Add support for lcobucci/jwt 5.*

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+### Added
+
+* Added support for `lcobucci/jwt` 5.*
+
 ## [7.0.3] - 2023-02-13
 
 ### Fixed

composer.json

@@ -37,7 +37,7 @@
         "google/cloud-storage": "^1.30.1",
         "guzzlehttp/guzzle": "^7.5",
         "kreait/firebase-tokens": "^4.0",
-        "lcobucci/jwt": "^4.3.0",
+        "lcobucci/jwt": "^4.3.0|^5.0",
         "mtdowling/jmespath.php": "^2.6.1",
         "psr/cache": "^1.0.1|^2.0|^3.0",
         "psr/http-message": "^1.0.1",

phpstan.neon.dist

@@ -18,6 +18,7 @@ parameters:
 			path: src/Firebase/AppCheck/AppCheckTokenVerifier.php
 
 	checkUninitializedProperties: true
+	reportUnmatchedIgnoredErrors: false
 
 includes:
 	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

src/Firebase/Auth.php

@@ -39,7 +39,7 @@
 use Kreait\Firebase\Value\ClearTextPassword;
 use Kreait\Firebase\Value\Email;
 use Kreait\Firebase\Value\Uid;
-use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Encoding\JoseEncoder;
 use Lcobucci\JWT\Token;
 use Lcobucci\JWT\UnencryptedToken;
 use Psr\Clock\ClockInterface;
@@ -60,13 +60,16 @@
  */
 final class Auth implements Contract\Auth
 {
+    private Token\Parser $jwtParser;
+
     public function __construct(
         private readonly ApiClient $client,
         private readonly ?CustomTokenViaGoogleCredentials $tokenGenerator,
         private readonly IdTokenVerifier $idTokenVerifier,
         private readonly SessionCookieVerifier $sessionCookieVerifier,
         private readonly ClockInterface $clock,
     ) {
+        $this->jwtParser = new Token\Parser(new JoseEncoder());
     }
 
     public function getUser(Stringable|string $uid): UserRecord
@@ -372,7 +375,7 @@ public function createCustomToken(Stringable|string $uid, array $claims = [], $t
     public function parseToken(string $tokenString): UnencryptedToken
     {
         try {
-            $parsedToken = Configuration::forUnsecuredSigner()->parser()->parse($tokenString);
+            $parsedToken = $this->jwtParser->parse($tokenString);
             assert($parsedToken instanceof UnencryptedToken);
         } catch (Throwable $e) {
             throw new InvalidArgumentException('The given token could not be parsed: '.$e->getMessage());
@@ -388,6 +391,8 @@ public function verifyIdToken($idToken, bool $checkIfRevoked = false, ?int $leew
         $idTokenString = is_string($idToken) ? $idToken : $idToken->toString();
         // The ID Token is annotated as non-empty-string or a valid Token, so it cannot be empty
         // Static analysis are not always sure about that, so we'll help them here.
+        // The assertion is necessary for lcobucci/jwt 4.* but not needed for 5.*
+        // @phpstan-ignore-next-line
         assert($idTokenString !== '');
 
         try {

src/Firebase/Auth/SignInResult.php

@@ -4,7 +4,8 @@
 
 namespace Kreait\Firebase\Auth;
 
-use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Encoding\JoseEncoder;
+use Lcobucci\JWT\Token\Parser;
 use Lcobucci\JWT\UnencryptedToken;
 use stdClass;
 
@@ -36,11 +37,11 @@ final class SignInResult
 
     /** @var non-empty-string|null */
     private ?string $tenantId = null;
-    private Configuration $config;
+    private Parser $parser;
 
     private function __construct()
     {
-        $this->config = Configuration::forUnsecuredSigner();
+        $this->parser = new Parser(new JoseEncoder());
     }
 
     /**
@@ -84,7 +85,7 @@ public function firebaseUserId(): ?string
         // @codeCoverageIgnoreEnd
 
         if ($this->idToken) {
-            $idToken = $this->config->parser()->parse($this->idToken);
+            $idToken = $this->parser->parse($this->idToken);
             assert($idToken instanceof UnencryptedToken);
 
             foreach (['sub', 'localId', 'user_id'] as $claim) {
@@ -111,7 +112,7 @@ public function firebaseTenantId(): ?string
         }
 
         if ($this->idToken) {
-            $idToken = $this->config->parser()->parse($this->idToken);
+            $idToken = $this->parser->parse($this->idToken);
             assert($idToken instanceof UnencryptedToken);
 
             $firebaseClaims = $idToken->claims()->get('firebase', new stdClass());