Merge branch 'release/3.0.0'

README.md

@@ -48,9 +48,10 @@ $token = (new Builder())->setIssuer('http://example.com') // Configures the issu
                         ->getToken(); // Retrieves the generated token
 
 
-$token->getHeader(); // Retrieves the token header
+$token->getHeaders(); // Retrieves the token headers
 $token->getClaims(); // Retrieves the token claims
 
+echo $token->getHeader('jti'); // will print "4f1g23a12aa"
 echo $token->getClaim('iss'); // will print "http://example.com"
 echo $token->getClaim('uid'); // will print "1"
 echo $token; // The string representation of the object is a JWT string (pretty easy, right?)
@@ -64,9 +65,10 @@ Use the parser to create a new token from a JWT string (using the previous token
 use Lcobucci\JWT\Parser;
 
 $token = (new Parser())->parse((string) $token); // Parses from a string
-$token->getHeader(); // Retrieves the token header
+$token->getHeaders(); // Retrieves the token header
 $token->getClaims(); // Retrieves the token claims
 
+echo $token->getHeader('jti'); // will print "4f1g23a12aa"
 echo $token->getClaim('iss'); // will print "http://example.com"
 echo $token->getClaim('uid'); // will print "1"
 ```
@@ -102,19 +104,21 @@ Hmac signatures are really simple to be used:
 use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Signer\Hmac\Sha256;
 
+$signer = new Sha256();
+
 $token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
                         ->setAudience('http://example.org') // Configures the audience (aud claim)
                         ->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
                         ->setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
                         ->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
                         ->setExpiration(time() + 3600) // Configures the expiration time of the token (nbf claim)
                         ->set('uid', 1) // Configures a new claim, called "uid"
-                        ->sign(new Sha256(), 'testing') // creates a signature using "testing" as key
+                        ->sign($signer, 'testing') // creates a signature using "testing" as key
                         ->getToken(); // Retrieves the generated token
 
 
-var_dump($token->verify('testing 1')); // false, because the key is different
-var_dump($token->verify('testing')); // true, because the key is the same
+var_dump($token->verify($signer, 'testing 1')); // false, because the key is different
+var_dump($token->verify($signer, 'testing')); // true, because the key is the same
 ```
 
 ### RSA and ECDSA
@@ -126,6 +130,8 @@ use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Signer\Keychain; // just to make our life simpler
 use Lcobucci\JWT\Signer\Rsa\Sha256; // you can use Lcobucci\JWT\Signer\Ecdsa\Sha256 if you're using ECDSA keys
 
+$signer = new Sha256();
+
 $keychain = new Keychain();
 
 $token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
@@ -135,11 +141,11 @@ $token = (new Builder())->setIssuer('http://example.com') // Configures the issu
                         ->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
                         ->setExpiration(time() + 3600) // Configures the expiration time of the token (nbf claim)
                         ->set('uid', 1) // Configures a new claim, called "uid"
-                        ->sign(new Sha256(), $keychain->getPrivateKey('file://{path to your private key}')) // creates a signature using your private key
+                        ->sign($signer,  $keychain->getPrivateKey('file://{path to your private key}')) // creates a signature using your private key
                         ->getToken(); // Retrieves the generated token
 
 
-var_dump($token->verify($keychain->getPublicKey('file://{path to your public key}')); // true when the public key was generated by the private one =)
+var_dump($token->verify($signer, $keychain->getPublicKey('file://{path to your public key}')); // true when the public key was generated by the private one =)
 ```
 
 **It's important to say that if you're using RSA keys you shouldn't invoke ECDSA signers (and vice-versa), otherwise ```sign()``` and ```verify()``` will raise an exception!**

src/Builder.php

@@ -24,7 +24,7 @@ class Builder
      *
      * @var array
      */
-    private $header;
+    private $headers;
 
     /**
      * The token claim set
@@ -66,7 +66,7 @@ public function __construct(
     ) {
         $this->encoder = $encoder ?: new Encoder();
         $this->claimFactory = $claimFactory ?: new ClaimFactory();
-        $this->header = ['typ'=> 'JWT', 'alg' => 'none'];
+        $this->headers = ['typ'=> 'JWT', 'alg' => 'none'];
         $this->claims = [];
     }
 
@@ -175,7 +175,7 @@ protected function setRegisteredClaim($name, $value, $replicate)
         $this->set($name, $value);
 
         if ($replicate) {
-            $this->header[$name] = $this->claims[$name];
+            $this->headers[$name] = $this->claims[$name];
         }
 
         return $this;
@@ -212,7 +212,7 @@ public function set($name, $value)
      */
     public function sign(Signer $signer, $key)
     {
-        $signer->modifyHeader($this->header);
+        $signer->modifyHeader($this->headers);
 
         $this->signature = $signer->sign(
             $this->getToken()->getPayload(),
@@ -241,7 +241,7 @@ public function unsign()
      */
     public function getToken()
     {
-        $token = new Token($this->header, $this->claims, $this->signature);
+        $token = new Token($this->headers, $this->claims, $this->signature);
         $token->setEncoder($this->encoder);
 
         return $token;