Add firebase/jwt-php 6 spport. Address #71

6c93c6e4 · Patrick Radtke · 96a89181 · 6c93c6e4 · 6c93c6e4 · 6c93c6e4
Commit 6c93c6e4 authored 2 years ago by Patrick Radtke
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ _Release: 2023-03-01
 * Move `lib` to `src`
 * Move `www` to `public`
 * Use ssp2 final release
+* firebase/php-jwt 6 support

 ## v4.0.0-alpha.1


--- a/composer.json
+++ b/composer.json
@@ -13,7 +13,7 @@
    "simplesamlphp/composer-module-installer": "^1.1",
    "league/oauth2-client": "^2.6",
    "simplesamlphp/simplesamlphp": "^v2.0.0",
-    "firebase/php-jwt": "^5.0",
+    "firebase/php-jwt": "^5.5|^6",
    "kevinrob/guzzle-cache-middleware": "^3.2",
    "psr/cache": "^1.0",
    "symfony/cache": "^5.0|^4.3|^3.4",
@@ -24,6 +24,11 @@
    "phpunit/phpunit": "^9.5",
    "psalm/plugin-phpunit": "^0.18.3"
  },
+  "autoload": {
+    "psr-4": {
+      "SimpleSAML\\Module\\authoauth2\\": "src/"
+    }
+  },
  "autoload-dev": {
    "psr-4": {
      "Test\\SimpleSAML\\": "tests/lib/"

--- a/src/Providers/OpenIDConnectProvider.php
+++ b/src/Providers/OpenIDConnectProvider.php
@@ -97,8 +97,15 @@ class OpenIDConnectProvider extends AbstractProvider
    public function verifyIdToken(string $id_token): void
    {
        try {
-            $keys = $this->getSigningKeys();
-            $claims = JWT\JWT::decode($id_token, $keys, ['RS256']);
+            $keysRaw = $this->getSigningKeys();
+            $keys = [];
+            // Be explicit about key algorithms to avoid bug reports of key confusion.
+            foreach ($keysRaw as $kid => $key) {
+                $keys[$kid] = new JWT\Key($key, 'RS256');
+            }
+            // Once firebase/php-jwt 5.5 support is dropped we can move to firebase's parsing
+            //JWT\JWK::parseKeySet($keys, 'RS256');
+            $claims = JWT\JWT::decode($id_token, $keys);
            $aud = is_array($claims->aud) ? $claims->aud : [$claims->aud];

            if (!in_array($this->clientId, $aud)) {