src/Token/Validation/HeaderChecker/KeyIdChecker.php
<?php
declare(strict_types=1);
namespace Incognito\Token\Validation\HeaderChecker;
use Jose\Component\Checker\HeaderChecker;
use Jose\Component\Checker\InvalidHeaderException;
/**
* Class KeyIdChecker
*
* A header checker that verifies the presence and type of the `kid` header on a
* JSON Web Token issued by your AWS Cognito User Pool
*
* @package Incognito\Token\Validation\HeaderChecker
*/
final class KeyIdChecker implements HeaderChecker
{
/**
* Validate the 'kid' header
*
* @see https://tools.ietf.org/html/rfc7515#section-4.1.4
*
* @param mixed $value Header value to validate
* @return bool
* @throws InvalidHeaderException
*/
public function checkHeader($value): bool
{
if (empty($value)) {
throw new InvalidHeaderException(
'Invalid header "kid". "kid" must have a value.',
'kid',
$value
);
}
if (!is_string($value)) {
throw new InvalidHeaderException(
'Invalid header "kid". "kid" must be a string.',
'kid',
$value
);
}
return true;
}
/**
* @return string
*/
public function supportedHeader(): string
{
return 'kid';
}
/**
* @return bool
*/
public function protectedHeaderOnly(): bool
{
return true;
}
}