checkClaimType its not accepting arrays and when there is an array for example on aud, validation breaks.
public function __construct(string $token)
{
Validation::checkTokenStructure($token);
$elements = explode('.', $token);
list($header, $payload, $signature) = $elements;
$headerArray = json_decode(Base64Url::decode($header), true);
$payloadArray = json_decode(Base64Url::decode($payload), true);
Validation::checkAlgorithmDefined($headerArray);
Validation::checkAlgorithmSupported($headerArray['alg']);
Validation::checkSignatureMissing($signature);
Validation::checkClaimType('nbf', 'integer', $payloadArray);
Validation::checkClaimType('exp', 'integer', $payloadArray);
Validation::checkClaimType('iat', 'integer', $payloadArray);
Validation::checkClaimType('iss', 'string', $payloadArray);
Validation::checkClaimType('sub', 'string', $payloadArray);
Validation::checkClaimType('aud', 'string', $payloadArray);
Validation::checkClaimType('jti', 'string', $payloadArray);
$this->token = $token;
$this->payload = $payload;
$this->header = $header;
$this->signature = $signature;
}
public static function checkClaimType(string $claim, string $type, array $payload): void
{
switch ($type) {
case 'integer':
if (array_key_exists($claim, $payload) && ! is_int($payload[$claim])) {
throw new InvalidClaimTypeException(sprintf('Invalid %s claim - %s value required', $claim, $type));
}
break;
case 'string':
default:
if (array_key_exists($claim, $payload) && ! is_string($payload[$claim])) {
throw new InvalidClaimTypeException(sprintf('Invalid %s claim - %s value required', $claim, $type));
}
break;
}
}
checkClaimType its not accepting arrays and when there is an array for example on aud, validation breaks.