PHP OAuth 2.0 Server changelog

Changelog History

Page 1

• v8.3.4 Changes

  April 07, 2022

  🛠 Fixed

  • 📜 Server previously rejected valid uris with custom schemes. Now use league/uri for parsing to accept all valid uris (PR #1274)

• v8.3.3 Changes

  October 11, 2021

  🔒 Security

  • ✂ Removed the use of LocalFileReference() in lcobucci/jwt. Function deprecated as per GHSA-7322-jrq4-x5hf (PR #1249)

• v8.3.2 Changes

  July 27, 2021

  🔄 Changed

  • 👍 Conditionally support the StrictValidAt() method in lcobucci/jwt so we can use version 4.1.x or greater of the library (PR #1236)
  • When providing invalid credentials, the library now responds with the error message The user credentials were incorrect (PR #1230)
  • Keys are always stored in memory now and are not written to a file in the /tmp directory (PR #1180)
  • The regex for matching the bearer token has been simplified (PR #1238)

• v8.3.1 Changes

  June 04, 2021

  🛠 Fixed

  • ⏪ Revert check on clientID. We will no longer require this to be a string (PR #1233)

• v8.3.0 Changes

  June 03, 2021

  ➕ Added

  • The server will now validate redirect uris according to rfc8252 (PR #1203)
  • 🛰 Events emitted now include the refresh token and access token payloads (PR #1211)
  • 👉 Use the revokeRefreshTokens() function to decide whether refresh tokens are revoked or not upon use (PR #1189)

  🔄 Changed

  • Keys are now validated using openssl_pkey_get_private() and openssl_pkey_get_public() instead of regex matching (PR #1215)

  🛠 Fixed

  • The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
  • ➕ Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
  • 👍 Allow scope "0" to be used. Previously this was removed from a request because it failed an empty() check (PR #1181)

• v8.2.4 Changes

  December 10, 2020

  🛠 Fixed

  • ⏪ Reverted the enforcement of at least one redirect_uri for a client. This change has instead been moved to version 9 (PR #1169)

• v8.2.3 Changes

  December 02, 2020

  ➕ Added

  • 👍 Re-added support for PHP 7.2 (PR #1165, #1167)

• v8.2.2 Changes

  November 30, 2020

  🛠 Fixed

  • 🛠 Fix issue where the private key passphrase isn't correctly passed to JWT library (PR #1164)

• v8.2.1 Changes

  November 26, 2020

  🛠 Fixed

  • 🔧 If you have a password on your private key, it is now passed correctly to the JWT configuration object. (PR #1159)

• v8.2.0 Changes

  November 25, 2020

  ➕ Added

  • ➕ Add a getRedirectUri function to the OAuthServerException class (PR #1123)
  • 👌 Support for PHP 8.0 (PR #1146)

  ✂ Removed

  • ✂ Removed support for PHP 7.2 (PR #1146)

  🛠 Fixed

  • Fix typo in parameter hint. code_challenged changed to code_challenge. Thrown by Auth Code Grant when the code challenge does not match the regex. (PR #1130)
  • 👻 Undefined offset was returned when no client redirect URI was set. Now throw an invalidClient exception if no redirect URI is set against a client (PR #1140)

• 1
• 2
• 3
• 4
• 5
• Next ›
• Last »