oauth2-server-php

Bug Fixes

• fix: add missing param to setAuthorizationCode (#1048)

BREAKING CHANGE

Add support for PKCE (#1045) - @hkalina

Two fields were added to the storage classes, code_challenge and code_challenge_method. You will need to update your databases to have these columns, or you will get an error when you upgrade.

Fixes

• PHP 8.1 fix for ctype_digit() deprecated error (#1040) - @modevelops

Features

• adjust type hint for Symfony 6 (#1030)

Bug Fixes

• fix PHP 8.1 deprecation error (#1021)

• drop support for PHP 7.0 and below (#1018)

Fixes PHP 7.2 issues

• #953 - [bug] Fixes PHP7.2 warning due to incorrect parameter used in count

HAPPY HOLIDAYS!!

• #901 - [feature] Add compatibility for PHP 5.3 by removing PHP 5.4 shorthand array syntax
• #898 - [bug] Remove 2 slashes from sqlite DSN for Windows
• #896 - [docs] Fixe release dates in Changelog
• #894 - [feature] Callable for customizing JWT payload
• #891 - [bug] Merge headers with server global header values
• Fixes tests (#914, #952)

HAPPY THANKSGIVING!!

PR for these changes: https://github.com/bshaffer/oauth2-server-php/pull/889

• #795 - [feature] added protected createPayload method to allow easier customization of JWT payload
• #807 - [refactor] simplifies UserInfoController constructor
• #814 - [docs] Adds https to README link
• #827 - [testing] Explicitly pulls in phpunit 4
• #828 - [docs] PHPDoc improvements and type hinting of variables.
• #829 - [bug] Fix CORS issue for revoking and requesting an access token
• #869 - [testing] Remove php 5.3 from travis and use vendored phpunit
• #834 - [feature] use random_bytes if available
• #851 - [docs] Fix PHPDoc
• #872 - [bug] Fix count() error on PHP 7.2
• #873 - [testing] adds php 7.2 to travis
• #794 - [docs] Fix typo in composer.json
• #885 - [testing] Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase

Note: master is now the default branch. develop is deprecated and will eventually be deleted.

HAPPY NEW YEAR!!

• bug #645 - Allow null for client_secret
• bug #651 - Fix bug in isPublicClient of Cassandra Storage
• bug #670 - Bug in client's scope restriction
• bug #672 - Implemented method to override the password hashing algorithm
• bug #698 - Fix Token Response's Content-Type to application/json
• bug #729 - Ensures unsetAccessToken and unsetRefreshToken return a bool
• bug #749 - Fix UserClaims for CodeIdToken
• bug #784 - RFC6750 compatibility
• bug #776 - Fix "redirect_uri_mismatch" for URIs with encoded characters
• bug #759 - no access token supplied to resource controller results in empty request body
• bug #773 - Use OpenSSL random method before attempting Mcrypt's.
• bug #790 - Add mongo db

• bug #594 - adds jti
• bug #598 - fixes lifetime configurations for JWTs
• bug #634 - fixes travis builds, upgrade to containers
• bug #586 - support for revoking tokens
• bug #636 - Adds FirebaseJWT bridge
• bug #639 - Mongo HHVM compatibility

Note: This version contains security fixes for JWTBearer Grant Type and JWT Access Tokens. Upgrading is strongly recommended.

• bug #500 - PDO fetch mode changed from FETCH_BOTH to FETCH_ASSOC
• bug #508 - Case insensitive for Bearer token header name ba716d4
• bug #512 - validateRedirectUri is now public
• bug #530 - Add PublicKeyInterface, UserClaimsInterface to Cassandra Storage
• bug #505 - DynamoDB storage fixes
• bug #556 - adds "code id_token" return type to openid connect
• bug #563 - Include "issuer" config key for JwtAccessToken
• bug #564 - Fixes JWT vulnerability
• bug #571 - Added unset_refresh_token_after_use option

• #437 - renames CryptoToken to JwtAccessToken / use_crypto_tokens to use_jwt_access_tokens
• #447 - Adds a Couchbase storage implementation
• #460 - Rename JWT claims to match spec
• #470 - order does not matter for multi-valued response types
• #471 - Make validateAuthorizeRequest available for POST in addition to GET
• #475 - Adds JTI table definitiion
• #481 - better randomness for generating access tokens
• #480 - Use hash_equals() for signature verification (prevents remote timing attacks)
• #489, #491, #498 - misc other fixes