From 654226d2b01d389b6d40ec28f382895277110ab0 Mon Sep 17 00:00:00 2001 From: stefanorosanelli Date: Wed, 20 Mar 2024 11:21:07 +0100 Subject: [PATCH 1/3] fix: handle differente JWT::decode signatures --- src/Token/AppleAccessToken.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/Token/AppleAccessToken.php b/src/Token/AppleAccessToken.php index cbb8b9b..4b6b437 100644 --- a/src/Token/AppleAccessToken.php +++ b/src/Token/AppleAccessToken.php @@ -47,7 +47,15 @@ public function __construct(array $keys, array $options = []) try { $decoded = JWT::decode($options['id_token'], $key); } catch (\UnexpectedValueException $e) { - $decoded = JWT::decode($options['id_token'], $key, ['RS256']); + $decodeMethodReflection = new \ReflectionMethod(JWT::class, 'decode'); + $decodeMethodParameters = $decodeMethodReflection->getParameters(); + // Backwards compatibility for firebase/php-jwt >=5.2.0 <=5.5.1 supported by PHP 5.6 + if (array_key_exists(2, $decodeMethodParameters) && 'allowed_algs' === $decodeMethodParameters[2]->getName()) { + $decoded = JWT::decode($options['id_token'], $key, ['RS256']); + } else { + $headers = (object) ['alg' => 'RS256']; + $decoded = JWT::decode($options['id_token'], $key, $headers); + } } break; } catch (\Exception $exception) { From 8d544f41c2ff8f08ea58641f441d1b30cc8367fb Mon Sep 17 00:00:00 2001 From: stefanorosanelli Date: Wed, 20 Mar 2024 12:39:03 +0100 Subject: [PATCH 2/3] chore: coding style --- src/Token/AppleAccessToken.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Token/AppleAccessToken.php b/src/Token/AppleAccessToken.php index 4b6b437..f872956 100644 --- a/src/Token/AppleAccessToken.php +++ b/src/Token/AppleAccessToken.php @@ -50,7 +50,10 @@ public function __construct(array $keys, array $options = []) $decodeMethodReflection = new \ReflectionMethod(JWT::class, 'decode'); $decodeMethodParameters = $decodeMethodReflection->getParameters(); // Backwards compatibility for firebase/php-jwt >=5.2.0 <=5.5.1 supported by PHP 5.6 - if (array_key_exists(2, $decodeMethodParameters) && 'allowed_algs' === $decodeMethodParameters[2]->getName()) { + if ( + array_key_exists(2, $decodeMethodParameters) && + 'allowed_algs' === $decodeMethodParameters[2]->getName() + ) { $decoded = JWT::decode($options['id_token'], $key, ['RS256']); } else { $headers = (object) ['alg' => 'RS256']; From b9fa8fd8a570152e4c16667561828c66828e0713 Mon Sep 17 00:00:00 2001 From: stefanorosanelli Date: Wed, 20 Mar 2024 12:40:44 +0100 Subject: [PATCH 3/3] chore: code style again :) --- src/Token/AppleAccessToken.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Token/AppleAccessToken.php b/src/Token/AppleAccessToken.php index f872956..3820f53 100644 --- a/src/Token/AppleAccessToken.php +++ b/src/Token/AppleAccessToken.php @@ -50,8 +50,7 @@ public function __construct(array $keys, array $options = []) $decodeMethodReflection = new \ReflectionMethod(JWT::class, 'decode'); $decodeMethodParameters = $decodeMethodReflection->getParameters(); // Backwards compatibility for firebase/php-jwt >=5.2.0 <=5.5.1 supported by PHP 5.6 - if ( - array_key_exists(2, $decodeMethodParameters) && + if (array_key_exists(2, $decodeMethodParameters) && 'allowed_algs' === $decodeMethodParameters[2]->getName() ) { $decoded = JWT::decode($options['id_token'], $key, ['RS256']);