1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
# frozen_string_literal: true
module JWT
module Claims
# The Audience class is responsible for validating the audience claim ('aud') in a JWT token.
class Audience
# Initializes a new Audience instance.
#
# @param expected_audience [String, Array<String>] the expected audience(s) for the JWT token.
def initialize(expected_audience:)
@expected_audience = expected_audience
end
# Verifies the audience claim ('aud') in the JWT token.
#
# @param context [Object] the context containing the JWT payload.
# @param _args [Hash] additional arguments (not used).
# @raise [JWT::InvalidAudError] if the audience claim is invalid.
# @return [nil]
def verify!(context:, **_args)
aud = context.payload['aud']
raise JWT::InvalidAudError, "Invalid audience. Expected #{expected_audience}, received #{aud || '<none>'}" if ([*aud] & [*expected_audience]).empty?
end
private
attr_reader :expected_audience
end
end
end
|
