Ability to have several public keys for JWT signature checking

[sebj54]

Here it is, as discussed in #540 :)

I see what you meant, the commented type in the function declaration is not pretty.
Tell me what you think of it, I'll do the docs before the merge.

[mevdschee]

the commented type in the function declaration is not pretty.

Yeah indeed, that is what I meant. I'm not sure how we should solve this.

[sebj54]

I'm not sure either, I looked for solutions in PHP's documentation but didn't find anything about mixed types. I presume it is a bad pattern 😁

The best solution I see is this one:

1. Move the token deconstruction (string to array) in getClaims method.
2. Get the kid in getClaims too
3. Get the secret from property in that method too (and if it is an array, grab the correct key with kid)
4. Pass the secret to getVerifiedClaims as a string, no matter if it is an array in the configuration

Plus, there is already this check in getClaims, which is also in getVerififedClaims:

if (!$secret) {
     return array();
}

Like this, we can get rid of the token deconstruction and early checks in getVerifiedClaims. We can even add a new method to get the secret from the array.

[sebj54]

Hi @mevdschee, I just pushed the updated code.
Tell me if it needs other improvements before merging!

[mevdschee]

Looks good to me.. I'll merge it soon and do a major version bump as I feel we may need to break BC in the middleware.. Thank you for your work!

[sebj54]

You're welcome!

The version bump sounds good to me as I changed a function signature.

[mevdschee]

@sebj54 I would be very thankful if you would review/test the changes.

[mevdschee]

Thank you for your feedback