oauth2-openid-connect-server icon indicating copy to clipboard operation
oauth2-openid-connect-server copied to clipboard

Published 20 hours ago verified publisher icon steverhoades

Better version compatibility with JWT 3.4.6

Open mattsah opened this issue 1 year ago • 1 comments

Hello,

The project suggests it will work with lower versions of PHP, however, cannot because of JWT 4.1.5 requirement. I believe JWT 3.4.6 is not only an API compatibility layer with 4.x but also has requisite security fixes applied that were applied to 4.1.5. Would it be possible to add 3.4.6 explicitly to the versions of JWT allowed?

mattsah avatar Nov 30 '22 17:11 mattsah

I should add that despite the compatibility changes, this would require a reversion in the IdTokenResponse class to sniff out the available builder. This was previously done here: https://github.com/steverhoades/oauth2-openid-connect-server/commit/6c666441492878de3706c8dc236843f3ae64bf21

I've got a fork of this currently under a totally different package name which has re-employed some of this: https://github.com/steverhoades/oauth2-openid-connect-server/compare/master...imarc:oauth2-openid-connect-server:master

mattsah avatar Nov 30 '22 21:11 mattsah