PHP OAuth 2.0 Server v8.3.0 Release Notes
Release Date: 2021-06-03 // almost 3 years ago-
โ Added
- The server will now validate redirect uris according to rfc8252 (PR #1203)
- ๐ฐ Events emitted now include the refresh token and access token payloads (PR #1211)
- ๐ Use the
revokeRefreshTokens()
function to decide whether refresh tokens are revoked or not upon use (PR #1189)
๐ Changed
- Keys are now validated using
openssl_pkey_get_private()
andopenssl_pkey_get_public()
instead of regex matching (PR #1215)
๐ Fixed
- The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
- โ Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
- ๐ Allow scope "0" to be used. Previously this was removed from a request because it failed an
empty()
check (PR #1181)