Modified the JWT::decode method to use the Key object for decoding JWTs. This enhances security by explicitly specifying the algorithm used (HS256) and aligns with recent updates in the Firebase JWT library.
This commit is contained in:
parent
6b51e0bceb
commit
5ae53cfc14
1 changed files with 2 additions and 1 deletions
|
@ -19,6 +19,7 @@ namespace auth_jwt;
|
|||
require_once(__DIR__ . '/../vendor/autoload.php');
|
||||
|
||||
use \Firebase\JWT\JWT;
|
||||
use \Firebase\JWT\Key;
|
||||
|
||||
/**
|
||||
* Key manager class.
|
||||
|
@ -96,7 +97,7 @@ class core_jwt_manager
|
|||
$secret = $this->config->jwtsecret;
|
||||
|
||||
try {
|
||||
$decoded = JWT::decode($keyvalue, $secret);
|
||||
$decoded = JWT::decode($keyvalue, new Key($secret, 'HS256'));
|
||||
} catch (\Exception $e) {
|
||||
throw new \moodle_exception('invalidkey');
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue