diff --git a/lib/thirdpartylibs.xml b/lib/thirdpartylibs.xml
index 4e1bef9172b..ac73cb9d7af 100644
--- a/lib/thirdpartylibs.xml
+++ b/lib/thirdpartylibs.xml
@@ -299,7 +299,7 @@
php-jwt
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519
BSD
- 5.2.0
+ 6.0.0
3-Clause
diff --git a/mod/bigbluebuttonbn/classes/broker.php b/mod/bigbluebuttonbn/classes/broker.php
index 4310be2e802..4f17e90bc63 100644
--- a/mod/bigbluebuttonbn/classes/broker.php
+++ b/mod/bigbluebuttonbn/classes/broker.php
@@ -18,6 +18,7 @@ namespace mod_bigbluebuttonbn;
use Exception;
use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
use mod_bigbluebuttonbn\local\config;
/**
@@ -88,8 +89,7 @@ class broker {
try {
$decodedparameters = JWT::decode(
$params['signed_parameters'],
- config::get('shared_secret'),
- ['HS256']
+ new Key(config::get('shared_secret'), 'HS256')
);
} catch (Exception $e) {
$error = 'Caught exception: ' . $e->getMessage();
diff --git a/mod/bigbluebuttonbn/classes/meeting.php b/mod/bigbluebuttonbn/classes/meeting.php
index be6c17b1621..d402cad0a24 100644
--- a/mod/bigbluebuttonbn/classes/meeting.php
+++ b/mod/bigbluebuttonbn/classes/meeting.php
@@ -21,6 +21,7 @@ use cache_store;
use context_course;
use core_tag_tag;
use Exception;
+use Firebase\JWT\Key;
use mod_bigbluebuttonbn\local\config;
use mod_bigbluebuttonbn\local\exceptions\bigbluebutton_exception;
use mod_bigbluebuttonbn\local\exceptions\meeting_join_exception;
@@ -432,8 +433,7 @@ class meeting {
// Verify the authenticity of the request.
$token = \Firebase\JWT\JWT::decode(
$authorization[1],
- config::get('shared_secret'),
- ['HS512']
+ new Key(config::get('shared_secret'), 'HS512')
);
// Get JSON string from the body.
diff --git a/mod/lti/classes/local/ltiopenid/registration_helper.php b/mod/lti/classes/local/ltiopenid/registration_helper.php
index bbbe9a3d160..5889ee78e7d 100644
--- a/mod/lti/classes/local/ltiopenid/registration_helper.php
+++ b/mod/lti/classes/local/ltiopenid/registration_helper.php
@@ -28,6 +28,7 @@ defined('MOODLE_INTERNAL') || die;
require_once($CFG->dirroot . '/mod/lti/locallib.php');
use Firebase\JWT\JWK;
use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
use stdClass;
/**
@@ -371,8 +372,9 @@ class registration_helper {
*/
public function validate_registration_token(string $registrationtokenjwt): array {
global $DB;
+ // JWK::parseKeySet uses RS256 algorithm by default.
$keys = JWK::parseKeySet(jwks_helper::get_jwks());
- $registrationtoken = JWT::decode($registrationtokenjwt, $keys, ['RS256']);
+ $registrationtoken = JWT::decode($registrationtokenjwt, $keys);
$response = [];
// Get clientid from registrationtoken.
$clientid = $registrationtoken->sub;
diff --git a/mod/lti/locallib.php b/mod/lti/locallib.php
index f3296248daf..54925f9ba0e 100644
--- a/mod/lti/locallib.php
+++ b/mod/lti/locallib.php
@@ -55,6 +55,7 @@ use mod_lti\helper;
use moodle\mod\lti as lti;
use Firebase\JWT\JWT;
use Firebase\JWT\JWK;
+use Firebase\JWT\Key;
use mod_lti\local\ltiopenid\jwks_helper;
use mod_lti\local\ltiopenid\registration_helper;
@@ -1360,14 +1361,16 @@ function lti_verify_with_keyset($jwtparam, $keyseturl, $clientid) {
throw new moodle_exception('errornocachedkeysetfound', 'mod_lti');
}
$keysetarr = json_decode($keyset, true);
+ // JWK::parseKeySet uses RS256 algorithm by default.
$keys = JWK::parseKeySet($keysetarr);
- $jwt = JWT::decode($jwtparam, $keys, ['RS256']);
+ $jwt = JWT::decode($jwtparam, $keys);
} catch (Exception $e) {
// Something went wrong, so attempt to update cached keyset and then try again.
$keyset = file_get_contents($keyseturl);
$keysetarr = json_decode($keyset, true);
+ // JWK::parseKeySet uses RS256 algorithm by default.
$keys = JWK::parseKeySet($keysetarr);
- $jwt = JWT::decode($jwtparam, $keys, ['RS256']);
+ $jwt = JWT::decode($jwtparam, $keys);
// If sucessful, updates the cached keyset.
$cache->set($clientid, $keyset);
}
@@ -1414,7 +1417,7 @@ function lti_verify_jwt_signature($typeid, $consumerkey, $jwtparam) {
throw new moodle_exception('No public key configured');
}
// Attemps to verify jwt with RSA key.
- JWT::decode($jwtparam, $publickey, ['RS256']);
+ JWT::decode($jwtparam, new Key($publickey, 'RS256'));
} else if ($typeconfig['keytype'] === LTI_JWK_KEYSET) {
$keyseturl = $typeconfig['publickeyset'] ?? '';
if (empty($keyseturl)) {