search

firebase / php-jwt

PHP package for JWT
BSD 3-Clause "New" or "Revised" License
9.3k stars 1.26k forks source link

Version v6.6.0 seems to break compatibility with php 8.1 (maybe even php 8) #522

Closed simonjamain closed 1 year ago

simonjamain commented 1 year ago

We just bumped our JWT version in our project and we are getting Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference.

This "fix" does not do the trick for us so I am wondering what php version you are using. In the official documentation I cannot find anything mentionning this technique (except for this coment).

The exact version of php we are using is the one shipped with the php:8.1-fpm docker image.

What I could fin out tho from the breaking changes of php 7 to php 8 is this :

The compile time fatal error "Only variables can be passed by reference" has been delayed until runtime, and converted into an "Argument cannot be passed by reference" Error exception.

Some "Only variables should be passed by reference" notices have been converted to "Argument cannot be passed by reference" exception.

I don't fully grasp every aspects of the changes they mention but they might be something there.

And I can also be completely in the wrong about this.

Thank you.

Krisell commented 1 year ago

Did you update from version 5 to 6 of firebase/php-jwt, and if so, did you follow the upgrade guide? https://github.com/firebase/php-jwt/releases/tag/v6.0.0

bdujon commented 1 year ago

Hello. i got the same issue (also PHP 8.1), we don't use directly firebase/JWT, my guess is that OIDC oauth2 league use JWT. The solution was to downgrade to 6.5

simonjamain commented 1 year ago

Did you update from version 5 to 6 of firebase/php-jwt, and if so, did you follow the upgrade guide? https://github.com/firebase/php-jwt/releases/tag/v6.0.0

We used it straight from version 6.4.

wizhippo commented 1 year ago

OIDC oauth2 league was the culprit for us. They have a fix already but they have not yet tagged it.

https://github.com/TheNetworg/oauth2-azure/commit/baa36d50647c62bc9e0a363664e6efa3e629f627

bshaffer commented 1 year ago

Looks like the issue is that the league was passing in a third argument to JWT::decode that didn't exist. We added an optional third argument in the latest release (v6.6.0), which is backwards compatible, as the argument previously was not there. But since they were passing one anyway, this caused the issue.

For the time being, the solution is to downgrade to 6.5.0 until the league tags the fix mentioned above.