Issue with php and aes-256-gcm



Your aes-256-gcm encryption standard to decrypt the user object is only supported with PHP 7.1 and up.

It took me a while to figure out due to it silently failing for older versions (see bug).

This adds a complication for app development. See also the stats:

I propose to add a note in the docs in the php example, or offer an alternative secure standard?




Thanks for bringing this up Yvo :slightly_smiling_face:

  • You’re referring to the Open-Sheet Flow > “Decrypting the user object (PHP)” section correct?
  • In my own tests I do see errors on older versions of PHP
  • Testing a couple of libraries out I wasn’t too sure how to translate the current implementation with those libraries

So updating the docs to mention the requirement of PHP 7.1 and up looks like the best course of action. I’ll let the team know :wink:

If anybody is able to find an alternative method that works with older version of PHP do share and we can try get that in the docs too :+1: