OpenTok-PHP-SDK
OpenTok-PHP-SDK copied to clipboard
Published
20 hours ago •
opentok
opentok
Update dependency firebase/php-jwt to v6
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| firebase/php-jwt | require | major | ^5.0 -> ^6.0 |
By merging this PR, the issue #302 will be automatically resolved and closed:
| Severity |  CVSS Score |
CVE |
|---|---|---|
 High |
9.1 | CVE-2021-46743 |
Release Notes
firebase/php-jwt
v6.0.0
Note: This version is compatible with PHP >= 5.3
Backwards Compatibility Breaking Changes
- The second argument of
JWT::decodenow must beFirebase\JWT\Keyorarray<string, Firebase\JWT\Key>(see #376) - The return type of
Firebase\JWT\JWK::parseKeyis nowFirebase\JWT\Key(see #392) - The return type of
Firebase\JWT\JWK::parseKeySetis nowarray<string, Firebase\JWT\Key>(see #376) - The "alg" parameter is required to be set for all JWKS parsed using
Firebase\JWT\JWK::parseKeySet(see #376) - The flag
JSON_UNESCAPED_SLASHESis now used for JSON decoding (see #376) - Constants
ASN1_INTEGER,ASN1_SEQUENCE, andASN1_BIT_STRINGhave been removed (see #376) JWT::encoderequires third argument$alg(see #377)JWT::signrequires third argument$alg(see #377)
Using Firebase\JWT\Key
Using the Key object in JWT::decode
As a security fix, to avoid key type confusion (see #351), use of Firebase\JWT\Key is now required when decoding:
use Firebase\JWT\JWT;
// previous (v5.5.1 and below)
$decoded = JWT::decode($jwt, $publicKey, 'RS256');
// new (v6.0.0)
use Firebase\JWT\Key;
$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));
Using the Key object in JWK::parseKey and JWK::parseKeySet
Calls to JWK::parseKey and JWK::parseKeySet now return a Key object and an array
of Key objects respectively.
use Firebase\JWT\JWK;
// previous (v5.5.1 and below)
$key = JWK::parseKey($jwk); // $key is a resource
$keys = JWK::parseKeySet($jwks); // $keys is an associative array key ID to resources
// new (v6.0.0)
$key = JWK::parseKey($jwk); // $key is a Key object
$keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects
If the keys in your JWKS do not contain the "alg", you need to set it manually to the expected algorithm, for it to be able to parse successfully:
// new (v6.0.0) for JWKS which do not contain "alg"
foreach ($jwks as $k => $jwks) {
$jwks[$k]['alg'] = 'RS256'; // the expected alg of your JWKS
}
$keys = JWK::parseKeySet($jwks); // $keys is an associative array of key ID to Key objects
- [ ] If you want to rebase/retry this PR, click this checkbox.
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}