/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('iat')) {
return [];
}
$iat = (int) $jwt->getClaim('iat');
Assertion::lessOrEqualThan($iat, time(), 'The JWT is issued in the future.');
return ['iat'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('exp')) {
return [];
}
$exp = (int) $jwt->getClaim('exp');
Assertion::greaterThan($exp, time(), 'The JWT has expired.');
return ['exp'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('nbf')) {
return [];
}
$nbf = (int) $jwt->getClaim('nbf');
Assertion::lessOrEqualThan($nbf, time(), 'The JWT can not be used yet.');
return ['nbf'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('iss')) {
return [];
}
$issuer = $jwt->getClaim('iss');
Assertion::eq($this->issuer, $issuer, sprintf('The issuer "%s" is not allowed.', $issuer));
return ['iss'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('jti')) {
return [];
}
$jti = $jwt->getClaim('jti');
Assertion::true($this->isJtiValid($jti), sprintf('Invalid token ID "%s".', $jti));
return ['jti'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('sub')) {
return [];
}
$subject = $jwt->getClaim('sub');
Assertion::true($this->isSubjectAllowed($subject), sprintf('The subject "%s" is not allowed.', $subject));
return ['sub'];
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('exp')) {
return;
}
$exp = (int) $jwt->getClaim('exp');
if (time() > $exp) {
throw new \Exception('The JWT has expired.');
}
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('iss')) {
return;
}
$iss = $jwt->getClaim('iss');
if (!$this->isIssuerValid($iss)) {
throw new \Exception('Issuer not allowed.');
}
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('nbf')) {
return;
}
$nbf = (int) $jwt->getClaim('nbf');
if (time() < $nbf) {
throw new \Exception('Can not use this JWT yet.');
}
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('iat')) {
return;
}
$iat = (int) $jwt->getClaim('iat');
if (time() < $iat) {
throw new \Exception('The JWT is issued in the futur.');
}
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('sub')) {
return;
}
$sub = $jwt->getClaim('sub');
if (!$this->isSubjectValid($sub)) {
throw new \Exception('Invalid subject.');
}
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasClaim('aud')) {
return;
}
$aud = $jwt->getClaim('aud');
if (is_string($aud) && $this->audience == $aud) {
return;
}
if (is_array($aud) && in_array($this->audience, $aud, true)) {
return;
}
throw new \Exception('Bad audience.');
}
/**
* {@inheritdoc}
*/
public function checkJWT(JWTInterface $jwt)
{
if (!$jwt->hasProtectedHeader('crit')) {
return;
}
$crit = $jwt->getProtectedHeader('crit');
if (!is_array($crit)) {
throw new \RuntimeException('The header "crit" must contain an array');
}
foreach ($crit as $critical) {
if (!$jwt->hasHeaderOrClaim($critical)) {
throw new \Exception(sprintf("The claim/header '%s' is marked as critical but value is not set.", $critical));
}
}
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('aud')) {
return [];
}
$audience = $jwt->getClaim('aud');
if (is_string($audience)) {
Assertion::eq($audience, $this->audience, sprintf('The audience "%s" is not known.', $audience));
} elseif (is_array($audience)) {
Assertion::inArray($this->audience, $audience, sprintf('The audience "%s" is not known.', $audience));
} else {
throw new \InvalidArgumentException('The claim "aud" has a bad format');
}
return ['aud'];
}
/**
* {@inheritdoc}
*/
public function checkClaim(JWTInterface $jwt)
{
if (!$jwt->hasClaim('aud')) {
return [];
}
$audience = $jwt->getClaim('aud');
if (is_string($audience)) {
Assertion::eq($audience, $this->getAudience(), 'Bad audience.');
} elseif (is_array($audience)) {
Assertion::inArray($this->getAudience(), $audience, 'Bad audience.');
} else {
throw new \InvalidArgumentException('Bad audience.');
}
return ['aud'];
}
/**
* @param \Jose\Object\JWTInterface $token
*
* @return array
*/
private function getJWTInformation(JWTInterface $token)
{
$result = [];
foreach (['exp', 'iat', 'nbf', 'sub', 'aud', 'iss', 'jti'] as $key) {
if ($token->hasClaim($key)) {
$result[$key] = $token->getClaim($key);
}
}
return $result;
}