SvenRtbg

I tried to verify that the satis package name is really used somewhere as an identifier inside the created repository metadata, but I had no luck finding it. Seems like...

Jordi Boggiano has described the new behaviour of Composer 2 vs Composer 1 in the blog https://blog.packagist.com/deprecating-composer-1-support/ Essentially: Any package will only ever be available for Composer 1 once a...

Satis isn't tagged anymore, and the last tag was 1.0.0, so referring to "Satis 3.x" is not describing what version you are using. The difference between the repo format of...

Please be careful: I remember that there was more than one pull request fiddling with the amount of packages that are fetched. And I was always thinking to myself "There...

I think you are a candidate for using Toran Proxy instead of Satis.

You cannot validate an HMAC signature without knowing the secret key. Keycloak intentionally does not expose that key to the outside, and will only use the signature for validation purposes...

Adding new methods to an interface requires implementation of it in every class implementing the interface. This is incompatible with "I just update and everything works". :)

I have the feeling that `parse()` only giving you a `Token` interface is intentional for some future feature, so relying on the one implementation to always returning a `Plain` token,...

There are some oddities around, IMHO. I'm just dealing with creating tokens, so after reading the docs I wondered: How can they suggest calling `claims()` without asserting what is returned...

I have one thought related to the possible future situation with this library. You may remember when basically all JWT libraries had a serious security flaw because they unconditionally accepted...