Automattic\WooCommerce\StoreApi\Utilities

JsonWebToken::validate │ public static │ WC 1.0

Validates a provided token against the provided secret. Checks for format, valid header for our class, expiration claim validity and signature. https://datatracker.ietf.org/doc/html/rfc7519#section-7.2

Method of the class: JsonWebToken{}

No Hooks.

Returns

true|false.

Usage

$result = JsonWebToken::validate( $token, $secret );

$token(string) (required)

Full token string.

$secret(string) (required)

The secret used to generate the signature.

JsonWebToken::validate() JsonWebToken::validate code ^{WC 10.8.1}

public static function validate( string $token, string $secret ) {
	if ( ! self::shallow_validate( $token ) ) {
		return false;
	}

	$parts = self::get_parts( $token );

	/**
	 * Check if the token is based on our secret.
	 */
	$encoded_regenerated_signature = self::to_base_64_url(
		self::generate_signature( $parts->header_encoded . '.' . $parts->payload_encoded, $secret )
	);

	return hash_equals( $encoded_regenerated_signature, $parts->signature_encoded );
}