search

firebase / php-jwt

PHP package for JWT
BSD 3-Clause "New" or "Revised" License
9.3k stars 1.26k forks source link

Uncaught Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference in #552

Closed megatronskneecap closed 5 months ago

megatronskneecap commented 6 months ago

Admittedly, i've been a bit cheeky here. I've gotten ChatGPT 3.5 to generate me some code for a get user data page* for an admin page i'm trying to create. The code being: 

<?php

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");

// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    header('Access-Control-Allow-Methods: GET, OPTIONS');
    exit;
}

require_once 'vendor/autoload.php';

use Firebase\JWT\JWT;

// Function to clone headers array
function cloneHeaders($headers)
{
    return json_decode(json_encode($headers), true);
}

// Function to validate and decode JWT token
function validateJwtToken($jwtToken)
{
    try {
        $key = 'mysupersecretkeylol';

        // Get headers using apache_request_headers()
        $headers = cloneHeaders(apache_request_headers());

        // Decode the token
        $decoded = JWT::decode($jwtToken, $key, ['HS256', 'headers' => $headers]);

        // Return user data
        return $decoded->data;
    } catch (Exception $e) {
        http_response_code(401);
        echo json_encode(['error' => 'Unauthorized', 'message' => $e->getMessage()]);
        exit;
    }
}

// Get token from the request headers
$token = null;

// Check if the Authorization header is set
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
    $token = str_replace('Bearer ', '', $headers['Authorization']);
}

// Check if the token is valid
if ($token) {
    $userData = validateJwtToken($token);
    if ($userData) {
        // Token is valid, return user data
        http_response_code(200);
        header('Content-Type: application/json');
        echo json_encode($userData);
        exit;
    }
}

// Token is invalid or not provided
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
?>

Everytime I run this code I get in the console: Uncaught Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference in (C directory blablabla). I'm using PHP 8.3.1 and Firebase PHP JWT 6.10 - Please help!

Velocities commented 6 months ago

I'm getting this error too and I'm using PHP 8.1.27 and the same Firebase library version as you specified

yash30201 commented 6 months ago

Hi @megatronskneecap , thanks for raising this issue. Can you please paste the whole stack trace and error message here?

nirangaL commented 5 months ago

I am also getting this error. PHP v8.1.10 and firebase/php-jwt : v6.10.0

Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference in League\OAuth2\Client\Token\AppleAccessToken->__construct() (line 50 of ...project_path..\vendor\patrickbussmann\oauth2-apple\src\Token\AppleAccessToken.php)

cyturralde commented 5 months ago

Did anybody every find a solution to this @megatronskneecap ?

megatronskneecap commented 5 months ago

Did anybody every find a solution to this @megatronskneecap ?

I'm yet to find a solution, I just switched JWT debug libraries.

cyturralde commented 5 months ago

Did anybody every find a solution to this @megatronskneecap ?

I'm yet to find a solution, I just switched JWT debug libraries.

What library did you use

yash30201 commented 5 months ago

Hi @megatronskneecap , since the third argument of the decode method is a reference, that's why it becomes mandatory to pass a variable containing the value instead of just the value.

This would fail

$decoded = JWT::decode($jwtToken, $key, ['HS256', 'headers' => $headers]);

Whereas this would pass

$arg = ['HS256', 'headers' => $headers]; 
$decoded = JWT::decode($jwtToken, $key, $arg);
mreseosa commented 4 months ago

Try writing it like this: use Firebase\JWT\Key; $decoded = JWT::decode($jwt, new key ($key, 'HS256'))

Hope this helps 😊

Jveshi commented 1 month ago

I encountered a similar problem

require 'vendor/autoload.php'; 

use Firebase\JWT\JWT;
use Firebase\JWT\ExpiredException;
use Firebase\JWT\SignatureInvalidException;

define('SECRET_KEY', '123456');

Trial and error

$decoded = JWT::decode($token, SECRET_KEY, ['HS256']);

Fatal error: Uncaught Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference

$headers = cloneHeaders(apache_request_headers());
$arg = ['HS256', 'headers' => $headers];
$decoded = JWT::decode($token, SECRET_KEY, $arg);

Fatal error: Uncaught TypeError: Firebase\JWT\JWT::decode(): Argument #3 ($headers) must be of type ?stdClass, array given

$decoded = JWT::decode($token, new key (SECRET_KEY, 'HS256'));
Fatal error: Uncaught Error: Class "key" not found
GDNacho commented 1 month ago

JWT::decode($jwt, new key ($key, 'HS256'))

Worked, the example in README wasn't working!