/
key_finder.rb
57 lines (42 loc) · 1.12 KB
/
key_finder.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# frozen_string_literal: true
module JWT
module JWK
class KeyFinder
def initialize(options)
jwks_or_loader = options[:jwks]
@jwks = jwks_or_loader if jwks_or_loader.is_a?(Hash)
@jwk_loader = jwks_or_loader if jwks_or_loader.respond_to?(:call)
end
def key_for(kid)
raise ::JWT::DecodeError, 'No key id (kid) found from token headers' unless kid
jwk = resolve_key(kid)
raise ::JWT::DecodeError, "Could not find public key for kid #{kid}" unless jwk
::JWT::JWK.import(jwk).keypair
end
private
def resolve_key(kid)
jwk = find_key(kid)
return jwk if jwk
if reloadable?
load_keys(invalidate: true)
return find_key(kid)
end
nil
end
def jwks
return @jwks if @jwks
load_keys
@jwks
end
def load_keys(opts = {})
@jwks = @jwk_loader.call(opts)
end
def find_key(kid)
Array(jwks[:keys]).find { |key| key[:kid] == kid }
end
def reloadable?
@jwk_loader
end
end
end
end