Nexus API Reference

JwtAuthenticator
in package
implements Authenticator

Read onlyYes
FinalYes
Tags
psalm-api

Verifies a JWT (HS256/RS256/ES256/EdDSA per the configured signer) and delegates Principal construction to the claims-mapper closure.

$jwt = Configuration::forSymmetricSigner(new Sha256(), InMemory::plainText($secret)); $auth = new JwtAuthenticator( $jwt, new BearerTokenExtractor(), fn (Plain $t) => new SimplePrincipal( id: (string) $t->claims()->get('sub'), scopes: explode(' ', (string) $t->claims()->get('scope', '')), ), );

Failures (bad signature, expired, malformed) return null — never throw. The reason is logged via PSR-3 at info/debug, never disclosed on the wire.

Table of Contents

Interfaces

Authenticator

Methods

__construct()  : mixed
authenticate()  : Principal|null

Methods

__construct()

public __construct(Configuration $jwt[, TokenExtractor|null $extractor = null ][, Warning: Array to string conversion in /opt/phpdoc/src/phpDocumentor/Transformer/Writer/Twig/LinkRenderer/CallableAdapter.php on line 78 callable(Plain): Array $claimsMapper = null ][, LoggerInterface|null $logger = null ][, ClockInterface|null $clock = null ]) : mixed
Parameters
$jwt : Configuration
$extractor : TokenExtractor|null = null
$claimsMapper : Warning: Array to string conversion in /opt/phpdoc/src/phpDocumentor/Transformer/Writer/Twig/LinkRenderer/CallableAdapter.php on line 78 callable(Plain): Array = null
$logger : LoggerInterface|null = null
$clock : ClockInterface|null = null

        
On this page

Search results