Luís Cobucci
Luís Cobucci
> Just to expand on the reason for a closure... the initial motivation to introduce this is related to hash comparison and doing that operation with === opens a security...
Also, you can run `make` to execute most of the checks and solve the problems locally.
Awesome! You should read the rfc drafts (jwt, jwa, jws and jwe).
I left the extension point on purpose and would prefer not to remove it or provide different methods to handle this. JWTs are usually user input and I believe it's...
@spawnia sorry about my lack of response here (`E_TOO_MANY_THINGS_HAPPENING_AT_THE_SAME` :rofl:). > Due to reasons outside of my immediate control, we are currently forced to forgo time based validation of the...
Closing here for now as that's not the direction I'd like us to take. The main "conflict point" is that in my understanding of the [RFC](https://www.rfc-editor.org/rfc/rfc7519#appendix-A) an encrypted/nested JWT is...
Folks, thanks for sharing your points! It's the feedback I wanted to receive during the beta/rc releases of v4.0. > And looking at the `Lcobucci\JWT\Builder` interface, I was even more...
> it increases the complexity of the JWT defence That honestly sounds a bit like "security by obfuscation". However, I still believe the constraint is useful =)
The implementation in #179 has some performance impact that needs to be considered (extra calls, recursion, etc). I'll look into ways to reduce it as much as possible... I'm hesitant...
After exhaustive testing, I've concluded that we should rather require PHP 8.1 and abandon this new dispatcher. I'll close this PR, bring some of its improves to another one, and...