Won't fix Update built-in web-token library

[DragonByte Tech]

Affected version

2.2.0 Beta 1

In recent versions of web-token/jwt-signature, the signature for JWSBuilder changed: https://github.com/web-token/jwt-si...dee247fc45ce745c73b4c782a5/JWSBuilder.php#L53

Previous version: https://github.com/web-token/jwt-si...dcaa481a075a5f4f8852938139/JWSBuilder.php#L58

This means I have to perform hacks like this:

    "autoload": {
        "files": [
            "vendor-custom/edamov/pushok/src/Payload.php",
            "vendor-custom/edamov/pushok/src/AuthProvider/Token.php"
        ]
    },

Whenever I want to implement a library that uses JWT. It would be great if XF's native JWT library could be updated.

Thank you for considering.

 

[Chris D]

I'll move this to bugs so I don't forget but the short answer is we might not be able to.

The jwt-signature package comes in due to the web-push library. There is a v5 of that and the minimum PHP requirements haven't changed (and we still require PHP 7.1 for push notifications) so it should be ok but it will really depend what kind of changes this involves.

 

[Chris D]

I had a look at this but it's not good news unfortunately.

We have updated the web push library but they unfortunately still instantiate a JWSBuilder object with the old style signature.

On further investigation, the issue appears to be that the web push library is still targeting PHP 7.1 but JWT is targeting PHP 7.2. At this point while everything works nicely at a minimum of PHP 7.1 even if it were the case that there was a PHP 7.2 version available for the web push library, we wouldn't be looking to increase those requirements for push notifications so unfortunately you'll have to continue with your hacks for the foreseeable.