/** * Validate the payload timestamps. * * @param array $payload * * @throws \Tymon\JWTAuth\Exceptions\TokenExpiredException * @throws \Tymon\JWTAuth\Exceptions\TokenInvalidException * * @return bool */ protected function validateTimestamps(array $payload) { if (isset($payload['nbf']) && Utils::isFuture($payload['nbf'])) { throw new TokenInvalidException('Not Before (nbf) timestamp cannot be in the future'); } if (isset($payload['iat']) && Utils::isFuture($payload['iat'])) { throw new TokenInvalidException('Issued At (iat) timestamp cannot be in the future'); } if (isset($payload['exp']) && Utils::isPast($payload['exp'])) { throw new TokenExpiredException('Token has expired'); } return true; }
/** * Determine whether the token has been blacklisted. * * @param \Tymon\JWTAuth\Payload $payload * * @return bool */ public function has(Payload $payload) { $val = $this->storage->get($this->getKey($payload)); // exit early if the token was blacklisted forever if ($val === 'forever') { return true; } // check whether the expiry + grace has past return $val !== null && !Utils::isFuture($val['valid_until']); }