Automattic\WooCommerce\StoreApi\Utilities
JsonWebToken::validate()
Validates a provided token against the provided secret. Checks for format, valid header for our class, expiration claim validity and signature. https://datatracker.ietf.org/doc/html/rfc7519#section-7.2
Метод класса: JsonWebToken{}
Хуков нет.
Возвращает
true|false
.
Использование
$result = JsonWebToken::validate( $token, $secret );
- $token(строка) (обязательный)
- Full token string.
- $secret(строка) (обязательный)
- The secret used to generate the signature.
Код JsonWebToken::validate() JsonWebToken::validate WC 8.7.0
public static function validate( string $token, string $secret ) { /** * Confirm the structure of a JSON Web Token, it has three parts separated * by dots and complies with Base64URL standards. */ if ( preg_match( '/^[a-zA-Z\d\-_=]+\.[a-zA-Z\d\-_=]+\.[a-zA-Z\d\-_=]+$/', $token ) !== 1 ) { return false; } $parts = self::get_parts( $token ); /** * Check if header declares a supported JWT by this class. */ if ( ! is_object( $parts->header ) || ! property_exists( $parts->header, 'typ' ) || ! property_exists( $parts->header, 'alg' ) || self::$type !== $parts->header->typ || self::$algorithm !== $parts->header->alg ) { return false; } /** * Check if token is expired. */ if ( ! property_exists( $parts->payload, 'exp' ) || time() > (int) $parts->payload->exp ) { return false; } /** * Check if the token is based on our secret. */ $encoded_regenerated_signature = self::to_base_64_url( self::generate_signature( $parts->header_encoded . '.' . $parts->payload_encoded, $secret ) ); return hash_equals( $encoded_regenerated_signature, $parts->signature_encoded ); }