Class: AuthProviders::OktaJwtProvider

Inherits:

BearerTokenProvider

• Object
• BearerTokenProvider
• AuthProviders::OktaJwtProvider

Defined in:

app/services/auth_providers/okta_jwt_provider.rb

Overview

Validates JWTs issued by Okta using the JWKS endpoint

Instance Method Summary

• #initialize(issuer:, audience:, jwks_uri:, client_id:) ⇒ OktaJwtProvider constructor

  Initializes the OktaJwtProvider with issuer, audience, and JWKS URI.

• #valid?(token) ⇒ Boolean

  Validates the JWT and returns true if valid, false otherwise.

Constructor Details

#initialize(issuer:, audience:, jwks_uri:, client_id:) ⇒ OktaJwtProvider

Initializes the OktaJwtProvider with issuer, audience, and JWKS URI.

Parameters:

• issuer (String) —

  The expected issuer for JWT validation

• audience (String) —

  The expected audience for JWT validation

• jwks_uri (String) —

  The URI to fetch the JWKS (Key Set) from Okta

# File 'app/services/auth_providers/okta_jwt_provider.rb', line 18

def initialize(issuer:, audience:, jwks_uri:, client_id:)
  super()
  @issuer = issuer
  @audience = audience
  @jwks_uri = jwks_uri
  @client_id = client_id
end

Instance Method Details

#valid?(token) ⇒ Boolean

Validates the JWT and returns true if valid, false otherwise.

Parameters:

• token (String) —

  The JWT token to validate

Returns:

• (Boolean) —

  true if the token is valid, false otherwise

# File 'app/services/auth_providers/okta_jwt_provider.rb', line 30

def valid?(token)
  payload, _header = decode(token) # verify signature and claims; raises if invalid
  return false if payload.blank?
  return false unless valid_client_id?(payload)

  true
rescue StandardError => e
  Rails.logger.error(
    "[OKTA JWT] Validation failure: #{e.class.name}: #{e.message} " \
    "token_prefix=#{token[0, 10]}... token_length=#{token.length}"
  )
  false
end