File: docs/03-Implementation-Guide/02-Validators.md

Recommend this page to a friend!
  Classes of Scott Arciszewski  >  PHP PASeTo  >  docs/03-Implementation-Guide/02-Validators.md  >  Download  
File: docs/03-Implementation-Guide/02-Validators.md
Role: Auxiliary data
Content type: text/markdown
Description: Auxiliary data
Class: PHP PASeTo
Encrypt and decrypt data with PaSeTO protocol
Author: By
Last change:
Date: 5 months ago
Size: 1,400 bytes
 

Contents

Class file image Download

Validators

After verifying and extracting the payloads from the token, but before returning the object representation of the payload to the user, library authors may wish to add the ability for their token parsers to automatically validate the token against some basic constraints.

This is not strictly required, but validation support is highly recommended.

Some examples of validation rules that libraries may wish to provide include:

  • ForAudience which compares the payload-provided aud claim with an expected value.
  • IdentifiedBy which compares the payload-provided jti claim with an expected value.
  • IssuedBy which compares the payload-provided iss claim with an expected value.
  • NotExpired which verifies that the current time is less than or equal to the DateTime stored in the exp claim.
  • Subject which compares the payload-provided sub claim with an expected value.
  • ValidAt which verifies all of the following: * The current time is less than or equal to the DateTime stored in the exp claim. * The current time is greater than or equal to the DateTime stored in the iat claim. * The current time is greater than or equal to the DateTime stored in the nbf claim.

Example implementations of these validators are included in the PHP implementation.

Validation should fail-closed by default (e.g. if invalid data is provided).


For more information send a message to info at phpclasses dot org.