JWT generator: wrong header key "type" - Githubissues

auth0 / auth0-PHP

PHP SDK for Auth0 Authentication and Management APIs.

https://auth0.com/docs/libraries/auth0-php

MIT License

380 stars 209 forks source link

JWT generator: wrong header key "type" #728

Closed tricki closed 11 months ago

tricki commented 11 months ago

Checklist

[X] This can be reproduced in the quickstart sample application.
[X] I have reviewed the README.md and have not found a solution.
[X] I have reviewed the EXAMPLES.md and have not found a solution.
[X] I have searched previous issues and have not found a solution.
[X] I have searched the Auth0 Community and have not found a solution.
[X] I agree to adhere to the Auth0 General Contribution Guidelines.
[X] I agree to uphold the Auth0 Code of Conduct.

SDK Version

8.7

PHP Version

PHP 8.1

Description

I'm trying to use \Auth0\SDK\Token\Generator to generate a JWT (to return to an Action in Auth0) but kept getting this error:

Error: The session token is invalid: Unexpected token payload type

I solved it by manually adding "typ": "JWT" to the header. The Generator class instead adds a "type": "JWT" to the header. I suspect that should be changed to "typ".

Note: I'm using Auth0-PHP in a Laravel app through auth0/login, but am using Generator directly.

How can we reproduce this issue?

$token = \Auth0\SDK\Token\Generator::create(
    signingKey: 'MY_SECRET',
    algorithm: Token::ALGO_HS256,
    claims: [
        // ...
    ],
    headers: ['typ' => 'JWT'], // this line makes the token valid
);

evansims commented 11 months ago

Good catch; thanks for reporting this! I've created a PR fixing the issue. I'll merge and release the fix once our team has an opportunity to review the changes.