Additional checks for validity and in validator

* Properly check nbf and exp claims in token to determine simple validity. * Properly check nbf and exp claims in validator and throw exceptions if expired/not yet valid.
2024-03-11 23:34:19 +01:00 · 2024-03-11 23:34:19 +01:00 · f83998e6c7
parent 369514589f
commit f83998e6c7
2 changed files with 20 additions and 0 deletions
--- a/src/JWTToken.php
+++ b/src/JWTToken.php
@ -70,6 +70,14 @@ class JWTToken
                $this->valid = false;
            }
        }
+
+        if ($this->header->has('nbf')) {
+            $nbf = intval($this->header->get('nbf'));
+            if ($nbf >= time()) {
+                // Invalid if before
+                $this->valid = false;
+            }
+        }
    }

    /**
--- a/src/Validator/JWTValidator.php
+++ b/src/Validator/JWTValidator.php
@ -47,6 +47,18 @@ class JWTValidator
            throw new JWTTokenException("The token is not valid");
        }

+        if ($token->claims->has("nbf")) {
+            $notBefore = intval($token->claims->get("nbf"));
+            if (time() < $notBefore)
+                throw new JWTTokenException("Token not yet valid");
+        }
+
+        if ($token->claims->has("exp")) {
+            $notAfter = intval($token->claims->get("exp"));
+            if (time() > $notAfter)
+                throw new JWTTokenException("Token no longer valid");
+        }
+
        if (!$token->header->hasAll($this->requireHeaders)) {
            throw new JWTHeaderException("The token is missing one or more required headers");
        }