fix: handle JWT decode of non JWT tokens

jumbojett · Sep 5, 2024 · 31e1ac6 · 31e1ac6
1 parent 1e85443
commit 31e1ac6
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 [unreleased]
+- Fix JWT decode of non JWT tokens #428
+- Fix method signatures #427
 - Updated CI to also test on PHP 8.3 #407
 - Updated readme PHP requirement to PHP 7.0+ #407
 - Added dependabot for GitHub Actions #407

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
@@ -1220,11 +1220,11 @@ protected function urlEncode(string $str): string
     /**
      * @param string $jwt encoded JWT
      * @param int $section the section we would like to decode
-     * @return object|null
+     * @return object|string|null
      */
     protected function decodeJWT(string $jwt, int $section = 0) {
         $parts = explode('.', $jwt);
-        return json_decode(base64url_decode($parts[$section]), false);
+        return json_decode(base64url_decode($parts[$section] ?? ''), false);
     }
 
     /**
@@ -1737,6 +1737,10 @@ public function getRefreshToken()
         return $this->refreshToken;
     }
 
+    public function setIdToken(string $idToken) {
+        $this->idToken = $idToken;
+    }
+
     /**
      * @return string|null
      */
@@ -1753,21 +1757,21 @@ public function getAccessTokenHeader() {
     }
 
     /**
-     * @return object
+     * @return object|string|null
      */
     public function getAccessTokenPayload() {
         return $this->decodeJWT($this->accessToken, 1);
     }
 
     /**
-     * @return object
+     * @return object|string|null
      */
     public function getIdTokenHeader() {
         return $this->decodeJWT($this->idToken);
     }
 
     /**
-     * @return object
+     * @return object|string|null
      */
     public function getIdTokenPayload() {
         return $this->decodeJWT($this->idToken, 1);

diff --git a/tests/OpenIDConnectClientTest.php b/tests/OpenIDConnectClientTest.php
@@ -10,9 +10,20 @@ class OpenIDConnectClientTest extends TestCase
     public function testJWTDecode()
     {
         $client = new OpenIDConnectClient();
+        # access token
         $client->setAccessToken('');
         $header = $client->getAccessTokenHeader();
         self::assertEquals('', $header);
+        $payload = $client->getAccessTokenPayload();
+        self::assertEquals('', $payload);
+
+        # id token
+        $client->setIdToken('');
+        $header = $client->getIdTokenHeader();
+        self::assertEquals('', $header);
+        $payload = $client->getIdTokenPayload();
+        self::assertEquals('', $payload);
+
     }
 
     public function testGetNull()