Skip to content
docsv0.1.0

TokenVerifierInterface

Turns a raw HTTP `Authorization` header into the {@see SecurityPrincipal} it identifies, or `null` if the header does not identify a valid principal. This is the authentication seam feeding {@see InteractionAuthorizerInterface::authorize()}'s `$principal` argument — a request with no principal is treated as anonymous, not as an error.

TokenVerifierInterface::verify()

abstract public function verify(string $authorizationHeader): ?Milpa\Live\ValueObjects\SecurityPrincipal

Verifies the given `Authorization` header value and resolves it to a principal.

Parameters

Parameters of verify()
NameTypeDescription
$authorizationHeaderstring

Returns

`null` if the header is missing, malformed, or names an unknown/expired token — callers treat that as an anonymous request, not a fatal error.