JWS object can also be verified.
/**
* Decode a JSON Web Token.
*
* @param Token $token
* @return array
* @throws \Tymon\JWTAuth\Exceptions\JWTException
*/
public function decode($token)
{
try {
$loader = new Loader();
$verifiedJWS = $loader->loadAndVerifySignatureUsingKey((string) $token, $this->signatureKey, [$this->signatureKey->get('alg')]);
$jwe = $loader->loadAndDecryptUsingKey($verifiedJWS->getPayload(), $this->encryptionKey, ['dir'], [$this->encryptionKey->get('alg')]);
} catch (Exception $e) {
throw new TokenInvalidException('Could not decode token: ' . $e->getMessage());
}
return $jwe->getPayload();
}
