Comments (9)
Thanks @absolux for your contribution.
The ValidationData
is not a validator, but is "bag" to define your expectations about the token. In that way you're required to inform what do you want to be validated.
To make your code work you have to do this:
$builder = new Builder();
$token = $builder->setSubject(1)->getToken();
$validator = new ValidationData();
$validator->setSubject(2); // if you don't set this the "sub" claim will be just ignored in the validation.
$this->assertFalse($token->validate($validator));
My ideia was to say: hey token are you valid against this data?
from jwt.
But you remind me to create a new issue about the token validation process 😄
from jwt.
I think this should be explained better in the documentation section
from jwt.
yes indeed, but ValidationData
object has by default 3 claims [iat, exp, nbf] not validated by the token, because they are absent, and my test will always fail in case the token is not signed.
So, for that reason, ValidationData
should know about required claims, and returns false before checking claims values
from jwt.
Thanks again @absolux.
After taking more time to analyse your report I've found the reason why you're getting the wrong return from Token::validate()
method.
It's not related with what you're saying, but actually with types and ===
comparison used by Claims\EqualsTo
.
Builder converts the subject claim to a string
, but ValidationData
doesn't. So when you're using int
as subject things get messy 😄. I'll be fixing it right now and adding more tests.
from jwt.
BTW token validation and signature verification are different things. That's why this isn't related with having unsigned tokens.
from jwt.
@absolux I just released the version 3.0.3 with this fix, can you check if everything is fine now?
from jwt.
Thanks a lot for the update, and the documentation is more clear now. 👍
from jwt.
Awesome @absolux! Some 🍻 to you for reporting this!
from jwt.
Related Issues (20)
- Uncaught Error: Class "Lcobucci\JWT\JwtFacade" not found HOT 1
- error Undefined method 'claims'. HOT 1
- Suggestion: Make Parser methods public HOT 6
- It was not possible to parse your key, reason: error:0480006C:PEM routines::no start line HOT 2
- Getting error * error:0906D06C:PEM routines:PEM_read_bio:no start line HOT 3
- Class "Lcobucci\JWT\Validation\Constraint\LooseValidAt" not found HOT 4
- Builder#withClaim() is meant to be used for non-registered claims, check the documentation on how to set claim \"sub\"" HOT 3
- Wrong timezone while parsing jet HOT 1
- Uncaught Error: Class "Lcobucci\JWT\JwtFacade" not found in version 5.1 HOT 2
- Impossible to parse private key HOT 2
- JWT token signature is not validated when parsing from configuration HOT 3
- Failed to parse token using the decoder key ECDSA with Sha384 HOT 4
- Class Lcobucci\JWT\Signer\Key\InMemory may not inherit from final class HOT 8
- Add claims() function to token interface HOT 4
- Remove UnifyAudience ClaimFormatter HOT 5
- Sha256::create() method doesn't exist HOT 3
- Cannot instantiate interface Lcobucci\JWT\Signer\Ecdsa\SignatureConverter HOT 14
- Deprecated empty key HOT 2
- "Key cannot be empty" error HOT 6
- Broken upgrade path from 3.4 to 4.0 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jwt.