All Versions
Latest Version
Avg Release Cycle
68 days
Latest Release
176 days ago

Changelog History
Page 3

  • v7.1.0 Changes

    April 22, 2018

    ๐Ÿ”„ Changed

    • ๐Ÿ”„ Changed hint for unsupportedGrantType exception so it no longer references the grant type parameter which isn't always expected (PR #893)
    • โฌ†๏ธ Upgrade PHPStan checks to level 7 (PR #856)

    โž• Added

    • โž• Added event emitters for issued access and refresh tokens (PR #860)
    • Can now use Defuse\Crypto\Key for encryption/decryption of keys which is faster than the Cryto class (PR #812)
  • v7.0.0 Changes

    February 18, 2018

    โž• Added

    • ๐Ÿ‘‰ Use PHPStan for static analysis of code (PR #848)
    • โฌ†๏ธ Enforce stricter static analysis checks and upgrade library dependencies (PR #852)
    • โšก๏ธ Provide PHPStan coverage for tests and update PHPUnit (PR #849)
    • ๐Ÿ›ฐ Get and set methods for OAuth Server Exception payloads. Allow implementer to specify the JSON encode options (PR #719)

    ๐Ÿ”„ Changed

    • ClientRepository interface will now accept null for the Grant type to improve extensibility options (PR #607)
    • Do not issue an error if key file permissions are 400 or 440 (PR #839)
    • Skip key file creation if the file already exists (PR #845)
    • โšก๏ธ Change changelog format and update readme

    โœ‚ Removed

    • ๐Ÿ‘Œ Support for PHP 5.6
    • ๐Ÿ‘Œ Support for version 5.x and 6.x of the library

    ๐Ÿ›  Fixed

    • PKCE implementation (PR #744)
    • Set correct redirect URI when validating scopes (PR #840)
    • S256 code challenege method (PR #842)
    • Accept RSA key with CRLF line endings (PR #805)
  • v6.1.1 Changes

    December 23, 2017
    • โœ‚ Removed check on empty scopes
  • v6.1.0 Changes

    December 23, 2017
    • ๐Ÿ”„ Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
    • Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
    • ๐Ÿ‘ Allow specification of query delimiter character in the Password Grant (PR #801)
    • โž• Add Zend Diactoros library dependency to examples (PR #678)
    • 0๏ธโƒฃ Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
    • โž• Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)
  • v6.0.2 Changes

    August 03, 2017
    • An invalid refresh token that can't be decrypted now returns a HTTP 401 error instead of HTTP 400 (Issue #759)
    • โœ‚ Removed chmod from CryptKey and add toggle to disable checking (Issue #776)
    • ๐Ÿ›  Fixes invalid code challenge method payload key name (Issue #777)
  • v6.0.1 Changes

    July 19, 2017

    ๐Ÿš€ To address feedback from the security release the following change has been made:

    • ๐Ÿ‘‰ If an RSA key cannot be chmod'ed to 600 then it will now throw a E_USER_NOTICE instead of an exception.
  • v6.0.0 Changes

    July 01, 2017
    • ๐Ÿ’ฅ Breaking change: The AuthorizationServer constructor now expects an encryption key string instead of a public key
    • โœ‚ Remove support for HHVM
    • โœ‚ Remove support for PHP 5.5
  • v5.1.4 Changes

    July 01, 2017
    • Fixed multiple security vulnerabilities as a result of a security audit paid for by the Mozilla Secure Open Source Fund. All users of this library are encouraged to update as soon as possible to this version or version 6.0 or greater.
      • It is recommended on each AuthorizationServer instance you set the setEncryptionKey(). This will result in stronger encryption being used. If this method is not set messages will be sent to the defined error handling routines (using error_log). Please see the examples and documentation for examples.
    • โœ… TravisCI now tests PHP 7.1 (Issue #671)
    • ๐Ÿ›  Fix middleware example fatal error (Issue #682)
    • ๐Ÿ›  Fix typo in the first README sentence (Issue #690)
    • Corrected DateInterval from 1 min to 1 month (Issue #709)
  • v5.1.3 Changes

    October 12, 2016
    • ๐Ÿ›  Fixed WWW-Authenticate header (Issue #669)
    • Increase the recommended RSA key length from 1024 to 2048 bits (Issue #668)
  • v5.1.2 Changes

    September 19, 2016
    • ๐Ÿ›  Fixed finalizeScopes call (Issue #650)