From 1b15394d579ac30cb5c1c6a539da498dd3d329b4 Mon Sep 17 00:00:00 2001
From: Robin Chalas <robin.chalas@gmail.com>
Date: Tue, 3 Jul 2018 10:25:14 +0200
Subject: [PATCH 1/2] Fix unused clock skew (bad rebase)

---
 Services/JWSProvider/LcobucciJWSProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Services/JWSProvider/LcobucciJWSProvider.php b/Services/JWSProvider/LcobucciJWSProvider.php
index dcae7f8a..64cbc42f 100644
--- a/Services/JWSProvider/LcobucciJWSProvider.php
+++ b/Services/JWSProvider/LcobucciJWSProvider.php
@@ -110,7 +110,7 @@ public function load($token)
             $payload[$claim->getName()] = $claim->getValue();
         }
 
-        return new LoadedJWS($payload, $this->verify($jws), null !== $this->ttl, $jws->getHeaders());
+        return new LoadedJWS($payload, $this->verify($jws), null !== $this->ttl, $jws->getHeaders(), $this->clockSkew);
     }
 
     private function getSignerForAlgorithm($signatureAlgorithm)

From b6beaea926cb0a2eda5a468382fbe34fac49705e Mon Sep 17 00:00:00 2001
From: Robin Chalas <robin.chalas@gmail.com>
Date: Tue, 3 Jul 2018 11:09:48 +0200
Subject: [PATCH 2/2] Improve deprecation message when using the default
 encoder service

---
 .../LexikJWTAuthenticationExtension.php       |  5 +++
 .../LexikJWTAuthenticationExtensionTest.php   | 45 +++++--------------
 2 files changed, 16 insertions(+), 34 deletions(-)

diff --git a/DependencyInjection/LexikJWTAuthenticationExtension.php b/DependencyInjection/LexikJWTAuthenticationExtension.php
index 54f4ed10..7b9fb854 100644
--- a/DependencyInjection/LexikJWTAuthenticationExtension.php
+++ b/DependencyInjection/LexikJWTAuthenticationExtension.php
@@ -61,6 +61,11 @@ public function load(array $configs, ContainerBuilder $container)
         $container->setParameter('lexik_jwt_authentication.clock_skew', $config['clock_skew']);
         $container->setParameter('lexik_jwt_authentication.user_identity_field', $config['user_identity_field']);
         $encoderConfig = $config['encoder'];
+
+        if ('lexik_jwt_authentication.encoder.default' === $encoderConfig['service']) {
+            @trigger_error('Using "lexik_jwt_authentication.encoder.default" as encoder service is deprecated since LexikJWTAuthenticationBundle 2.5, use "lexik_jwt_authentication.encoder.lcobucci" (default) or your own encoder service instead.', E_USER_DEPRECATED);
+        }
+
         $container->setAlias('lexik_jwt_authentication.encoder', new Alias($encoderConfig['service'], true));
         $container->setAlias(JWTEncoderInterface::class, 'lexik_jwt_authentication.encoder');
         $container->setAlias(
diff --git a/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php b/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php
index ffb63de6..050a3a69 100644
--- a/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php
+++ b/Tests/Functional/DependencyInjection/LexikJWTAuthenticationExtensionTest.php
@@ -5,7 +5,6 @@
 use Lexik\Bundle\JWTAuthenticationBundle\DependencyInjection\LexikJWTAuthenticationExtension;
 use Lexik\Bundle\JWTAuthenticationBundle\Encoder\LcobucciJWTEncoder;
 use Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle;
-use Lexik\Bundle\JWTAuthenticationBundle\Services\JWSProvider\DefaultJWSProvider;
 use Lexik\Bundle\JWTAuthenticationBundle\Tests\Functional\TestCase;
 use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
 use Symfony\Component\Config\FileLocator;
@@ -33,40 +32,18 @@ protected function setUp()
         }
     }
 
-    public function testEncoderConfiguration()
+    public function testEncoderAlias()
     {
-        /* @var \Symfony\Component\DependencyInjection\ContainerInterface */
-        $container          = static::$kernel->getContainer();
-        $encoderNamespace   = 'lexik_jwt_authentication.encoder';
-        $cryptoEngine       = $container->getParameter($encoderNamespace.'.crypto_engine');
-        $signatureAlgorithm = $container->getParameter($encoderNamespace.'.signature_algorithm');
-
-        $jwsProviderMock = $this
-            ->getMockBuilder(DefaultJWSProvider::class)
-            ->setConstructorArgs([
-                $container->get('lexik_jwt_authentication.key_loader'),
-                $cryptoEngine,
-                $signatureAlgorithm,
-                3600,
-                0,
-            ])
-            ->getMock();
-
-        $this->assertInstanceOf(LcobucciJWTEncoder::class, $container->get($encoderNamespace));
-
-        // The configured engine is the one used by the service
-        $this->assertAttributeEquals(
-            'openssl' == $cryptoEngine ? 'OpenSSL' : 'SecLib',
-            'cryptoEngine',
-            $jwsProviderMock
-        );
-
-        // The configured algorithm is the one used by the service
-        $this->assertAttributeEquals(
-            $signatureAlgorithm,
-            'signatureAlgorithm',
-            $jwsProviderMock
-        );
+        $this->assertInstanceOf(LcobucciJWTEncoder::class, static::$kernel->getContainer()->get('lexik_jwt_authentication.encoder'));
+    }
+
+    /**
+     * @group legacy
+     * @expectedDeprecation Using "lexik_jwt_authentication.encoder.default" as encoder service is deprecated since LexikJWTAuthenticationBundle 2.5, use "lexik_jwt_authentication.encoder.lcobucci" (default) or your own encoder service instead.
+     */
+    public function testDeprecatedDefaultEncoderService()
+    {
+        (new LexikJWTAuthenticationExtension())->load([['encoder' => ['service' => 'lexik_jwt_authentication.encoder.default']]], new ContainerBuilder());
     }
 
     public function testTokenExtractorsConfiguration()