Firebase Admin SDK for PHP v6.0.0 Release Notes
Release Date: 2022-01-16 // over 2 years ago-
๐ This is a release with breaking changes. Please review the following changes and adapt your application where needed.
๐ The supported way to interact with the SDK is to instantiate Components with the
Kreait\Firebase\Factory::create*
methods.Setup
- It is now mandatory to provide a Firebase Project ID. When the project ID cannot be determined from the
provided credentials (usually a service account), it can be provided by setting the
GOOGLE_CLOUD_PROJECT=<project-id>
environment variable or by calling$factory = $factory->withProjectId('project-id')
. - The environment variable
FIREBASE_CREDENTIALS
will not be evaluated anymore for credentials auto-discovery. If you rely on auto-discovery, use theGOOGLE_APPLICATION_CREDENTIALS
environment variable. This was already supported in earlier versions and is the same environment variable the official Google Libraries use. - All components have been made
final
and marked as@internal
, if you're type-hinting dependencies in your application code, make sure you type-hint theKreait\Firebase\Contract\*
interfaces, not theKreait\Firebase\*
implementations - ๐ง
Kreait\Firebase\Factory
has been locked down. It should only be used to configure and retrieve the services provided by the SDK as documented. The methodKreait\Firebase\Factory::createApiClient()
will provide you with an authorized Guzzle HTTP Client that you can use for custom API operations. - ๐
Kreait\Firebase\Factory::withVerifierCache()
now expects a PSR-6 Cache Item Pool and doesn't directly support PSR-16 Caches anymore. If you only have a PSR-16 Cache available in your project, you can use an adapter, e.g. one provided by thesymfony/cache
component. If you're using the Firebase Bundle or the Laravel Package, this will be taken care of once they are updated to use the new release.
Auth component
- ๐
Kreait\Firebase\Contract\Auth::parseToken()
andKreait\Firebase\Contract\Auth::verifyIdToken()
now return an instance ofLcobucci\JWT\UnencryptedToken
instead of\Lcobucci\JWT\Token
- this ensures access to itsgetClaims()
method. Kreait\Firebase\Contract\Auth::verifyIdToken()
now accepts an optional third parameter,$leewayInSeconds
, to specify the number of seconds a token is allowed to be expired, in case that there is a clock skew between the signing and the verifying server. The previous default of a 300 seconds leeway has been removed, if you want to restore the previous behavior, call the method with the third parameter set:verifyIdToken($token, false, 300)
Kreait\Firebase\Contract\Auth::verifyIdToken()
will now throw eitherKreait\Firebase\Exception\Auth\FailedToVerifyToken
when the verification failed, orKreait\Firebase\Exception\Auth\RevokedIdToken
when the token has been revoked.Kreait\Firebase\Contract\Auth::verifyPasswordResetCode()
now returns the email address the password was reset for.- This was previously done with the method
Kreait\Firebase\Contract\Auth::verifyPasswordResetCodeAndReturnEmail()
- this method has been removed.
- This was previously done with the method
Kreait\Firebase\Contract\Auth::confirmPasswordReset()
now returns the email address the password reset was confirmed for.- This was previously done with the method
Kreait\Firebase\Contract\Auth::confirmPasswordResetAndReturnEmail()
- this method has been removed.
- This was previously done with the method
- The following methods were shortcuts for
Kreait\Firebase\Contract\Auth::signInWithIdpAccessToken()
andKreait\Firebase\Contract\Auth::signInWithIdpIdToken()
and have been removed.Kreait\Firebase\Contract\Auth::signInWithAppleIdToken()
, usesignInWithIdpIdToken('apple.com', ...)
insteadKreait\Firebase\Contract\Auth::signInWithFacebookAccessToken()
, usesignInWithIdpAccessToken('facebook.com', ...)
insteadKreait\Firebase\Contract\Auth::signInWithGoogleIdToken()
, usesignInWithIdpIdToken('google.com', ...)
insteadKreait\Firebase\Contract\Auth::signInWithTwitterOauthCredential()
, usesignInWithIdpAccessToken('twitter.com', ...)
instead
- The following methods now return strings instead of value objects:
Kreait\Firebase\Contract\Auth::confirmPasswordReset()
Kreait\Firebase\Contract\Auth::verifyPasswordResetCode()
Kreait\Firebase\RemoteConfig\User::email()
- The following classes are mainly used for validation and have been marked internal. They shouldn't be used directly,
as they could be updated with breaking changes or get removed entirely in the future.
Kreait\Firebase\Value\ClearTextPassword
Kreait\Firebase\Value\Email
Kreait\Firebase\Value\Uid
Kreait\Firebase\Value\Url
Realtime Database Component
- ๐ The constant
Kreait\Firebase\Database::SERVER_TIMESTAMP
has been moved toKreait\Firebase\Contract\Database::SERVER_TIMESTAMP
Other
- โฌ๏ธ Dropped support for Guzzle <7.0
- โฌ๏ธ Dropped support for
lcobucci/jwt
<4.1 - โ Removed local phone number validation when
giggsey/libphonenumber-for-php
was installed. Phone numbers are validated by the Firebase Service in any case, and even when a phone number was considered valid, in rare cases the Firebase API rejected them still. - Replaced
kreait/clock
withbeste/clock
, which implements the proposed PSR-20 Clock Interface. - ๐ The following classes and methods have been removed:
Kreait\Firebase\Auth\ActionCodeSettings\RawActionCodeSettings
Kreait\Firebase\Project\ProjectId
Kreait\Firebase\Value\Provider
Kreait\Firebase\Project\TenantId
Kreait\Firebase\Auth::setCustomUserAttributes()
, useKreait\Firebase\Auth::setCustomUserClaims()
insteadKreait\Firebase\Auth::deleteCustomUserAttributes()
, useKreait\Firebase\Auth::setCustomUserClaims()
with null values insteadKreait\Firebase\Contract\Auth::verifyPasswordResetCodeAndReturnEmail()
, useKreait\Firebase\Contract\Auth::verifyPasswordResetCode()
insteadKreait\Firebase\Contract\Auth::confirmPasswordResetAndReturnEmail()
, useKreait\Firebase\Contract\Auth::confirmPasswordReset()
insteadKreait\Firebase\Auth\UserRecord::$customAttributes
, useKreait\Firebase\Auth\UserRecord::$customClaims
insteadKreait\Firebase\Factory::withEnabledDebug()
, useKreait\Firebase\Factory::withHttpDebugLogger()
instead
- The following classes are mainly used for validation and have been marked internal. They shouldn't be used directly,
as they could be updated with breaking changes or get removed entirely in the future.
Kreait\Firebase\Value\ClearTextPassword
Kreait\Firebase\Value\Email
Kreait\Firebase\Value\Uid
Kreait\Firebase\Value\Url
๐ [Unreleased]: https://github.com/kreait/firebase-php/compare/6.9.2...6.x
- It is now mandatory to provide a Firebase Project ID. When the project ID cannot be determined from the
provided credentials (usually a service account), it can be provided by setting the