src/Token/TokenValidator.php
<?php declare(strict_types=1); namespace Incognito\Token; use Incognito\Token\Validation\ClaimsValidator;use Incognito\Token\Validation\SignatureValidator;use Jose\Component\Signature\JWS; /** * Class TokenValidator * * The token validator service verifies that a JSON Web Token was genuinely * issued by your AWS Cognito User Pool, and is valid per its claims, signature, * and expiration. * * @package Incognito\Token */class TokenValidator{ /** * @var \Incognito\Token\Validation\ClaimsValidator */ private ClaimsValidator $claimsValidator; /** * @var \Incognito\Token\Validation\SignatureValidator */ private SignatureValidator $signatureValidator; /** * @var \Incognito\Token\Deserializer */ private Deserializer $tokenDeserializer; /** * Constructor. * * @param \Incognito\Token\Validation\ClaimsValidator $claimsValidator * @param \Incognito\Token\Validation\SignatureValidator $signatureValidator * @param \Incognito\Token\Deserializer $tokenDeserializer */ public function __construct( ClaimsValidator $claimsValidator, SignatureValidator $signatureValidator, Deserializer $tokenDeserializer ) { $this->claimsValidator = $claimsValidator; $this->signatureValidator = $signatureValidator; $this->tokenDeserializer = $tokenDeserializer; } /** * Verify an AWS Cognito JWT * * @param string $tokenString * @return \Jose\Component\Signature\JWS * @throws \Exception */ public function verifyToken(string $tokenString): JWS { $token = $this->tokenDeserializer->getTokenFromString($tokenString); $this->claimsValidator->validate($token); $this->signatureValidator->validate($token); return $token; }}