KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: update JWT decode method to use Key object
Some checks failed
ci / ci (push) Failing after 0s
Details

Browse source 
Modified the JWT::decode method to use the Key object for decoding JWTs. This enhances security by explicitly specifying the algorithm used (HS256) and aligns with recent updates in the Firebase JWT library.
This commit is contained in:
Kumi 2024-06-25 19:33:02 +02:00
parent 6b51e0bceb
commit 5ae53cfc14
Signed by: kumi
GPG key ID: ECBCC9082395383F
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
classes/core_jwt_manager.php
View file

@ -19,6 +19,7 @@ namespace auth_jwt;
require_once(__DIR__ . '/../vendor/autoload.php'); require_once(__DIR__ . '/../vendor/autoload.php');
use \Firebase\JWT\JWT; use \Firebase\JWT\JWT;
use \Firebase\JWT\Key;
/** /**
* Key manager class. * Key manager class.
@ -96,7 +97,7 @@ class core_jwt_manager
$secret = $this->config->jwtsecret; $secret = $this->config->jwtsecret;
try { try {
$decoded = JWT::decode($keyvalue, $secret); $decoded = JWT::decode($keyvalue, new Key($secret, 'HS256'));
} catch (\Exception $e) { } catch (\Exception $e) {
throw new \moodle_exception('invalidkey'); throw new \moodle_exception('invalidkey');
} }