feat: Decode jwt by provide public key as string

[sigma-z]

There was a backward compatibility break from v5.5.1 to v6.0.0 at JWT::decode() with the 2nd argument that can not be a string or resource anymore. This pull request fixes it.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

For more information, open the CLA check for this pull request.

[bshaffer]

@sigma-z this was an intentional BC break, which is why the version was incremented a major version to v6.0, according to Semantic Versioning.

Your usecase is still very much supported, just wrap the string/resource in a key and provide the algorithm which corresponds to that string/resource as the second argument:

// before
$decoded = JWT::decode($payload, $stringOrResource, $alg);

// after
use Firebase\JWT\Key;
$decoded = JWT::decode($payload, new Key($stringOrResource, $alg));

[sigma-z]

@bshaffer Yes, I believe that this was intentional. Your before example is not fully correct. You did not have to know which algorithm was used:

// before
$decoded = JWT::decode($apiToken, $publicKey, array_keys(JWT::$supported_algs));

Now you need to know the algorithm in order to create the Key instance. May be there is an easy way to obtain the algorithm from the payload, is there?