Refactor JWT handling + Bump min PHP version

[samuelwei]

This library currently lacks many tests, especially for validating signed/encrypted JWT.
Constructing JWTs for tests is complex to test if the custom JWT paring and validation is correct.

It can also be seen from the amount of PR I have created in the last few days that the current JWT claim handling is missing some key validations.

My recommendation is to replace the current JWT handling with the external libaray https://web-token.spomky-labs.com/
This external library requires PHP 8.1 or higher.

At the same time, it would make sense to bump the minimum PHP version of the library to PHP 8.1 as well, since all previous PHP versions are EOL.

This would be a major change, but I think it might be necessary if the goal is to make this library OpenID Connect specification compliant and secure.

[samuelwei]

I'm happy to do a PR, but first I'd like to see if the current maintainers support this direction.

@DeepDiver1975 What do you think?

[DeepDiver1975]

depending on the required version php support differs - but leaving any php7.x behind is just fine from my pov.
https://packagist.org/packages/web-token/jwt-framework this would be the package to be used from my pov

[ricklambrechts]

If you want some inspiration, I have some JWS/JWE logic here.
https://github.com/minvws/nl-rdo-openid-connect-php-laravel/tree/main/src/Services

[samuelwei]

You can find my WIP here: master...SamuelWei:OpenID-Connect-PHP:refactor-jwt

The code needs to be restructured a bit more, due to large blocks of code duplication.

Currently working / refactored:

• authenticate
• requestUserInfo
• verifyLogoutTokenClaims
• verifyLogoutToken

New features added:

• Support for elliptic curves (ES256, ES384 & ES512), would close: Support for elliptic curve (EC) JWT token signature algorithms #450
• Support for EdDSA (only Ed25519), would close: Add support for EdDSA  #457