public function verify($key, $header, $claims, $signature)
{
if (empty($header->alg)) {
throw new Exception\DecodeException('Invalid header: no algorithm specified');
}
if (isset($claims->aud) && empty($claims->aud)) {
throw new Exception\DecodeException('Audience cannot be empty [aud]');
}
// If "expires at" defined, check against time
if (isset($claims->exp) && $claims->exp <= time()) {
throw new Exception\ExpiredException('Message has expired');
}
// If a "not before" is provided, validate the time
if (isset($claims->nbf) && $claims->nbf > time()) {
throw new Exception\DecodeException('Cannot process prior to ' . date('m.d.Y H:i:s', $claims->nbf) . ' [nbf]');
}
$algorithm = $header->alg;
$signWith = implode('.', array($this->base64Encode(json_encode($header, JSON_UNESCAPED_SLASHES)), $this->base64Encode(json_encode($claims, JSON_UNESCAPED_SLASHES))));
return $this->hash_equals($this->sign($signWith, $key, $algorithm), $signature);
}