Add support for lcobucci/jwt 5.*

.github/workflows/tests.yml

@@ -7,14 +7,17 @@ on:
 
 jobs:
   tests:
-    name: PHP ${{ matrix.php }}
+    name: PHP ${{ matrix.php }} - lcobucci/jwt ${{ matrix.lcobucci-jwt }}
     runs-on: ubuntu-latest
 
     strategy:
       matrix:
         php:
           - "8.1"
           - "8.2"
+        lcobucci-jwt:
+          - "4"
+          - "5"
 
     steps:
       - name: Checkout code
@@ -28,16 +31,16 @@ jobs:
           coverage: xdebug
 
       - name: Install dependencies
-        uses: "ramsey/composer-install@v2"
+        run: |
+          composer require -W "lcobucci/jwt:^${{ matrix.lcobucci-jwt }}.0"
 
-      - name: Setup problem matchers for PHP
-        run: echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+      - name: Setup Problem Matchers
+        run: |
+          echo "::add-matcher::${{ runner.tool_cache }}/php.json"
+          echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
 
       - name: Run PHPStan
         run: vendor/bin/phpstan analyse --no-progress
 
-      - name: Setup Problem Matchers for PHPUnit
-        run: echo "::add-matcher::${{ runner.tool_cache }}/phpunit.json"
-
       - name: Run PHPUnit
-        run: vendor/bin/phpunit
+        run: vendor/bin/phpunit --testdox

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## Unreleased
+
+* Added support for `lcobucci/jwt` 5.*
+
 ## 4.0.0 - 2022-11-26
 
 The most notable change is that you need PHP 8.1/8.2 to use the new version. The language migration to

composer.json

@@ -21,10 +21,11 @@
         "php": "~8.1.0|~8.2.0",
         "ext-json": "*",
         "ext-openssl": "*",
+        "beste/clock": "^3.0",
         "fig/http-message-util": "^1.1.5",
         "guzzlehttp/guzzle": "^7.5",
-        "beste/clock": "^3.0",
-        "lcobucci/jwt": "^4.2.1",
+        "lcobucci/clock": "^3.0",
+        "lcobucci/jwt": "^4.3.0|^5.0",
         "psr/cache": "^1.0|^2.0|^3.0"
     },
     "suggest": {

phpstan.neon.dist

@@ -16,5 +16,7 @@ parameters:
 	            - tests/JWT/IdTokenVerifierTest.php
 	            - tests/JWT/SessionCookieVerifierTest.php
 
+	reportUnmatchedIgnoredErrors: false
+
 includes:
 	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

src/JWT/Action/VerifyIdToken.php

@@ -8,52 +8,66 @@
 
 final class VerifyIdToken
 {
-    private string $token = '';
-    private int $leewayInSeconds = 0;
-    private ?string $expectedTenantId = null;
-
-    private function __construct()
-    {
+    /**
+     * @param non-empty-string $token
+     * @param int<0, max> $leewayInSeconds
+     * @param non-empty-string|null $expectedTenantId
+     */
+    private function __construct(
+        private string $token,
+        private int $leewayInSeconds,
+        private ?string $expectedTenantId,
+    ) {
     }
 
+    /**
+     * @param non-empty-string $token
+     */
     public static function withToken(string $token): self
     {
-        $action = new self();
-        $action->token = $token;
-
-        return $action;
+        return new self($token, 0, null);
     }
 
+    /**
+     * @param non-empty-string $tenantId
+     */
     public function withExpectedTenantId(string $tenantId): self
     {
-        $action = clone $this;
-        $action->expectedTenantId = $tenantId;
-
-        return $action;
+        return new self($this->token, $this->leewayInSeconds, $tenantId);
     }
 
+    /**
+     * @param int<0, max> $seconds
+     */
     public function withLeewayInSeconds(int $seconds): self
     {
+        // @phpstan-ignore-next-line
         if ($seconds < 0) {
             throw new InvalidArgumentException('Leeway must not be negative');
         }
 
-        $action = clone $this;
-        $action->leewayInSeconds = $seconds;
-
-        return $action;
+        return new self($this->token, $seconds, $this->expectedTenantId);
     }
 
+    /**
+     * @return non-empty-string
+     */
     public function token(): string
     {
         return $this->token;
     }
 
+    /**
+     * @return non-empty-string|null
+     */
     public function expectedTenantId(): ?string
     {
         return $this->expectedTenantId;
     }
 
+    /**
+     * @return int<0, max>
+     */
     public function leewayInSeconds(): int
     {
         return $this->leewayInSeconds;

src/JWT/Action/VerifyIdToken/WithLcobucciJWT.php

@@ -11,13 +11,13 @@
 use Kreait\Firebase\JWT\Contract\Keys;
 use Kreait\Firebase\JWT\Contract\Token;
 use Kreait\Firebase\JWT\Error\IdTokenVerificationFailed;
+use Kreait\Firebase\JWT\Signer\None;
 use Kreait\Firebase\JWT\Token as TokenInstance;
 use Kreait\Firebase\JWT\Util;
 use Lcobucci\Clock\FrozenClock;
 use Lcobucci\JWT\Encoding\JoseEncoder;
 use Lcobucci\JWT\Signer;
 use Lcobucci\JWT\Signer\Key\InMemory;
-use Lcobucci\JWT\Signer\None;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Lcobucci\JWT\Token\Parser;
 use Lcobucci\JWT\UnencryptedToken;
@@ -44,8 +44,14 @@ final class WithLcobucciJWT implements Handler
     private Signer $signer;
     private readonly Validator $validator;
 
-    public function __construct(private readonly string $projectId, private readonly Keys $keys, ClockInterface $clock)
-    {
+    /**
+     * @param non-empty-string $projectId
+     */
+    public function __construct(
+        private readonly string $projectId,
+        private readonly Keys $keys,
+        ClockInterface $clock,
+    ) {
         $this->clock = $clock;
         $this->parser = new Parser(new JoseEncoder());
 

src/JWT/Action/VerifySessionCookie.php

@@ -8,52 +8,66 @@
 
 final class VerifySessionCookie
 {
-    private string $sessionCookie = '';
-    private int $leewayInSeconds = 0;
-    private ?string $expectedTenantId = null;
-
-    private function __construct()
-    {
+    /**
+     * @param non-empty-string $sessionCookie
+     * @param int<0, max> $leewayInSeconds
+     * @param non-empty-string|null $expectedTenantId
+     */
+    private function __construct(
+        private readonly string $sessionCookie,
+        private readonly int $leewayInSeconds,
+        private readonly ?string $expectedTenantId,
+    ) {
     }
 
+    /**
+     * @param non-empty-string $sessionCookie
+     */
     public static function withSessionCookie(string $sessionCookie): self
     {
-        $action = new self();
-        $action->sessionCookie = $sessionCookie;
-
-        return $action;
+        return new self($sessionCookie, 0, null);
     }
 
+    /**
+     * @param non-empty-string $tenantId
+     */
     public function withExpectedTenantId(string $tenantId): self
     {
-        $action = clone $this;
-        $action->expectedTenantId = $tenantId;
-
-        return $action;
+        return new self($this->sessionCookie, $this->leewayInSeconds, $tenantId);
     }
 
+    /**
+     * @param int<0, max> $seconds
+     */
     public function withLeewayInSeconds(int $seconds): self
     {
+        // @phpstan-ignore-next-line
         if ($seconds < 0) {
             throw new InvalidArgumentException('Leeway must not be negative');
         }
 
-        $action = clone $this;
-        $action->leewayInSeconds = $seconds;
-
-        return $action;
+        return new self($this->sessionCookie, $seconds, $this->expectedTenantId);
     }
 
+    /**
+     * @return non-empty-string
+     */
     public function sessionCookie(): string
     {
         return $this->sessionCookie;
     }
 
+    /**
+     * @return non-empty-string|null
+     */
     public function expectedTenantId(): ?string
     {
         return $this->expectedTenantId;
     }
 
+    /**
+     * @return int<0, max>
+     */
     public function leewayInSeconds(): int
     {
         return $this->leewayInSeconds;

src/JWT/Action/VerifySessionCookie/WithLcobucciJWT.php

@@ -11,13 +11,13 @@
 use Kreait\Firebase\JWT\Contract\Keys;
 use Kreait\Firebase\JWT\Contract\Token;
 use Kreait\Firebase\JWT\Error\SessionCookieVerificationFailed;
+use Kreait\Firebase\JWT\Signer\None;
 use Kreait\Firebase\JWT\Token as TokenInstance;
 use Kreait\Firebase\JWT\Util;
 use Lcobucci\Clock\FrozenClock;
 use Lcobucci\JWT\Encoding\JoseEncoder;
 use Lcobucci\JWT\Signer;
 use Lcobucci\JWT\Signer\Key\InMemory;
-use Lcobucci\JWT\Signer\None;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use Lcobucci\JWT\Token\Parser;
 use Lcobucci\JWT\UnencryptedToken;
@@ -44,8 +44,14 @@ final class WithLcobucciJWT implements Handler
     private Signer $signer;
     private readonly Validator $validator;
 
-    public function __construct(private readonly string $projectId, private readonly Keys $keys, ClockInterface $clock)
-    {
+    /**
+     * @param non-empty-string $projectId
+     */
+    public function __construct(
+        private readonly string $projectId,
+        private readonly Keys $keys,
+        ClockInterface $clock,
+    ) {
         $this->clock = $clock;
         $this->parser = new Parser(new JoseEncoder());
 

src/JWT/IdTokenVerifier.php

@@ -18,12 +18,18 @@
 
 final class IdTokenVerifier
 {
+    /**
+     * @var non-empty-string
+     */
     private ?string $expectedTenantId = null;
 
     public function __construct(private readonly Handler $handler)
     {
     }
 
+    /**
+     * @param non-empty-string $projectId
+     */
     public static function createWithProjectId(string $projectId): self
     {
         $clock = SystemClock::create();
@@ -35,6 +41,9 @@ public static function createWithProjectId(string $projectId): self
         return new self($handler);
     }
 
+    /**
+     * @param non-empty-string $projectId
+     */
     public static function createWithProjectIdAndCache(string $projectId, CacheItemPoolInterface $cache): self
     {
         $clock = SystemClock::create();
@@ -48,6 +57,9 @@ public static function createWithProjectIdAndCache(string $projectId, CacheItemP
         return new self($handler);
     }
 
+    /**
+     * @param non-empty-string $tenantId
+     */
     public function withExpectedTenantId(string $tenantId): self
     {
         $verifier = clone $this;
@@ -66,6 +78,8 @@ public function execute(VerifyIdToken $action): Token
     }
 
     /**
+     * @param non-empty-string $token
+     *
      * @throws IdTokenVerificationFailed
      */
     public function verifyIdToken(string $token): Token
@@ -74,6 +88,9 @@ public function verifyIdToken(string $token): Token
     }
 
     /**
+     * @param non-empty-string $token
+     * @param int<0, max> $leewayInSeconds
+     *
      * @throws IdTokenVerificationFailed
      * @throws InvalidArgumentException on invalid leeway
      */