/**
* Returns the token payload
*
* @return string
*
* @throws BadMethodCallException When $this->encoder is not configured
*/
public function getPayload()
{
if ($this->encoder === null) {
throw new BadMethodCallException('Encoder must be configured');
}
return sprintf('%s.%s', $this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->headers)), $this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->claims)));
}
/**
* Returns the resultant token
*
* @return Token
*/
public function getToken()
{
$payload = [$this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->headers)), $this->encoder->base64UrlEncode($this->encoder->jsonEncode($this->claims))];
if ($this->signature !== null) {
$payload[] = $this->encoder->base64UrlEncode($this->signature);
}
return new Token($this->headers, $this->claims, $this->signature, $payload);
}
/**
* @test
*/
public function it_can_verify_a_token_signature()
{
$this->assertTrue($this->decoderService->verifySignature($this->parser->parse($this->tokenString)));
// Change one of the claims, but keep the original header and
// signature.
$manipulatedClaims = $this->tokenClaimsAsValueObjects;
$manipulatedClaims['uid'] = new Basic('uid', '0');
$encoder = new Encoder();
$manipulatedPayload = $this->payload;
$manipulatedPayload[1] = $encoder->base64UrlEncode($encoder->jsonEncode($manipulatedClaims));
// Re-create the token string using the original header and signature,
// but with manipulated claims.
$manipulatedTokenString = implode('.', $manipulatedPayload);
$this->assertFalse($this->decoderService->verifySignature($this->parser->parse($manipulatedTokenString)));
}
