Pass access/refresh claims to session for claim verification

tuwukee · Sep 19, 2024 · 5e1ec73 · 5e1ec73
1 parent 59a1534
commit 5e1ec73
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/lib/jwt_sessions/authorization.rb b/lib/jwt_sessions/authorization.rb
@@ -79,11 +79,11 @@ def request_method
     end
 
     def valid_csrf_token?(csrf_token, token_type)
-      JWTSessions::Session.new.valid_csrf?(found_token, csrf_token, token_type)
+      JWTSessions::Session.new(claims).valid_csrf?(found_token, csrf_token, token_type)
     end
 
     def session_exists?(token_type)
-      JWTSessions::Session.new.session_exists?(found_token, token_type)
+      JWTSessions::Session.new(claims).session_exists?(found_token, token_type)
     end
 
     def cookieless_auth(token_type)
@@ -150,5 +150,12 @@ def authorize_request(token_type)
       invalid_authorization unless session_exists?(token_type)
       check_csrf(token_type)
     end
+
+    def claims
+      {
+        access_claims: token_claims,
+        refresh_claims: token_claims
+      }
+    end
   end
 end