/** * Returns the resultant token * * @return Token */ public function getToken() { $payload = [$this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->headers)), $this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->claims))]; if ($this->signature !== null) { $payload[] = $this->encoder->base64UrlEncode($this->signature); } return new Token($this->headers, $this->claims, $this->signature, $payload); }
/** * Returns an encoded representation of the token * * @return string */ public function __toString() { try { $data = $this->getPayload() . '.'; if ($this->signature) { $data .= $this->encoder->base64UrlEncode($this->signature); } return $data; } catch (BadMethodCallException $e) { return ''; } }
/** * @test */ public function it_can_verify_a_token_signature() { $this->assertTrue($this->decoderService->verifySignature($this->parser->parse($this->tokenString))); // Change one of the claims, but keep the original header and // signature. $manipulatedClaims = $this->tokenClaimsAsValueObjects; $manipulatedClaims['uid'] = new Basic('uid', '0'); $encoder = new Encoder(); $manipulatedPayload = $this->payload; $manipulatedPayload[1] = $encoder->base64UrlEncode($encoder->jsonEncode($manipulatedClaims)); // Re-create the token string using the original header and signature, // but with manipulated claims. $manipulatedTokenString = implode('.', $manipulatedPayload); $this->assertFalse($this->decoderService->verifySignature($this->parser->parse($manipulatedTokenString))); }