Additional checks for validity and in validator

* Properly check nbf and exp claims in token to determine simple validity. * Properly check nbf and exp claims in validator and throw exceptions if expired/not yet valid.
2024-03-11 23:34:19 +01:00
parent 369514589f
commit f83998e6c7
2 changed files with 20 additions and 0 deletions
--- a/src/JWTToken.php
+++ b/src/JWTToken.php
@ -70,6 +70,14 @@ class JWTToken
                $this->valid = false;
            }
        }
+
+        if ($this->header->has('nbf')) {
+            $nbf = intval($this->header->get('nbf'));
+            if ($nbf >= time()) {
+                // Invalid if before
+                $this->valid = false;
+            }
+        }
    }

    /**