- Bumped
kreait/clock
to^1.0.1
(1.0.0 had PHPUnit required as a non-dev dependency)
- Re-implemented the functionality in the
Kreait\Firebase\JWT
namespace. - Added
Kreait\Firebase\JWT\CustomTokenGenerator
as the recommended replacement forFirebase\Auth\Token\Generator
- Added
Kreait\Firebase\JWT\IdTokenVerifier
as the recommended replacement forFirebase\Auth\Token\Verifier
- After updating, please refer to the Migration Documentation to be ready for the 2.0 release of this library.
Firebase\Auth\Token\Exception\InvalidToken
can now have anyThrowable
as the$previous
parameter.
- The "auth_time" and "iat" claims are now verified with a 5 minute leeway, this is the same behaviour as in the Firebase Admin .NET SDK (thanks @navee85)
- ID Tokens must have a valid "auth_time" claim.
- The signature of an ID Token is now verified even if a prior error occured (thanks @kanoblake for reporting the issue and providing a test case)
- Tokens with an invalid signature now throw a
Firebase\Auth\Token\Exception\InvalidSignature
exception. It extends the previously thrownFirebase\Auth\Token\Exception\InvalidToken
, so existing behaviour doesn't change.
- Fix bug that not more than one custom token could be created at a time.
- Cache results from the HTTP Key Store in a PSR-16 cache (default: in memory)
- Deprecated
Firebase\Auth\Token\Handler
.
- Add missing
$expiresAt
parameter when creating a custom token with the Handler.
- Allow a custom expiration time for custom tokens.
- Allow the usage of a custom key store when using the Handler.
- Token verification now includes existence checks for claims (follow up to kreait/firebase-php#70)
- Tokens that seem to be issued in the future now cause a
Firebase\Auth\Token\Exception\IssuedInTheFuture
exception. It includes the hint that the system time might not be correct.
- Fixed message on UnknownKey exceptions.
- Expired tokens now throw a
Firebase\Auth\Token\Exception\ExpiredToken
exception. It extends the previously thrownFirebase\Auth\Token\Exception\InvalidToken
, so existing behaviour doesn't change.
- Fixed https://github.com/kreait/firebase-php/issues/65: invalid custom token when no claims are given.
- Replaced
StaticKeyStore
withHttpKeyStore
, which fetches frech Google Public Keys each time itsget()
method is invoked. Caching can be implemented by injecting an HTTP client with a cache middleware, e.g. kevinrob/guzzle-cache-middleware.
- Removed non-functional debug header
- Added
"php": "^7.0"
requirement tocomposer.json
- Initial release