Changed the validation for the 'key' parameter from ALPHANUM to RAW in the JWT login method. This allows more flexible key formats, accommodating a wider range of authentication schemes. Ensure existing keys are compatible with the broader validation.
Added error logging to capture JWT decode exceptions, aiding in pinpointing issues during authentication. This change improves troubleshooting and enhances the overall robustness of the JWT handling process.
Modified the JWT::decode method to use the Key object for decoding JWTs. This enhances security by explicitly specifying the algorithm used (HS256) and aligns with recent updates in the Firebase JWT library.
Introduced new settings for JWT secret and its description to the JWT authentication plugin. The settings allow administrators to configure a secret key used for signing JWT tokens.
Also updated the plugin version to ensure proper synchronization with these changes.
Addresses setup requirements for heightened JWT security.
Updated JWT::encode to explicitly use the HS256 algorithm for greater security. Removed redundant algorithm specification in JWT::decode for improved consistency and simplicity. This ensures the JWT operations follow expected standards and enhances maintainability.
Aligned terminology with JWT standards by changing references from "user key" to "JWT" for better clarity and consistency. This enhances understanding for developers and users familiar with JWT (JSON Web Token) authentication, ensuring the plugin's description and functionality are clear.
Switched from relative path to using __DIR__ constant for requiring vendor/autoload.php. This ensures correct file inclusion regardless of the script's execution context, preventing potential loading issues.
Added composer configuration files to manage dependencies. Installed and configured the Firebase PHP-JWT library to handle JWT encoding and decoding. This enhancement aims to streamline JWT operations within the project.
Also updated .gitignore to exclude Composer artifacts.
Rebranded the auth_userkey plugin to auth_jwt, including changes to namespace, class names, and configuration settings to reflect the new jwt-based authentication mechanism. Updated copyright notices and contact information accordingly. This refactoring also includes the introduction of JWT token management using the Firebase JWT library, replacing the user quick keys.