private static function JWT::verify in Auth0 Single Sign On 8.2
Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.
Parameters
string $msg The original message (header and body):
string $signature The original signature:
string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key:
string $alg The algorithm:
Return value
bool
Throws
DomainException Invalid Algorithm or OpenSSL failure
1 call to JWT::verify()
- JWT::decode in vendor/
firebase/ php-jwt/ src/ JWT.php - Decodes a JWT string into a PHP object.
File
- vendor/
firebase/ php-jwt/ src/ JWT.php, line 234
Class
- JWT
- JSON Web Token implementation, based on this spec: https://tools.ietf.org/html/rfc7519
Namespace
Firebase\JWTCode
private static function verify($msg, $signature, $key, $alg) {
if (empty(static::$supported_algs[$alg])) {
throw new DomainException('Algorithm not supported');
}
list($function, $algorithm) = static::$supported_algs[$alg];
switch ($function) {
case 'openssl':
$success = \openssl_verify($msg, $signature, $key, $algorithm);
if ($success === 1) {
return true;
}
elseif ($success === 0) {
return false;
}
// returns 1 on success, 0 on failure, -1 on error.
throw new DomainException('OpenSSL error: ' . \openssl_error_string());
case 'hash_hmac':
default:
$hash = \hash_hmac($algorithm, $msg, $key, true);
if (\function_exists('hash_equals')) {
return \hash_equals($signature, $hash);
}
$len = \min(static::safeStrlen($signature), static::safeStrlen($hash));
$status = 0;
for ($i = 0; $i < $len; $i++) {
$status |= \ord($signature[$i]) ^ \ord($hash[$i]);
}
$status |= static::safeStrlen($signature) ^ static::safeStrlen($hash);
return $status === 0;
}
}