Spomky
commented
7 months ago Hello @ejunker,
I am sorry for the inconvenience. This is a strange behavior because the constructor of the class ECDHESA128KW, inherited from AbstractECDHAESKW, is supposed to verify the presence of the class when created and throw an explicit error message.
This library is in the suggested packages list and a warning is showed on the documentation. To make it even more clear, I will add the required packages for each algorithm on the algorithm page to make it more clear.
spomky-labs/aes-key-wrap cannot be a hard dependency because it requires ext-openssl, which may not be wanted by other projects.
github-actions[bot]
Version(s) affected
webtoken/jwt-library 3.3.1
Description
I got the following error:
It was difficult to track down why I was getting this error. I assumed that any dependencies would be handled by composer. It was hard to figure out which package I needed to install to get the missing
AESKW\A128KWclass that I needed. I eventually saw thatspomky-labs/aes-key-wrapwas listed in the suggested packages and saw that it had the missing class I needed.I didn't see anywhere in the documentation that mentioned I might also need to install
spomky-labs/aes-key-wrap. Is there a reason that it is not installed by default?How to reproduce
I am using facile-it/php-openid-client and it uses this package as a dependency. When using OpenID Connect it has the concept of discovery where it downloads the server's configuration including which encryption algorithms it supports. So the encryption used is dynamic depending on which OIDC server you use. If it is using an encryption algorithm that requires aes-key-wrap and it is not installed then you get an error.
Possible Solution
Consider adding
spomky-labs/aes-key-wrapas a dependency.Additional Context
No response