requireHeaders = [ 'alg', 'typ', ]; } public function addRequiredClaim(string $name) { if (!in_array($name, $this->requireClaims)) { return; } $this->requireClaims[] = $name; } public function requireIssuer($issuer) { $this->requireIssuer = (array)$issuer; } public function requireAudience($audience) { $this->requireAudience = (array)$audience; } public function validateToken(JWTToken $token) { if (!$token->isValid()) { throw new JWTTokenException("The token is not valid"); } if (!$token->header->hasAll($this->requireHeaders)) { throw new JWTHeaderException("The token is missing one or more required headers"); } if (!$token->claims->hasAll($this->requireClaims)) { throw new JWTHeaderException("The token is missing one or more required claims"); } if ($this->requireIssuer) { $hasIssuer = $token->header->has("iss"); if ((!$hasIssuer) || (!in_array($token->header->get("iss"), $this->requireIssuer))) throw new JWTTokenException("Invalid issuer"); } if ($this->requireAudience) { $hasAudience = $token->header->has("aud"); if ((!$hasAudience) || (!in_array($token->header->get("aud"), $this->requireAudience))) throw new JWTTokenException("Invalid audience"); } return true; } public function validate(KeyInterface $key, string $raw) { $token = new JWTToken($key, $raw); if ($this->validateToken($token)) { return $token; } } }