packagist firebase/php-jwt v6.0.0

latest releases: dev-main, dev-verify-pem-from-mod-and-exp, v6.10.1...
2 years ago

Note: This version is compatible with PHP >= 5.3

Backwards Compatibility Breaking Changes

  • The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see #376)
  • The return type of Firebase\JWT\JWK::parseKey is now Firebase\JWT\Key (see #392)
  • The return type of Firebase\JWT\JWK::parseKeySet is now array<string, Firebase\JWT\Key> (see #376)
  • The flag JSON_UNESCAPED_SLASHES is now used for JSON decoding (see #376)
  • Constants ASN1_INTEGER, ASN1_SEQUENCE, and ASN1_BIT_STRING have been removed (see #376)
  • JWT::encode requires third argument $alg (see #376)

Using Firebase\JWT\Key

Using the Key object in JWT::decode

As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:

use Firebase\JWT\JWT;

// previous (v5.5.1 and below)
$decoded = JWT::decode($jwt, $publicKey, 'RS256');

// new (v6.0.0)
use Firebase\JWT\Key;
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));

Using the Key object in JWK::parseKey and JWK::parseKeySet

Calls to JWK::parseKey and JWK::parseKeySet now return a Key object and an array
of Key objects respectively.

use Firebase\JWT\JWK;

// previous (v5.5.1 and below)
$key = JWK::parseKey($jwk); // $key is a resource
$keys = JWK::parseKeySet($jwks); // $keys is an associative array key ID to resources

// new (v6.0.0)
$key = JWK::parseKey($jwk); // $key is a Key object
$keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects

Don't miss a new php-jwt release

NewReleases is sending notifications on new releases.