auth0-PHP

Full Changelog

Added

• Add PSR-14 Event Dispatcher, for highly customizable session storage mediums #646 (evansims)

Changed

• Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
• Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
• Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
• Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
• Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

Full Changelog

Fixed

• Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

• Resolves #630 (barasimumatik)

Full Changelog

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

• Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
• Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

• Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
• Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

Documentation Contributions

• Correct the new method name for get_authorize_link() for 8.x in UPGRADE.md #623 (jeromefitzpatrick)
• Remove PHP 7.3 README note (deprecated) #610 (evansims)
• Update CONTRIBUTING.md guidance #609 (sepiariver)
• Update README.md guidance on management configuration strategy (domain is required) #604 (fullstackfool)
• Correct README.md typos in Management API example #602 (elbebass)

Other Improvements

• Relax pestphp/pest-plugin-parallel dev dependency from ^0.2 to ^0.2 || ^1.0 #617
• Bump firebase/php-jwt dev dependency to ^6.0 #613 (evansims)
• Add Semgrep to continous integration test suite #616 (evansims)

Full Changelog

Added

• Add Attack Protection endpoints #593 (evansims)

Full Changelog

Fixed

• Auth0->renew(): now updates additional session details after a successful token refresh #593 (evansims)

Full Changelog

Fixed

• Auth0->exchange(): optimize setcookie() calls #591 (Nebual)

Full Changelog

Fixed

• Require domain configuration for management strategy #589 (evansims)

Documentation

• Update UPGRADE.md with additional notes about Auth0::login() changes from v7. #585 (BGehrels)
• Update UPGRADE.md with additional notes about Auth0::exchange() changes from v7. #584 (BGehrels)

Tests

• Add Semgrep to test suite #588 (evansims)
• Upgrade test suite to use 8.1 GA (up from RC builds) #587 (evansims)
• Fix warnings introduced in new Psalm update #586 (evansims)

Full Changelog

Changes

• Introduce Interfaces to Final Classes #581 (komando82)

Full Changelog

Fixed

• Resolve SessionStore::purge() not iterating over session storage when a falsey value is stored #577 (evansims)

Full Changelog

Fixed

• Simplify decoding of Access Tokens via Auth0::decode() #534 (shadowhand)

Full Changelog

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
• The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
• PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.
• Due to changes in session handling mechanisms, this upgrade will require your users to re-authenticate.

8.0 Highlights

• Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
• Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
• New configuration object, SdkConfiguration, allows for dynamic changes within your application.
• Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
• Added support for the following PHP-FIG standards interfaces:
  • PSR-6 caches are now used for caching JWKs and Management API tokens.
  • PSR-7 HTTP messages are now returned by methods that initiate network requests.
  • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
  • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
  • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
• Improved Token handling system.
• Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
• New Management API auto-pagination helper for iterating through API results.
• PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

Full Changelog

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
• The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
• PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

Changes Since BETA2

• Cookie namespace prefixes are now configurable from SdkConfiguration interface. #534 (Nyholm)
• Improvements to and standardization of variable filtering rules. #535 (evansims)
• Fixed Management API calls incorrectly converted child arrays into objects. #541 (evansims)
• Fixed explicit SdkConfiguration object reference passing on arguments. #548 (Nyholm)
• Performance improvements to session/cookie transient storage. #542 (evansims)
• Add new MemoryStore storage medium for tests. #544 (Nyholm)
• Add new Psr6Store storage medium. #549 (Nyholm)
• Delay restoring session state (no longer occurs during constructor initialization; now just-in-time.) #550 (evansims)
• Improve support for custom domains with new customDomain option in SdkConfiguration #554 (evansims)
• Support for Actions API endpoints in Management SDK #551 (evansims)
• Expand test coverage to 100% and transition to PEST test framework #552 (evansims)

8.0 Highlights

• Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
• Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
• New configuration object, SdkConfiguration, allows for dynamic changes within your application.
• Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
• Added support for the following PHP-FIG standards interfaces:
  • PSR-6 caches are now used for caching JWKs and Management API tokens.
  • PSR-7 HTTP messages are now returned by methods that initiate network requests.
  • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
  • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
  • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
• Improved Token handling system.
• Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
• New Management API auto-pagination helper for iterating through API results.
• PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

Full Changelog

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
• The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
• PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

Changes Since BETA1

• Auth0\SDK\API\Management endpoint factory magic methods documented for proper IDE hinting.
• Auth0\SDK\API\Authentication and Auth0\SDK\API\Management create their HTTP client instances as needed when getHttpClient() is invoked, rather than at class initialization.
• Auth0\SDK\Configuration\SdkConfiguration now supports passing a strategy option to customize what configuration options are necessary at initialization, appropriate for different use cases. Defaults to the general use webapp with the same configuration requirements as previously used. See the README for more information.
• Auth0\SDK\Utility\HttpRequest now intercepts 429 rate-limit errors from Auth0 API responses and will automatically retry these requests on your behalf, using an exponential backoff strategy. Defaults to 3 retry attempts, configurable with httpMaxRetires during SDK configuration up to 10, or 0 to opt-out of this behavior.

8.0 Highlights

• Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
• Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
• New configuration object, SdkConfiguration, allows for dynamic changes within your application.
• Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
• Added support for the following PHP-FIG standards interfaces:
  • PSR-6 caches are now used for caching JWKs and Management API tokens.
  • PSR-7 HTTP messages are now returned by methods that initiate network requests.
  • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
  • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
  • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
• Improved Token handling system.
• Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
• New Management API auto-pagination helper for iterating through API results.
• PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

Full Changelog

Fixed

• Add missing API2 POST /tickets/password-change params #523 (evansims)

Full Changelog

Fixed

• Replace deprated/removed GuzzleHttp\Psr7\build_query #500 (bartvanraaij)

Full Changelog

BEFORE YOU UPGRADE

• This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
• The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
• PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

8.0 Highlights

• Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
• Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
• New configuration object, SdkConfiguration, allows for dynamic changes within your application.
• Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
• Added support for the following PHP-FIG standards interfaces:
  • PSR-6 caches are now used for caching JWKs and Management API tokens.
  • PSR-7 HTTP messages are now returned by methods that initiate network requests.
  • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
  • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
  • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
• Improved Token handling system.
• Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
• New Management API auto-pagination helper for iterating through API results.
• PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

Full Changelog

Changed

• Reintroduce Guzzle 6 support #489 (marko-ilic)
• Update Auth0\SDK\Auth0::getState() visibility to public #498 (evansims)

Full Changelog

This release expands Organizations support to the Management API client. Please see the README for details on Organizations, currently in closed beta testing.

Added

• Add Organizations support to Management API Client #483 (evansims)

Full Changelog

This release includes initial support for Organizations, a new feature from Auth0 currently in closed beta testing. Please see the updated README for usage instructions.

Added

• Add Organizations support to Authentication API Client #482 (evansims)

Changed

• Support client_id on /tickets/password-change #481 (evansims)

Full Changelog

Fixed

• Ensure ?include_totals are handled properly on GET /users and GET /roles requests for Management API #476 (evansims)