class Stytch::Sessions
def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil)
This method never authenticates a JWT directly with the API
function to get the JWK
Uses the cached value to get the JWK but if it is unavailable, it calls the get_jwks()
Parse a JWT and verify the signature locally (without calling /authenticate in the API)
def authenticate_jwt_local(session_jwt, max_token_age_seconds: nil) max_token_age_seconds = 300 if max_token_age_seconds.nil? issuer = 'stytch.com/' + @project_id begin decoded_token = JWT.decode session_jwt, nil, true, { jwks: @jwks_loader, iss: issuer, verify_iss: true, aud: @project_id, verify_aud: true, algorithms: ['RS256'] } session = decoded_token[0] iat_time = Time.at(session['iat']).to_datetime return nil unless iat_time + max_token_age_seconds >= Time.now session = marshal_jwt_into_session(session) rescue JWT::InvalidIssuerError raise JWTInvalidIssuerError rescue JWT::InvalidAudError raise JWTInvalidAudienceError rescue JWT::ExpiredSignature raise JWTExpiredSignatureError rescue JWT::IncorrectAlgorithm raise JWTIncorrectAlgorithmError end session end