lock to JWT 2.* version

composer.json

@@ -8,7 +8,7 @@
     "indieweb/date-formatter": "0.1.*",
     "indieauth/client": "0.1.3",
     "mpratt/relativetime": ">=1.0",
-    "firebase/php-jwt": "dev-master",
+    "firebase/php-jwt": "2.*",
     "ruudk/twitter-oauth": "dev-master",
     "andreyco/instagram": "3.*",
     "p3k/multipart": "*"

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "561c25a6b782004d9b05656de5d67971",
+    "hash": "ee4d8d4e5d4ced9e6a7191bd5bc1fa29",
     "packages": [
         {
             "name": "andreyco/instagram",
@@ -51,26 +51,27 @@
         },
         {
             "name": "firebase/php-jwt",
-            "version": "dev-master",
+            "version": "v2.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/firebase/php-jwt.git",
-                "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1"
+                "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
-                "reference": "fa8a06e96526eb7c0eeaa47e4f39be59d21f16e1",
+                "url": "https://api.github.com/repos/firebase/php-jwt/zipball/e0a75bfb6413f22092c99b70f310ccb2cca3efa5",
+                "reference": "e0a75bfb6413f22092c99b70f310ccb2cca3efa5",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": ">=5.2.0"
             },
             "type": "library",
             "autoload": {
-                "psr-4": {
-                    "Firebase\\JWT\\": "src"
-                }
+                "classmap": [
+                    "Authentication/",
+                    "Exceptions/"
+                ]
             },
             "notification-url": "https://packagist.org/downloads/",
             "license": [
@@ -90,7 +91,7 @@
             ],
             "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.",
             "homepage": "https://github.com/firebase/php-jwt",
-            "time": "2015-07-22 18:31:08"
+            "time": "2015-06-22 23:26:39"
         },
         {
             "name": "indieauth/client",
@@ -565,7 +566,6 @@
     "minimum-stability": "stable",
     "stability-flags": {
         "saltybeagle/savant3": 20,
-        "firebase/php-jwt": 20,
         "ruudk/twitter-oauth": 20
     },
     "prefer-stable": false,

controllers/controllers.php

@@ -1,11 +1,10 @@
 <?php
-use Firebase\JWT\JWT;
 
 function require_login(&$app, $redirect=true) {
   $params = $app->request()->params();
   if(array_key_exists('token', $params)) {
     try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
       $_SESSION['user_id'] = $data->user_id;
       $_SESSION['me'] = $data->me;
     } catch(DomainException $e) {
@@ -194,12 +193,14 @@ $app->get('/privacy', function() use($app) {
 
 $app->get('/add-to-home', function() use($app) {
   $params = $app->request()->params();
+  header("Cache-Control: no-cache, must-revalidate");
 
   if(array_key_exists('token', $params) && !session('add-to-home-started')) {
+    unset($_SESSION['add-to-home-started']);
 
     // Verify the token and sign the user in
     try {
-      $data = JWT::decode($params['token'], Config::$jwtSecret);
+      $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
       $_SESSION['user_id'] = $data->user_id;
       $_SESSION['me'] = $data->me;
       $app->redirect('/new', 301);