PHP Yoast_Google_Utils::urlSafeB64Decode Examples

Programming Language: PHP

Method/Function: urlSafeB64Decode

Examples at hotexamples.com: 1

PHP Yoast_Google_Utils::urlSafeB64Decode - 1 examples found. These are the top rated real world PHP examples of Yoast_Google_Utils::urlSafeB64Decode extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

getStrLen(2)

normalize(1)

urlSafeB64Decode(1)

urlSafeB64Encode(1)

Example #1

Show file

File: Google_OAuth2.php Project: Didox/beminfinito

 function verifySignedJwtWithCerts($jwt, $certs, $required_audience)
 {
     $segments = explode(".", $jwt);
     if (count($segments) != 3) {
         throw new Yoast_Google_AuthException("Wrong number of segments in token: {$jwt}");
     }
     $signed = $segments[0] . "." . $segments[1];
     $signature = Yoast_Google_Utils::urlSafeB64Decode($segments[2]);
     // Parse envelope.
     $envelope = json_decode(Yoast_Google_Utils::urlSafeB64Decode($segments[0]), true);
     if (!$envelope) {
         throw new Yoast_Google_AuthException("Can't parse token envelope: " . $segments[0]);
     }
     // Parse token
     $json_body = Yoast_Google_Utils::urlSafeB64Decode($segments[1]);
     $payload = json_decode($json_body, true);
     if (!$payload) {
         throw new Yoast_Google_AuthException("Can't parse token payload: " . $segments[1]);
     }
     // Check signature
     $verified = false;
     foreach ($certs as $keyName => $pem) {
         $public_key = new Yoast_Google_PemVerifier($pem);
         if ($public_key->verify($signed, $signature)) {
             $verified = true;
             break;
         }
     }
     if (!$verified) {
         throw new Yoast_Google_AuthException("Invalid token signature: {$jwt}");
     }
     // Check issued-at timestamp
     $iat = 0;
     if (array_key_exists("iat", $payload)) {
         $iat = $payload["iat"];
     }
     if (!$iat) {
         throw new Yoast_Google_AuthException("No issue time in token: {$json_body}");
     }
     $earliest = $iat - self::CLOCK_SKEW_SECS;
     // Check expiration timestamp
     $now = time();
     $exp = 0;
     if (array_key_exists("exp", $payload)) {
         $exp = $payload["exp"];
     }
     if (!$exp) {
         throw new Yoast_Google_AuthException("No expiration time in token: {$json_body}");
     }
     if ($exp >= $now + self::MAX_TOKEN_LIFETIME_SECS) {
         throw new Yoast_Google_AuthException("Expiration time too far in future: {$json_body}");
     }
     $latest = $exp + self::CLOCK_SKEW_SECS;
     if ($now < $earliest) {
         throw new Yoast_Google_AuthException("Token used too early, {$now} < {$earliest}: {$json_body}");
     }
     if ($now > $latest) {
         throw new Yoast_Google_AuthException("Token used too late, {$now} > {$latest}: {$json_body}");
     }
     // TODO(beaton): check issuer field?
     // Check audience
     $aud = $payload["aud"];
     if ($aud != $required_audience) {
         throw new Yoast_Google_AuthException("Wrong recipient, {$aud} != {$required_audience}: {$json_body}");
     }
     // All good.
     return new Yoast_Google_LoginTicket($envelope, $payload);
 }