Commit 4da6cbe
Changed files (2)
app
models
app/models/bearer_token.rb
@@ -7,7 +7,7 @@ class BearerToken
end
def encode(payload)
- JWT.encode(timestamps.merge(payload), private_key, 'RS256')
+ JWT.encode(defaults.merge(payload), private_key, 'RS256')
end
def decode(token)
@@ -21,15 +21,13 @@ class BearerToken
attr_reader :private_key, :public_key
- def timestamps
- { exp: expiration.to_i, iat: issued_at.to_i }
- end
-
- def issued_at
- Time.current
- end
-
- def expiration
- 1.hour.from_now
+ def defaults
+ issued_at = Time.current.to_i
+ {
+ exp: 1.hour.from_now,
+ iat: issued_at,
+ iss: Saml::Kit.configuration.entity_id,
+ nbf: issued_at,
+ }
end
end
app/models/user.rb
@@ -13,7 +13,7 @@ class User < ApplicationRecord
end
def assertion_attributes_for(request)
- request.trusted? ? trusted_attributes : {}
+ request.trusted? ? trusted_attributes_for(request) : {}
end
def self.login(email, password)
@@ -27,16 +27,16 @@ class User < ApplicationRecord
private
- def access_token
- BearerToken.new.encode(id: uuid)
+ def access_token(audience)
+ BearerToken.new.encode(sub: uuid, aud: audience)
end
- def trusted_attributes
+ def trusted_attributes_for(request)
{
id: uuid,
email: email,
created_at: created_at,
- access_token: access_token,
+ access_token: access_token(request.issuer),
}
end
end