From 7a9daac56dc64ec1ddb12adece3e1a8f71778cc7 Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Wed, 4 Jan 2017 11:41:05 +0100
Subject: API: fix JWT signature verification

Fixes https://github.com/shaarli/Shaarli/issues/737

Added:
- Base64Url utilities

Fixed:
- use URL-safe Base64 encoding/decoding functions
- use byte representations for HMAC digests
- all JWT parts are Base64Url-encoded

See:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://tools.ietf.org/html/rfc7519
- https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
- https://jwt.io/introduction/
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://secure.php.net/manual/en/function.base64-encode.php#103849

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 composer.json | 1 +
 1 file changed, 1 insertion(+)

(limited to 'composer.json')

diff --git a/composer.json b/composer.json
index cfbde1a0..2fed0df7 100644
--- a/composer.json
+++ b/composer.json
@@ -24,6 +24,7 @@
     },
     "autoload": {
         "psr-4": {
+            "Shaarli\\": "application",
             "Shaarli\\Api\\": "application/api/",
             "Shaarli\\Api\\Controllers\\": "application/api/controllers",
             "Shaarli\\Api\\Exceptions\\": "application/api/exceptions"
-- 
cgit v1.2.3