/** * Get validated payload from an unsecured JWS. * * @param JWS $jws JWS * @param ValidationContext $ctx Validation context * @throws ValidationException If unsecured JWT's are not allowed, or JWS * token is malformed * @return string */ private static function _validatedPayloadFromUnsecuredJWS(JWS $jws, ValidationContext $ctx) { if (!$ctx->isUnsecuredAllowed()) { throw new ValidationException("Unsecured JWS not allowed."); } if (!$jws->validate(new NoneAlgorithm())) { throw new ValidationException("Malformed unsecured token."); } return $jws->payload(); }