Support for issuer claim?

Question

Support for issuer claim?

bfailing opened this issue 6 years ago · 2 comments

Answer 1 · 2019-02-14T08:17:32.000Z

There is currently no built-in support for the iss (issuer) claim, but I can definitely look into implementing this for you.

In the meantime, the code below shows an example of how you could add support for this claim within your application.

// Decode the given JWT hash
$decodedJwt = \Lindelius\JWT\StandardJWT::decode($token);
$decodedJwt->verify(DECODE_KEY);

// Get the expected issuer
$expectedIssuer = 'https://myapp.tld';

// Verify that the "iss" claim is valid
if ($decodedJwt->iss && $decodedJwt->iss !== $expectedIssuer) {
    throw new \Lindelius\JWT\Exception\InvalidJwtException('Invalid issuer.');
}

Let me know if you have any further questions.

Answer 2 · 2020-03-30T15:49:04.000Z

Built-in support for the iss claim has now been commited to master and will be available as of the upcoming 0.9 version.

Thank you again for making the request, and sorry for not getting around to implement it sooner.