feat: Allow firebase/php-jwt ^6.2

composer.json

@@ -19,7 +19,7 @@
         "php": ">=7.3|~8.0.0|~8.1.0",
         "ext-curl": "*",
         "ext-json": "*",
-        "firebase/php-jwt": "^5.4"
+        "firebase/php-jwt": "^5.5.1|^6.2"
     },
     "require-dev": {
         "phpunit/phpunit": "^9.5.14",

src/MessageBird/RequestValidator.php

@@ -3,6 +3,7 @@
 namespace MessageBird;
 
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Firebase\JWT\SignatureInvalidException;
 use MessageBird\Exceptions\ValidationException;
 use MessageBird\Objects\SignedRequest;
@@ -14,6 +15,7 @@
 use function http_build_query;
 use function implode;
 use function ksort;
+use function PHPUnit\Framework\throwException;
 use function time;
 
 /**
@@ -139,7 +141,20 @@ public function validateSignature(string $signature, string $url, string $body)
 
         JWT::$leeway = 1;
         try {
-            $decoded = JWT::decode($signature, $this->signingKey, self::ALLOWED_ALGOS);
+            $headb64 = \explode('.', $signature)[0];
+            $headerRaw = JWT::urlsafeB64Decode($headb64);
+            $header = JWT::jsonDecode($headerRaw);
+
+            $key = [];
+            if ($header && property_exists($header, 'alg')) {
+                if (!in_array(strtoupper($header->alg), self::ALLOWED_ALGOS, true)) {
+                    throw new ValidationException('Algorithm not supported');
+                }
+
+                $key = new Key($this->signingKey, $header->alg);
+            }
+
+            $decoded = JWT::decode($signature, $key);
         } catch (\InvalidArgumentException | \UnexpectedValueException | SignatureInvalidException $e) {
             throw new ValidationException($e->getMessage(), $e->getCode(), $e);
         }