Skip to content

Releases: thephpleague/oauth2-server

5.0.1

18 Apr 07:35
Compare
Choose a tag to compare
  • Fixes an issue (#550) whereby it was unclear whether or not to validate a client's secret during a request.

5.0.0

17 Apr 12:25
Compare
Choose a tag to compare

Version 5 is a complete code rewrite.

  • JWT support
  • PSR-7 support
  • Improved exception errors
  • Replace all occurrences of the term "Storage" with "Repository"
  • Simplify repositories
  • Entities conform to interfaces and use traits
  • Auth code grant updated
    • Allow support for public clients
    • Add support for #439
  • Client credentials grant updated
  • Password grant updated
    • Allow support for public clients
  • Refresh token grant updated
  • Implement Implicit grant
  • Bearer token output type
  • Remove MAC token output type
  • Authorization server rewrite
  • Resource server class moved to PSR-7 middleware
  • Tests
  • Much much better documentation

Changes since RC2:

  • Renamed Server class to AuthorizationServer
  • Added ResourceServer class
  • Run unit tests again PHP 5.5.9 as it's the minimum supported version
  • Enable PHPUnit 5.0 support
  • Improved examples and documentation
  • Make it clearer that the implicit grant doesn't support refresh tokens
  • Improved refresh token validation errors
  • Fixed refresh token expiry date

5.0.0-RC2

10 Apr 16:19
Compare
Choose a tag to compare
5.0.0-RC2 Pre-release
Pre-release

RC2 changes

  • Allow multiple client redirect URIs (Issue #511)
  • Remove unused mac token interface (Issue #503)
  • Handle RSA key passphrase (Issue #502)
  • Remove access token repository from response types (Issue #501)
  • Remove unnecessary methods from entity interfaces (Issue #490)
  • Ensure incoming JWT hasn't expired (Issue #509)
  • Fix client identifier passed where user identifier is expected (Issue #498)
  • Removed built-in entities; added traits to for quick re-use (Issue #504)
  • Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
  • Removed templating for auth code and implicit grants (Issue #499)

About version 5

Version 5 is a complete code rewrite.

  • JWT support
  • PSR-7 support
  • Improved exception errors
  • Replace all occurrences of the term "Storage" with "Repository"
  • Simplify repositories
  • Entities conform to interfaces and use traits
  • Auth code grant updated
    • Allow support for public clients
    • Add support for #439
  • Client credentials grant updated
  • Password grant updated
    • Allow support for public clients
  • Refresh token grant updated
  • Implement Implicit grant
  • Bearer token output type
  • Remove MAC token output type
  • Authorization server rewrite
  • Resource server class moved to PSR-7 middleware
  • Tests
  • Much much better documentation

5.0.0-RC1

24 Mar 19:38
Compare
Choose a tag to compare
5.0.0-RC1 Pre-release
Pre-release

Version 5 is a complete code rewrite.

  • JWT support
  • PSR-7 support
  • Improved exception errors
  • Replace all occurrences of the term "Storage" with "Repository"
  • Simplify repositories
  • Entities conform to interfaces and use traits
  • Auth code grant updated
    • Allow support for public clients
    • Add support for #439
  • Client credentials grant updated
  • Password grant updated
    • Allow support for public clients
  • Refresh token grant updated
  • Implement Implicit grant
  • Bearer token output type
  • Remove MAC token output type
  • Authorization server rewrite
  • Resource server class moved to PSR-7 middleware
  • Tests
  • Much much better documentation

4.1.5

04 Jan 19:56
Compare
Choose a tag to compare
  • Enable Symfony 3.0 support (#412)

4.1.4

13 Nov 17:53
Compare
Choose a tag to compare
  • Fix for determining access token in header (Issue #328)
  • Refresh tokens are now returned for MAC responses (Issue #356)
  • Added integration list to readme (Issue #341)
  • Expose parameter passed to exceptions (Issue #345)
  • Removed duplicate routing setup code (Issue #346)
  • Docs fix (Issues #347, #360, #380)
  • Examples fix (Issues #348, #358)
  • Fix typo in docblock (Issue #352)
  • Improved timeouts for MAC tokens (Issue #364)
  • hash_hmac() should output raw binary data, not hexits (Issue #370)
  • Improved regex for matching all Base64 characters (Issue #371)
  • Fix incorrect signature parameter (Issue #372)
  • AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
  • Added priority argument to event listener (Issue #388)

4.1.3

22 Mar 23:33
Compare
Choose a tag to compare
  • Docblock, namespace and inconsistency fixes (Issue #303)
  • Docblock type fix (Issue #310)
  • Example bug fix (Issue #300)
  • Updated league/event to ~2.1 (Issue #311)
  • Fixed missing session scope (Issue #319)
  • Updated interface docs (Issue #323)
  • .travis.yml updates

4.1.2

01 Jan 12:56
Compare
Choose a tag to compare
  • Remove side-effects in hash_equals() implementation (Issue #290)

4.1.1

01 Jan 12:56
Compare
Choose a tag to compare
  • Changed symfony/http-foundation dependency version to ~2.4 so package can be installed in Laravel 4.1.*

4.1.0

27 Dec 23:02
Compare
Choose a tag to compare
  • Added MAC token support (Issue #158)
  • Fixed example init code (Issue #280)
  • Toggle refresh token rotation (Issue #286)
  • Docblock fixes