From 9a560538465b08d85e050398b23fdeb2719fc837 Mon Sep 17 00:00:00 2001
From: Florent Morselli <florent.morselli@spomky-labs.com>
Date: Tue, 9 Jul 2024 16:59:11 +0200
Subject: [PATCH] Update web-token/jwt-library version and adjust checker
 parameters

The web-token/jwt-library has been updated to allow versions up to 4.0 across multiple components. Additionally, the parameters for the IssuedAtChecker, NotBeforeChecker, and ExpirationTimeChecker in the OidcTokenHandler have been adjusted to support named arguments as required by the new version of the library.
---
 composer.json                                               | 2 +-
 src/Symfony/Bundle/SecurityBundle/composer.json             | 2 +-
 .../Security/Http/AccessToken/Oidc/OidcTokenHandler.php     | 6 +++---
 src/Symfony/Component/Security/Http/composer.json           | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/composer.json b/composer.json
index 5fd5177abe4c3..febec389685c8 100644
--- a/composer.json
+++ b/composer.json
@@ -158,7 +158,7 @@
         "twig/cssinliner-extra": "^2.12|^3",
         "twig/inky-extra": "^2.12|^3",
         "twig/markdown-extra": "^2.12|^3",
-        "web-token/jwt-library": "^3.3.2"
+        "web-token/jwt-library": "^3.3.2|^4.0"
     },
     "conflict": {
         "ext-psr": "<1.1|>=2",
diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json
index ca85d48602c14..7267fa759094c 100644
--- a/src/Symfony/Bundle/SecurityBundle/composer.json
+++ b/src/Symfony/Bundle/SecurityBundle/composer.json
@@ -51,7 +51,7 @@
         "symfony/validator": "^6.4|^7.0",
         "symfony/yaml": "^6.4|^7.0",
         "twig/twig": "^3.0.4",
-        "web-token/jwt-library": "^3.3.2"
+        "web-token/jwt-library": "^3.3.2|^4.0"
     },
     "conflict": {
         "symfony/browser-kit": "<6.4",
diff --git a/src/Symfony/Component/Security/Http/AccessToken/Oidc/OidcTokenHandler.php b/src/Symfony/Component/Security/Http/AccessToken/Oidc/OidcTokenHandler.php
index 8b0a3f3d26471..69e739d2fef40 100644
--- a/src/Symfony/Component/Security/Http/AccessToken/Oidc/OidcTokenHandler.php
+++ b/src/Symfony/Component/Security/Http/AccessToken/Oidc/OidcTokenHandler.php
@@ -86,9 +86,9 @@ public function getUserBadgeFrom(string $accessToken): UserBadge
 
             // Verify the claims
             $checkers = [
-                new Checker\IssuedAtChecker(0, false, $this->clock),
-                new Checker\NotBeforeChecker(0, false, $this->clock),
-                new Checker\ExpirationTimeChecker(0, false, $this->clock),
+                new Checker\IssuedAtChecker(clock: $this->clock, allowedTimeDrift: 0, protectedHeaderOnly: false),
+                new Checker\NotBeforeChecker(clock: $this->clock, allowedTimeDrift: 0, protectedHeaderOnly: false),
+                new Checker\ExpirationTimeChecker(clock: $this->clock, allowedTimeDrift: 0, protectedHeaderOnly: false),
                 new Checker\AudienceChecker($this->audience),
                 new Checker\IssuerChecker($this->issuers),
             ];
diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json
index fc0b447b60363..9a443fe8ce621 100644
--- a/src/Symfony/Component/Security/Http/composer.json
+++ b/src/Symfony/Component/Security/Http/composer.json
@@ -36,7 +36,7 @@
         "symfony/security-csrf": "^6.4|^7.0",
         "symfony/translation": "^6.4|^7.0",
         "psr/log": "^1|^2|^3",
-        "web-token/jwt-library": "^3.3.2"
+        "web-token/jwt-library": "^3.3.2|^4.0"
     },
     "conflict": {
         "symfony/clock": "<6.4",