KumiSystems/moodle-auth_jwt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(jwt): specify algorithm in encode and remove in decode
Some checks failed
ci / ci (push) Failing after 0s
Details

Browse source 
Updated JWT::encode to explicitly use the HS256 algorithm for greater security. Removed redundant algorithm specification in JWT::decode for improved consistency and simplicity. This ensures the JWT operations follow expected standards and enhances maintainability.
This commit is contained in:
Kumi 2024-06-25 19:23:13 +02:00
parent dbcf9bebc3
commit 828af94032
Signed by: kumi
GPG key ID: ECBCC9082395383F
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
classes/core_jwt_manager.php
View file

@ -79,7 +79,7 @@ class core_jwt_manager
$secret = $this->config->jwtsecret;
return JWT::encode($payload, $secret);
return JWT::encode($payload, $secret, 'HS256');
}
/**
@ -96,7 +96,7 @@ class core_jwt_manager
$secret = $this->config->jwtsecret;
try {
$decoded = JWT::decode($keyvalue, $secret, ['HS256']);
$decoded = JWT::decode($keyvalue, $secret);
} catch (\Exception $e) {
throw new \moodle_exception('invalidkey');
}