public function verifyToken($key, $token = null)
{
if (empty($token)) {
$token = $this;
}
if ($token instanceof JWT) {
$token = $token->getToken();
}
if (empty($key)) {
throw new InvalidArgumentException('Key may not be empty');
}
$token = explode('.', $token);
if (count($token) != 3) {
throw new UnexpectedValueException('Wrong number of segments');
}
list($headB64, $payloadB64, $cryptoB64) = $token;
if (null === ($header = JWT::jsonDecode(JWT::URLSafeB64Decode($headB64)))) {
throw new UnexpectedValueException('Invalid header encoding');
}
if (null === ($payload = JWT::jsonDecode(JWT::URLSafeB64Decode($payloadB64)))) {
throw new UnexpectedValueException('Invalid claims encoding');
}
$sign = JWT::URLSafeB64Decode($cryptoB64);
if (empty($header->alg) || $header->alg === 'none') {
throw new DomainException('Empty algorithm');
}
if (empty(self::$supportedAlg[$header->alg])) {
throw new DomainException('Algorithm not supported');
}
if (is_array($key) || $key instanceof \ArrayAccess) {
if (isset($header->kid)) {
$key = $key[$header->kid];
} else {
throw new DomainException('"kid" empty, unable to lookup correct key');
}
}
if (!JWT::verify("{$headB64}.{$payloadB64}", $sign, $key, $header->alg)) {
return false;
}
if (isset($payload->nbf) && $payload->nbf > time() + self::$exp) {
throw new BeforeValidException('Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->nbf));
}
if (isset($payload->iat) && $payload->iat > time() + self::$exp) {
throw new BeforeValidException('Cannot handle token prior to ' . date(DateTime::ISO8601, $payload->iat));
}
if (isset($payload->exp) && time() - self::$exp >= $payload->exp) {
throw new ExpiredException('Expired token');
}
return true;
}
