public static function load($jwsTokenString, $allowUnsecure = false, Encoder $encoder = null, $encryptionEngine = 'OpenSSL')
{
if ($encoder === null) {
$encoder = strpbrk($jwsTokenString, '+/=') ? new Base64Encoder() : new Base64UrlSafeEncoder();
}
$parts = explode('.', $jwsTokenString);
if (count($parts) === 3) {
$header = json_decode($encoder->decode($parts[0]), true);
$payload = json_decode($encoder->decode($parts[1]), true);
if (is_array($header) && is_array($payload)) {
if (strtolower($header['alg']) === 'none' && !$allowUnsecure) {
throw new InvalidArgumentException(sprintf('The token "%s" cannot be validated in a secure context, as it uses the unallowed "none" algorithm', $jwsTokenString));
}
$jws = new static($header, $encryptionEngine);
$jws->setEncoder($encoder)->setHeader($header)->setPayload($payload)->setEncodedSignature($parts[2]);
return $jws;
}
}
throw new InvalidArgumentException(sprintf('The token "%s" is an invalid JWS', $jwsTokenString));
}