Skip to content

Commit 1823840

Browse files
authored
Merge branch 'main' into main
2 parents 7528abe + 43d70ae commit 1823840

File tree

6 files changed

+80
-7
lines changed

6 files changed

+80
-7
lines changed

CHANGELOG.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,24 @@
11
# Changelog
22

3+
## [6.11.1](https://github.com/firebase/php-jwt/compare/v6.11.0...v6.11.1) (2025-04-09)
4+
5+
6+
### Bug Fixes
7+
8+
* update error text for consistency ([#528](https://github.com/firebase/php-jwt/issues/528)) ([c11113a](https://github.com/firebase/php-jwt/commit/c11113afa13265e016a669e75494b9203b8a7775))
9+
10+
## [6.11.0](https://github.com/firebase/php-jwt/compare/v6.10.2...v6.11.0) (2025-01-23)
11+
12+
13+
### Features
14+
15+
* support octet typed JWK ([#587](https://github.com/firebase/php-jwt/issues/587)) ([7cb8a26](https://github.com/firebase/php-jwt/commit/7cb8a265fa81edf2fa6ef8098f5bc5ae573c33ad))
16+
17+
18+
### Bug Fixes
19+
20+
* refactor constructor Key to use PHP 8.0 syntax ([#577](https://github.com/firebase/php-jwt/issues/577)) ([29fa2ce](https://github.com/firebase/php-jwt/commit/29fa2ce9e0582cd397711eec1e80c05ce20fabca))
21+
322
## [6.10.2](https://github.com/firebase/php-jwt/compare/v6.10.1...v6.10.2) (2024-11-24)
423

524

README.md

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,8 @@ $decoded = JWT::decode($jwt, new Key($key, 'HS256'));
4848
print_r($decoded);
4949

5050
// Pass a stdClass in as the third parameter to get the decoded header values
51-
$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers = new stdClass());
51+
$headers = new stdClass();
52+
$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers);
5253
print_r($headers);
5354

5455
/*
@@ -290,7 +291,7 @@ $jwks = ['keys' => []];
290291

291292
// JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\JWT\Key
292293
// objects. Pass this as the second parameter to JWT::decode.
293-
JWT::decode($payload, JWK::parseKeySet($jwks));
294+
JWT::decode($jwt, JWK::parseKeySet($jwks));
294295
```
295296

296297
Using Cached Key Sets
@@ -349,7 +350,7 @@ use InvalidArgumentException;
349350
use UnexpectedValueException;
350351

351352
try {
352-
$decoded = JWT::decode($payload, $keys);
353+
$decoded = JWT::decode($jwt, $keys);
353354
} catch (InvalidArgumentException $e) {
354355
// provided key/key-array is empty or malformed.
355356
} catch (DomainException $e) {
@@ -379,7 +380,7 @@ like this:
379380
use Firebase\JWT\JWT;
380381
use UnexpectedValueException;
381382
try {
382-
$decoded = JWT::decode($payload, $keys);
383+
$decoded = JWT::decode($jwt, $keys);
383384
} catch (LogicException $e) {
384385
// errors having to do with environmental setup or malformed JWT Keys
385386
} catch (UnexpectedValueException $e) {
@@ -394,7 +395,7 @@ instead, you can do the following:
394395

395396
```php
396397
// return type is stdClass
397-
$decoded = JWT::decode($payload, $keys);
398+
$decoded = JWT::decode($jwt, $keys);
398399

399400
// cast to array
400401
$decoded = json_decode(json_encode($decoded), true);

src/JWK.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,12 @@ public static function parseKey(array $jwk, ?string $defaultAlg = null): ?Key
210210
// This library works internally with EdDSA keys (Ed25519) encoded in standard base64.
211211
$publicKey = JWT::convertBase64urlToBase64($jwk['x']);
212212
return new Key($publicKey, $jwk['alg']);
213+
case 'oct':
214+
if (!isset($jwk['k'])) {
215+
throw new UnexpectedValueException('k not set');
216+
}
217+
218+
return new Key(JWT::urlsafeB64Decode($jwk['k']), $jwk['alg']);
213219
default:
214220
break;
215221
}

src/JWT.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,7 @@ public static function decode(
181181
// token can actually be used. If it's not yet that time, abort.
182182
if (isset($payload->nbf) && floor($payload->nbf) > ($timestamp + static::$leeway)) {
183183
$ex = new BeforeValidException(
184-
'Cannot handle token with nbf prior to ' . \date(DateTime::ISO8601, (int) $payload->nbf),
184+
'Cannot handle token with nbf prior to ' . \date(DateTime::ATOM, (int) floor($payload->nbf))
185185
JwtExceptionInterface::NBF_PRIOR_TO_DATE
186186
);
187187
$ex->setPayload($payload);
@@ -193,7 +193,7 @@ public static function decode(
193193
// correctly used the nbf claim).
194194
if (!isset($payload->nbf) && isset($payload->iat) && floor($payload->iat) > ($timestamp + static::$leeway)) {
195195
$ex = new BeforeValidException(
196-
'Cannot handle token with iat prior to ' . \date(DateTime::ISO8601, (int) $payload->iat),
196+
'Cannot handle token with iat prior to ' . \date(DateTime::ATOM, (int) floor($payload->iat))
197197
JwtExceptionInterface::IAT_PRIOR_TO_DATE
198198
);
199199
$ex->setPayload($payload);

tests/JWKTest.php

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,31 @@ public function testDecodeByMultiJwkKeySet()
170170
$this->assertSame('bar', $result->sub);
171171
}
172172

173+
public function testDecodeByOctetJwkKeySet()
174+
{
175+
$jwkSet = json_decode(
176+
file_get_contents(__DIR__ . '/data/octet-jwkset.json'),
177+
true
178+
);
179+
$keys = JWK::parseKeySet($jwkSet);
180+
$payload = ['sub' => 'foo', 'exp' => strtotime('+10 seconds')];
181+
foreach ($keys as $keyId => $key) {
182+
$msg = JWT::encode($payload, $key->getKeyMaterial(), $key->getAlgorithm(), $keyId);
183+
$result = JWT::decode($msg, $keys);
184+
185+
$this->assertSame('foo', $result->sub);
186+
}
187+
}
188+
189+
public function testOctetJwkMissingK()
190+
{
191+
$this->expectException(UnexpectedValueException::class);
192+
$this->expectExceptionMessage('k not set');
193+
194+
$badJwk = ['kty' => 'oct', 'alg' => 'HS256'];
195+
$keys = JWK::parseKeySet(['keys' => [$badJwk]]);
196+
}
197+
173198
public function testParseKey()
174199
{
175200
// Use a known module and exponent, and ensure it parses as expected

tests/data/octet-jwkset.json

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
{
2+
"keys": [
3+
{
4+
"kty": "oct",
5+
"alg": "HS256",
6+
"kid": "jwk1",
7+
"k": "xUNfVvQ-WdmXB9qp6qK0SrG-yKW4AJqmcSP66Gm2TrE"
8+
},
9+
{
10+
"kty": "oct",
11+
"alg": "HS384",
12+
"kid": "jwk2",
13+
"k": "z7990HoD72QDX9JKqeQc3l7EtXutco72j2YulZMjeakFVDbFGXGDFG4awOF7eu9l"
14+
},
15+
{
16+
"kty": "oct",
17+
"alg": "HS512",
18+
"kid": "jwk3",
19+
"k": "EmYGSDG5W1UjkPIL7LelG-QMVtsXn7bz5lUxBrkqq3kdFEzkLWVGrXKpZxRe7YcApCe0d4s9lXRQtn5Nzaf49w"
20+
}
21+
]
22+
}

0 commit comments

Comments
 (0)