/** * {@inheritdoc} */ public function validateAuthorization(\Phalcon\Http\RequestInterface $request) { if (!$request->getHeader('authorization')) { throw OAuthServerException::accessDenied('Missing "Authorization" header'); } $header = $request->getHeader('authorization'); $jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header)); try { // Attempt to parse and validate the JWT $token = (new Parser())->parse($jwt); if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) { throw OAuthServerException::accessDenied('Access token could not be verified'); } // Ensure access token hasn't expired $data = new ValidationData(); $data->setCurrentTime(time()); if ($token->validate($data) === false) { throw OAuthServerException::accessDenied('Access token is invalid'); } // Check if token has been revoked if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) { throw OAuthServerException::accessDenied('Access token has been revoked'); } // Return the response with additional attributes $response = ['oauth_access_token_id' => $token->getClaim('jti'), 'oauth_client_id' => $token->getClaim('aud'), 'oauth_user_id' => $token->getClaim('sub'), 'oauth_scopes' => $token->getClaim('scopes')]; return $response; } catch (\InvalidArgumentException $exception) { // JWT couldn't be parsed so return the request as is throw OAuthServerException::accessDenied($exception->getMessage()); } }
/** * validate token * * @param [string] $tokenString * @param [string] $socketId * @return [boolean] */ private function validateToken($tokenString) { // $parser = new Parser(); // data of validator // add time for experitation $validatorData = new ValidationData(); $validatorData->setCurrentTime(time()); // getting token for JWT $token = $parser->parse((string) $tokenString); return $token->validate($validatorData); }
/** * @param Application $app */ public function register(Application $app) { $app['security.authentication_listener.factory.jwt'] = $app->protect(function ($name, $options) use($app) { $app['security.validation_data.' . $name . '.jwt'] = $app->share(function () use($options) { $validationData = new ValidationData(); $claims = isset($options['validation']) ? $options['validation'] : []; foreach ($claims as $claim => $value) { switch ($claim) { case 'jti': $validationData->setId($value); break; case 'iss': $validationData->setIssuer($value); break; case 'aud': $validationData->setAudience($value); break; case 'sub': $validationData->setSubject($value); break; case 'current_time': $validationData->setCurrentTime($value); break; } } return $validationData; }); $app['security.public_key.' . $name . '.jwt'] = $app->share(function () use($options) { return new Key($options['public_key']); }); $app['security.token_decoder.' . $name . '.jwt'] = $app->share(function (Application $app) use($name, $options) { return new JwtDecoderService(new Parser(), $app['security.validation_data.' . $name . '.jwt'], new Sha256(), $app['security.public_key.' . $name . '.jwt'], $options['required_claims']); }); // define the authentication provider object $app['security.authentication_provider.' . $name . '.jwt'] = $app->share(function () use($app, $name) { return new JwtAuthenticationProvider($app['security.token_decoder.' . $name . '.jwt']); }); // define the authentication listener object $app['security.authentication_listener.' . $name . '.jwt'] = $app->share(function () use($app, $name) { return new JwtListener($app['security.token_storage'], $app['security.authentication_manager'], $app['security.token_decoder.' . $name . '.jwt']); }); return ['security.authentication_provider.' . $name . '.jwt', 'security.authentication_listener.' . $name . '.jwt', null, 'pre_auth']; }); }