From 5ae53cfc14377ed6dc5ff6647a4c021c64fb6a6b Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Tue, 25 Jun 2024 19:33:02 +0200
Subject: [PATCH] fix: update JWT decode method to use Key object

Modified the JWT::decode method to use the Key object for decoding JWTs. This enhances security by explicitly specifying the algorithm used (HS256) and aligns with recent updates in the Firebase JWT library.
---
 classes/core_jwt_manager.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/classes/core_jwt_manager.php b/classes/core_jwt_manager.php
index eb6a114..0fd08ea 100644
--- a/classes/core_jwt_manager.php
+++ b/classes/core_jwt_manager.php
@@ -19,6 +19,7 @@ namespace auth_jwt;
 require_once(__DIR__ . '/../vendor/autoload.php');
 
 use \Firebase\JWT\JWT;
+use \Firebase\JWT\Key;
 
 /**
  * Key manager class.
@@ -96,7 +97,7 @@ class core_jwt_manager
         $secret = $this->config->jwtsecret;
 
         try {
-            $decoded = JWT::decode($keyvalue, $secret);
+            $decoded = JWT::decode($keyvalue, new Key($secret, 'HS256'));
         } catch (\Exception $e) {
             throw new \moodle_exception('invalidkey');
         }