Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Firebase Tokens
Release Notes

Firebase Tokens Laravel Package

kreait/firebase-tokens

Create Firebase custom tokens and verify ID tokens or session cookies in PHP. Lightweight library powering the Firebase Admin SDK, with tenant-aware verification and optional caching of Google Secure Token Store keys.

View on GitHub
Deep Wiki
Context7
5.3.0

Added support for PHP 8.5

5.2.1

Fixed deprecated implicit nullable parameter

5.2.0

Added support for PHP 8.4 (#61)

5.1.0
  • Restored support for PHP 8.1
  • Fixed missing signature check when in non-emulated environments (#56)
4.3.0

Added support for PHP 8.3

5.0.1

Fixed ID Token verification when run in emulated environments.

5.0.0

Added support for PHP 8.3, removed support for PHP 8.1

4.2.0

Added support for the Firebase Auth Emulator when using lcobucci/jwt 5.*

Note: The Kreait\Firebase\JWT\Token class has been renamed to \Kreait\Firebase\JWT\SecureToken. This is technically a breaking change, but since the *Verifier classes type-hint \Kreait\Firebase\JWT\Contract\Token as return values, I consider it unlikely that this should cause trouble for most people. If it does, I'll deal with the consequences.

4.1.0

Added support for lcobucci/jwt 5.*

4.0.0

The most notable change is that you need PHP 8.1/8.2 to use the new version. The language migration to PHP 8.1 introduces potentially breaking changes concerning the strictness of parameter types - however, this should not affect your project in most cases (unless you have used internal classes directly or by extension).

Please see UPGRADE-4.0.md for detailed information.

3.0.3

Ensured (PHPStan) compatibility with lcobucci/jwt ^4.2

1.17.0

Dropped support for lcobucci/jwt 3.x

1.16.3

Ensure compatibility with lcobucci/jwt ^4.2

2.3.1

Ensure (PHPStan) compatibility with lcobucci/jwt ^4.2

1.16.2

Ensure compatibility with lcobucci/jwt ^4.2

3.0.2

Raised minimum version of Guzzle to address CVE-2022-31090 and CVE-2022-31091

3.0.1

Raise minimum version of Guzzle to address CVE-2022-31042

3.0

Implemented forward-compatible Clock-Interface

The stella-maris/clock package provides an interface based on the currently proposed status of PSR-20. Due to the inactivity of the PSR20 working group this is a way to already provide interoperability while still maintaining forward compatibility. When the current status of PSR20 will be released at one point in time the stella-maris/clock package will extend the PSR-20 interface so that this package becomes immeadiately PSR20 compatible without any further work necessary.

2.3.0
  • Removed firebase/php-jwt dev dependency and simplified test token generation.
  • Added support for verifying tokens returned from the Auth Emulator.

If you or your team rely on this project and me maintaining it, please consider becoming a Sponsor 🙏

2.2.0

Added tenant support to Session Cookie Verification. It doesn't seem to be supported at the moment (executing it with a tenant-enabled Firebase project yields an UNSUPPORTED_TENANT_OPERATION) error, but once it is supported, this library will need no or just minimal updates.

The Firebase Admin SDK for PHP has integration tests checking for this error so that we know early on when it starts working.

2.1.1

Fixed method name Kreait\Firebase\JWT\SessionCookieVerifier::sessionCookieWithLeeway to Kreait\Firebase\JWT\SessionCookieVerifier::verifySessionCookieWithLeeway 🤦‍. This is technically a breaking change, but since 2.1.0 was released just a few minutes ago, it was most certainly not used yet.

2.1.0

Added Kreait\Firebase\JWT\SessionCookieVerifier that works similarly as the existing ID Token verifier. You can find its documentation in the README.

2.0.1

Fixed failing ID token verification when the nbf claim is not present.

2.0.0

After updating, please refer to the Migration Documentation.

  • Removed Firebase\Auth namespace
  • Ensured compatibility with PHP 8.1 by adding it to the test matrix.
  • Dropped support for lcobucci/jwt <4.1
  • Dropped support for guzzlehttp/guzzle <7.0
  • Dropped direct support for psr/simple-cache
1.16.1

Update lcobucci/jwt version constraint to ^3.4.6|^4.0.4|^4.1.5 to prevent misuse of the LocalFileReference key.

More info: GHSA-7322-jrq4-x5hf

1.16.0
  • Un-deprecated Firebase\Auth\Token\Domain\Generator, Firebase\Auth\Token\Domain\Verifier and \Firebase\Auth\Token\Domain\KeyStore
  • Dropped support for unsupported PHP versions. Starting with this release, supported versions are PHP ^7.4 and PHP ^8.0.
  • Allowed usage of psr/cache ^2.0|^3.0
1.15.0
  • Use fallback cache duration (defaults to 1 hour) when fetching public keys from Google and the response doesn't contain cache headers.
  • Add additional URL to fetch Google's public keys.
1.14.0
  • Drop the V3 suffix from handlers using lcobucci/jwt
  • Limit support to PHP 8.0.*
1.13.0

Added support for PHP 8.0

1.12.0
  • Added Tenant Awareness
  • Fixed usage of deprecated functionality from lcobucci/jwt
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport