How to verify a JWT with several possible key in v6?

[chennien]

According to [issue #214], JWT::decode accepted an array of several possible keys before v6, like this.
$possible_keys = [
'kid1' => 'my_key1',
'kid2' => 'my_key2',
];
$decoded = JWT::decode( $jwt, $possible_keys, ['RS256'] );

May I know how can I achieve the same goal with the new key object in v6?
$decoded = JWT::decode( $jwt, new Key($possible_keys, "RS256") );

I got an error "Fatal error: Uncaught TypeError: Firebase\JWT\JWT::getKey(): Return value must be of type Firebase\JWT\Key, string returned" when I ran above code.

Thank you.

[danilopolani]

The new signature of the decode method is:

@param Key|array<string,Key> $keyOrKeyArray

So you can fix that by mapping the array to kid => new key():

use Firebase\JWT\Key;

$keys = [
    'kid1' => 'key1',
    'kid2' => 'key2',
];

JWT::decode(
    $jwt,
    array_map(
        fn (string $key) => new Key($key, 'ALG HERE'),
        $keys
    )
);

@bshaffer maybe we can document this in the README and the release notes of v6?

[chabid492]

thanks brother @danilopolani I was also facing this issue. solved with your solution

[bshaffer]

Thanks @danilopolani ! I updated the release notes to include multiple keys in an array. We should also add this to the README, as, even though it's documented in PHPDoc, it's not shown anywhere in the README.