update jwt encode/decode

Signed-off-by: envoyr <[email protected]>
bitinflow · Feb 20, 2023 · f175197 · f175197
1 parent aea65e0
commit f175197
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 7 deletions.
diff --git a/src/Accounts/ApiTokenCookieFactory.php b/src/Accounts/ApiTokenCookieFactory.php
@@ -77,6 +77,6 @@ protected function createToken($userId, string $csrfToken, Carbon $expiration):
             'sub' => $userId,
             'csrf' => $csrfToken,
             'expiry' => $expiration->getTimestamp(),
-        ], $this->encrypter->getKey());
+        ], $this->encrypter->getKey(), 'RS256');
     }
 }
diff --git a/src/Accounts/Auth/TokenGuard.php b/src/Accounts/Auth/TokenGuard.php
@@ -7,6 +7,7 @@
 use Bitinflow\Accounts\Traits\HasBitinflowTokens;
 use Exception;
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Auth\GuardHelpers;
 use Illuminate\Container\Container;
@@ -181,8 +182,10 @@ protected function decodeJwtTokenCookie(Request $request): array
     {
         return (array)JWT::decode(
             CookieValuePrefix::remove($this->encrypter->decrypt($request->cookie(BitinflowAccounts::cookie()), BitinflowAccounts::$unserializesCookies)),
-            $this->encrypter->getKey(),
-            ['HS256']
+            new Key(
+                $this->encrypter->getKey(),
+                'RS256'
+            )
         );
     }
 

diff --git a/src/Accounts/Helpers/JwtParser.php b/src/Accounts/Helpers/JwtParser.php
@@ -5,15 +5,14 @@
 
 
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Illuminate\Auth\AuthenticationException;
 use Illuminate\Http\Request;
 use stdClass;
 use Throwable;
 
 class JwtParser
 {
-    public const ALLOWED_ALGORITHMS = ['RS256'];
-
     /**
      * @param Request $request
      * @return stdClass
@@ -26,8 +25,7 @@ public function decode(Request $request): stdClass
         try {
             return JWT::decode(
                 $request->bearerToken(),
-                $this->getOauthPublicKey(),
-                self::ALLOWED_ALGORITHMS
+                new Key($this->getOauthPublicKey(),'RS256')
             );
         } catch (Throwable $exception) {
             throw (new AuthenticationException());