Class: MicrosoftApiService

Inherits:
Object
  • Object
show all
Defined in:
app/services/microsoft_api_service.rb

Constant Summary collapse

CLIENT_ID = 
Rails.application.credentials.microsoft_client_id
TENANT_ID = 
Rails.application.credentials.microsoft_tenant_id

Class Method Summary collapse

Class Method Details

.verify_id_token(id_token:) ⇒ Object

Raises:

  • (StandardError) 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'app/services/microsoft_api_service.rb', line 6

def verify_id_token(id_token:)
  jwks_url = "https://login.microsoftonline.com/#{TENANT_ID}/discovery/v2.0/keys"
  jwks_response = Faraday.get(jwks_url)
  raise StandardError, 'Google API request failed' unless jwks_response.success?

  jwks = JSON.parse(jwks_response.body)
  decoded_token = JWT.decode(
    id_token,
    nil,
    true,
    algorithms: ['RS256'],
    jwks: jwks
  )[0]
  raise UnexpectedTokenError, "Token audience doesn't match client id" if decoded_token['aud'] != CLIENT_ID
  raise UnexpectedTokenError, 'Issuer has different tenant id' if decoded_token['tid'] != TENANT_ID
  raise UnexpectedTokenError, 'Token is expired' if decoded_token['exp'] < Time.now.to_i

  decoded_token
end