Php Jwt Laravel Package

Bug Fixes

• RSA from JWK sometimes returns empty Instance (#628) (b4c78aa)

Bug Fixes

• readme examples, add tests for all examples (#626) (510a00c)
• use urlsafeB64Decode everywhere (#627) (b889495)

Miscellaneous Chores

• add environment for Release Please job (#619) (300fd02)

Bug Fixes

• add key length validation for ec keys (#615) (7044f9a)

⚠️ ⚠️ ⚠️ Security Fixes ⚠️ ⚠️ ⚠️

• add key size validation (#613) (6b80341) NOTE: This fix will cause keys with a size below the minimally allowed size to break.

Features

• add SensitiveParameter attribute to security-critical parameters (#603) (4dbfac0)
• store timestamp in ExpiredException (#604) (f174826)

Bug Fixes

• validate iat and nbf on payload (#568) (953b2c8)

Features

• add payload to jwt exception (#521) (175edf9)

Bug Fixes

• accept float claims but round down to ignore them (#492) (3936842)
• different BeforeValidException messages for nbf and iat (#526) (0a53cf2)

Features

• add support for P-384 curve (#515) (5de4323)

Bug Fixes

• handle invalid http responses (#508) (91c39c7)

Features

• add ed25519 support to JWK (public keys) (#452) (e53979a)

Features

• allow get headers when decoding token (#442) (fb85f47)

Bug Fixes

• only check iat if nbf is not used (#493) (398ccd2)

Bug Fixes

• allow KID of '0' (#505) (9dc46a9)

Miscellaneous Chores

• drop support for PHP 7.3 (#495)

Features

• add support for W3C ES256K (#462) (213924f)
• improve caching by only decoding jwks when necessary (#486) (78d3ed1)

Bug Fixes

• check kid before using as array index (bad1b04)

Bug Fixes

• casing of GET for PSR compat (#451) (60b52b7)
• string interpolation format for php 8.2 (#446) (2e07d8a)

• Added ES256 support to JWK parsing (#399)
• Fixed potential caching error in CachedKeySet by caching jwks as strings (#435)

• Added CachedKeySet (#397)
• Added $defaultAlg parameter to JWT::parseKey and JWT::parseKeySet (#426).

Bug Fixes

• update error text for consistency (#528) (c11113a)

Features

• support octet typed JWK (#587) (7cb8a26)

Bug Fixes

• refactor constructor Key to use PHP 8.0 syntax (#577) (29fa2ce)

Bug Fixes

• Mitigate PHP8.4 deprecation warnings (#570) (76808fa)
• support php 8.4 (#583) (e3d68b0)

Bug Fixes

• ensure ratelimit expiry is set every time (#556) (09cb208)
• ratelimit cache expiration (#550) (dda7250)

Features

• allow typ header override (#546) (79cb30b)

• Drop support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0
• Add parameter typing and return types where possible

• Backwards-Compatibility Breaking Changes: See the Release Notes for more information.
• New Key object to prevent key/algorithm type confusion (#365)
• Add JWK support (#273)
• Add ES256 support (#256)
• Add ES384 support (#324)
• Add Ed25519 support (#343)

• Support RS384 and RS512. See #117. Thanks [@joostfaassen](https://github.com/joostfaassen)!
• Add an example for RS256 openssl. See #125. Thanks [@akeeman](https://github.com/akeeman)!
• Detect invalid Base64 encoding in signature. See #162. Thanks [@psignoret](https://github.com/psignoret)!
• Update JWT::verify to handle OpenSSL errors. See #159. Thanks [@bshaffer](https://github.com/bshaffer)!
• Add array type hinting to decode method See #101. Thanks [@hywak](https://github.com/hywak)!
• Add all JSON error types. See #110. Thanks [@gbalduzzi](https://github.com/gbalduzzi)!
• Bugfix 'kid' not in given key list. See #129. Thanks [@stampycode](https://github.com/stampycode)!
• Miscellaneous cleanup, documentation and test fixes. See #107, #115, #160, #161, and #165. Thanks [@akeeman](https://github.com/akeeman), [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)!

• Add support for late static binding. See #88 for details. Thanks to [@chappy84](https://github.com/chappy84)!
• Use static $timestamp instead of time() to improve unit testing. See #93 for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
• Fixes to exceptions classes. See #81 for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
• Fixes to PHPDoc. See #76 for details. Thanks to [@akeeman](https://github.com/akeeman)!

• Minimum PHP version updated from 5.2.0 to 5.3.0.
• Add \Firebase\JWT namespace. See #59 for details. Thanks to [@Dashron](https://github.com/Dashron)!
• Require a non-empty key to decode and verify a JWT. See #60 for details. Thanks to [@sjones608](https://github.com/sjones608)!
• Cleaner documentation blocks in the code. See #62 for details. Thanks to [@johanderuijter](https://github.com/johanderuijter)!

• Add support for adding custom, optional JWT headers to JWT::encode(). See #53 for details. Thanks to [@mcocaro](https://github.com/mcocaro)!

• Add support for adding a leeway to JWT:decode() that accounts for clock skew between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
• Add support for passing an object implementing the ArrayAccess interface for $keys argument in JWT::decode(). Thanks to [@aztech-dev](https://github.com/aztech-dev)!

• Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together.
• Update signature for JWT::decode(...) to require an array of supported algorithms to use when verifying token signatures.