PHP OAuth 2.0 Server v8.3.0 Release Notes

Release Date: 2021-06-03 // 6 months ago
  • โž• Added

    • The server will now validate redirect uris according to rfc8252 (PR #1203)
    • ๐Ÿ›ฐ Events emitted now include the refresh token and access token payloads (PR #1211)
    • ๐Ÿ‘‰ Use the revokeRefreshTokens() function to decide whether refresh tokens are revoked or not upon use (PR #1189)

    ๐Ÿ”„ Changed

    • Keys are now validated using openssl_pkey_get_private() and openssl_pkey_get_public() instead of regex matching (PR #1215)

    ๐Ÿ›  Fixed

    • The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
    • โž• Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
    • ๐Ÿ‘ Allow scope "0" to be used. Previously this was removed from a request because it failed an empty() check (PR #1181)