The second critical problem, which is not addressed by php-jwt, is that it does not take as a parameter to the decode() function which algorithm should be used. It figures out the algorithm by looking at the header.
As the original post describes, if your code expected to use a RSA public/private key pair, then it will pass the public key to decode(). Then an attacker can craft a JWT that claims to use a HMAC symmetric key and sign it with the public key, which is public. One and done.
(your code in that case expected the header to specify an RSA algorithm, and be signed with the private key. but the decode() function doesn't know that)
As the original post describes, if your code expected to use a RSA public/private key pair, then it will pass the public key to decode(). Then an attacker can craft a JWT that claims to use a HMAC symmetric key and sign it with the public key, which is public. One and done.
(your code in that case expected the header to specify an RSA algorithm, and be signed with the private key. but the decode() function doesn't know that)