oauth2-openid-connect-server
oauth2-openid-connect-server copied to clipboard
Better version compatibility with JWT 3.4.6
Hello,
The project suggests it will work with lower versions of PHP, however, cannot because of JWT 4.1.5 requirement. I believe JWT 3.4.6 is not only an API compatibility layer with 4.x but also has requisite security fixes applied that were applied to 4.1.5. Would it be possible to add 3.4.6 explicitly to the versions of JWT allowed?
I should add that despite the compatibility changes, this would require a reversion in the IdTokenResponse class to sniff out the available builder. This was previously done here: https://github.com/steverhoades/oauth2-openid-connect-server/commit/6c666441492878de3706c8dc236843f3ae64bf21
I've got a fork of this currently under a totally different package name which has re-employed some of this: https://github.com/steverhoades/oauth2-openid-connect-server/compare/master...imarc:oauth2-openid-connect-server:master