allowedAlgorithms)) { $this->headerCheckers[] = new Checker\AlgorithmChecker($this->allowedAlgorithms, true); } $jws = (new CompactSerializer())->unserialize($this->token); $headerChecker = new Checker\HeaderCheckerManager($this->headerCheckers, [new JWSTokenSupport()]); $headerChecker->check($jws, 0); $verifier = new JWSVerifier(new AlgorithmManager($this->algorithms)); if (!$verifier->verifyWithKeySet($jws, $this->jwkset, 0)) { throw new Exception('Invalid signature'); } $jwt = new JWT(); $jwt->header->replace($jws->getSignature(0)->getProtectedHeader()); $jwt->claims->replace(JsonConverter::decode($jws->getPayload())); $claimChecker = new Checker\ClaimCheckerManager($this->claimCheckers); $claimChecker->check($jwt->claims->all(), $this->mandatoryClaims); return $jwt; } protected function getAlgorithmMap(): array { return [ Algorithm\HS256::class, Algorithm\HS384::class, Algorithm\HS512::class, Algorithm\RS256::class, Algorithm\RS384::class, Algorithm\RS512::class, Algorithm\PS256::class, Algorithm\PS384::class, Algorithm\PS512::class, Algorithm\ES256::class, Algorithm\ES384::class, Algorithm\ES512::class, Algorithm\EdDSA::class, ]; } }