Reference documentation and code samples for the googleauth class Google::Auth::IDTokens::Verifier.
An object that can verify ID tokens.
A verifier maintains a set of default settings, including the key source and fields to verify. However, individual verification calls can override any of these settings.
Inherits
- Object
Methods
#initialize
def
initialize
(
key_source
:
nil
,
aud
:
nil
,
azp
:
nil
,
iss
:
nil
)
-
>
Verifier
Create a verifier.
Parameters
- key_source(key source) (defaults to: nil) — The default key source to use. All verification calls must have a key source, so if no default key source is provided here, then calls to #verify must provide a key source.
- aud(String, nil) (defaults to: nil)
— The default audience (
aud) check, ornilfor no check. - azp(String, nil) (defaults to: nil)
— The default authorized party (
azp) check, ornilfor no check. - iss(String, nil) (defaults to: nil)
— The default issuer (
iss) check, ornilfor no check.
Returns
- ( Verifier ) — a new instance of Verifier
#verify
def
verify
(
token
,
key_source
:
:default
,
aud
:
:default
,
azp
:
:default
,
iss
:
:default
)
-
>
Hash
Verify the given token.
Parameters
- token(String) — the ID token to verify.
- key_source(key source) (defaults to: :default) — If given, override the key source.
- aud(String, nil) (defaults to: :default)
— If given, override the
audcheck. - azp(String, nil) (defaults to: :default)
— If given, override the
azpcheck. - iss(String, nil) (defaults to: :default)
— If given, override the
isscheck.
Returns
- (Hash) — the decoded payload, if verification succeeded.
Raises
- ( KeySourceError ) — if the key source failed to obtain public keys
- ( VerificationError ) — if the token verification failed. Additional data may be available in the error subclass and message.
