PHP OAuth 2.0 Server v8.3.0

Version Release Notes from June 03, 2021 (almost 3 years ago)

« Changelog History

PHP OAuth 2.0 Server v8.3.0 Release Notes

Release Date: 2021-06-03 // almost 3 years ago

➕ Added
- The server will now validate redirect uris according to rfc8252 (PR #1203)
- 🛰 Events emitted now include the refresh token and access token payloads (PR #1211)
- 👉 Use the revokeRefreshTokens() function to decide whether refresh tokens are revoked or not upon use (PR #1189)
🔄 Changed
- Keys are now validated using openssl_pkey_get_private() and openssl_pkey_get_public() instead of regex matching (PR #1215)
🛠 Fixed
- The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
- ➕ Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
- 👍 Allow scope "0" to be used. Previously this was removed from a request because it failed an empty() check (PR #1181)

Awesome PHP is part of the LibHunt network. Terms. Privacy Policy.