Class: Aspera::OAuth::Jwt

Inherits:
Base
  • Object
show all
Defined in:
lib/aspera/oauth/jwt.rb

Overview

Authentication using private key tools.ietf.org/html/rfc7523 tools.ietf.org/html/rfc7519

Constant Summary collapse

DEFAULT_PRIV_KEY_LENGTH = 
4096
GRANT_TYPE = 
'urn:ietf:params:oauth:grant-type:jwt-bearer'

Instance Attribute Summary

Attributes inherited from Base

#api, #client_id, #path_token, #scope

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#authorization, #create_token_call, #optional_scope_client_id, #token

Constructor Details

#initialize(private_key_obj:, payload:, headers: {}, cache_ids: [], **base_params) ⇒ Jwt

Returns a new instance of Jwt.

Parameters:

  • private_key_obj

    private key object

  • payload

    payload to be included in the JWT

  • headers (defaults to: {})

    headers to be included in the JWT



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/aspera/oauth/jwt.rb', line 32

def initialize(
  private_key_obj:,
  payload:,
  headers: {},
  cache_ids: [],
  **base_params
)
  Aspera.assert_type(private_key_obj, OpenSSL::PKey::RSA){'private_key_obj'}
  Aspera.assert_type(payload, Hash){'payload'}
  Aspera.assert_type(headers, Hash){'headers'}
  Aspera.assert_type(cache_ids, Array){'cache ids'}
  new_cache_ids = cache_ids.clone.push(payload[:sub])
  super(**base_params, cache_ids: new_cache_ids)
  @private_key_obj = private_key_obj
  @additional_payload = payload
  @headers = headers
end

Class Method Details

.generate_rsa_private_key(path:, length: DEFAULT_PRIV_KEY_LENGTH) ⇒ Object 



18
19
20
21
22
23
24
25
 
# File 'lib/aspera/oauth/jwt.rb', line 18

def generate_rsa_private_key(path:, length: DEFAULT_PRIV_KEY_LENGTH)
  priv_key = OpenSSL::PKey::RSA.new(length)
  File.write(path, priv_key.to_s)
  File.write("#{path}.pub", priv_key.public_key.to_s)
  Environment.restrict_file_access(path)
  Environment.restrict_file_access("#{path}.pub")
  nil
end

Instance Method Details

#create_tokenObject 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/aspera/oauth/jwt.rb', line 50

def create_token
  require 'jwt'
  seconds_since_epoch = Time.new.to_i
  Log.log.debug{"seconds_since_epoch=#{seconds_since_epoch}"}
  jwt_payload = {
    exp: seconds_since_epoch + OAuth::Factory.instance.parameters[:jwt_expiry_offset_sec], # expiration time
    nbf: seconds_since_epoch - OAuth::Factory.instance.parameters[:jwt_accepted_offset_sec], # not before
    iat: seconds_since_epoch - OAuth::Factory.instance.parameters[:jwt_accepted_offset_sec] + 1, # issued at
    jti: SecureRandom.uuid # JWT id
  }.merge(@additional_payload)
  Log.dump(:jwt_payload, jwt_payload)
  Log.log.debug{"private=[#{@private_key_obj}]"}
  assertion = JWT.encode(jwt_payload, @private_key_obj, 'RS256', @headers)
  Log.log.debug{"assertion=[#{assertion}]"}
  return create_token_call(optional_scope_client_id.merge(grant_type: GRANT_TYPE, assertion: assertion))
end