From v1.x to v2.0
This guide will help you upgrade your application from JWT Framework v1.x to v2.0. While minor version upgrades are generally straightforward, major version upgrades involve breaking changes that require careful attention.
Estimated Migration Time: 1-3 hours for a typical application Difficulty Level: Moderate
Overview of Changes
Version 2.0 introduces several important changes:
Removal of static factory methods in favor of constructors
Deprecation of compression methods (security recommendation)
Removal of unnecessary converter classes
Improved API consistency across components
Migration Steps
Update the libraries
First of all, you have to make sure you are using the last v1.x release (1.3.8).
Spot deprecations
Next, you have to verify you don’t use any deprecated class, interface, method or property. If you have PHPUnit tests, you can easily get the list of deprecation used in your application.
List of deprecations:
Jose\Component\Core\JWK::create(): this static function is removed. Use the constructor insteadJose\Component\Core\JWKSet::createFromKeys(): this static function is removed. Use the constructor insteadJose\Component\Core\Converter\JsonConverter: this interface is removed. No replacement.Jose\Component\Core\Converter\StandardConverter: this class is removed. No replacement.Jose\Component\Encryption\Compression\CompressionMethodManager::create(): this static function is removed. Use the constructor insteadJose\Component\Encryption\Compression\GZip: this class is removed. No replacement.Jose\Component\Encryption\Compression\ZLib: this class is removed. No replacement.Jose\Component\Encryption\Serializer\JWESerializerManager::list(): this method is removed. Please usenames()Jose\Component\Checker\ClaimCheckerManager::create(): this static function is removed. Use the constructor insteadJose\Component\Checker\HeaderCheckerManager::create(): this static function is removed. Use the constructor insteadJose\Component\Core\AlgorithmManager::create(): this static function is removed. Use the constructor insteadJose\Component\Encryption\Serializer\JWESerializerManager::create(): this static function is removed. Use the constructor insteadJose\Component\Signature\Serializer\JWSSerializerManager::create(): this static function is removed. Use the constructor instead
With the Symfony bundle, the configuration option jose.json_converter is removed.
Add missing dependencies
In v1.x, when you install the web-token/jwt-signature or web-token/jwt-encryption, the algorithms are automatically install.
In v2.0, you must explicitly install the algorithms you need. Please refer to the signature algorithms page or encryption algorithms page to know what package you need to install.
Upgrade the libraries
It is now time to upgrade the libraries. In your composer.json, change all web-token/* dependencies from v1.x to v2.0. When done, execute composer update.
You can also update all other dependencies if needed. You can list upgradable libraries by calling composer outdated. This step is not mandatory, but highly recommended.
Last updated
Was this helpful?