diff --git a/src/TokenType/MAC.php b/src/TokenType/MAC.php
index 0d56faf6..c5003e99 100644
--- a/src/TokenType/MAC.php
+++ b/src/TokenType/MAC.php
@@ -118,6 +118,12 @@ class MAC extends AbstractTokenType implements TokenTypeInterface
         return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;
     }
 
+    /**
+     * Prevent timing attack
+     * @param string $knownString
+     * @param string $userString
+     * @return bool
+     */
     private function hash_equals($knownString, $userString)
     {
         if (!function_exists('hash_equals')) {