Add retry if signature verification fails

Author: marickvantuil

src/OpenIdVerificator.php

@@ -70,4 +70,9 @@ public function isCached()
     {
         return Cache::has(self::V3_CERTS);
     }
+
+    public function forgetFromCache()
+    {
+        Cache::forget(self::V3_CERTS);
+    }
 }

src/TaskHandler.php

@@ -2,11 +2,13 @@
 
 namespace Stackkit\LaravelGoogleCloudTasksQueue;
 
+use Firebase\JWT\SignatureInvalidException;
 use Google\Cloud\Tasks\V2\CloudTasksClient;
 use Illuminate\Http\Request;
 use Illuminate\Queue\Worker;
 use Illuminate\Queue\WorkerOptions;
 use Firebase\JWT\JWT;
+use Illuminate\Support\Facades\Cache;
 
 class TaskHandler
 {
@@ -47,13 +49,31 @@ public function authorizeRequest()
 
         $openIdToken = $this->request->bearerToken();
         $kid = $this->publicKey->getKidFromOpenIdToken($openIdToken);
-        $publicKey = $this->publicKey->getPublicKey($kid);
 
-        $decodedToken = $this->jwt->decode($openIdToken, $publicKey, ['RS256']);
+        $decodedToken = $this->decodeOpenIdToken($openIdToken, $kid);
 
         $this->validateToken($decodedToken);
     }
 
+    private function decodeOpenIdToken($openIdToken, $kid, $cache = true)
+    {
+        if (!$cache) {
+            $this->publicKey->forgetFromCache();
+        }
+
+        $publicKey = $this->publicKey->getPublicKey($kid);
+
+        try {
+            return $this->jwt->decode($openIdToken, $publicKey, ['RS256']);
+        } catch (SignatureInvalidException $e) {
+            if (!$cache) {
+                throw $e;
+            }
+
+            return $this->decodeOpenIdToken($openIdToken, $kid, false);
+        }
+    }
+
     /**
      * https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken
      *