Note: This version is compatible with PHP >= 5.3
Backwards Compatibility Breaking Changes
- The second argument of
JWT::decodenow must beFirebase\JWT\Keyorarray<string, Firebase\JWT\Key>(see #376) - The return type of
Firebase\JWT\JWK::parseKeyis nowFirebase\JWT\Key(see #392) - The return type of
Firebase\JWT\JWK::parseKeySetis nowarray<string, Firebase\JWT\Key>(see #376) - The flag
JSON_UNESCAPED_SLASHESis now used for JSON decoding (see #376) - Constants
ASN1_INTEGER,ASN1_SEQUENCE, andASN1_BIT_STRINGhave been removed (see #376) JWT::encoderequires third argument$alg(see #376)
Using Firebase\JWT\Key
Using the Key object in JWT::decode
As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:
use Firebase\JWT\JWT;
// previous (v5.5.1 and below)
$decoded = JWT::decode($jwt, $publicKey, 'RS256');
// new (v6.0.0)
use Firebase\JWT\Key;
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));Using the Key object in JWK::parseKey and JWK::parseKeySet
Calls to JWK::parseKey and JWK::parseKeySet now return a Key object and an array
of Key objects respectively.
use Firebase\JWT\JWK;
// previous (v5.5.1 and below)
$key = JWK::parseKey($jwk); // $key is a resource
$keys = JWK::parseKeySet($jwks); // $keys is an associative array key ID to resources
// new (v6.0.0)
$key = JWK::parseKey($jwk); // $key is a Key object
$keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects