googleauth - Class Google::Auth::IDTokens::Verifier (v1.12.1)

Reference documentation and code samples for the googleauth class Google::Auth::IDTokens::Verifier.

An object that can verify ID tokens.

A verifier maintains a set of default settings, including the key source and fields to verify. However, individual verification calls can override any of these settings.

Inherits

  • Object

Methods

#initialize

def initialize(key_source: nil, aud: nil, azp: nil, iss: nil) -> Verifier

Create a verifier.

Parameters
  • key_source (key source) (defaults to: nil) — The default key source to use. All verification calls must have a key source, so if no default key source is provided here, then calls to #verify must provide a key source.
  • aud (String, nil) (defaults to: nil) — The default audience (aud) check, or nil for no check.
  • azp (String, nil) (defaults to: nil) — The default authorized party (azp) check, or nil for no check.
  • iss (String, nil) (defaults to: nil) — The default issuer (iss) check, or nil for no check.
Returns
  • (Verifier) — a new instance of Verifier

#verify

def verify(token, key_source: :default, aud: :default, azp: :default, iss: :default) -> Hash

Verify the given token.

Parameters
  • token (String) — the ID token to verify.
  • key_source (key source) (defaults to: :default) — If given, override the key source.
  • aud (String, nil) (defaults to: :default) — If given, override the aud check.
  • azp (String, nil) (defaults to: :default) — If given, override the azp check.
  • iss (String, nil) (defaults to: :default) — If given, override the iss check.
Returns
  • (Hash) — the decoded payload, if verification succeeded.
Raises
  • (KeySourceError) — if the key source failed to obtain public keys
  • (VerificationError) — if the token verification failed. Additional data may be available in the error subclass and message.