Ensure numeric type of iat and nbf parameters

[joshuaruesweg]

The two parameters must be numeric according to RFC. With newer PHP versions, if a token has expired, the exception will additionally throw an own exception if the parameter is not numeric (and the date function expects zero or an integer as parameter).

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[bshaffer]

Since floor can cast from a string to an int, but is_int is strict, this would be a breaking change. Before this change, the library silently accepts numeric strings, but after this change it would throw exceptions:

$payload = [
    'message' => 'abc',
    'iat' => (string) time(),
    'exp' => (string) (time() + 20), // time in the future
    'nbf' => (string) (time() - 20)
];

// these work without throwing exceptions
$encoded = JWT::encode($payload, $this->hmacKey->getKeyMaterial(), 'HS256');
$decoded = JWT::decode($encoded, $this->hmacKey);

Therefore, we cannot merge this without breaking changes, and so we'd need to create a new major version before doing so

[bshaffer]

Closing as this is handled correctly in #634

The floor function throws an error already, so there's no need to add it here... although if you'd rather have an exception thrown instead of a PHP error, you can resubmit this PR using is_numeric instead of is_int.