address PHPStan linting issues in JWKS support code (#7)

clerk · Jan 15, 2025 · c0d5c3a · c0d5c3a
1 parent 515c223
commit c0d5c3a
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 22 deletions.
diff --git a/src/Helpers/Jwks/AuthErrorReason.php b/src/Helpers/Jwks/AuthErrorReason.php
@@ -10,7 +10,7 @@ class AuthErrorReason
     public static ErrorReason $SESSION_TOKEN_MISSING;
     public static ErrorReason $SECRET_KEY_MISSING;
 
-    public static function init()
+    public static function init(): void
     {
         self::$SESSION_TOKEN_MISSING = new ErrorReason(
             'session-token-missing',

diff --git a/src/Helpers/Jwks/AuthenticateRequestOptions.php b/src/Helpers/Jwks/AuthenticateRequestOptions.php
@@ -8,18 +8,20 @@ class AuthenticateRequestOptions
 
     private ?string $secretKey;
     private ?string $jwtKey;
+    /** @var array<string> */
     private ?array $audiences;
+    /** @var array<string> */
     private array $authorizedParties;
     private int $clockSkewInMs;
 
     /**
      * Options to configure AuthenticateRequest::authenticateRequest.
      *
-     * @param  string|null  $secretKey  The Clerk secret key from the API Keys page in the Clerk Dashboard.
-     * @param  string|null  $jwtKey  PEM Public String used to verify the session token in a networkless manner.
-     * @param  array|null  $audiences  A list of audiences to verify against.
-     * @param  array|null  $authorizedParties  An allowlist of origins to verify against.
-     * @param  int|null  $clockSkewInMs  Allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms.
+     * @param  ?string  $secretKey  The Clerk secret key from the API Keys page in the Clerk Dashboard.
+     * @param  ?string  $jwtKey  PEM Public String used to verify the session token in a networkless manner.
+     * @param  ?array<string>  $audiences  A list of audiences to verify against.
+     * @param  ?array<string>  $authorizedParties  An allowlist of origins to verify against.
+     * @param  ?int  $clockSkewInMs  Allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms.
      * @throws AuthenticateRequestException
      */
     public function __construct(
@@ -50,11 +52,17 @@ public function getJwtKey(): ?string
         return $this->jwtKey;
     }
 
+    /**
+     * @return ?array<string>
+     */
     public function getAudiences(): ?array
     {
         return $this->audiences;
     }
 
+    /**
+     * @return array<string>
+     */
     public function getAuthorizedParties(): array
     {
         return $this->authorizedParties;

diff --git a/src/Helpers/Jwks/TokenVerificationErrorReason.php b/src/Helpers/Jwks/TokenVerificationErrorReason.php
@@ -21,7 +21,7 @@ class TokenVerificationErrorReason
     public static ErrorReason $TOKEN_INVALID_SIGNATURE;
     public static ErrorReason $SECRET_KEY_MISSING;
 
-    public static function init()
+    public static function init(): void
     {
         self::$JWK_FAILED_TO_LOAD = new ErrorReason(
             'jwk-failed-to-load',

diff --git a/src/Helpers/Jwks/VerifyToken.php b/src/Helpers/Jwks/VerifyToken.php
@@ -79,9 +79,11 @@ public static function verifyToken(string $token, VerifyTokenOptions $options):
     private static function getLocalJwtKey(string $jwtKey): string
     {
         try {
-            $rsaKey = publicKeyLoader::load($jwtKey);
+            $rsaKey = PublicKeyLoader::load($jwtKey);
+            $stringKey = $rsaKey->toString('PKCS8');
 
-            return $rsaKey->toString('PKCS8');
+            /** @phpstan-ignore-next-line */
+            return $stringKey;
         } catch (Exception $ex) {
             throw new TokenVerificationException(TokenVerificationErrorReason::$JWK_LOCAL_INVALID, $ex);
         }

diff --git a/src/Helpers/Jwks/VerifyTokenOptions.php b/src/Helpers/Jwks/VerifyTokenOptions.php
@@ -10,7 +10,9 @@ class VerifyTokenOptions
 
     private ?string $secretKey;
     private ?string $jwtKey;
+    /** @var ?array<string> */
     private ?array $audiences;
+    /** @var ?array<string> */
     private ?array $authorizedParties;
     private int $clockSkewInMs;
     private string $apiUrl;
@@ -19,13 +21,13 @@ class VerifyTokenOptions
     /**
      * Options to configure VerifyToken::verifyToken.
      *
-     * @param  string|null  $secretKey  The Clerk secret key from the API Keys page in the Clerk Dashboard. (Optional)
-     * @param  string|null  $jwtKey  PEM Public String used to verify the session token in a networkless manner. (Optional)
-     * @param  array|null  $audiences  A list of audiences to verify against.
-     * @param  array|null  $authorizedParties  An allowlist of origins to verify against.
-     * @param  int|null  $clockSkewInMs  Allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms.
-     * @param  string|null  $apiUrl  The Clerk Backend API endpoint. Defaults to 'https://api.clerk.com'
-     * @param  string|null  $apiVersion  The version passed to the Clerk API. Defaults to 'v1'
+     * @param  ?string  $secretKey  The Clerk secret key from the API Keys page in the Clerk Dashboard. (Optional)
+     * @param  ?string  $jwtKey  PEM Public String used to verify the session token in a networkless manner. (Optional)
+     * @param  ?array<string>  $audiences  A list of audiences to verify against.
+     * @param  ?array<string>  $authorizedParties  An allowlist of origins to verify against.
+     * @param  ?int  $clockSkewInMs  Allowed time difference (in milliseconds) between the Clerk server (which generates the token) and the clock of the user's application server when validating a token. Defaults to 5000 ms.
+     * @param  ?string  $apiUrl  The Clerk Backend API endpoint. Defaults to 'https://api.clerk.com'
+     * @param  ?string  $apiVersion  The version passed to the Clerk API. Defaults to 'v1'
 
      * @throws TokenVerificationException
      */
@@ -34,9 +36,9 @@ public function __construct(
         ?string $jwtKey = null,
         ?array $audiences = null,
         ?array $authorizedParties = null,
-        ?int $clockSkewInMs = null,
-        ?string $apiUrl = null,
-        ?string $apiVersion = null
+        ?int $clockSkewInMs = self::DEFAULT_CLOCK_SKEW_MS,
+        ?string $apiUrl = self::DEFAULT_API_URL,
+        ?string $apiVersion = self::DEFAULT_API_VERSION
     ) {
         if (empty($secretKey) && empty($jwtKey)) {
             throw new TokenVerificationException(TokenVerificationErrorReason::$SECRET_KEY_MISSING);
@@ -46,9 +48,9 @@ public function __construct(
         $this->jwtKey = $jwtKey;
         $this->audiences = $audiences;
         $this->authorizedParties = $authorizedParties;
-        $this->clockSkewInMs = $clockSkewInMs ?? self::DEFAULT_CLOCK_SKEW_MS;
-        $this->apiUrl = $apiUrl ?? self::DEFAULT_API_URL;
-        $this->apiVersion = $apiVersion ?? self::DEFAULT_API_VERSION;
+        $this->clockSkewInMs = $clockSkewInMs;
+        $this->apiUrl = $apiUrl;
+        $this->apiVersion = $apiVersion;
     }
 
     public function getSecretKey(): ?string
@@ -61,11 +63,17 @@ public function getJwtKey(): ?string
         return $this->jwtKey;
     }
 
+    /**
+     * @return ?array<string>
+     */
     public function getAudiences(): ?array
     {
         return $this->audiences;
     }
 
+    /**
+     * @return ?array<string>
+     */
     public function getAuthorizedParties(): ?array
     {
         return $this->authorizedParties;