| 99,11 → 99,11 |
|---|
| /** |
| * Do various checks if the token is allowed and not blacklisted |
| * @param OIDplusAuthContentStore $contentProvider |
| * @param int $validGenerators Bitmask which generators to allow (-1 = allow all) |
| * @param int|null $validGenerators Bitmask which generators to allow (null = allow all) |
| * @return void |
| * @throws OIDplusException |
| */ |
| private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=-1) { |
| private static function jwtSecurityCheck(OIDplusAuthContentStore $contentProvider, int $validGenerators=null) { |
| // Check if the token is intended for us |
| if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
| throw new OIDplusException(_L('Token has wrong audience')); |
| 182,7 → 182,7 |
|---|
| } |
| |
| // Checks if JWT are dependent on the generator |
| if ($validGenerators !== -1) { |
| if (!is_null($validGenerators)) { |
| if (($gen & $validGenerators) === 0) { |
| throw new OIDplusException(_L('This kind of JWT token (%1) cannot be used in this request type', self::generatorName($gen))); |
| } |