I’m following the Protect your API endpoints - PHP guide.
I’m getting an error at this line:
$decoded = \Firebase\JWT\JWT::decode($accessToken, $keys);
The error is:
Fatal error: Uncaught TypeError: Firebase\JWT\JWK::parseKeySet(): Argument #1 ($jwks) must be of type array, null given, called in /Users/[redacted]/Local Sites/mywpsite/app/public/wp-content/themes/install-guides/vendor/firebase/php-jwt/src/CachedKeySet.php on line 152 and defined in /Users/[redacted]/Local Sites/mywpsite/app/public/wp-content/themes/install-guides/vendor/firebase/php-jwt/src/JWK.php:48
my hasValidAccessToken function:
function hasValidAccessToken() {
// Require an access token is sent in the HTTP Authorization header
if(!isset($_SERVER['HTTP_AUTHORIZATION']) || strlen($_SERVER['HTTP_AUTHORIZATION']) === 0) {
return false;
}
$accessToken = explode(' ', $_SERVER['HTTP_AUTHORIZATION'])[1];
$keys = getJWKS();
try {
$decoded = \Firebase\JWT\JWT::decode($accessToken, $keys);
} catch(\Exception $e) {
echo $e->getMessage()."\n";
return false;
}
// Check the audience and issuer claims
if($decoded->iss != OKTA_OAUTH2_ISSUER)
return false;
if($decoded->aud != OKTA_AUDIENCE)
return false;
return $decoded;
}
getJWKS:
function getJWKS() {
$httpClient = new \GuzzleHttp\Client();
$httpFactory = new \GuzzleHttp\Psr7\HttpFactory();
$cacheItemPool = \Phpfastcache\CacheManager::getInstance('files');
$jwksUri = OKTA_OAUTH2_ISSUER.'/v1/keys';
$keySet = new \Firebase\JWT\CachedKeySet(
$jwksUri,
$httpClient,
$httpFactory,
$cacheItemPool,
300, // $expiresAfter int seconds to set the JWKS to expire
true // $rateLimit true to enable rate limit of 10 RPS on lookup of invalid keys
);
return $keySet;
}
I’ve dumped my env variables, and they are showing what seems like the correct settings:
OKTA_OAUTH2_ISSUER:
dev-[redacted].okta.com/oauth2/default
OKTA_AUDIENCE:
api://default
I’ve stuck pretty close to the guide. Does anyone know what might cause a null argument to be passed there? What should be my next steps for troubleshooting?