models.jwt

Class JwtService

lucee.Component
    extended by models.jwt.JwtService

Copyright since 2016 by Ortus Solutions, Corp www.ortussolutions.com --- This is the JWT Services that will provide you with glorious JWT capabilities. Learn more about Json Web Tokens here: https://jwt.io/

Class Attributes:
  • threadsafe
    •  
  • singleton
    •  
  • synchronized : false
    •  
  • accessors : true
    •  
  • persistent : false
    •  
    Property Summary
    type property default serializable required
    any cbsecurity


    • access = public
    • returntype = any
    • inject = @cbSecurity
    		 true false
    any interceptorService


    • access = public
    • returntype = any
    • inject = coldbox:interceptorService
    		 true false
    any jwt


    • access = public
    • returntype = any
    • inject = provider:jwt@jwtcfml
    		 true false
    any log


    • access = public
    • returntype = any
    • inject = logbox:logger:{this}
    		 true false
    any requestService


    • access = public
    • returntype = any
    • inject = coldbox:requestService
    		 true false
    any settings


    • access = public
    • returntype = any
    • inject = coldbox:moduleSettings:cbSecurity
    		 true false
    any tokenStorage
          The token storage provider.

    • access = public
    • returntype = any
    		 true false
    any wirebox


    • access = public
    • returntype = any
    • inject = wirebox
    		 true false
    Constructor Summary
    init()
          Constructor.
    Method Summary
    struct annotationValidator(any securedValue, any controller)
         DEPRECATED: USE JwtAuthValidator@cbsecurity.
    any attempt(any username, any password, [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])
         Attempt to authenticate a user with the auth service and if succesful return a jwt token.
    any authenticate([any payload='[runtime expression]'])
         Authenticates a payload that is passed in or auto-discovered if not passed.
    struct decode(any token)
         Decode a jwt token.
    string discoverRefreshToken()
         Try to discover the jwt refresh token from many incoming resources:.
    string discoverToken()
         Try to discover the jwt token from many incoming resources:.
    string encode(struct payload)
         Create a jwt token according to the passed in payload.
    any fromEpoch(any target)
         Convert an epoch timestamp to local timestamp.
    any fromUser(any user, [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])
         Create an access or an access/refresh token(s) according to the passed user object and custom claims.
    private any generateToken(any user, [struct customClaims='[runtime expression]'], [boolean refresh='false'])
         Generate an access or refresh token bound to the passed user and custom claims.
    string getCbsecurity()
    string getInterceptorService()
    string getJwt()
    string getLog()
    struct getPayload()
         Get the stored token from `prc.
    string getRequestService()
    string getSettings()
    string getToken()
         Get the stored token from `prc.
    any getTokenStorage([boolean force='false'])
         Get the appropriate token storage provider.
    any getUser()
         Get the authenticated user stored on `prc` via the variables.
    string getWirebox()
    boolean invalidate(any token)
         Invalidates the incoming token by removing it from the permanent storage, no key in storage, it's invalid.
    JwtService invalidateAll([boolean async='false'])
         Invalidates all tokens in the connected storage provider.
    boolean isLoggedIn()
         Shortcut function to our authentication services to check if we are logged in.
    boolean isTokenInStorage(any token)
         Verifies if the passed in token exists in the storage provider.
    any logout()
         Logout a user and invalidate their access token.
    any onDIComplete()
         Runs after DI, here is where we setup the jwt settings for operation.
    struct parseToken([string token='[runtime expression]'], [boolean storeInContext='true'], [boolean authenticate='true'])
         Try's to get a jwt token from the authorization header or the custom header.
    struct refreshToken([any token='[runtime expression]'], [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])
         Manually refresh tokens by passing a valid refresh token and returning two new tokens:.
    struct ruleValidator(any rule, any controller)
         DEPRECATED: USE JwtAuthValidator@cbsecurity.
    any setCbsecurity(any cbsecurity)
    any setInterceptorService(any interceptorService)
    any setJwt(any jwt)
    any setLog(any log)
    any setRequestService(any requestService)
    any setSettings(any settings)
    any setToken(any token)
         Store a manual token in `prc.
    any setTokenStorage(any tokenStorage)
    any setWirebox(any wirebox)
    any toEpoch(any target)
         Convert a target local timestamp to epoch.
    boolean verify(any token)
         Verify an incoming token against our jwt library to check if it is valid token only.
     
    Methods inherited from class lucee.Component
    None
    Constructor Detail

    init

    public init()

    Constructor

    Property Detail

    cbsecurity

    property any cbsecurity

    Attributes:
    access - public
    required - false
    returntype - any
    inject - @cbSecurity
    serializable - true

    interceptorService

    property any interceptorService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - coldbox:interceptorService
    serializable - true

    jwt

    property any jwt

    Attributes:
    access - public
    required - false
    returntype - any
    inject - provider:jwt@jwtcfml
    serializable - true

    log

    property any log

    Attributes:
    access - public
    required - false
    returntype - any
    inject - logbox:logger:{this}
    serializable - true

    requestService

    property any requestService

    Attributes:
    access - public
    required - false
    returntype - any
    inject - coldbox:requestService
    serializable - true

    settings

    property any settings

    Attributes:
    access - public
    required - false
    returntype - any
    inject - coldbox:moduleSettings:cbSecurity
    serializable - true

    tokenStorage

    property any tokenStorage

    The token storage provider

    Attributes:
    access - public
    required - false
    returntype - any
    serializable - true

    wirebox

    property any wirebox

    Attributes:
    access - public
    required - false
    returntype - any
    inject - wirebox
    serializable - true
    Method Detail

    annotationValidator

    public struct annotationValidator(any securedValue, any controller)

    DEPRECATED: USE JwtAuthValidator@cbsecurity

    Parameters:
    securedValue
    controller

    attempt

    public any attempt(any username, any password, [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])

    Attempt to authenticate a user with the auth service and if succesful return a jwt token using the information in the authenticated user. If refresh tokens are enabled then you will get a struct of { access_token : "", refresh_token : "" }

    Parameters:
    username - The username to use
    password - The password to use
    customClaims - A struct of custom claims to add to the jwt token if successful.
    refreshCustomClaims - A struct of custom claims to add to the refresh token if successful.
    Returns:
    An access token if the enableRefreshTokens setting is false, else a struct with the access and refresh token: { access_token : "", refresh_token : "" }
    Throws:
    InvalidCredentials

    authenticate

    public any authenticate([any payload='[runtime expression]'])

    Authenticates a payload that is passed in or auto-discovered if not passed. This will return the user the payload represents via the `sub` claim

    Parameters:
    payload - The authentication payload to authenticate, by default we auto discover it
    Returns:
    User object that implements IAuth and IJwtSubject
    Throws:
    InvalidUser if user is not found

    decode

    public struct decode(any token)

    Decode a jwt token

    Parameters:
    token - The token to decode
    Throws:
    TokenExpiredException - When the token has expired

    discoverRefreshToken

    public string discoverRefreshToken()

    Try to discover the jwt refresh token from many incoming resources: - The custom auth header: x-refresh-token - URL/FORM: x-refresh-token

    Returns:
    The discovered refresh token or an empty string

    discoverToken

    public string discoverToken()

    Try to discover the jwt token from many incoming resources: - The custom auth header: x-auth-token - URL/FORM: x-auth-token - Authorization Header

    Returns:
    The discovered token or an empty string

    encode

    public string encode(struct payload)

    Create a jwt token according to the passed in payload. This method does not store the token in the storage

    Parameters:
    payload - The payload to encode

    fromEpoch

    public any fromEpoch(any target)

    Convert an epoch timestamp to local timestamp

    Parameters:
    target - The epoch timestamp

    fromUser

    public any fromUser(any user, [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])

    Create an access or an access/refresh token(s) according to the passed user object and custom claims. We are assuming the user is a valid and authenticated user. If the setting enableRefreshTokens is true, then we will return a struct of tokens: { access_token : "", refresh_token : "" }

    Parameters:
    user - The user to generate the token for, must implement IAuth and IJwtSubject
    customClaims - A struct of custom claims to add to the jwt token if successful.
    refreshCustomClaims - A struct of custom claims to add to the refresh token if successful.
    Returns:
    An access token if the enableRefreshTokens setting is false, else a struct with the access and refresh token: { access_token : "", refresh_token : "" }

    generateToken

    private any generateToken(any user, [struct customClaims='[runtime expression]'], [boolean refresh='false'])

    Generate an access or refresh token bound to the passed user and custom claims.

    Parameters:
    user - The user to generate the token for, must implement IAuth and IJwtSubject
    customClaims - A struct of custom claims to add to the jwt token if successful.
    refresh
    Returns:
    An access or refresh token

    getCbsecurity

    public string getCbsecurity()

    getInterceptorService

    public string getInterceptorService()

    getJwt

    public string getJwt()

    getLog

    public string getLog()

    getPayload

    public struct getPayload()

    Get the stored token from `prc.jwt_payload`, if it doesn't exist, it tries to parse it via `parseToken()`, if no token is set this will be an empty struct.

    getRequestService

    public string getRequestService()

    getSettings

    public string getSettings()

    getToken

    public string getToken()

    Get the stored token from `prc.jwt_token`, if it doesn't exist, it tries to parse it via `parseToken()`, if not token is set then this will be an empty string.

    getTokenStorage

    public any getTokenStorage([boolean force='false'])

    Get the appropriate token storage provider

    Parameters:
    force - If true, it will rebuild the storage using the settings, else it does lazy loading checks
    Returns:
    cbsecurity.interfaces.jwt.IJwtStorage

    getUser

    public any getUser()

    Get the authenticated user stored on `prc` via the variables.settings.authentication.prcUserVariable setting. if it doesn't exist, then call parseToken() and try to load it and authenticate it.

    Returns:
    The user that implements IAuth and IJwtSubject

    getWirebox

    public string getWirebox()

    invalidate

    public boolean invalidate(any token)

    Invalidates the incoming token by removing it from the permanent storage, no key in storage, it's invalid.

    Parameters:
    token - The token to invalidate

    invalidateAll

    public JwtService invalidateAll([boolean async='false'])

    Invalidates all tokens in the connected storage provider

    Parameters:
    async - Run the clearing asynchronously or not, default is false

    isLoggedIn

    public boolean isLoggedIn()

    Shortcut function to our authentication services to check if we are logged in

    isTokenInStorage

    public boolean isTokenInStorage(any token)

    Verifies if the passed in token exists in the storage provider

    Parameters:
    token - The token to check

    logout

    public any logout()

    Logout a user and invalidate their access token

    onDIComplete

    public any onDIComplete()

    Runs after DI, here is where we setup the jwt settings for operation

    parseToken

    public struct parseToken([string token='[runtime expression]'], [boolean storeInContext='true'], [boolean authenticate='true'])

    Try's to get a jwt token from the authorization header or the custom header defined in the configuration or passed in by you. If it is a valid token and it decodes we will then continue to validate the subject it represents. Once those are satisfied, then it will store it in the `prc` as `prc.jwt_token` and the payload as `prc.jwt_payload`.

    Parameters:
    token - The token to parse and validate, if not passed we call the discoverToken() method for you.
    storeInContext - By default, the token will be stored in the request context
    authenticate - By default, the token will be authenticated, you can disable it and do manual authentication.
    Returns:
    The payload for convenience
    Throws:
    TokenNotFoundException If the token cannot be found in the headers

    refreshToken

    public struct refreshToken([any token='[runtime expression]'], [struct customClaims='[runtime expression]'], [struct refreshCustomClaims='[runtime expression]'])

    Manually refresh tokens by passing a valid refresh token and returning two new tokens: { access_token : "", refresh_token : "" }

    Parameters:
    token
    customClaims - A struct of custom claims to apply to the new tokens
    refreshCustomClaims - A struct of custom claims to add to the refresh token
    Returns:
    A struct of { access_token : "", refresh_token : "" }
    Throws:
    TokenNotFoundException If the token cannot be found in the headers

    ruleValidator

    public struct ruleValidator(any rule, any controller)

    DEPRECATED: USE JwtAuthValidator@cbsecurity

    Parameters:
    rule
    controller

    setCbsecurity

    public any setCbsecurity(any cbsecurity)

    Parameters:
    cbsecurity

    setInterceptorService

    public any setInterceptorService(any interceptorService)

    Parameters:
    interceptorService

    setJwt

    public any setJwt(any jwt)

    Parameters:
    jwt

    setLog

    public any setLog(any log)

    Parameters:
    log

    setRequestService

    public any setRequestService(any requestService)

    Parameters:
    requestService

    setSettings

    public any setSettings(any settings)

    Parameters:
    settings

    setToken

    public any setToken(any token)

    Store a manual token in `prc.jwt_token`, and store the decoded version in `prc.jwt_payload`

    Parameters:
    token - A custom token to store in the ColdBox event bus

    setTokenStorage

    public any setTokenStorage(any tokenStorage)

    Parameters:
    tokenStorage

    setWirebox

    public any setWirebox(any wirebox)

    Parameters:
    wirebox

    toEpoch

    public any toEpoch(any target)

    Convert a target local timestamp to epoch

    Parameters:
    target - The local timestamp

    verify

    public boolean verify(any token)

    Verify an incoming token against our jwt library to check if it is valid token only No expiration or claim verification

    Parameters:
    token - The token to validate