From f4213071e558f30d3d5ddee5c6e6d64582f01db2 Mon Sep 17 00:00:00 2001
From: Julija Alieckaja <yulia.oletskaya@gmail.com>
Date: Sat, 21 Sep 2024 11:16:02 +0200
Subject: [PATCH] Claims verification fixes

---
 lib/jwt_sessions/authorization.rb | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/jwt_sessions/authorization.rb b/lib/jwt_sessions/authorization.rb
index 9e5f649..675204f 100644
--- a/lib/jwt_sessions/authorization.rb
+++ b/lib/jwt_sessions/authorization.rb
@@ -79,11 +79,11 @@ def request_method
     end
 
     def valid_csrf_token?(csrf_token, token_type)
-      JWTSessions::Session.new(claims).valid_csrf?(found_token, csrf_token, token_type)
+      JWTSessions::Session.new(session_claims).valid_csrf?(found_token, csrf_token, token_type)
     end
 
     def session_exists?(token_type)
-      JWTSessions::Session.new(claims).session_exists?(found_token, token_type)
+      JWTSessions::Session.new(session_claims).session_exists?(found_token, token_type)
     end
 
     def cookieless_auth(token_type)
@@ -151,10 +151,11 @@ def authorize_request(token_type)
       check_csrf(token_type)
     end
 
-    def claims
+    def session_claims
+      claims = respond_to?(:token_claims) ? token_claims : {}
       {
-        access_claims: token_claims,
-        refresh_claims: token_claims
+        access_claims: claims,
+        refresh_claims: claims
       }
     end
   end