github googleapis/google-auth-library-php v1.21.0

latest releases: v1.43.0, v1.42.0, v1.41.0...
2 years ago

Features

  1. Support for Firebase v6.0 (#391)

IMPORTANT This release will break backwards compatibility in some cases. If you are using OAuth2::verifyIdToken and passing multiple algorithms as the second argument, this will now throw an exception:

// No problem here, only 1 algorithm is being used
$oauth->verifyIdToken($publicKeys, ['RS256']);

// This was accepted before, but it will now throw an InvalidArgumentException
$oauth->verifyIdToken($publicKeys, ['RS256', 'HS256']);

This is because we are closing a security vulnerability (see CVE-2021-46743 and GHSA-8xf4-w7qw-pjjw), and there is no way to close it without throwing an exception in this case. The recommended way to do this is now to pass an array of Firebase\JWT\Key as $publicKeys:

// create an array of Firebase\JWT\Key. For example:
use Firebase\JWT\Key;
$keys = [
    new Key($publicKeys[0], 'RS256'),
    new Key($publicKeys[1], 'HS256'),
];
$oauth->verifyIdToken($keys);

Don't miss a new google-auth-library-php release

NewReleases is sending notifications on new releases.