nextcloud · dependabot · Feb 10, 2023 · Feb 28, 2023
diff --git a/3rdparty/composer.json b/3rdparty/composer.json
@@ -5,6 +5,6 @@
     },
     "require": {
         "onelogin/php-saml": "^4.0",
-        "firebase/php-jwt": "^4.0"
+        "firebase/php-jwt": "^6.4"
     }
 }
diff --git a/3rdparty/composer.lock b/3rdparty/composer.lock
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
@@ -23,6 +23,7 @@
 namespace OCA\User_SAML\Controller;
 
 use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use OC\Core\Controller\ClientFlowLoginController;
 use OC\Core\Controller\ClientFlowLoginV2Controller;
 use OCA\User_SAML\Exceptions\NoUserFoundException;
@@ -664,10 +665,11 @@ private function getDirectLoginUrl($redirectUrl) {
 		return $directUrl;
 	}
 
-	private function isValidJwt($jwt) {
+
+	private function isValidJwt($jwt): bool {
 		try {
 			$key = $this->config->getSystemValue('gss.jwt.key', '');
-			JWT::decode($jwt, $key, ['HS256']);
+			JWT::decode($jwt, new Key($key, 'HS256'));
 		} catch (\Exception $e) {
 			return false;
 		}