Improve lcobucci/jwt usage in Apple provider

Using the Configuration class forces to know a signer and a key, which is irrelevant
for the purpose of the provider, but it introduces some code that looks scary if used
incorrectly.

The irrelevant classes are removed, additional exception cases are now rethrowing
as InvalidStateException. Conditions have been inverted to implement early exit.

Author: SvenRtbg

src/Apple/AppleSignerInMemory.php

@@ -10,12 +10,15 @@
 use Illuminate\Support\Str;
 use Laravel\Socialite\Two\InvalidStateException;
 use Lcobucci\Clock\SystemClock;
-use Lcobucci\JWT\Configuration;
+use Lcobucci\JWT\Encoding\JoseEncoder;
+use Lcobucci\JWT\Exception;
+use Lcobucci\JWT\Signer\Key\InMemory;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
+use Lcobucci\JWT\Token\Parser;
 use Lcobucci\JWT\Validation\Constraint\IssuedBy;
 use Lcobucci\JWT\Validation\Constraint\LooseValidAt;
 use Lcobucci\JWT\Validation\Constraint\SignedWith;
-use Lcobucci\JWT\Validation\RequiredConstraintsViolated;
+use Lcobucci\JWT\Validation\Validator;
 use Psr\Http\Message\ResponseInterface;
 use SocialiteProviders\Manager\OAuth2\AbstractProvider;
 use SocialiteProviders\Manager\OAuth2\User;
@@ -119,11 +122,11 @@ public function userByIdentityToken(string $token): User
      */
     public static function verify($jwt)
     {
-        $jwtContainer = Configuration::forSymmetricSigner(
-            new AppleSignerNone,
-            AppleSignerInMemory::plainText('')
-        );
-        $token = $jwtContainer->parser()->parse($jwt);
+        try {
+            $token = (new Parser(new JoseEncoder()))->parse($jwt);
+        } catch (Exception $e) {
+            throw new InvalidStateException($e->getMessage());
+        }
 
         $data = Cache::remember('socialite:Apple-JWKSet', 5 * 60, function () {
             $response = (new Client)->get(self::URL.'/auth/keys');
@@ -134,24 +137,23 @@ public static function verify($jwt)
         $publicKeys = JWK::parseKeySet($data);
         $kid = $token->headers()->get('kid');
 
-        if (isset($publicKeys[$kid])) {
-            $publicKey = openssl_pkey_get_details($publicKeys[$kid]->getKeyMaterial());
+        if (!isset($publicKeys[$kid])) {
+            throw new InvalidStateException('Invalid JWT Signature');
+        }
+
+        $publicKey = openssl_pkey_get_details($publicKeys[$kid]->getKeyMaterial());
+        try {
             $constraints = [
-                new SignedWith(new Sha256, AppleSignerInMemory::plainText($publicKey['key'])),
+                new SignedWith(new Sha256, InMemory::plainText($publicKey['key'])),
                 new IssuedBy(self::URL),
                 new LooseValidAt(SystemClock::fromSystemTimezone()),
             ];
 
-            try {
-                $jwtContainer->validator()->assert($token, ...$constraints);
-
-                return true;
-            } catch (RequiredConstraintsViolated $e) {
-                throw new InvalidStateException($e->getMessage());
-            }
+            (new Validator())->assert($token, ...$constraints);
+        } catch (Exception $e) {
+            throw new InvalidStateException($e->getMessage());
         }
-
-        throw new InvalidStateException('Invalid JWT Signature');
+        return true;
     }
 
     /**