headers()->get('alg') !== $this->signer->algorithmId()) { throw ConstraintViolation::error('Token signer mismatch', $this); } if (! $this->signer->verify($token->signature()->hash(), $token->payload(), $this->key)) { throw ConstraintViolation::error('Token signature mismatch', $this); } } }