search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.49k stars 1.12k forks source link

Fix compatibility with lcobucci/jwt ^4.2 #1282

Closed chalasr closed 2 years ago

chalasr commented 2 years ago

Hey, Here is a forward compatibility layer for lcobucci ^4.2 and specifically this change https://github.com/lcobucci/jwt/pull/833 which forbids creating InMemory keys with empty strings. Spotted in https://github.com/thephpleague/oauth2-server-bundle/runs/6077089570?check_suite_focus=true

Sephster commented 2 years ago

Sorry for the delay on checking this. I had to work out why I'd used the assymetric signer for signing and the symmetric signer for decoding. It turns out it was to avoid a breaking change. Long term I want to modify the lib so users can pass their own config but for now, will need to stick with this. Thanks for spotting this

chalasr commented 2 years ago

No worries, thanks for tweaking and merging this.

micronax commented 2 years ago

Hi @Sephster, is there a planned release with this fix?

Sephster commented 2 years ago

Likely in the next 48 hours 👍