and headers.
|
30
49
|
def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
|
31
50
|
Deprecations.context do
|
32
51
|
Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
|
metadata
CHANGED
@@ -1,14 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: jwt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Rudat
|
8
|
-
autorequire:
|
9
8
|
bindir: bin
|
10
9
|
cert_chain: []
|
11
|
-
date: 2024-
|
10
|
+
date: 2024-12-26 00:00:00.000000000 Z
|
12
11
|
dependencies:
|
13
12
|
- !ruby/object:Gem::Dependency
|
14
13
|
name: base64
|
@@ -125,6 +124,8 @@ files:
|
|
125
124
|
- lib/jwt/base64.rb
|
126
125
|
- lib/jwt/claims.rb
|
127
126
|
- lib/jwt/claims/audience.rb
|
127
|
+
- lib/jwt/claims/crit.rb
|
128
|
+
- lib/jwt/claims/decode_verifier.rb
|
128
129
|
- lib/jwt/claims/expiration.rb
|
129
130
|
- lib/jwt/claims/issued_at.rb
|
130
131
|
- lib/jwt/claims/issuer.rb
|
@@ -133,6 +134,9 @@ files:
|
|
133
134
|
- lib/jwt/claims/numeric.rb
|
134
135
|
- lib/jwt/claims/required.rb
|
135
136
|
- lib/jwt/claims/subject.rb
|
137
|
+
- lib/jwt/claims/verification_methods.rb
|
138
|
+
- lib/jwt/claims/verifier.rb
|
139
|
+
- lib/jwt/claims_validator.rb
|
136
140
|
- lib/jwt/configuration.rb
|
137
141
|
- lib/jwt/configuration/container.rb
|
138
142
|
- lib/jwt/configuration/decode_configuration.rb
|
@@ -140,9 +144,11 @@ files:
|
|
140
144
|
- lib/jwt/decode.rb
|
141
145
|
- lib/jwt/deprecations.rb
|
142
146
|
- lib/jwt/encode.rb
|
147
|
+
- lib/jwt/encoded_token.rb
|
143
148
|
- lib/jwt/error.rb
|
144
149
|
- lib/jwt/json.rb
|
145
150
|
- lib/jwt/jwa.rb
|
151
|
+
- lib/jwt/jwa/compat.rb
|
146
152
|
- lib/jwt/jwa/ecdsa.rb
|
147
153
|
- lib/jwt/jwa/eddsa.rb
|
148
154
|
- lib/jwt/jwa/hmac.rb
|
@@ -164,6 +170,8 @@ files:
|
|
164
170
|
- lib/jwt/jwk/rsa.rb
|
165
171
|
- lib/jwt/jwk/set.rb
|
166
172
|
- lib/jwt/jwk/thumbprint.rb
|
173
|
+
- lib/jwt/token.rb
|
174
|
+
- lib/jwt/verify.rb
|
167
175
|
- lib/jwt/version.rb
|
168
176
|
- lib/jwt/x5c_key_finder.rb
|
169
177
|
- ruby-jwt.gemspec
|
@@ -172,9 +180,8 @@ licenses:
|
|
172
180
|
- MIT
|
173
181
|
metadata:
|
174
182
|
bug_tracker_uri: https://github.com/jwt/ruby-jwt/issues
|
175
|
-
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.
|
183
|
+
changelog_uri: https://github.com/jwt/ruby-jwt/blob/v2.10.1/CHANGELOG.md
|
176
184
|
rubygems_mfa_required: 'true'
|
177
|
-
post_install_message:
|
178
185
|
rdoc_options: []
|
179
186
|
require_paths:
|
180
187
|
- lib
|
@@ -189,8 +196,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
189
196
|
- !ruby/object:Gem::Version
|
190
197
|
version: '0'
|
191
198
|
requirements: []
|
192
|
-
rubygems_version: 3.
|
193
|
-
signing_key:
|
199
|
+
rubygems_version: 3.6.2
|
194
200
|
specification_version: 4
|
195
201
|
summary: JSON Web Token implementation in Ruby
|
196
202
|
test_files: []
|