Claims verification fixes

tuwukee · Sep 21, 2024 · f421307 · f421307
1 parent 8f6fb24
commit f421307
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/lib/jwt_sessions/authorization.rb b/lib/jwt_sessions/authorization.rb
@@ -79,11 +79,11 @@ def request_method
     end
 
     def valid_csrf_token?(csrf_token, token_type)
-      JWTSessions::Session.new(claims).valid_csrf?(found_token, csrf_token, token_type)
+      JWTSessions::Session.new(session_claims).valid_csrf?(found_token, csrf_token, token_type)
     end
 
     def session_exists?(token_type)
-      JWTSessions::Session.new(claims).session_exists?(found_token, token_type)
+      JWTSessions::Session.new(session_claims).session_exists?(found_token, token_type)
     end
 
     def cookieless_auth(token_type)
@@ -151,10 +151,11 @@ def authorize_request(token_type)
       check_csrf(token_type)
     end
 
-    def claims
+    def session_claims
+      claims = respond_to?(:token_claims) ? token_claims : {}
       {
-        access_claims: token_claims,
-        refresh_claims: token_claims
+        access_claims: claims,
+        refresh_claims: claims
       }
     end
   end