noccy/php-simple-jwt
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Added support for validating token issuer and audience

Browse Source 
* Use requireIssuer() and requireAudience() on the JwtValidator to make sure
  that the token is for what you expect it to be for.
* A setAll() method has been added to property bag, applying but not overriding
  values.
* Added tests for JwtValidator.
This commit is contained in:
Chris
2021-02-16 18:25:29 +01:00
parent 9d85e2ccef
commit 7753853e58
4 changed files with 96 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Collection/PropertyBag.php
View File

@@ -45,6 +45,14 @@ class PropertyBag
$this->props[$prop] = $value;
}
public function setAll(array $props)
{
$this->props = array_merge(
$this->props,
$props
);
}
/**
* Get the value of a property, fails if the property does not exist.
* Use the value() method to get with a default value
@@ -122,4 +130,4 @@ class PropertyBag
return true;
}
}
}

28
src/Validator/JwtValidator.php
View File

@@ -11,6 +11,10 @@ class JwtValidator
private $requireClaims = [];
private $requireIssuer = [];
private $requireAudience = [];
public function __construct()
{
$this->requireHeaders = [
@@ -27,6 +31,16 @@ class JwtValidator
$this->requireClaims[] = $name;
}
public function requireIssuer($issuer)
{
$this->requireIssuer = (array)$issuer;
}
public function requireAudience($audience)
{
$this->requireAudience = (array)$audience;
}
public function validateToken(JwtToken $token)
{
if (!$token->isValid()) {
@@ -41,6 +55,20 @@ class JwtValidator
throw new JwtHeaderException("The token is missing one or more required claims");
}
if ($this->requireIssuer) {
$hasIssuer = $token->header->has("iss");
if ((!$hasIssuer)
|| (!in_array($token->header->get("iss"), $this->requireIssuer)))
throw new JwtTokenException("Invalid issuer");
}
if ($this->requireAudience) {
$hasAudience = $token->header->has("aud");
if ((!$hasAudience)
|| (!in_array($token->header->get("aud"), $this->requireAudience)))
throw new JwtTokenException("Invalid audience");
}
return true;
}