Merge branch 'main' into consistent-error-text

Author: bshaffer

.github/workflows/tests.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [ "7.4", "8.0", "8.1", "8.2" ]
+        php: [ "7.4", "8.0", "8.1", "8.2", "8.3" ]
     name: PHP ${{matrix.php }} Unit Test
     steps:
       - uses: actions/checkout@v2
@@ -35,7 +35,7 @@ jobs:
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: "8.0"
+          php-version: "8.2"
       - name: Run Script
         run: |
           composer global require friendsofphp/php-cs-fixer
@@ -49,7 +49,7 @@ jobs:
     - name: Install PHP
       uses: shivammathur/setup-php@v2
       with:
-        php-version: '8.0'
+        php-version: '8.2'
     - name: Run Script
       run: |
         composer install

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [6.10.0](https://github.com/firebase/php-jwt/compare/v6.9.0...v6.10.0) (2023-11-28)
+
+
+### Features
+
+* allow typ header override ([#546](https://github.com/firebase/php-jwt/issues/546)) ([79cb30b](https://github.com/firebase/php-jwt/commit/79cb30b729a22931b2fbd6b53f20629a83031ba9))
+
 ## [6.9.0](https://github.com/firebase/php-jwt/compare/v6.8.1...v6.9.0) (2023-10-04)
 
 

src/CachedKeySet.php

@@ -213,7 +213,7 @@ private function rateLimitExceeded(): bool
 
         $cacheItem = $this->cache->getItem($this->rateLimitCacheKey);
         if (!$cacheItem->isHit()) {
-            $cacheItem->expiresAfter(1); // # of calls are cached each minute
+            $cacheItem->expiresAfter(60); // # of calls are cached each minute
         }
 
         $callsPerMinute = (int) $cacheItem->get();

src/JWT.php

@@ -203,13 +203,14 @@ public static function encode(
         string $keyId = null,
         array $head = null
     ): string {
-        $header = ['typ' => 'JWT', 'alg' => $alg];
+        $header = ['typ' => 'JWT'];
+        if (isset($head) && \is_array($head)) {
+            $header = \array_merge($header, $head);
+        }
+        $header['alg'] = $alg;
         if ($keyId !== null) {
             $header['kid'] = $keyId;
         }
-        if (isset($head) && \is_array($head)) {
-            $header = \array_merge($head, $header);
-        }
         $segments = [];
         $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($header));
         $segments[] = static::urlsafeB64Encode((string) static::jsonEncode($payload));

tests/JWTTest.php

@@ -518,4 +518,26 @@ public function testGetHeaders()
         $this->assertEquals($headers->typ, 'JWT');
         $this->assertEquals($headers->alg, 'HS256');
     }
+
+    public function testAdditionalHeaderOverrides()
+    {
+        $msg = JWT::encode(
+            ['message' => 'abc'],
+            'my_key',
+            'HS256',
+            'my_key_id',
+            [
+                'cty' => 'test-eit;v=1',
+                'typ' => 'JOSE', // override type header
+                'kid' => 'not_my_key_id', // should not override $key param
+                'alg' => 'BAD', // should not override $alg param
+            ]
+        );
+        $headers = new stdClass();
+        JWT::decode($msg, new Key('my_key', 'HS256'), $headers);
+        $this->assertEquals('test-eit;v=1', $headers->cty, 'additional field works');
+        $this->assertEquals('JOSE', $headers->typ, 'typ override works');
+        $this->assertEquals('my_key_id', $headers->kid, 'key param not overridden');
+        $this->assertEquals('HS256', $headers->alg, 'alg param not overridden');
+    }
 }