JWT Framework
v3.2
v3.2
  • Introduction
  • Introduction
    • Provided Features
    • Security Recommendations
    • The Framework
    • Pre-requisite
    • Continous Integration
    • Contributing
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • From v1.x to v2.0
    • From v2.x to v3.0
    • From v3.x to v4.0
Powered by GitBook
On this page
  • Update the libraries
  • Spot deprecations
  • List of deprecations:
  • Add missing dependencies
  • Upgrade the libraries

Was this helpful?

Edit on GitHub
Export as PDF
  1. Migration

From v1.x to v2.0

PreviousResult tableNextFrom v2.x to v3.0

Was this helpful?

Contrary to upgrade a minor version (where the middle number changes) where no difficulty should be encountered, upgrade a major version (where the first number changes) is subject to significant modifications.

Update the libraries

First of all, you have to make sure you are using the last v1.x release (1.3.8).

Spot deprecations

Next, you have to verify you don’t use any deprecated class, interface, method or property. If you have PHPUnit tests, .

List of deprecations:

  • Jose\Component\Core\JWK::create(): this static function is removed. Use the constructor instead

  • Jose\Component\Core\JWKSet::createFromKeys() : this static function is removed. Use the constructor instead

  • Jose\Component\Core\Converter\JsonConverter: this interface is removed. No replacement.

  • Jose\Component\Core\Converter\StandardConverter: this class is removed. No replacement.

  • Jose\Component\Encryption\Compression\CompressionMethodManager::create(): this static function is removed. Use the constructor instead

  • Jose\Component\Encryption\Compression\GZip: this class is removed. No replacement.

  • Jose\Component\Encryption\Compression\ZLib: this class is removed. No replacement.

  • Jose\Component\Encryption\Serializer\JWESerializerManager::list(): this method is removed. Please use names()

  • Jose\Component\Checker\ClaimCheckerManager::create() : this static function is removed. Use the constructor instead

  • Jose\Component\Checker\HeaderCheckerManager::create() : this static function is removed. Use the constructor instead

  • Jose\Component\Core\AlgorithmManager::create() : this static function is removed. Use the constructor instead

  • Jose\Component\Encryption\Serializer\JWESerializerManager::create() : this static function is removed. Use the constructor instead

  • Jose\Component\Signature\Serializer\JWSSerializerManager::create() : this static function is removed. Use the constructor instead

With the Symfony bundle, the configuration option jose.json_converter is removed.

Add missing dependencies

In v1.x, when you install the web-token/jwt-signature or web-token/jwt-encryption, the algorithms are automatically install.

Upgrade the libraries

It is now time to upgrade the libraries. In your composer.json, change all web-token/* dependencies from v1.x to v2.0. When done, execute composer update.

You can also update all other dependencies if needed. You can list upgradable libraries by calling composer outdated. This step is not mandatory, but highly recommended.

In v2.0, you must explicitly install the algorithms you need. Please refer to the or to know what package you need to install.

you can easily get the list of deprecation used in your application
signature algorithms page
encryption algorithms page