bshaffer
commented
7 months ago Hello @Tilogorn ! Thanks for filing this feature request. Your issue is the first that actually details a valid use-case.
I would love to help you support this feature, now that I know it's preventing you from using this library. The problem is, I am not sure how we can support it at this point without breaking backwards compatibility.
Some potential ways to support it (just brainstorming)
- Set it as a static property
Firebase\JWT\JWT::$typ = 'JOSE'; - Set it as another parameter to
JWT::encodepublic static function encode( array $payload, $key, string $alg, string $keyId = null, array $head = null, string $typ = 'JWT', ): string {and this could be called by:
$jwt = Firebase\JWT\JWT::encode(payload: $payload, key: $key, typ: 'JOSE');This works great since we already have
alg, which is analogous totyp. It's not ideal that the$algand$typparameters are not in any sensical order. - Reverse the order of
$headand$headerin the call toarray_merge$header = \array_merge($header, $head);This would break BC in a case where
$headcontained atypparameter (and it also it makes the$algparameter silly), but that risk is small enough that it might be worth it.
I am personally leaning towards the third option. Any thoughts?
Tilogorn
I know it has already been issued/discussed in https://github.com/firebase/php-jwt/issues/472 and https://github.com/firebase/php-jwt/issues/418 but got closed without result.
I need to change the
typheader toJOSE, which is sort of a pre-defined value for it, see last paragraph of this RFC 7515 chapter. The "need" is just the result of a requirement by the interface I want to talk to, which verifies that thetypheader of my JWT equalsJOSE. I am not in a position to argue for or against the point of it.I already use
php-jwton other parts of my application and love the interface and simplicity of it and I am now forced to integrate another JWT library just because you insist onJWThardcoded (source).Any chance you'll reconsider that decision?