Closed enygma closed 9 years ago
lcobucci
commented
10 years ago You can use the same approach as I did in my jwt implementation and pass an object as hashing method on Psecio\Jwt\Header.
It would break BC, but I believe is a good trade-off.
BTW, you did a great job on this lib. Until the day I coded my version there was just god classes that controls everything, thanks for improving the PHP code on github!
enygma
commented
10 years ago Why would it need to break BC? Couldn't it just be another optional param on the constructor and default to HMAC? This is for the hash method, not the algorithm.
And thanks! :)
enygma
commented
9 years ago I've added the above hashing methods as a part of the 1.6 release: https://github.com/psecio/jwt/releases/tag/1.6
Closing out this issue.
Currently the tool hard-codes the hashing to using the
hash_hmacfunctionality in PHP (HS256, HS384, HS512) but there are other hashing methods allowed by the JWT spec:RS256 RS384 RS512 ES256 ES384 ES512
Handling needs to be added (as much as PHP supports) for these other hashing methods.