Builder toString() return claims as JSON array instead of object on v2 public mode

[shuLhan]

Environment

• Paseto v1.0.3
• PHP v7.4.10

Steps to reproduce

The following code may reproduce it (the actual code to Verify it is in Go [1], I try to reproduce it in PHP as possible),

$b64privateKey =
"cdYaGhnvzHnFRusKavzKrk11pQTaLzRYfKfh67maUTKCJzIh3PeV/XvucsTR50qIOo2Xk+LzSWUSogDgZuI0BA==";

$privateKey = base64_decode($b64privateKey);
$sendingKey = new AsymmetricSecretKey($privateKey, null);
$builder = new Builder(null, null, $sendingKey);
$builder = $builder->setPurpose(new Purpose("public"));
$token = $builder->toString();

$pieces = explode(".", $token);
$sm = rtrim($pieces[2], "=");
$sm = base64_decode(strtr($pieces[2], '-_', '+/'));
$got = substr($sm, 0, strlen($sm)-64);

echo "got message: $got\n";

Expected value

got message: {}

Actual value

got message: []

Section 6 said that "All PASETO payloads MUST be a JSON object [RFC8259]."

RFC 7519 (JSON Web Token) [2] mentions that all claims are options and draft v01 [3] does not mention that one of the claims should be filled, so the claims to be transported should be "{}" not "[]".

-- [1] https://github.com/shuLhan/share/blob/master/lib/paseto/paseto.go#L292 [2] https://tools.ietf.org/html/rfc7519#section-4.1 [3] https://github.com/paragonie/paseto/blob/master/docs/RFC/draft-paragon-paseto-rfc-01.txt#L920