Add support for EdDSA (only Ed25519)

Author: SamuelWei

src/AccessTokenHashChecker.php

@@ -19,7 +19,13 @@ public function checkClaim($value): void
             return;
         }
 
-        $bit = substr($this->openIDConnectClient->getIdTokenHeader()->alg, 2, 3);
+        $alg = $this->openIDConnectClient->getIdTokenHeader()->alg;
+
+        $bit = match ($alg) {
+            'EdDSA' => '512',
+            default => substr($alg, 2, 3),
+        };
+
         $len = ((int)$bit) / 16;
         $expected_at_hash = $this->openIDConnectClient->urlEncode(substr(hash('sha'.$bit, $this->openIDConnectClient->getAccessToken(), true), 0, $len));
 

src/OpenIDConnectClient.php

@@ -38,6 +38,7 @@
 use Jose\Component\Core\JWK;
 use Jose\Component\Core\JWKSet;
 use Jose\Component\KeyManagement\JWKFactory;
+use Jose\Component\Signature\Algorithm\EdDSA;
 use Jose\Component\Signature\Algorithm\ES256;
 use Jose\Component\Signature\Algorithm\ES384;
 use Jose\Component\Signature\Algorithm\ES512;
@@ -321,6 +322,7 @@ public function __construct(?string $provider_url = null, ?string $client_id = n
         $algorithmManagerFactory->add('ES256', new ES256());
         $algorithmManagerFactory->add('ES384', new ES384());
         $algorithmManagerFactory->add('ES512', new ES512());
+        $algorithmManagerFactory->add('EdDSA', new EdDSA());
         $this->algorithmManagerFactory = $algorithmManagerFactory;
 
         $this->jwsSerializerManager = new JWSSerializerManager([
@@ -1200,6 +1202,7 @@ public function verifyJWS(JWS $jws): bool
             case 'ES256':
             case 'ES384':
             case 'ES512':
+            case 'EdDSA':
 
                 if ($signature->hasProtectedHeaderParameter('jwk')) {
                     throw new OpenIDConnectClientException('Self signed JWK header is not valid');