[Doc] Documentation differs with real execution

Question

[Doc] Documentation differs with real execution

Opened this issue 9 years ago · 0 comments

Readme says that

To verify a token's claims, first set up the context that should be used to verify the token against. Encryption is the only required verification.
$context = new Emarref\Jwt\Verification\Context($encryption);
$context->setAudience('audience_1');
$context->setIssuer('your_issuer');

But looking inside the algo - this code quietly implies and verifies that sub should be null. Also with some other claims - code user should explicitly set the correct value from token if he do not want these to fail on verification.

I'm missing something maybe, but I thought that claims are not subject of mandatory verification if they are present.

As a decision I suggest to move the contents of the getVerifiers method to be the third argument of Jwt::verify method and push EncryptionVerifier there internally as only mandatory verifier. This will also make the verifier list extensible without extending Jwt class, allowing to verify custom claims.