If cookie doesn't exist, an error is thrown

[callumacrae]

In my opinion, a better behaviour would be to just fail the verification.

[odino]

Hi @callumacrae!

I quite dont get the issue, meaning that this library doesnt deal with cookies, the README just shows you a very simple / basic example

Yes, for sure you will need to check if the cookie exists. For example, we use Sf2 and in our code the JWS validation is fired after checking the cookie exists:

if ($cookies->has('identity')) {
    // do stuff
}

[callumacrae]

I didn't quite get the issue at the time, either!

What I think I meant is that I think that the library should not throw a fatal error if it is given an invalid token, it should stay quiet (or possibly throw a NOTICE if you really must), and then return false on ->verify().

[odino]

mmm, it should already act exactly like this, can you write a small test case? Or maybe add a failing test?

[callumacrae]

I can't get your tests to run (phpunit doesn't seem to be doing anything), but the following code is failing and I don't think it should be:

$jws = JWS::load('invalid');
$jws->verify($publicKey);

I've worked around it for when the token doesn't exist, but if the token is simply invalid I have no way of telling. It's actually making the server throw a 500, so I'm not sure what is happening there (and it's failing on multiple servers).