File: docs/03-Implementation-Guide/02-Validators.md

Recommend this page to a friend!
  Classes of Scott Arciszewski  >  PHP PASeTo  >  docs/03-Implementation-Guide/02-Validators.md  >  Download  
File: docs/03-Implementation-Guide/02-Validators.md
Role: Auxiliary data
Content type: text/markdown
Description: Auxiliary data
Class: PHP PASeTo
Encrypt and decrypt data with PaSeTO protocol
Author: By
Last change:
Date: 8 months ago
Size: 1,400 bytes
 

Contents

Class file image Download

Validators

After verifying and extracting the payloads from the token, but before returning the object representation of the payload to the user, library authors may wish to add the ability for their token parsers to automatically validate the token against some basic constraints.

This is not strictly required, but validation support is highly recommended.

Some examples of validation rules that libraries may wish to provide include:

  • `ForAudience` which compares the payload-provided `aud` claim with an expected value.
  • `IdentifiedBy` which compares the payload-provided `jti` claim with an expected value.
  • `IssuedBy` which compares the payload-provided `iss` claim with an expected value.
  • `NotExpired` which verifies that the current time is less than or equal to the DateTime stored in the `exp` claim.
  • `Subject` which compares the payload-provided `sub` claim with an expected value.
  • `ValidAt` which verifies all of the following: * The current time is less than or equal to the DateTime stored in the `exp` claim. * The current time is greater than or equal to the DateTime stored in the `iat` claim. * The current time is greater than or equal to the DateTime stored in the `nbf` claim.

Example implementations of these validators are included in the PHP implementation.

Validation should fail-closed by default (e.g. if invalid data is provided).


For more information send a message to info at phpclasses dot org.