From f1aed9b16bb35e85ea13a1255e7d3f6f5ce19533 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phan=20Kochen?= <git@stephank.nl>
Date: Tue, 21 Dec 2021 14:52:00 +0100
Subject: [PATCH 1/3] Relax phpasn1 dependency version

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index fbd5cb5..1dbeb84 100644
--- a/composer.json
+++ b/composer.json
@@ -15,7 +15,7 @@
     }
   },
   "require": {
-    "fgrosse/phpasn1": "2.2",
+    "fgrosse/phpasn1": "^2.2",
     "lcobucci/clock": "^2.0",
     "lcobucci/jwt": "^4.1",
     "guzzlehttp/guzzle": "^7.3"

From ffde5ec0c1d41c24c5fd3e71a3032bddf34987d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phan=20Kochen?= <git@stephank.nl>
Date: Tue, 21 Dec 2021 14:52:31 +0100
Subject: [PATCH 2/3] Test on PHP 8.1

---
 .github/workflows/check.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 5b14f01..bed0b0f 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ['7.4', '8.0']
+        php-versions: ['7.4', '8.0', '8.1']
     steps:
 
       - name: Checkout

From 5c99d66ae580ce15b044b123446c9adec09720f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phan=20Kochen?= <git@stephank.nl>
Date: Tue, 21 Dec 2021 14:57:08 +0100
Subject: [PATCH 3/3] Upgrade to PHPStan 1.2.0

---
 composer.json      |  2 +-
 src/Client.php     | 12 +++++++++++-
 src/RedisStore.php |  5 ++++-
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/composer.json b/composer.json
index 1dbeb84..8b4c3e1 100644
--- a/composer.json
+++ b/composer.json
@@ -22,7 +22,7 @@
   },
   "require-dev": {
     "phpunit/phpunit": "^9.5",
-    "phpstan/phpstan": "^0.12",
+    "phpstan/phpstan": "^1.2.0",
     "squizlabs/php_codesniffer": "^3.6",
     "phpspec/prophecy-phpunit": "^2.0"
   }
diff --git a/src/Client.php b/src/Client.php
index 5f11954..eb4c8b6 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -176,10 +176,20 @@ public function verify(string $token): string
             throw new \Exception(sprintf('Token is missing claims: %s', implode(', ', $missing)));
         }
 
-        // Consume the nonce.
         $nonce = $claims->get('nonce');
         $email = $claims->get('email');
         $emailOriginal = $claims->get('email_original', $email);
+        if (!is_string($nonce)) {
+            throw new \Exception(sprintf('Token claim "nonce" is not a string'));
+        }
+        if (!is_string($email)) {
+            throw new \Exception(sprintf('Token claim "email" is not a string'));
+        }
+        if (!is_string($emailOriginal)) {
+            throw new \Exception(sprintf('Token claim "email_original" is not a string'));
+        }
+
+        // Consume the nonce.
         $this->store->consumeNonce($nonce, $emailOriginal);
 
         // Return the normalized email.
diff --git a/src/RedisStore.php b/src/RedisStore.php
index df2abf1..cfab10c 100644
--- a/src/RedisStore.php
+++ b/src/RedisStore.php
@@ -29,7 +29,10 @@ public function fetchCached(string $cacheId, string $url): \stdClass
 
         $data = $this->redis->get($key);
         if ($data) {
-            return json_decode($data);
+            $data = json_decode($data);
+            assert($data instanceof \stdClass);
+
+            return $data;
         }
 
         $res = $this->fetch($url);