From 4adbab77aeaf509a6887e43f065c26f4a1a2149c Mon Sep 17 00:00:00 2001
From: Ronald Mak <ronaldmhk@gmail.com>
Date: Fri, 1 Nov 2019 16:04:56 +0800
Subject: [PATCH] 3 exception classes are missing. leeway should be set as 60
 (seconds). Otherwise verifyUser() would not pass. Return types of some
 functions are wrong.

---
 ASDecoder.php                        | 12 +++++++-----
 Vendor/BeforeValidException.php      |  7 +++++++
 Vendor/ExpiredException.php          |  7 +++++++
 Vendor/SignatureInvalidException.php |  7 +++++++
 4 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100644 Vendor/BeforeValidException.php
 create mode 100644 Vendor/ExpiredException.php
 create mode 100644 Vendor/SignatureInvalidException.php

diff --git a/ASDecoder.php b/ASDecoder.php
index 382fe4d..caa5798 100644
--- a/ASDecoder.php
+++ b/ASDecoder.php
@@ -6,6 +6,7 @@
 use AppleSignIn\Vendor\JWT;
 
 use Exception;
+use stdClass;
 
 /**
  * Decode Sign In with Apple identity token, and produce an ASPayload for
@@ -21,9 +22,9 @@ class ASDecoder {
      * Parse a provided Sign In with Apple identity token.
      *
      * @param string $identityToken
-     * @return object|null
+     * @return ASPayload|null
      */
-    public static function getAppleSignInPayload(string $identityToken) : ?object
+    public static function getAppleSignInPayload(string $identityToken) : ?ASPayload
     {
         $identityPayload = self::decodeIdentityToken($identityToken);
         return new ASPayload($identityPayload);
@@ -33,14 +34,15 @@ public static function getAppleSignInPayload(string $identityToken) : ?object
      * Decode the Apple encoded JWT using Apple's public key for the signing.
      *
      * @param string $identityToken
-     * @return object
+     * @return stdClass
      */
-    public static function decodeIdentityToken(string $identityToken) : object {
+    public static function decodeIdentityToken(string $identityToken) : stdClass {
         $publicKeyData = self::fetchPublicKey();
 
         $publicKey = $publicKeyData['publicKey'];
         $alg = $publicKeyData['alg'];
 
+        JWT::$leeway = 60;
         $payload = JWT::decode($identityToken, $publicKey, [$alg]);
 
         return $payload;
@@ -82,7 +84,7 @@ public static function fetchPublicKey() : array {
 class ASPayload {
     protected $_instance;
 
-    public function __construct(?object $instance) {
+    public function __construct(?stdClass $instance) {
         if(is_null($instance)) {
             throw new Exception('ASPayload received null instance.');
         }
diff --git a/Vendor/BeforeValidException.php b/Vendor/BeforeValidException.php
new file mode 100644
index 0000000..05118ee
--- /dev/null
+++ b/Vendor/BeforeValidException.php
@@ -0,0 +1,7 @@
+<?php
+namespace AppleSignIn\Vendor;
+
+class BeforeValidException extends \UnexpectedValueException
+{
+
+}
diff --git a/Vendor/ExpiredException.php b/Vendor/ExpiredException.php
new file mode 100644
index 0000000..c0793f2
--- /dev/null
+++ b/Vendor/ExpiredException.php
@@ -0,0 +1,7 @@
+<?php
+namespace AppleSignIn\Vendor;
+
+class ExpiredException extends \UnexpectedValueException
+{
+
+}
diff --git a/Vendor/SignatureInvalidException.php b/Vendor/SignatureInvalidException.php
new file mode 100644
index 0000000..469a23f
--- /dev/null
+++ b/Vendor/SignatureInvalidException.php
@@ -0,0 +1,7 @@
+<?php
+namespace AppleSignIn\Vendor;
+
+class SignatureInvalidException extends \UnexpectedValueException
+{
+
+}