Contrib.social

Consider a better JWT library

Open on Drupal.org →
Created on 27 August 2019, about 5 years ago
Updated 11 March 2023, over 1 year ago

consider https://web-token.spomky-labs.com/ and other libraries that support more signatures and seem to be more maintained.
Also https://github.com/lcobucci/jwt

Probably need a new branch for this?

Feature request
Status

Closed: outdated

Version

1.0

Component

Code

Created by

🇺🇸United States pwolanin

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 1 year ago
    🇫🇷France Renrhaf 📍 Strasbourg 🐦🦜
    + ./local-php-security-checker
Symfony Security Check Report
=============================
1 package has known vulnerabilities.
firebase/php-jwt (v5.5.1)
-------------------------
 * [CVE-2021-46743][]: Key/algorithm type confusion
[CVE-2021-46743]: ]8;;https://github.com/advisories/GHSA-8xf4-w7qw-pjjwhttps://github.com/advisories/GHSA-8xf4-w7qw-pjjw]8;;
Note that this checker can only detect vulnerabilities that are referenced in the security advisories database.
Execute this command regularly to check the newly discovered vulnerabilities

    There is a security issue with the currently used library

  • Comment over 1 year ago
    🇫🇷France Renrhaf 📍 Strasbourg 🐦🦜
  • Comment over 1 year ago
    🇺🇸United States pwolanin

    @Renrhaf did you read the extensive note I posted on the project page? https://www.drupal.org/project/jwt

    See also: 📌 Make a 2.x release series compatible with 6.x releases for JWT library Fixed

    Your comment isn't relevant to this issue which would be around considering a totally different library.

  • Status changed to Closed: outdated over 1 year ago
  • Comment over 1 year ago
    🇺🇸United States pwolanin

    Since firebase seems to be getting more regular support/development now and supports Ed25519 signatures I think this can be closed.

    I also like the the firebase library is pretty simple - most of these others seems to have gone out of their way to make the code complex and hard to use.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024