From 828af94032c693ca201774839ecd975b45b339c5 Mon Sep 17 00:00:00 2001
From: Kumi <git@kumi.email>
Date: Tue, 25 Jun 2024 19:23:13 +0200
Subject: [PATCH] fix(jwt): specify algorithm in encode and remove in decode

Updated JWT::encode to explicitly use the HS256 algorithm for greater security. Removed redundant algorithm specification in JWT::decode for improved consistency and simplicity. This ensures the JWT operations follow expected standards and enhances maintainability.
---
 classes/core_jwt_manager.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/classes/core_jwt_manager.php b/classes/core_jwt_manager.php
index 69247ea..eb6a114 100644
--- a/classes/core_jwt_manager.php
+++ b/classes/core_jwt_manager.php
@@ -79,7 +79,7 @@ class core_jwt_manager
 
         $secret = $this->config->jwtsecret;
 
-        return JWT::encode($payload, $secret);
+        return JWT::encode($payload, $secret, 'HS256');
     }
 
     /**
@@ -96,7 +96,7 @@ class core_jwt_manager
         $secret = $this->config->jwtsecret;
 
         try {
-            $decoded = JWT::decode($keyvalue, $secret, ['HS256']);
+            $decoded = JWT::decode($keyvalue, $secret);
         } catch (\Exception $e) {
             throw new \moodle_exception('invalidkey');
         }