AuthToken.validate constructor

AuthToken.validate(
  1. String jwt,
  2. Hmac hmac
)

Implementation

factory AuthToken.validate(String jwt, Hmac hmac) {
  var split = jwt.split('.');

  if (split.length != 3) {
    _log.warning('Invalid JWT');
    throw AngelHttpException.notAuthenticated(message: 'Invalid JWT.');
  }

  // var headerString = decodeBase64(split[0]);
  var payloadString = decodeBase64(split[1]);
  var data = '${split[0]}.${split[1]}';
  var signature = base64Url.encode(hmac.convert(data.codeUnits).bytes);

  if (signature != split[2]) {
    _log.warning('JWT payload does not match hashed version');
    throw AngelHttpException.notAuthenticated(
        message: 'JWT payload does not match hashed version.');
  }

  return AuthToken.fromMap(
      json.decode(payloadString) as Map<String, dynamic>);
}