Bump auth0/auth0-php from 5.7.0 to 8.3.1

[dependabot]

Bumps auth0/auth0-php from 5.7.0 to 8.3.1.

Release notes

Sourced from auth0/auth0-php's releases.

8.3.1

Full Changelog

Changed

• [SDK-3647] Add PHP 8.2.0-dev to test matrix #650 (evansims)

Fixed

• [SDK-3646] Reliability and performance improvements to CookieStore #649 (evansims)

Note: Previously in some circumstances, cookie secrets were not always being required in strategies where they should have been required. This has been resolved as part of the fixes in this release. If you are suddenly prompted to configure a cookie secret in an app that doesn't use sessions/cookies, please ensure you are using the correct strategy: https://github.com/auth0/auth0-PHP/tree/8.3.1#configuration-strategies

8.3.0

Full Changelog

Added

• Add PSR-14 Event Dispatcher, for highly customizable session storage mediums #646 (evansims)

Changed

• Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
• Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
• Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
• Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
• Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

8.2.1

Full Changelog

Fixed

• Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

• Resolves #630 (barasimumatik)

8.2.0

Full Changelog

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

• Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
• Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

• Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
• Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

... (truncated)

Changelog

Sourced from auth0/auth0-php's changelog.

8.3.1 (2022-09-24)

Full Changelog

Changed

• [SDK-3647] Add PHP 8.2.0-dev to test matrix #650 (evansims)

Fixed

• [SDK-3646] Reliability and performance improvements to CookieStore #649 (evansims)

8.3.0 (2022-09-22)

Full Changelog

Added

• [SDK-3636] Add PSR-14 Event Dispatcher, for ultra customizable session storage purposes #646 (evansims)

Changed

• [SDK-3633] Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
• [SDK-3635] Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
• [SDK-3634] Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
• [SDK-3632] Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
• [SDK-3631] Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

8.2.1 (2022-06-06)

Full Changelog

Fixed

• Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

• Resolves #630 (barasimumatik)

8.2.0 (2022-04-25)

Full Changelog

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

• Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
• Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

• Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
• Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

... (truncated)

Upgrade guide

Sourced from auth0/auth0-php's upgrade guide.

Migration Guide

Upgrading from v7.x → v8.0

Our version 8 release includes many significant improvements:

• Adoption of modern PHP language features including typed properties, null coalescing assignment operators, and array spreading.
• Support for custom PSR-18 and PSR-17 factories for customizing network requests. PSR-7 responses are also now returned throughout the SDK.
• PSR-4 event hooks are now supported throughout the SDK.
• Fluent interface throughout the SDK, offering simplified usage.
• Optional auto-pagination of Management API endpoints that support pagination.
• PKCE is now enabled by default.
• Improved JWT processing and fewer dependencies.

As is to be expected with a major release, there are breaking changes in this update. Please ensure you read this guide thoroughly and prepare your app before upgrading to SDK v8.

New minimum PHP version: 7.4 (8.0 preferred)

• SDK v8.0 requires PHP 7.4 or higher. PHP 8.0 is supported, and its use with this library is preferred and strongly encouraged.
• 7.4 will be the final release in PHP's 7.x branch. This SDK will only support PHP 8.0+ after 7.4 leaves supported status in November 2022.
• We strongly encourage you to make use of PHP 8.0's new named arguments language feature. Once 7.4 support ends, we will no longer consider method argument order changes to be a breaking change.

Session Storage Chan ges Require User Reauthentication

The new default session storage medium in 8.0 are encrypted cookies. Upgrading to 8.0 from 7.x will require your application's users to re-authenticate.

Class and Method Changes

Potentially Breaking Changes

These classes were updated in SDK 8.0:

• Class Auth0\SDK\Auth0 updated:

  • __construct updated:
    • configuration added as a required instance of either an SdkConfiguration class, or an array of configuration options. See the 8.0 configuration and 8.0 configuration options guides for usage information.
    • All other arguments have been removed.
  • Public method authentication() added. It returns a pre-configured singleton of the Auth0\SDK\API\Authentication class.
  • Public method management() added. It returns a pre-configured singleton of the Auth0\SDK\API\Management class.
  • Public method login() updated:
    • Method now accepts an argument, params: an array of parameters to pass with the API request.
    • Arguments state, connection, and additionalParameters have been removed. Use the new params argument for these uses.
    • Method now returns an intended login URL as a string. Method no longer sends redirect headers itself to better integrate with application frameworks. Developers should redirect users to the returned URL using a method appropriate for the application type/framework. For example, the redirect() method in Laravel or Symfony, Header("Location: $url") with plain PHP, etc.
  • Public method signup() added as a convenience. This method will pass the ?screen_hint=signup param, supported by the New Universal Login Experience.
  • Public method getLoginUrl() moved to Auth0\SDK\API\Authentication\getLoginLink(), and:
    • Argument params is now a nullable array.
  • Public method renewTokens() renamed to renew(), and:
    • Argument options renamed to params and is now a nullable array.
  • Public method decodeIdToken() renamed to decode(), and:
    • Argument idToken renamed to token.

... (truncated)

Commits

• 848c702 Release 8.3.1 (#651)
• 9d011ac [SDK-3647] Add PHP 8.2.0-dev to test matrix (#650)
• 04b1f5d [SDK-3646] Reliability and performance improvements to CookieStore (#649)
• 1e34266 Update README.md
• 4999b4b Update README.md
• cb15202 Update README.md
• d30526e Release 8.3.0 (#647)
• fbef9f1 [SDK-3636] Add PSR-14 Event Dispatcher, for ultra customizable session storag...
• bcfdae7 [SDK-3633] Treat passing an empty string to SdkConfiguration as the default u...
• 89b8d8f [SDK-3635] Enable configuration of SessionStore and CookieStore samesite pr...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like auth0/auth0-php is no longer updatable, so this is no longer needed.