Automattic\WooCommerce\StoreApi\Utilities

JsonWebToken::validate()public staticWC 1.0

Validates a provided token against the provided secret. Checks for format, valid header for our class, expiration claim validity and signature. https://datatracker.ietf.org/doc/html/rfc7519#section-7.2

Method of the class: JsonWebToken{}

No Hooks.

Return

true|false.

Usage

$result = JsonWebToken::validate( $token, $secret );
$token(string) (required)
Full token string.
$secret(string) (required)
The secret used to generate the signature.

JsonWebToken::validate() code WC 8.6.1

public static function validate( string $token, string $secret ) {
	/**
	 * Confirm the structure of a JSON Web Token, it has three parts separated
	 * by dots and complies with Base64URL standards.
	 */
	if ( preg_match( '/^[a-zA-Z\d\-_=]+\.[a-zA-Z\d\-_=]+\.[a-zA-Z\d\-_=]+$/', $token ) !== 1 ) {
		return false;
	}

	$parts = self::get_parts( $token );

	/**
	 * Check if header declares a supported JWT by this class.
	 */
	if (
		! is_object( $parts->header ) ||
		! property_exists( $parts->header, 'typ' ) ||
		! property_exists( $parts->header, 'alg' ) ||
		self::$type !== $parts->header->typ ||
		self::$algorithm !== $parts->header->alg
	) {
		return false;
	}

	/**
	 * Check if token is expired.
	 */
	if ( ! property_exists( $parts->payload, 'exp' ) || time() > (int) $parts->payload->exp ) {
		return false;
	}

	/**
	 * Check if the token is based on our secret.
	 */
	$encoded_regenerated_signature = self::to_base_64_url(
		self::generate_signature( $parts->header_encoded . '.' . $parts->payload_encoded, $secret )
	);

	return hash_equals( $encoded_regenerated_signature, $parts->signature_encoded );
}