Module: JWT

Extended by:
Configuration
Defined in:
lib/jwt.rb,
lib/jwt/jwa.rb,
lib/jwt/jwk.rb,
lib/jwt/json.rb,
lib/jwt/error.rb,
lib/jwt/token.rb,
lib/jwt/base64.rb,
lib/jwt/claims.rb,
lib/jwt/decode.rb,
lib/jwt/encode.rb,
lib/jwt/jwa/ps.rb,
lib/jwt/jwk/ec.rb,
lib/jwt/verify.rb,
lib/jwt/jwa/rsa.rb,
lib/jwt/jwk/rsa.rb,
lib/jwt/jwk/set.rb,
lib/jwt/version.rb,
lib/jwt/jwa/hmac.rb,
lib/jwt/jwa/none.rb,
lib/jwt/jwk/hmac.rb,
lib/jwt/jwa/ecdsa.rb,
lib/jwt/jwa/eddsa.rb,
lib/jwt/jwa/compat.rb,
lib/jwt/jwa/wrapper.rb,
lib/jwt/deprecations.rb,
lib/jwt/jwk/key_base.rb,
lib/jwt/claims/issuer.rb,
lib/jwt/claims/jwt_id.rb,
lib/jwt/configuration.rb,
lib/jwt/encoded_token.rb,
lib/jwt/claims/numeric.rb,
lib/jwt/claims/subject.rb,
lib/jwt/jwk/key_finder.rb,
lib/jwt/jwk/okp_rbnacl.rb,
lib/jwt/jwk/thumbprint.rb,
lib/jwt/x5c_key_finder.rb,
lib/jwt/claims/audience.rb,
lib/jwt/claims/required.rb,
lib/jwt/claims/verifier.rb,
lib/jwt/jwa/hmac_rbnacl.rb,
lib/jwt/jwa/unsupported.rb,
lib/jwt/claims/issued_at.rb,
lib/jwt/claims_validator.rb,
lib/jwt/claims/expiration.rb,
lib/jwt/claims/not_before.rb,
lib/jwt/jwa/hmac_rbnacl_fixed.rb,
lib/jwt/jwa/signing_algorithm.rb,
lib/jwt/jwk/kid_as_key_digest.rb,
lib/jwt/claims/decode_verifier.rb,
lib/jwt/configuration/container.rb,
lib/jwt/claims/verification_methods.rb,
lib/jwt/configuration/jwk_configuration.rb,
lib/jwt/configuration/decode_configuration.rb

Overview

JSON Web Token implementation

Should be up to date with the latest spec: tools.ietf.org/html/rfc7519

Defined Under Namespace

Modules: Claims, Configuration, Deprecations, JWA, JWK, VERSION Classes: Base64, Base64DecodeError, ClaimsValidator, Decode, DecodeError, Encode, EncodeError, EncodedToken, ExpiredSignature, ImmatureSignature, IncorrectAlgorithm, InvalidAudError, InvalidIatError, InvalidIssuerError, InvalidJtiError, InvalidPayload, InvalidSubError, JSON, JWKError, MissingRequiredClaim, RequiredDependencyError, Token, UnsupportedEcdsaCurve, VerificationError, Verify, X5cKeyFinder

Class Method Summary collapse

Methods included from Configuration

configuration, configure

Class Method Details

.decode(jwt, key = nil, verify = true, options = {}, &keyfinder) ⇒ Array<Hash>

Decodes a JWT to extract the payload and header

Parameters:

  • jwt (String)

    the JWT to decode.

  • key (String) (defaults to: nil)

    the key used to verify the JWT.

  • verify (Boolean) (defaults to: true)

    whether to verify the JWT signature.

  • options (Hash) (defaults to: {})

    additional options for decoding.

Returns:

  • (Array<Hash>)

    the decoded payload and headers.



49
50
51
52
53
 
# File 'lib/jwt.rb', line 49

def decode(jwt, key = nil, verify = true, options = {}, &keyfinder) # rubocop:disable Style/OptionalBooleanParameter
  Deprecations.context do
    Decode.new(jwt, key, verify, configuration.decode.to_h.merge(options), &keyfinder).decode_segments
  end
end

.encode(payload, key, algorithm = 'HS256', header_fields = {}) ⇒ String

Encodes a payload into a JWT.

Parameters:

  • payload (Hash)

    the payload to encode.

  • key (String)

    the key used to sign the JWT.

  • algorithm (String) (defaults to: 'HS256')

    the algorithm used to sign the JWT.

  • header_fields (Hash) (defaults to: {})

    additional headers to include in the JWT.

Returns:

  • (String)

    the encoded JWT.



35
36
37
38
39
40
 
# File 'lib/jwt.rb', line 35

def encode(payload, key, algorithm = 'HS256', header_fields = {})
  Encode.new(payload: payload,
             key: key,
             algorithm: algorithm,
             headers: header_fields).segments
end

.gem_versionGem::Version

Returns the gem version of the JWT library.

Returns:

  • (Gem::Version)

    the gem version.



7
8
9
 
# File 'lib/jwt/version.rb', line 7

def self.gem_version
  Gem::Version.new(VERSION::STRING)
end

.openssl_3?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if the OpenSSL version is 3 or greater.

Returns:

  • (Boolean)

    true if OpenSSL version is 3 or greater, false otherwise.



27
28
29
30
31
 
# File 'lib/jwt/version.rb', line 27

def self.openssl_3?
  return false if OpenSSL::OPENSSL_VERSION.include?('LibreSSL')

  true if 3 * 0x10000000 <= OpenSSL::OPENSSL_VERSION_NUMBER
end

.openssl_3_hmac_empty_key_regression?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if there is an OpenSSL 3 HMAC empty key regression.

Returns:

  • (Boolean)

    true if there is an OpenSSL 3 HMAC empty key regression, false otherwise.



53
54
55
 
# File 'lib/jwt/version.rb', line 53

def self.openssl_3_hmac_empty_key_regression?
  openssl_3? && openssl_version <= ::Gem::Version.new('3.0.0')
end

.openssl_versionGem::Version

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the OpenSSL version.

Returns:

  • (Gem::Version)

    the OpenSSL version.



61
62
63
 
# File 'lib/jwt/version.rb', line 61

def self.openssl_version
  @openssl_version ||= ::Gem::Version.new(OpenSSL::VERSION)
end

.rbnacl?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if the RbNaCl library is defined.

Returns:

  • (Boolean)

    true if RbNaCl is defined, false otherwise.



37
38
39
 
# File 'lib/jwt/version.rb', line 37

def self.rbnacl?
  defined?(::RbNaCl)
end

.rbnacl_6_or_greater?Boolean

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Checks if the RbNaCl library version is 6.0.0 or greater.

Returns:

  • (Boolean)

    true if RbNaCl version is 6.0.0 or greater, false otherwise.



45
46
47
 
# File 'lib/jwt/version.rb', line 45

def self.rbnacl_6_or_greater?
  rbnacl? && ::Gem::Version.new(::RbNaCl::VERSION) >= ::Gem::Version.new('6.0.0')
end