Closed nscarlato-ith closed 1 month ago
Hi @nscarlato-ith !
This is not the intended behavior - there are two ways you can pass in keys/key sets for the library to properly decode them:
JWT::decode
is a single instance of Key
, which you know is the correct key to decode your JWT,JWT::decode
is a KeySet
, with the Key ID as part of the key
in the JWT header.In both these cases, you tell this library which key your JWT is using - in the first case you pass only ONE key, in the second case, your JWT contains the correct Key Id to look up in the Key Set. There is no functionality for this library to "find which key is correct".
To do something like that, you'll need to iterate through all your keys and call decode
until one of them works. See the Google API client libraries for an example of this.
I am trying to decode a JWT with a JWK set and get the error
"kid" invalid, unable to lookup correct key
from JWT::getKey() for the following code:I checked the JWT on JWT.io and I can see the 'kid' header.
I tried decoding with only one key changing the code to
$decodedToken = (array) JWT::decode($jwt, array_shift($jwkSet));
and it worked fine. Same as when parsing keys, I believe it should be able to handle several keys (if one fails, try the others).I don't think I am doing something wrong, but in case someone sees something odd please correct me.