Additional checks for validity and in validator

* Properly check nbf and exp claims in token to determine simple
  validity.
* Properly check nbf and exp claims in validator and throw exceptions
  if expired/not yet valid.
This commit is contained in:
Chris 2024-03-11 23:34:19 +01:00
parent 369514589f
commit f83998e6c7
2 changed files with 20 additions and 0 deletions

View File

@ -70,6 +70,14 @@ class JWTToken
$this->valid = false; $this->valid = false;
} }
} }
if ($this->header->has('nbf')) {
$nbf = intval($this->header->get('nbf'));
if ($nbf >= time()) {
// Invalid if before
$this->valid = false;
}
}
} }
/** /**

View File

@ -47,6 +47,18 @@ class JWTValidator
throw new JWTTokenException("The token is not valid"); throw new JWTTokenException("The token is not valid");
} }
if ($token->claims->has("nbf")) {
$notBefore = intval($token->claims->get("nbf"));
if (time() < $notBefore)
throw new JWTTokenException("Token not yet valid");
}
if ($token->claims->has("exp")) {
$notAfter = intval($token->claims->get("exp"));
if (time() > $notAfter)
throw new JWTTokenException("Token no longer valid");
}
if (!$token->header->hasAll($this->requireHeaders)) { if (!$token->header->hasAll($this->requireHeaders)) {
throw new JWTHeaderException("The token is missing one or more required headers"); throw new JWTHeaderException("The token is missing one or more required headers");
} }