JwT security - "verifyAccessToken" PHP SDK?

gstamp · February 22, 2022, 5:37pm

I’m am trying to understand what specifically this package is doing to “verify” the token:

verifyAccessToken
This will validate your JWT for the following:

token expiration time

the time it was issue at

that the token issuer matches the expected value passed into the above helper

that the token audience matches the expected value passed into the above helper

Does this mean that the signature of the token is checked, and then the token is decoded and these verification checks are done? or does it mean that it just decodes the token and does these checks?

Thanks,
gstamps

erik · February 23, 2022, 9:08pm

Hello,

Yes, it relies on Firebase JWT to decode which verifies the signature.
https://github.com/firebase/php-jwt/blob/main/src/JWT.php

gstamp · March 1, 2022, 11:30pm

Thank you Erik, much appreciated.

system · March 2, 2022, 11:31pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.