oidplusalarmingautosfxaysaliacalllibchecksum-toolscolormanagercryptochatcurrency_converterdecoderdelphiutilsdistributeddpcstudiodpg2fastphpfileformatsfilter_foundryforestgridgameht46f47_simulatorindexer_suiteipe_artfile_utilsjavautilsjumperlightgamelogviewermusikboxmystic_houseoidconverteroidinfo_apioidinfo_new_designpersonal-webbasephp_antispamphp_clientchallengephp_guestbookphp_utilsplumbersprependrecyclebinunitsimple_log_eventsokobanspacemissionstackmanuserdetect2uuid_mac_utilsvgwhoisvnagwebcounterwinbugtrackeryt_downloader

BlueGreycalmElegant

Català-Valencià – Catalan中文 – Chinese (Simplified)中文 – Chinese (Traditional)Česky – CzechDansk – DanishNederlands – DutchEnglish – EnglishSuomi – FinnishFrançais – FrenchDeutsch – Germanעברית – Hebrewहिंदी – HindiMagyar – HungarianBahasa Indonesia – IndonesianItaliano – Italian日本語 – Japanese한국어 – KoreanМакедонски – Macedonianमराठी – MarathiNorsk – NorwegianPolski – PolishPortuguês – PortuguesePortuguês – Portuguese (Brazil)Русский – RussianSlovenčina – SlovakSlovenščina – SlovenianEspañol – SpanishSvenska – SwedishTürkçe – TurkishУкраїнська – UkrainianOëzbekcha – Uzbek

Compare Revisions

• This comparison shows the changes necessary to convert path

  → /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php @ 1320

  → /trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php @ 1321

  ↔ Reverse comparison

• Compare Path:	Rev

  With Path:	Rev

Regard whitespace Rev 1320 → Rev 1321

/trunk/includes/classes/OIDplusAuthContentStoreJWT.class.php
126,7 → 126,7
/**
* @param int $gen OIDplusAuthContentStoreJWT::JWT_GENERATOR_...
* @param string $sub
* @param string $sub E-Mail-Adress of RA or 'admin'
* @return int
* @throws OIDplusException
*/
154,17 → 154,17
*/
private static function jwtSecurityCheck(OIDplusAuthContentStoreJWT $contentProvider, int $validGenerators=null) {
// Check if the token is intended for us
// Note 'aud' is mandatory, so we do not check for exists()
// Note 'aud' is mandatory for OIDplus, so we do not check for exists()
if ($contentProvider->getValue('aud','') !== $contentProvider->getAudIss()) {
throw new OIDplusException(_L('Token has wrong audience: Given %1 but expected %2.', $contentProvider->getValue('aud',''), $contentProvider->getAudIss()));
}
// Note CLAIM_SSH is mandatory, so we do not check for exists()
// Note CLAIM_SSH is mandatory for OIDplus, so we do not check for exists()
if ($contentProvider->getValue(self::CLAIM_SSH, '') !== self::getSsh()) {
throw new OIDplusException(_L('"Server Secret" was changed; therefore the JWT is not valid anymore'));
}
// Note CLAIM_GENERATOR is mandatory, so we do not check for exists()
// Note CLAIM_GENERATOR is mandatory for OIDplus, so we do not check for exists()
$gen = $contentProvider->getValue(self::CLAIM_GENERATOR, -1);
$has_admin = $contentProvider->isAdminLoggedIn();
671,8 → 671,8
// see also https://www.iana.org/assignments/jwt/jwt.xhtml#claims for some generic claims
if (!isset($payload["iss"])) $payload["iss"] = $this->getAudIss();
if (!isset($payload["aud"])) $payload["aud"] = $this->getAudIss();
$payload["jti"] = gen_uuid();
$payload["iat"] = time();
$payload["jti"] = gen_uuid(); // always set/renew it; therefore not checking isset()
$payload["iat"] = time(); // always set/renew it; therefore not checking isset()
if (!isset($payload["nbf"])) $payload["nbf"] = time();
if (!isset($payload["exp"])) $payload["exp"] = time()+3600/*1h*/;