Configures the time that "iat", "nbf" and "exp" should be based on
| public setCurrentTime ( integer $currentTime ) | ||
| $currentTime | integer | |
/**
* {@inheritdoc}
*/
public function validateAuthorization(\Phalcon\Http\RequestInterface $request)
{
if (!$request->getHeader('authorization')) {
throw OAuthServerException::accessDenied('Missing "Authorization" header');
}
$header = $request->getHeader('authorization');
$jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header));
try {
// Attempt to parse and validate the JWT
$token = (new Parser())->parse($jwt);
if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) {
throw OAuthServerException::accessDenied('Access token could not be verified');
}
// Ensure access token hasn't expired
$data = new ValidationData();
$data->setCurrentTime(time());
if ($token->validate($data) === false) {
throw OAuthServerException::accessDenied('Access token is invalid');
}
// Check if token has been revoked
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
throw OAuthServerException::accessDenied('Access token has been revoked');
}
// Return the response with additional attributes
$response = ['oauth_access_token_id' => $token->getClaim('jti'), 'oauth_client_id' => $token->getClaim('aud'), 'oauth_user_id' => $token->getClaim('sub'), 'oauth_scopes' => $token->getClaim('scopes')];
return $response;
} catch (\InvalidArgumentException $exception) {
// JWT couldn't be parsed so return the request as is
throw OAuthServerException::accessDenied($exception->getMessage());
}
}
/**
* validate token
*
* @param [string] $tokenString
* @param [string] $socketId
* @return [boolean]
*/
private function validateToken($tokenString)
{
//
$parser = new Parser();
// data of validator
// add time for experitation
$validatorData = new ValidationData();
$validatorData->setCurrentTime(time());
// getting token for JWT
$token = $parser->parse((string) $tokenString);
return $token->validate($validatorData);
}
/**
* @param Application $app
*/
public function register(Application $app)
{
$app['security.authentication_listener.factory.jwt'] = $app->protect(function ($name, $options) use($app) {
$app['security.validation_data.' . $name . '.jwt'] = $app->share(function () use($options) {
$validationData = new ValidationData();
$claims = isset($options['validation']) ? $options['validation'] : [];
foreach ($claims as $claim => $value) {
switch ($claim) {
case 'jti':
$validationData->setId($value);
break;
case 'iss':
$validationData->setIssuer($value);
break;
case 'aud':
$validationData->setAudience($value);
break;
case 'sub':
$validationData->setSubject($value);
break;
case 'current_time':
$validationData->setCurrentTime($value);
break;
}
}
return $validationData;
});
$app['security.public_key.' . $name . '.jwt'] = $app->share(function () use($options) {
return new Key($options['public_key']);
});
$app['security.token_decoder.' . $name . '.jwt'] = $app->share(function (Application $app) use($name, $options) {
return new JwtDecoderService(new Parser(), $app['security.validation_data.' . $name . '.jwt'], new Sha256(), $app['security.public_key.' . $name . '.jwt'], $options['required_claims']);
});
// define the authentication provider object
$app['security.authentication_provider.' . $name . '.jwt'] = $app->share(function () use($app, $name) {
return new JwtAuthenticationProvider($app['security.token_decoder.' . $name . '.jwt']);
});
// define the authentication listener object
$app['security.authentication_listener.' . $name . '.jwt'] = $app->share(function () use($app, $name) {
return new JwtListener($app['security.token_storage'], $app['security.authentication_manager'], $app['security.token_decoder.' . $name . '.jwt']);
});
return ['security.authentication_provider.' . $name . '.jwt', 'security.authentication_listener.' . $name . '.jwt', null, 'pre_auth'];
});
}
