/** * @param string $token * @return ParsedToken * @throws InvalidException if token can't be parsed */ protected function getParsedToken($token) { try { return $this->parser->parse((string) $token); } catch (\InvalidArgumentException $e) { throw new InvalidException('Could not parse token: ' . $e->getMessage(), InvalidException::CODE_TOKEN_INVALID, $e); } }
/** * @param string $token * @return ParsedToken * @throws InvalidException if token can't be parsed */ protected function getParsedToken($token) { try { return $this->parser->parse((string) $token); } catch (\InvalidArgumentException $e) { throw InvalidException::tokenUnparseable($token, $e); } }
/** * @param StringLiteral $tokenString * @return Jwt */ public function parse(StringLiteral $tokenString) { try { return $this->parser->parse($tokenString->toNative()); } catch (\InvalidArgumentException $e) { throw new JwtParserException($e); } }
/** * @param Request $request * @return Token */ public function extractTokenFromRequest(Request $request) : Token { foreach ($this->extractors as $extractor) { if ($extractor->canHandle($request)) { $token = $extractor->extract($request); return $this->jwtParser->parse($token); } } throw new BadCredentialsException('No Auth Token found.'); }
public function authenticate($token, Signer $signer, $key) { try { $token = $this->parser->parse($token); } catch (\InvalidArgumentException $e) { throw new UnrecognizedToken(); } if (!$token->verify($signer, $key)) { throw new InvalidSignature(); } }
public function checkCallbackSignature($token, $tokenId) { try { $parser = new Parser(); $token = $parser->parse((string) $token); } catch (\RuntimeException $exception) { throw new Exception\InvalidToken(); } $validation = new ValidationData(); $validation->setIssuer($this->gatewayUrl); $validation->setAudience($this->key); $validation->setId($tokenId); if (!$token->validate($validation)) { throw new Exception\TokenValidationFailed(); } if (!$token->verify(new Sha256(), $this->secret)) { throw new Exception\TokenVerificationFailed(); } if (!$token->hasClaim('sub')) { throw new Exception\SubjectClaimMissing(); } $this->username = $token->getClaim('sub'); if (!$token->hasClaim('pass')) { throw new Exception\PassClaimMissing(); } $this->pass = $token->getClaim('pass'); }
protected function validTokenFromStr($tokenStr) { if (!empty($tokenStr)) { $token = $this->parser->parse($tokenStr); if ($token->verify(new $this->signer(), $this->secret)) { return $token; } } return null; }
/** * [Return the value of a token the request]. * * @param string $token * * @return Lcobucci\JWT\Token */ public function decodeToken($token) { try { $parser = new Parser(); if (!($token = $parser->parse((string) $token))) { throw new Exception('Token inválido'); } return $token; } catch (Exception $e) { abort(401, 'Favor efetuar o login novamente'); } }
/** * validate token * * @param [string] $tokenString * @param [string] $socketId * @return [boolean] */ private function validateToken($tokenString) { // $parser = new Parser(); // data of validator // add time for experitation $validatorData = new ValidationData(); $validatorData->setCurrentTime(time()); // getting token for JWT $token = $parser->parse((string) $tokenString); return $token->validate($validatorData); }
/** * @test */ public function it_can_verify_a_token_signature() { $this->assertTrue($this->decoderService->verifySignature($this->parser->parse($this->tokenString))); // Change one of the claims, but keep the original header and // signature. $manipulatedClaims = $this->tokenClaimsAsValueObjects; $manipulatedClaims['uid'] = new Basic('uid', '0'); $encoder = new Encoder(); $manipulatedPayload = $this->payload; $manipulatedPayload[1] = $encoder->base64UrlEncode($encoder->jsonEncode($manipulatedClaims)); // Re-create the token string using the original header and signature, // but with manipulated claims. $manipulatedTokenString = implode('.', $manipulatedPayload); $this->assertFalse($this->decoderService->verifySignature($this->parser->parse($manipulatedTokenString))); }
/** * Extract the token from the given request object * * @param Request $request * * @return Token|null */ private function parseToken(Request $request) { $cookies = $request->getCookieParams(); $cookieName = $this->defaultCookie->getName(); if (!isset($cookies[$cookieName])) { return null; } try { $token = $this->tokenParser->parse($cookies[$cookieName]); } catch (\InvalidArgumentException $invalidToken) { return null; } if (!$token->validate(new ValidationData())) { return null; } return $token; }
public function authenticate() { // parse response $code = null; $state = null; if (isset($_GET['error'])) { throw new \Exception('Response from Authorization Server: ' . $_GET['error']); } if (isset($_GET['code'])) { $code = $_GET['code']; } if (isset($_GET['state'])) { $state = $_GET['state']; } $existingState = $this->getStateSession(); if ($existingState !== $state) { throw new \Exception('Broken authorization flow - state mismatch'); } if ($code === null) { throw new \Exception('"code" param has not been received from Authorization Server'); } $authorizationCode = $this->requestTokens($code); if (isset($authorizationCode->error)) { throw new \Exception($authorizationCode->error_description); } if (!isset($authorizationCode->id_token)) { throw new \Exception('id_token has not been received from Authorization Server'); } $tmpimpl = count(explode('.', $authorizationCode->id_token)); if ($tmpimpl != 3 && $tmpimpl != 5) { throw new \Exception('Incorrect id_token received from Authorization Server'); } if ($tmpimpl == 5) { throw new \Exception('Encrypted JWT is not supported yet'); } $parser = new Lcobucci\JWT\Parser(); $token = $parser->parse($authorizationCode->id_token); $alg = $token->getHeader('alg'); if ($alg !== 'RS256') { throw new \Exception('Only alg RS256 is accepted'); } $kid = $token->getHeader('kid'); $validationData = new Lcobucci\JWT\ValidationData(); $validationData->setIssuer($this->getProviderURL()); $validationData->setAudience($this->clientID); $isValidToken = $token->validate($validationData); if (!$isValidToken) { throw new \Exception('Received "id_token" is not valid - propbably expired'); } // verify sig $jwks_uri = $this->getOPConfigValue('jwks_uri'); $jwks_body = $this->runHttpRequest($jwks_uri); $this->jwks = json_decode($jwks_body, true); if (!is_array($this->jwks) || !array_key_exists('keys', $this->jwks)) { throw new \Exception('JWKS not found, cannot verify signature'); } $keyVer = null; foreach ($this->jwks['keys'] as $key => $val) { if ($val['kid'] === $kid && $val['use'] === 'sig') { $keyVer = $this->jwks['keys'][$key]; break; } } if ($keyVer === null) { throw new \Exception('JWK not found, cannot verify signature'); } $jwkObj = new Jwk($keyVer); $signer = new Lcobucci\JWT\Signer\Rsa\Sha256(); $keychain = new Lcobucci\JWT\Signer\Keychain(); $sigValid = $token->verify($signer, $keychain->getPublicKey($jwkObj->toKey())); if ($sigValid !== true) { throw new \Exception('Received "id_token" is not valid. Signature validation failed'); } /** * @var Lcobucci\JWT\Claim\Basic[] $claimsObj */ $claimsObj = $token->getClaims(); $claims = array(); foreach ($claimsObj as $cl) { if ($cl instanceof Lcobucci\JWT\Claim\Basic) { $claims['' . $cl->getName() . ''] = $cl->getValue(); } } $claims['iss'] = $token->getClaim('iss'); unset($_SESSION['joidc_once']); unset($_SESSION['joidc_state']); unset($_SESSION['joidc_issuer']); return $claims; }
/** * @param array $payload */ protected function revokeOtherAccessTokens(array $payload) { $token = $this->tokens->find($tokenId = $this->jwt->parse($payload['access_token'])->getClaim('jti')); $this->tokens->revokeOtherAccessTokens($token->client_id, $token->user_id, $tokenId, Passport::$pruneRevokedTokens); }