Merge pull request #161 from XeroAPI/validate_on_callback

SerKnight · web-flow · commit 0aebca70fac5 · 2021-05-03T12:05:02.000-06:00
Optimise the jwt_validation code
diff --git a/lib/xero-ruby/api_client.rb b/lib/xero-ruby/api_client.rb
@@ -110,11 +110,11 @@ def id_token
     end
 
     def decoded_access_token
-      decode_jwt(@config.access_token)
+      decode_jwt(@config.access_token, false)
     end
 
     def decoded_id_token
-      decode_jwt(@config.id_token)
+      decode_jwt(@config.id_token, false)
     end
 
     def set_token_set(token_set)
@@ -166,10 +166,14 @@ def validate_state(params)
       return true
     end
 
-    def decode_jwt(tkn)
-      jwks_data = JSON.parse(Faraday.get('https://identity.xero.com/.well-known/openid-configuration/jwks').body)
-      jwk_set = JSON::JWK::Set.new(jwks_data)
-      JSON::JWT.decode(tkn, jwk_set)
+    def decode_jwt(tkn, verify=true)
+      if verify == true
+        jwks_data = JSON.parse(Faraday.get('https://identity.xero.com/.well-known/openid-configuration/jwks').body)
+        jwk_set = JSON::JWK::Set.new(jwks_data)
+        JSON::JWT.decode(tkn, jwk_set)
+      else
+        JSON::JWT.decode(tkn, :skip_verification)
+      end
     end
 
     def token_expired?
diff --git a/lib/xero-ruby/version.rb b/lib/xero-ruby/version.rb
@@ -11,5 +11,5 @@
 =end
 
 module XeroRuby
-  VERSION = '2.10.1'
+  VERSION = '2.10.2'
 end
