auth0-PHP
PHP SDK for Auth0 Authentication and Management APIs.
MIT License
Bot releases are hidden (Show)
Published by jimmyjames about 4 years ago
Published by joshcanhelp over 4 years ago
Published by joshcanhelp over 4 years ago
Closed issues
- Authorized Party (azp) claim mismatch in the ID token #422
- JWTVerifier alternatives #419
- Consider to customize the jwks path #417
Added
- Add TokenVerifier for non-OIDC-compliant JWTs #428 (joshcanhelp)
- Add signing key rotation and custom JWKS URI support #426 (joshcanhelp)
- Add Client ID to verification email method #423 (joshcanhelp)
Published by joshcanhelp almost 5 years ago
BEFORE YOU UPGRADE
This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.
Added
- Add types for StoreInterface and implementors; add back EmptyStore #414 (joshcanhelp)
- Add select Guardian management endpoints #412 (joshcanhelp)
- Add Auth0->decodeIdToken() method for ID token decoding by deps #410 (joshcanhelp)
- Add SameSite cookie attribute handling #400 (joshcanhelp)
- Nonce and max_age handling with new CookieStore class #395 (joshcanhelp)
Changed
- Convert caching to PSR-16 interface #403 (joshcanhelp)
- Move AuthorizationBearer to new namespace #402 (joshcanhelp)
- Improve transient authorization data handling #397 (joshcanhelp)
- Cleanup Auth0 class constructor for clarification and better defaults #394 (joshcanhelp)
- Change client secret requirements #390 (joshcanhelp)
- Improved OIDC compliance #386 (joshcanhelp)
- Update minimum PHP from 5.5 to 7.1 #377 (joshcanhelp)
Removed
- Remove future iat check #411 (joshcanhelp)
- Remove Firebase JWT library #396 (joshcanhelp)
- Remove session cookie expiration option #389 (joshcanhelp)
- Remove deprecated Authentication methods and add types #385 (joshcanhelp)
- Remove deprecated JWKS methods and adjust tests #384 (joshcanhelp)
- Remove deprecated M-API methods #383 (joshcanhelp)
- Remove deprecated InformationHeaders methods and add types #382 (joshcanhelp)
- Remove deprecated methods and add types to RequestBuilder #381 (joshcanhelp)
- Remove deprecated token generator #380 (joshcanhelp)
- Remove deprecated legacy classes #379 (joshcanhelp)
- Update management props #378 (joshcanhelp)
Published by joshcanhelp almost 5 years ago
Added
- Add default scopes to Auth0 class #406 (joshcanhelp)
- fix: add missing options for renewTokens method #405 (bkotrys)
Deprecated
- Add deprecation notices for removals in v7 major release #407 (joshcanhelp)
Fixed
Published by joshcanhelp about 5 years ago
Closed issues
- [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
- JWT Verification fails everytime #356
- Bulk User Imports - I can't Use
upsertas a paramater for theimportUsersfeature #353
Added
- Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
- Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
- Add additional API params to Jobs > importUsers #354 (pinodex)
Deprecated
- Deprecated unused JWKFetcher methods #373 (joshcanhelp)
- Deprecate magic __call method on RequestBuilder class #366 (joshcanhelp)
- Deprecate Management properties; add lazy-load methods #363 (joshcanhelp)
- Deprecate and stop using magic call method on ApiClient #362 (joshcanhelp)
- Deprecate addPathVariable and dump methods on RequestBuilder #361 (joshcanhelp)
- Deprecate TokenGenerator class #360 (joshcanhelp)
Fixed - Fix boolean form parameters not sending as strings #357 (joshcanhelp)
Published by joshcanhelp over 5 years ago
Closed issues
- No packagist package created for 5.5.0 #346
Fixed
- Fix empty url params #349 (joshcanhelp)
- Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
- Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)
Published by joshcanhelp over 5 years ago
Closed issues
- Consider dropping PHP-5.x version supports #343
- Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333
Added
- Add missing User endpoints for Management API #341 (joshcanhelp)
- Add all Management API Roles endpoints #337 (joshcanhelp)
- Add missing Users test and switch to mocked calls. #336 (joshcanhelp)
- Add Authentication::refresh_token() method #335 (joshcanhelp)
Published by joshcanhelp over 5 years ago
Notes for this release:
-
\Auth0\SDK\Auth0now accepts a$configkey calledskip_userinfothat uses the decoded ID token for the user profile instead of a call to the/userinfoendpoint. This will save an HTTP call during login and should have no affect on most applications.
Closed issues
-
Auth0::exchange()assumes a valid id_token #317 - Feature Request: Support sending
auth0-forwarded-forheader #208
Added
- Authentication class cleanup and tests #322 (joshcanhelp)
- Add Grants Management endpoint #321 (joshcanhelp)
- Add
Auth0-Forwarded-Forheader for RO grant #320 (joshcanhelp) - Improve API Telemetry #319 (joshcanhelp)
- Add Mock API Request Capability and Mocked Connections Tests #314 (joshcanhelp)
Changed
- Test suite improvements #313 (joshcanhelp)
- Improve repo documentation #312 (joshcanhelp)
Deprecated
- Official deprecation for
JWKFetchermethod #328 (joshcanhelp)\Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
- Official deprecation for
Usermethods #327 (joshcanhelp)\Auth0\SDK\API\Management\Users::search()\Auth0\SDK\API\Management\Users::unlinkDevice()
- Official deprecation of
ClientGrantsmethod #326 (joshcanhelp)\Auth0\SDK\API\Management\ClientGrants::get()
- Official deprecation of legacy
InformationHeadersmethods #325 (joshcanhelp)\Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()\Auth0\SDK\API\Helpers\InformationHeaders::setDependency()\Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
- Official deprecation of legacy
Authenticationmethods #324 (joshcanhelp)\Auth0\SDK\API\Authentication::setApiClient()\Auth0\SDK\API\Authentication::sms_code_passwordless_verify()\Auth0\SDK\API\Authentication::email_code_passwordless_verify()\Auth0\SDK\API\Authentication::impersonate()
Fixed
- Fix
Auth0::exchange()to handle missing id_token #318 (joshcanhelp)
Published by joshcanhelp almost 6 years ago
Closed issues
- Something is wrong with the latest release 5.3.1 #303
Fixed
- Fix info headers Extend error in dependant libs #304 (joshcanhelp)
Published by joshcanhelp almost 6 years ago
Closed issues
- Array to String exception when audience is an array #296
- Passing accessToken from frontend to PHP API #281
- Deprecated method email_code_passwordless_verify #280
Added
Changed
- Change telemetry headers to new format and add tests #300 (joshcanhelp)
Fixed
- Fix bad exception message generation #297 (joshcanhelp)
Published by joshcanhelp about 6 years ago
Closed issues
- Question: Handling rate limits #277
- Allow configuration of the JWKS URL #276
- Allow changing the session key name #273
- SessionStore overrides PHP session cookie lifetime setting #215
Added
- Add custom JWKS path and kid check to JWKFetcher + tests #287 (joshcanhelp)
- Add config keys for session base name and cookie expires #279 (joshcanhelp)
- Add return request object #278 (joshcanhelp)
- Add pagination and tests to Resource Servers #275 (joshcanhelp)
- Fix formatting, code standards scan #274 (joshcanhelp)
- Add pagination, docs, and better tests for Rules #272 (joshcanhelp)
- Adding pagination, tests, + docs to Client Grants; minor test suite refactor #271 (joshcanhelp)
- Add tests, docblocks for Logs endpoints #270 (joshcanhelp)
- Add PHP_CodeSniffer + ruleset config #267 (joshcanhelp)
- Add session state and dummy state handler tests #266 (joshcanhelp)
Changed
Deprecated
- Deprecate Auth0\SDK\API\Oauth2Client class #269 (joshcanhelp)
Removed
- Remove examples, add links to Quickstarts #293 (joshcanhelp)
Fixed
- Whitespace pass with new standards using composer phpcbf #268 (joshcanhelp)
Security
- Add ID token validation #285 (joshcanhelp)
Published by joshcanhelp over 6 years ago
Closed issues
- getAppMetadata - how to use? #248
- Auth0 class missing action to renew access token #234
- DOC maj #217
Added
- User pagination and fields, docblocks, formatting, test improvements #261 (joshcanhelp)
- Unit test for withDictParams method #260 (joshcanhelp)
- Pagination, additional parameters, and tests for the Connections endpoint #258 (joshcanhelp)
- Renew tokens method for Auth0 client class #257 (jspetrak)
- Clients endpoint pagination and improvements #256 (joshcanhelp)
- Add email template endpoints #251 (joshcanhelp)
Changed
- Code style scan and fixes #250 (joshcanhelp)
Fixed
- Fix PHPUnit test. #262 (maurobonfietti)
- Allow $page to be null for Clients so pagination is not triggered #259 (joshcanhelp)
- Rewrite README; add news and notes to CHANGELOG #253 (joshcanhelp)
Published by joshcanhelp over 6 years ago
5.1.1 (2018-04-03)
Closed issues
Added
- Implement ResourceServices::getAll() #236 joshcanhelp)
Fixed
- Incorrect type hint on SessionStateHandler __construct #235 (joshcanhelp)
- Auth0 class documentation fixed for store and state handler #232 (jspetrak)
- Fixing minor code quality issues #231 joshcanhelp)
Published by joshcanhelp over 6 years ago
State validation was added in 5.1.0 for improved security. By default, this uses session storage and will happen automatically if you are using a combination of Auth0::login() and any method which calls Auth0::exchange() in your callback.
If you need to use a different storage method, implement your own StateHandler and set it using the state_handler config key when you initialize an Auth0 instance.
If you are using Auth0::exchange() and a method other than Auth0::login() to generate the Authorize URL, you can disable automatic state validation by setting the state_handler key to false when you initialize the Auth0 instance. It is highly recommended to implement state validation, either automatically or otherwise
Closed issues
- Support for php-jwt 5 #210
Added
- Adding tests for state handler; correcting storage method used #228 (joshcanhelp)
Changed
- Bumping JWT package version #229 (joshcanhelp)
