StaticBearerTokenVerifier
Fixed in-memory {@see TokenVerifierInterface}: maps opaque bearer-token strings, configured up front, to a {@see SecurityPrincipal}. Intended for static/service-account credentials and tests, not user sessions — there is no expiry, rotation, or revocation, just a lookup table.
StaticBearerTokenVerifier::__construct()
public function __construct(array $tokens):Parameters
| Name | Type | Description |
|---|---|---|
| $tokens | array<string, (SecurityPrincipal | array{id?: string, scopes?: array<int, string>, claims?: array<string, mixed>})> |
StaticBearerTokenVerifier::verify()
public function verify(string $authorizationHeader): ?Milpa\Live\ValueObjects\SecurityPrincipalExtracts the bearer token from `$authorizationHeader` (expects the `Bearer <token>` scheme) and resolves it against the configured token table. Returns `null` — never throws — for a malformed header or an unrecognized token.
Parameters
| Name | Type | Description |
|---|---|---|
| $authorizationHeader | string |