diff options
| author | Brendan Abbott <brendan@vuid.com> | 2014-11-13 12:04:38 +1000 |
|---|---|---|
| committer | Brendan Abbott <brendan@vuid.com> | 2014-11-13 12:04:38 +1000 |
| commit | 0b01cd0b1727c4652b4529289ddddb599ef6ca6a (patch) | |
| tree | a64d096f050c31d93403824c5518c460a8239985 /Authentication | |
| parent | b18c3050179262af03da43de35fd2830a6cc4644 (diff) | |
| download | php-jwt-0b01cd0b1727c4652b4529289ddddb599ef6ca6a.zip php-jwt-0b01cd0b1727c4652b4529289ddddb599ef6ca6a.tar.gz php-jwt-0b01cd0b1727c4652b4529289ddddb599ef6ca6a.tar.bz2 | |
Add checking of nbf claim
Diffstat (limited to 'Authentication')
| -rw-r--r-- | Authentication/JWT.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/Authentication/JWT.php b/Authentication/JWT.php index 08cc91f..1a5916e 100644 --- a/Authentication/JWT.php +++ b/Authentication/JWT.php @@ -61,12 +61,22 @@ class JWT throw new DomainException('"kid" empty, unable to lookup correct key'); } } + + // Check the signature if (!JWT::verify("$headb64.$bodyb64", $sig, $key, $header->alg)) { throw new UnexpectedValueException('Signature verification failed'); } + // Check token expiry time if defined. if (isset($payload->exp) && time() >= $payload->exp) { - throw new UnexpectedValueException('Expired Token'); + throw new UnexpectedValueException('Expired token'); + } + + // Check if the nbf if it is defined. + if (isset($payload->nbf) && $payload->nbf > time()) { + throw new UnexpectedValueException( + 'Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf) + ); } } return $payload; |