JwT security - "verifyAccessToken" PHP SDK?

I’m am trying to understand what specifically this package is doing to “verify” the token:

verifyAccessToken
This will validate your JWT for the following:

  • token expiration time
  • the time it was issue at
  • that the token issuer matches the expected value passed into the above helper
  • that the token audience matches the expected value passed into the above helper

Does this mean that the signature of the token is checked, and then the token is decoded and these verification checks are done? or does it mean that it just decodes the token and does these checks?

Thanks,
gstamps

Hello,

Yes, it relies on Firebase JWT to decode which verifies the signature.
https://github.com/firebase/php-jwt/blob/main/src/JWT.php

Thank you Erik, much appreciated.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.