JWT::verify PHP Method

JWT Class Documentation Usage Examples Of JWT::verify Show file Open project: sjardim/Hugopit

verify() public static method

Verify a signature with the mesage, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.
public static verify ( string $msg, string $signature, string | resource $key, string $method = 'HS256' ) : boolean
$msg string the original message
$signature string
$key string | resource for HS*, a string key works. for RS*, must be a resource of an openssl public key
$method string
return boolean 
    public static function verify($msg, $signature, $key, $method = 'HS256')
    {
        if (empty(self::$methods[$method])) {
            throw new DomainException('Algorithm not supported');
        }
        list($function, $algo) = self::$methods[$method];
        switch ($function) {
            case 'openssl':
                $success = openssl_verify($msg, $signature, $key, $algo);
                if (!$success) {
                    throw new DomainException("OpenSSL unable to verify data: " . openssl_error_string());
                } else {
                    return $signature;
                }
            case 'hash_hmac':
            default:
                $hash = hash_hmac($algo, $msg, $key, true);
                $len = min(strlen($signature), strlen($hash));
                $status = 0;
                for ($i = 0; $i < $len; $i++) {
                    $status |= ord($signature[$i]) ^ ord($hash[$i]);
                }
                $status |= strlen($signature) ^ strlen($hash);
                return $status === 0;
        }
    }

Usage Example

Example #1
0
 /**
  * Decodes a JWT string into a PHP object.
  *
  * @param string      $jwt       The JWT
  * @param string|Array|null $key The secret key, or map of keys
  * @param bool        $verify    Don't skip verification process
  *
  * @return object      The JWT's payload as a PHP object
  * @throws UnexpectedValueException Provided JWT was invalid
  * @throws DomainException          Algorithm was not provided
  * 
  * @uses jsonDecode
  * @uses urlsafeB64Decode
  */
 public static function decode($jwt, $key = null, $verify = true)
 {
     $tks = explode('.', $jwt);
     if (count($tks) != 3) {
         throw new UnexpectedValueException('Wrong number of segments');
     }
     list($headb64, $bodyb64, $cryptob64) = $tks;
     if (null === ($header = JWT::jsonDecode(JWT::urlsafeB64Decode($headb64)))) {
         throw new UnexpectedValueException('Invalid segment encoding');
     }
     if (null === ($payload = JWT::jsonDecode(JWT::urlsafeB64Decode($bodyb64)))) {
         throw new UnexpectedValueException('Invalid segment encoding');
     }
     $sig = JWT::urlsafeB64Decode($cryptob64);
     if ($verify) {
         if (empty($header->alg)) {
             throw new DomainException('Empty algorithm');
         }
         if (is_array($key)) {
             if (isset($header->kid)) {
                 $key = $key[$header->kid];
             } else {
                 throw new DomainException('"kid" empty, unable to lookup correct key');
             }
         }
         if (!JWT::verify("{$headb64}.{$bodyb64}", $sig, $key, $header->alg)) {
             throw new UnexpectedValueException('Signature verification failed');
         }
         // Check token expiry time if defined.
         if (isset($payload->exp) && time() >= $payload->exp) {
             throw new UnexpectedValueException('Expired Token');
         }
     }
     return $payload;
 }
All Usage Examples Of JWT::verify
JWT
decode
encode
handleJsonError
jsonDecode
jsonEncode
sign
urlsafeB64Decode
urlsafeB64Encode
verify