Skip to content
This repository has been archived by the owner on Feb 6, 2023. It is now read-only.

Understanding JwT verification - Expiration Time and Signature #92

Closed
agawronski opened this issue Feb 9, 2022 · 2 comments
Closed

Understanding JwT verification - Expiration Time and Signature #92

agawronski opened this issue Feb 9, 2022 · 2 comments

Comments

@agawronski
Copy link
Contributor

Thank you for your work on the okta-jwt-verifier-php.

I am trying to make sure that I am using this correctly:
https://github.com/okta/okta-jwt-verifier-php#validating-an-access-token

$jwt = $jwtVerifier->verifyAccessToken($jwtString);
• token expiration time
• the time it was issue at
• that the token issuer matches the expected value passed into the above helper
• that the token audience matches the expected value passed into the above helper

I don't see anywhere in the code that actually checks the token expiration time. Am I missing something?

I am also trying to understand where the signature verification occurs.

Thanks,
Aidan.
@arvindkrishnakumar-okta
Copy link

Thanks for posting @agawronski !

@bretterer can you please take a look?

@agawronski
Copy link
Contributor Author

Any luck with this?

Does verifyAccessToken actually secure the app? or just decode the token?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agawronski @arvindkrishnakumar-okta