Skip to content
docsv0.1.0

StaticBearerTokenVerifier

Fixed in-memory {@see TokenVerifierInterface}: maps opaque bearer-token strings, configured up front, to a {@see SecurityPrincipal}. Intended for static/service-account credentials and tests, not user sessions — there is no expiry, rotation, or revocation, just a lookup table.

StaticBearerTokenVerifier::__construct()

public function __construct(array $tokens):

Parameters

Parameters of __construct()
NameTypeDescription
$tokensarray<string, (SecurityPrincipal | array{id?: string, scopes?: array<int, string>, claims?: array<string, mixed>})>

StaticBearerTokenVerifier::verify()

public function verify(string $authorizationHeader): ?Milpa\Live\ValueObjects\SecurityPrincipal

Extracts the bearer token from `$authorizationHeader` (expects the `Bearer <token>` scheme) and resolves it against the configured token table. Returns `null` — never throws — for a malformed header or an unrecognized token.

Parameters

Parameters of verify()
NameTypeDescription
$authorizationHeaderstring