Signed tokens are loaded by a serializer or the serializer manager and verified by the JWSVerifier
object. This JWSVerifier object just requires an algorithm manager.
In the following example, we will try to load a signed token. We will only use the HS256
algorithm.
Now we can deserialize the input we receive and check the signature using our key. We will continue with the data we got in the JWS creation section.
Note: we do not check header parameters here, but it is very important to do it. This step is described in the Header Checker section.
The method verifyWithKey
returns a boolean. If true, then your token signature is valid. You can then check the claims (if any) using the claim checker manager.
To avoid duplication of code lines, you can create a JWSLoader
object. This object contains a serializer, a verifier and an optional header checker (highly recommended).
In the following example, the JWSLoader
object will try to unserialize the token $token
, check the header parameters and verify the signature with the key $jwk
. The variable $payload
corresponds to the detached payload (null
by default).
If the verification succeeded, the variable $signature
will be set with the signature index and should be in case of multiple signatures. The method returns the JWS object.
In case you use a key set, you can use the method loadAndVerifyWithKeySet
.
This feature was introduced in version 1.1.
The JWSLoaderFactory
object is able to create JWSLoader
objects on demand. It requires the following factories:
JWSSerializerManagerFactory
JWSVerifierFactory
HeaderCheckerManagerFactory
(optional)