Invalid argument supplied for foreach() in firebase/php-jwt/src/JWT.php:422

[bstanleynep]

Pull request #2235 updated this package's composer.json file to allow firebase/php-jwt v6.

firebase/php-jwt v6 changed the method signatures for both JWT::encode() and JWT::decode(). It seems that the calls in this library to this method were not updated accordingly.

From the firebase/php-jwt change log

The second argument of JWT::decode now must be Firebase\JWT\Key or array<string, Firebase\JWT\Key> (see firebase/php-jwt#376)
JWT::encode requires third argument $alg (see firebase/php-jwt#376)

The offending decode call is in src/AccessToken/Verify.php(106): Firebase\\JWT\\JWT::decode()

I will follow up this issue with a PR.

Environment details

• OS: Ubuntu 20.04
• PHP version: 7.4.28
• Package name and version: 2.12.2

[alansory]

please review this pr

[johnrobertcobbold]

+1

[slaci]

Seems like composer require firebase/php-jwt:^5.5.1 "fixes" this critical bug meanwhile.

[bshaffer]

Fixed in v2.12.3