Should an empty payload throw an error, if so, where?

Question

Should an empty payload throw an error, if so, where?

chetmac opened this issue 2 years ago · 1 comments

The decode method currently throws an UnexpectedValueException (Payload must be a JSON object) when the payload is/was empty. It seems that either of the following changes should be made, either:

JWT::encode should throw an error on an empty payload
JWT::decode should allow an empty payload, returning empty new StdClass()

Any feedback on which change is best, or why it should be left this way, or something else I'm not considering?

This is an example of what triggers the UnexpectedValueException

$alg = 'HS256';
$key = 'secret';
$token = JWT::encode( [], $key, $alg);
JWT::decode($token, new Key($key, $alg));

Answer 1 · 2023-01-31T18:55:33.000Z

I see this was resolved in version 6.1.2