Unclear dependencies
Closed this issue · 3 comments
Version(s) affected
webtoken/jwt-library 3.3.1
Description
I got the following error:
PHP Fatal error: Could not check compatibility between Jose\Component\Encryption\Algorithm\KeyEncryption\ECDHESA128KW::getWrapper(): AESKW\A128KW and Jose\Component\Encryption\Algorithm\KeyEncryption\AbstractECDHAESKW::getWrapper(): AESKW\Wrapper, because class AESKW\A128KW is not available in /app/vendor/web-token/jwt-library/Encryption/Algorithm/KeyEncryption/ECDHESA128KW.php on line 16
It was difficult to track down why I was getting this error. I assumed that any dependencies would be handled by composer. It was hard to figure out which package I needed to install to get the missing AESKW\A128KW
class that I needed. I eventually saw that spomky-labs/aes-key-wrap
was listed in the suggested packages and saw that it had the missing class I needed.
I didn't see anywhere in the documentation that mentioned I might also need to install spomky-labs/aes-key-wrap
. Is there a reason that it is not installed by default?
How to reproduce
I am using facile-it/php-openid-client and it uses this package as a dependency. When using OpenID Connect it has the concept of discovery where it downloads the server's configuration including which encryption algorithms it supports. So the encryption used is dynamic depending on which OIDC server you use. If it is using an encryption algorithm that requires aes-key-wrap and it is not installed then you get an error.
Possible Solution
Consider adding spomky-labs/aes-key-wrap
as a dependency.
Additional Context
No response
Hello @ejunker,
I am sorry for the inconvenience. This is a strange behavior because the constructor of the class ECDHESA128KW
, inherited from AbstractECDHAESKW
, is supposed to verify the presence of the class when created and throw an explicit error message.
This library is in the suggested packages list and a warning is showed on the documentation.
To make it even more clear, I will add the required packages for each algorithm on the algorithm page to make it more clear.
spomky-labs/aes-key-wrap
cannot be a hard dependency because it requires ext-openssl
, which may not be wanted by other projects.
Documentation is now up to date to be more precise on this issue.
The constructor error message works as expected.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.