PHP OAuth 2.0 Server v8.1.0 Release Notes
Release Date: 2020-04-29 // almost 4 years ago-
โ Added
- โ Added support for PHP 7.4 (PR #1075)
๐ Changed
- If an error is encountered when running
preg_match()
to validate an RSA key, the server will now throw a RuntimeException (PR #1047) - ๐ Replaced deprecated methods with recommended ones when using
Lcobucci\JWT\Builder
to build a JWT token. (PR #1060) - When storing a key, we no longer touch the file before writing it as this is an unnecessary step (PR #1064)
- Prefix native PHP functions in namespaces with backslashes for micro-optimisations (PR #1071)
โ Removed
- ๐ Support for PHP 7.1 (PR #1075)
๐ Fixed
- Clients are now explicitly prevented from using the Client Credentials grant unless they are confidential to conform
with the OAuth2 spec (PR #1035) - Abstract method
getIdentifier()
added to AccessTokenTrait. The trait cannot be used without thegetIdentifier()
method being defined (PR #1051) - ๐ป An exception is now thrown if a refresh token is accidentally sent in place of an authorization code when using the
Auth Code Grant (PR #1057) - Can now send access token request without being forced to specify a redirect URI (PR #1096)
- ๐ป In the BearerTokenValidator, if an implementation is using PDO, there is a possibility that a RuntimeException will be thrown when checking if an access token is revoked. This scenario no longer incorrectly issues an exception with a hint mentioning an issue with JSON decoding. (PR #1107)