Psecio\Jwt\Jwt::verify PHP Method

Jwt Class Documentation Show file Open project: psecio/jwt

verify() public method

Verify the signature on the JWT message

public verify ( string $key, stdClass $header, stdClass $claims, string $signature ) : boolean
$key	string	Key used for hashing
$header	stdClass	Header data (object)
$claims	stdClass	Set of claims
$signature	string	Signature string
return	boolean	Pass/fail of verification

    public function verify($key, $header, $claims, $signature)
    {
        if (empty($header->alg)) {
            throw new Exception\DecodeException('Invalid header: no algorithm specified');
        }
        if (isset($claims->aud) && empty($claims->aud)) {
            throw new Exception\DecodeException('Audience cannot be empty [aud]');
        }
        // If "expires at" defined, check against time
        if (isset($claims->exp) && $claims->exp <= time()) {
            throw new Exception\ExpiredException('Message has expired');
        }
        // If a "not before" is provided, validate the time
        if (isset($claims->nbf) && $claims->nbf > time()) {
            throw new Exception\DecodeException('Cannot process prior to ' . date('m.d.Y H:i:s', $claims->nbf) . ' [nbf]');
        }
        $algorithm = $header->alg;
        $signWith = implode('.', array($this->base64Encode(json_encode($header, JSON_UNESCAPED_SLASHES)), $this->base64Encode(json_encode($claims, JSON_UNESCAPED_SLASHES))));
        return $this->hash_equals($this->sign($signWith, $key, $algorithm), $signature);
    }

Jwt

__call

__construct

__get

addClaim

base64Decode

base64Encode

custom

decode

decrypt

encode

encrypt

getClaims

getHeader

hash_equals

setClaims

setHeader

sign

verify