Fix Carbon not accepting string values

[mokhosh]

Description

Carbon methods are strongly typed. So, you can't provide seconds as a string.
This is what you get if you try to override JWT_TTL in your .env:

Carbon\Carbon::rawAddUnit(): Argument #3 ($value) must be of type int|float, string given

This PR fixes the issue by casting the config after reading it from .env as is common in Laravel's config files.

Fixes #271

Checklist:

• I've added tests for my changes or tests are not applicable
• I've changed documentations or changes are not required
• I've added my changes to CHANGELOG.md

[leoralph]

LGTM, I just see a problem where people who already published their config files would still have this problem, maybe in a new major version we could use config()->integer() which would be a breaking change for who uses laravel versions <11.

[mokhosh]

LGTM, I just see a problem where people who already published their config files would still have this problem, maybe in a new major version we could use config()->integer() which would be a breaking change for who uses laravel versions <11.

I guess that's the case for anyone who publishes any vendor file, whether that's config or views etc.

They would need to sync with latest changes if they wanna keep getting the benefits.

[Messhias]

I'll wait if anyone else has something to say and approve. If not I'll merge it by the weekend.

[mfn]

I'm not saying the proposed changed here a wrong, but setTtl(), which receives the JWT_TTL config value already performs a cast

jwt-auth/src/Claims/Factory.php

Lines 200 to 204 in de2b4f2

	public function setTTL($ttl)
	{
	$this->ttl = $ttl ? (int) $ttl : $ttl;
	return $this;

I rather see inconsistencies with other casts, e.g. we've

• \PHPOpenSourceSaver\JWTAuth\Blacklist::setRefreshTTL which has a cast

  jwt-auth/src/Blacklist.php

  Lines 224 to 226 in 83653d5

  	public function setRefreshTTL($ttl)
  	{
  	$this->refreshTTL = (int) $ttl;

• but then \PHPOpenSourceSaver\JWTAuth\Validators\PayloadValidator::setRefreshTTL which has no cast

  jwt-auth/src/Validators/PayloadValidator.php

  Lines 114 to 116 in 1fa7f7d

  	public function setRefreshTTL($ttl)
  	{
  	$this->refreshTTL = $ttl;

Again, I'm not against this change but it feels like the fixes are better provided in other places, which would also make working with the library as API directly safer.

How exactly did you produce this, can you provide a full stacktrace?

[specialtactics]

I saw this issue on the og package without a fix, and people solved it in this way also.

My problem with this solution is it doesn't really solve the underlying problem - people will still have this problem, if they are lucky stumble on this issue and update their config. Although moving forward new installs will be fine, it won't do anything for the vast base of existing users.

I think the better approach would be to gradually start introducing strong types where relevant - and this is a good example, and then as we read these configs from config / provider, we can ensure they are cast to int or whatever relevant at the earliest opportunity, and then elsewhere in the package we can also strongly type them to further ensure this.

It will take a bit more effort (although not much to be honest), but I think that's a better solution, and it will have immediate effect for all existing users, the next time they do a composer update.

[mokhosh]

Strong types can be introduced in all layers.

[specialtactics]

Ok, I can have a go at doing this in the new year then, I am not sure whether to merge this or not then, I guess we can for now until it's improved internally?

[Messhias]

Ok, I can have a go at doing this in the new year then, I am not sure whether to merge this or not then, I guess we can for now until it's improved internally?

If you do it we review it. I believe if we do all what @mokhosh said we can merge it without issues. I do not have any intention to keep old PHP versions because of missing strict types.

[specialtactics]

Ok, then I've approved this PR as an interim solution at least for new users.