public static function fromEncoded(string $encoded, KeyContainer $keys) : self { // This should exactly follow s7.2 of the IETF JWT spec $parts = explode('.', $encoded); if (3 !== count($parts)) { throw new InvalidFormatException('Invalid format, wrong number of segments'); } list($enc_header, $enc_claims, $signature) = $parts; $headers = self::b64decode($enc_header); $claims = self::b64decode($enc_claims); $token = new self($claims); $token->headers = $headers; $token->signature = $signature; $token->setKeys($keys); $token->authenticate(); $token->enforceExpirations(); return $token; }