JWT Framework
v4.0
v4.0
  • Introduction
  • Introduction
    • Provided Features
    • Security Recommendations
    • The Framework
    • Pre-requisite
    • Contributing
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • From v1.x to v2.0
    • From v2.x to v3.0
    • From v3.x to v4.0
Powered by GitBook
On this page
  • Update the libraries
  • Spot deprecations
  • List of deprecations:
  • Upgrade the dependencies and the libraries

Was this helpful?

Export as PDF
  1. Migration

From v3.x to v4.0

PreviousFrom v2.x to v3.0

Last updated 11 months ago

Was this helpful?

Contrary to upgrade a minor version (where the middle number changes) where no difficulty should be encountered, upgrade a major version (where the first number changes) is subject to significant modifications.

Update the libraries

First of all, you have to make sure you are using the last v3.x release.

Spot deprecations

Next, you have to verify you don’t use any deprecated class, interface, method or property. If you have PHPUnit tests, .

List of deprecations:

Deprecated Packages

The following packages are deprecated. Please install web-token/jwt-library or web-token/jwt-experimental instead.

In addtion to the new library or experimental packages, you may need to require third party dependencies such as ext-sodium, ext-openssl or .

  • web-token/jwt-util-ecc

  • web-token/jwt-key-mgmt

  • web-token/jwt-core

  • web-token/jwt-checker

  • web-token/jwt-console

  • web-token/jwt-signature

  • web-token/signature-pack

  • web-token/jwt-signature-algorithm-*

  • web-token/jwt-encryption

  • web-token/encryption-pack

  • web-token/jwt-encryption-algorithm-*

  • web-token/jwt-nested-token

PSR-20 Clock

In previous versions, the classes that requires time used the PHP time function directly. It is now required to use a PSR-20 Clock implementation and pass it to the classes.

  • Jose\Component\Checker\ExpirationTimeChecker

  • Jose\Component\Checker\IssuedAtChecker

  • Jose\Component\Checker\NotBeforeChecker

For version 3.2.0+ and the Symfony Bundle, an internal implementation service named jose.internal_clock existed and is removed.

Simplified Algorithm Manager

Classes Jose\Component\Encryption\JWEBuilder and Jose\Component\Encryption\JWEDecrypter no longer need the Key Encryption and Content Encryption Algorithm Managers. You pass only one Algorithm Manager to the contructor.

Version Bumped

All previous major release of the following packages are not supported anymore. Please make sure your platform can use them.

  • PHP: 8.3+

  • brick/math: 0.12+

  • symfony/*: 7.0+ (expect symfony/polyfill-* at version 1.29+)

Upgrade the dependencies and the libraries

Please install this version or a newer one on your platform. Make sure the extensions are also installed. They are namely JSON and MBString. You may also need OpenSSL or Sodium depending on the algorithms you want to use.

It is now time to upgrade the libraries. In your composer.json, change all web-token/* dependencies from v3.x to v4.0. When done, execute composer update.

You can also update all other dependencies if needed. You can list upgradable libraries by calling composer outdated. This step is not mandatory, but highly recommended.

is a very nice tool from code upgrade. We highly recommend it.

you can easily get the list of deprecation used in your application
Rector