From 25253be6872358440522702a1fe45c3ac4b653c6 Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Wed, 17 Jun 2015 14:21:04 -0700
Subject: [PATCH 1/6] Adding header options to add

---
 Authentication/JWT.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Authentication/JWT.php b/Authentication/JWT.php
index 7d6665bd..9c375395 100644
--- a/Authentication/JWT.php
+++ b/Authentication/JWT.php
@@ -119,17 +119,21 @@ public static function decode($jwt, $key = null, $allowed_algs = array())
      * @param string       $key     The secret key
      * @param string       $alg     The signing algorithm. Supported
      *                              algorithms are 'HS256', 'HS384' and 'HS512'
+     * @param array        $head    An array with header elements to attach
      *
      * @return string      A signed JWT
      * @uses jsonEncode
      * @uses urlsafeB64Encode
      */
-    public static function encode($payload, $key, $alg = 'HS256', $keyId = null)
+    public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $head = null)
     {
         $header = array('typ' => 'JWT', 'alg' => $alg);
         if ($keyId !== null) {
             $header['kid'] = $keyId;
         }
+        if ( isset($head) && is_array($head) ) {
+            array_push($header, $head);
+        }
         $segments = array();
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload));

From bd842cac68dcc308f2883cbc313411b44f9a9f21 Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Wed, 17 Jun 2015 14:59:20 -0700
Subject: [PATCH 2/6] Adding array_values only

---
 Authentication/JWT.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Authentication/JWT.php b/Authentication/JWT.php
index 9c375395..6efa30d2 100644
--- a/Authentication/JWT.php
+++ b/Authentication/JWT.php
@@ -132,7 +132,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he
             $header['kid'] = $keyId;
         }
         if ( isset($head) && is_array($head) ) {
-            array_push($header, $head);
+            array_push($header, array_values($head));
         }
         $segments = array();
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));

From ce3f43f85c4e3707cf338781c0798fdd170f46cf Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Wed, 17 Jun 2015 14:59:47 -0700
Subject: [PATCH 3/6] Merging both arrays together

---
 Authentication/JWT.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Authentication/JWT.php b/Authentication/JWT.php
index 6efa30d2..11d1e824 100644
--- a/Authentication/JWT.php
+++ b/Authentication/JWT.php
@@ -132,7 +132,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he
             $header['kid'] = $keyId;
         }
         if ( isset($head) && is_array($head) ) {
-            array_push($header, array_values($head));
+            array_merge($header, $head);
         }
         $segments = array();
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));

From 2de26c2e0e5813d57fff1008ed6c253df9e2bc04 Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Wed, 17 Jun 2015 16:06:48 -0700
Subject: [PATCH 4/6] Assigning to header var merged array

---
 Authentication/JWT.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Authentication/JWT.php b/Authentication/JWT.php
index 11d1e824..8791000e 100644
--- a/Authentication/JWT.php
+++ b/Authentication/JWT.php
@@ -132,7 +132,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he
             $header['kid'] = $keyId;
         }
         if ( isset($head) && is_array($head) ) {
-            array_merge($header, $head);
+            $header = array_merge($header, $head);
         }
         $segments = array();
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));

From abc1f5bdd199d20c2c1f63894bafabb85cb0b19f Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Wed, 17 Jun 2015 16:16:06 -0700
Subject: [PATCH 5/6] Adding test

---
 tests/JWTTest.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/JWTTest.php b/tests/JWTTest.php
index 0605e4ca..2aeb2017 100644
--- a/tests/JWTTest.php
+++ b/tests/JWTTest.php
@@ -228,4 +228,10 @@ public function testMissingAlgorithm()
         $this->setExpectedException('DomainException');
         JWT::decode($msg, 'my_key');
     }
+
+    public function testAdditionalHeaders()
+    {
+        $msg = JWT::encode('abc', 'my_key', 'HS256', null, array('cty' => 'test-eit;v=1'));
+        $this->assertEquals(JWT::decode($msg, 'my_key', array('HS256')), 'abc');        
+    }
 }

From 37feebff87f6f7e9f3f358c0451c7bf776d1e34a Mon Sep 17 00:00:00 2001
From: Martin Cocaro <martin.cocaro@gmail.com>
Date: Thu, 18 Jun 2015 11:29:01 -0700
Subject: [PATCH 6/6] Reversing array merge to avoid overwrites of default
 headers

---
 Authentication/JWT.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Authentication/JWT.php b/Authentication/JWT.php
index 8791000e..161424bb 100644
--- a/Authentication/JWT.php
+++ b/Authentication/JWT.php
@@ -132,7 +132,7 @@ public static function encode($payload, $key, $alg = 'HS256', $keyId = null, $he
             $header['kid'] = $keyId;
         }
         if ( isset($head) && is_array($head) ) {
-            $header = array_merge($header, $head);
+            $header = array_merge($head, $header);
         }
         $segments = array();
         $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header));