Feature/update php jwt use php8

.gitignore

@@ -4,3 +4,4 @@
 composer.lock
 .phplint-cache
 coverage.xml
+*.cache

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "php.version": "7.4"
+}

README.md

@@ -19,7 +19,7 @@ For example implementation see [Slim API Skeleton](https://github.com/tuupola/sl
 Install latest version using [composer](https://getcomposer.org/).
 
 ``` bash
-$ composer require tuupola/slim-jwt-auth
+composer require tuupola/slim-jwt-auth
 ```
 
 If using Apache add the following to the `.htaccess` file. Otherwise PHP wont have access to `Authorization: Bearer` header.
@@ -56,8 +56,8 @@ When a request is made, the middleware tries to validate and decode the token. I
 
 Validation errors are triggered when the token has been tampered with or the token has expired. For all possible validation errors, see [JWT library](https://github.com/firebase/php-jwt/blob/master/src/JWT.php#L60-L138) source.
 
-
 ## Optional parameters
+
 ### Path
 
 The optional `path` parameter allows you to specify the protected part of your website. It can be either a string or an array. You do not need to specify each URL. Instead think of `path` setting as a folder. In the example below everything starting with `/api` will be authenticated. If you do not define `path` all routes will be protected.
@@ -195,7 +195,6 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
 
 After function is called only when authentication succeeds and after the incoming middleware stack has been called. You can use this to alter the response before passing it next outgoing middleware in the stack. If it returns anything else than `Psr\Http\Message\ResponseInterface` the return value will be ignored.
 
-
 ``` php
 $app = new Slim\App;
 
@@ -257,7 +256,7 @@ RequestPathRule contains both a `path` parameter and a `ignore` parameter. Latte
 
 99% of the cases you do not need to use the `rules` parameter. It is only provided for special cases when defaults do not suffice.
 
-## Security
+## Security in Tokens
 
 JSON Web Tokens are essentially passwords. You should treat them as such and you should always use HTTPS. If the middleware detects insecure usage over HTTP it will throw a `RuntimeException`. By default this rule is relaxed for requests to server running on `localhost`. To allow insecure usage you must enable it manually by setting `secure` to `false`.
 
@@ -317,12 +316,12 @@ $app->delete("/item/{id}", function ($request, $response, $arguments) {
 You can run tests either manually or automatically on every code change. Automatic tests require [entr](http://entrproject.org/) to work.
 
 ``` bash
-$ make test
+make test
 ```
 
 ``` bash
-$ brew install entr
-$ make watch
+brew install entr
+make watch
 ```
 
 ## Contributing
@@ -331,7 +330,7 @@ Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
 
 ## Security
 
-If you discover any security related issues, please email tuupola@appelsiini.net instead of using the issue tracker.
+If you discover any security related issues, please email <tuupola@appelsiini.net> instead of using the issue tracker.
 
 ## License
 

UPGRADING.md

@@ -1,20 +1,26 @@
 # Updgrading from 2.x to 3.x
 
 ## New namespace
+
 For most cases it is enough just to update the classname. Instead of using the old `Slim\Middleware` namespace:
 
 ```php
-$app->add(new Slim\Middleware\JwtAuthentication([
-    "secret" => "supersecretkeyyoushouldnotcommittogithub"
-]));
+$app->add(new Slim\Middleware\JwtAuthentication(
+        new JwtAuthOptions(
+            secret: "supersecretkeyyoushouldnotcommittogithub"
+        )
+    )
+);
 ```
 
 You should now use `Tuupola\Middleware` instead:
 
 ```php
-$app->add(new Tuupola\Middleware\JwtAuthentication([
-    "secret" => "supersecretkeyyoushouldnotcommittogithub"
-]));
+$app->add(new Tuupola\Middleware\JwtAuthentication(
+    new JwtAuthOptions(
+        secret: "supersecretkeyyoushouldnotcommittogithub"
+    )
+);
 
 ```
 
@@ -34,12 +40,15 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
 You should now do the following instead. Note also that `$response` object is not bassed to `before` anymore. The `before` handler should return ``Psr\Http\Message\ServerRequestInterface`. Anything else will be ignored.
 
 ```php
-$app->add(new Tuupola\Middleware\JwtAuthentication([
-    "ignore" => ["/token"],
-    "before" => function ($request, $arguments) {
+$options = new JwtAuthOptions(
+    secret: "supersecretkeyyoushouldnotcommittogithub", 
+    ignore: ["/token"],
+    before: => function (ServerRequestInterface $request, array $arguments) {
         return $request->withHeader("Foo", "bar");
     }
-]));
+);
+
+$app->add(new Tuupola\Middleware\JwtAuthentication($options));
 ```
 
 ## Changed error handler signature
@@ -57,11 +66,13 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
 You should now do the following instead.
 
 ```php
-$app->add(new Tuupola\Middleware\JwtAuthentication([
-    "error" => function ($response, $arguments) {
+$options = new JwtAuthOptions(
+   error: function (ReponseInterface $response, array $arguments): ResponseInterface {
         return $response->witHeader("Foo", "bar");
     }
-]));
+);
+
+$app->add(new Tuupola\Middleware\JwtAuthentication($options);
 ```
 
 Note that `error` should now return an instance of `Psr\Http\Message\ResponseInterface`. Anything else will be ignored.
@@ -90,3 +101,7 @@ $app->add(new Tuupola\Middleware\JwtAuthentication([
 ## Decoded token is now an array
 
 The decoded token attached to the `$request` object is now an array instead of an object. This might require changes to token handling code.
+
+## Algorithm is a string now
+
+Prefer using strings instead of array of strings, for compartibility with firebase/php-jwt.

composer.json

@@ -20,11 +20,11 @@
         }
     ],
     "require": {
-        "php": "^7.4|^8.0",
-        "psr/log": "^1.0|^2.0|^3.0",
-        "firebase/php-jwt": "^3.0|^4.0|^5.0",
-        "psr/http-message": "^1.0|^2.0",
-        "tuupola/http-factory": "^1.3",
+        "php": "^8.0",
+        "psr/log": "^3.0",
+        "firebase/php-jwt": "^6.0",
+        "psr/http-message": "^1.0",
+        "tuupola/http-factory": "^1.4",
         "tuupola/callable-handler": "^1.0",
         "psr/http-server-middleware": "^1.0"
     },