!!IMPORTANT!!
The recommended usage of this library has changed.
A Key object should now be used as the second argument to JWT::decode instead of using the
allowed_algs array. This will prevent key/algorithm type confusion:
// Previous way to call "decode"
Firebase\JWT\JWT::decode($jwt, $publicKey, ['RS256']);
// New (safer) way to call "decode"
$key = new Firebase\JWT\Key($publicKey, 'RS256');
Firebase\JWT\JWT::decode($jwt, $key);Please see #351 for more information on the issue, and #365 for the merged changes.
The README has also been updated to reflect the new usage.