diff --git a/lib/thirdpartylibs.xml b/lib/thirdpartylibs.xml index 4e1bef9172b..ac73cb9d7af 100644 --- a/lib/thirdpartylibs.xml +++ b/lib/thirdpartylibs.xml @@ -299,7 +299,7 @@ php-jwt A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519 BSD - 5.2.0 + 6.0.0 3-Clause diff --git a/mod/bigbluebuttonbn/classes/broker.php b/mod/bigbluebuttonbn/classes/broker.php index 4310be2e802..4f17e90bc63 100644 --- a/mod/bigbluebuttonbn/classes/broker.php +++ b/mod/bigbluebuttonbn/classes/broker.php @@ -18,6 +18,7 @@ namespace mod_bigbluebuttonbn; use Exception; use Firebase\JWT\JWT; +use Firebase\JWT\Key; use mod_bigbluebuttonbn\local\config; /** @@ -88,8 +89,7 @@ class broker { try { $decodedparameters = JWT::decode( $params['signed_parameters'], - config::get('shared_secret'), - ['HS256'] + new Key(config::get('shared_secret'), 'HS256') ); } catch (Exception $e) { $error = 'Caught exception: ' . $e->getMessage(); diff --git a/mod/bigbluebuttonbn/classes/meeting.php b/mod/bigbluebuttonbn/classes/meeting.php index be6c17b1621..d402cad0a24 100644 --- a/mod/bigbluebuttonbn/classes/meeting.php +++ b/mod/bigbluebuttonbn/classes/meeting.php @@ -21,6 +21,7 @@ use cache_store; use context_course; use core_tag_tag; use Exception; +use Firebase\JWT\Key; use mod_bigbluebuttonbn\local\config; use mod_bigbluebuttonbn\local\exceptions\bigbluebutton_exception; use mod_bigbluebuttonbn\local\exceptions\meeting_join_exception; @@ -432,8 +433,7 @@ class meeting { // Verify the authenticity of the request. $token = \Firebase\JWT\JWT::decode( $authorization[1], - config::get('shared_secret'), - ['HS512'] + new Key(config::get('shared_secret'), 'HS512') ); // Get JSON string from the body. diff --git a/mod/lti/classes/local/ltiopenid/registration_helper.php b/mod/lti/classes/local/ltiopenid/registration_helper.php index bbbe9a3d160..5889ee78e7d 100644 --- a/mod/lti/classes/local/ltiopenid/registration_helper.php +++ b/mod/lti/classes/local/ltiopenid/registration_helper.php @@ -28,6 +28,7 @@ defined('MOODLE_INTERNAL') || die; require_once($CFG->dirroot . '/mod/lti/locallib.php'); use Firebase\JWT\JWK; use Firebase\JWT\JWT; +use Firebase\JWT\Key; use stdClass; /** @@ -371,8 +372,9 @@ class registration_helper { */ public function validate_registration_token(string $registrationtokenjwt): array { global $DB; + // JWK::parseKeySet uses RS256 algorithm by default. $keys = JWK::parseKeySet(jwks_helper::get_jwks()); - $registrationtoken = JWT::decode($registrationtokenjwt, $keys, ['RS256']); + $registrationtoken = JWT::decode($registrationtokenjwt, $keys); $response = []; // Get clientid from registrationtoken. $clientid = $registrationtoken->sub; diff --git a/mod/lti/locallib.php b/mod/lti/locallib.php index f3296248daf..54925f9ba0e 100644 --- a/mod/lti/locallib.php +++ b/mod/lti/locallib.php @@ -55,6 +55,7 @@ use mod_lti\helper; use moodle\mod\lti as lti; use Firebase\JWT\JWT; use Firebase\JWT\JWK; +use Firebase\JWT\Key; use mod_lti\local\ltiopenid\jwks_helper; use mod_lti\local\ltiopenid\registration_helper; @@ -1360,14 +1361,16 @@ function lti_verify_with_keyset($jwtparam, $keyseturl, $clientid) { throw new moodle_exception('errornocachedkeysetfound', 'mod_lti'); } $keysetarr = json_decode($keyset, true); + // JWK::parseKeySet uses RS256 algorithm by default. $keys = JWK::parseKeySet($keysetarr); - $jwt = JWT::decode($jwtparam, $keys, ['RS256']); + $jwt = JWT::decode($jwtparam, $keys); } catch (Exception $e) { // Something went wrong, so attempt to update cached keyset and then try again. $keyset = file_get_contents($keyseturl); $keysetarr = json_decode($keyset, true); + // JWK::parseKeySet uses RS256 algorithm by default. $keys = JWK::parseKeySet($keysetarr); - $jwt = JWT::decode($jwtparam, $keys, ['RS256']); + $jwt = JWT::decode($jwtparam, $keys); // If sucessful, updates the cached keyset. $cache->set($clientid, $keyset); } @@ -1414,7 +1417,7 @@ function lti_verify_jwt_signature($typeid, $consumerkey, $jwtparam) { throw new moodle_exception('No public key configured'); } // Attemps to verify jwt with RSA key. - JWT::decode($jwtparam, $publickey, ['RS256']); + JWT::decode($jwtparam, new Key($publickey, 'RS256')); } else if ($typeconfig['keytype'] === LTI_JWK_KEYSET) { $keyseturl = $typeconfig['publickeyset'] ?? ''; if (empty($keyseturl)) {