138,17 → 138,17 |
*/ |
private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) { |
// Check if the token is intended for us |
// Note 'aud' is mandatory, so we do not check of exists() |
// Note 'aud' is mandatory, so we do not check for exists() |
if ($contentProvider->getValue('aud','') !== OIDplus::getEditionInfo()['jwtaud']) { |
throw new OIDplusException(_L('Token has wrong audience')); |
} |
|
// Note CLAIM_SSH is mandatory, so we do not check of exists() |
// Note CLAIM_SSH is mandatory, so we do not check for exists() |
if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) { |
throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore')); |
} |
|
// Note CLAIM_GENERATOR is mandatory, so we do not check of exists() |
// Note CLAIM_GENERATOR is mandatory, so we do not check for exists() |
$gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1); |
|
$has_admin = $contentProvider->isAdminLoggedIn(); |