Latest release

7.2.0

@Sephster Sephster released this Jun 23, 2018

Changed

  • Added newvalidateRedirectUri method AbstractGrant to remove three instances of code duplication (PR #912)
  • Allow 640 as a crypt key file permission (PR #917)

Added

  • Function hasRedirect() added to OAuthServerException (PR #703)

Fixed

  • Catch and handle BadMethodCallException from the verify() method of the JWT token in the validateAuthorization method (PR #904)

4.1.7

@Sephster Sephster released this Jun 23, 2018

Fixed

  • Ensure empty() function call only contains variable to be compatible with PHP 5.4 (PR #918)

7.1.1

@Sephster Sephster released this May 21, 2018 · 29 commits to master since this release

Fixed

  • No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request (PR #902)

7.1.0

@Sephster Sephster released this Apr 22, 2018 · 41 commits to master since this release

Changed

  • Changed hint for unsupportedGrantType exception so it no longer references the grant type parameter which isn't always expected (PR #893)
  • Upgrade PHPStan checks to level 7 (PR #856)

Added

  • Added event emitters for issued access and refresh tokens (PR #860)
  • Can now use Defuse\Crypto\Key for encryption/decryption of keys which is faster than the Cryto class (PR #812)

7.0.0

@Sephster Sephster released this Feb 18, 2018 · 80 commits to master since this release

Merge pull request #854 from Sephster/master

Version 7

6.1.1

@Sephster Sephster released this Dec 23, 2017 · 146 commits to master since this release

  • Removing check on empty scopes

6.1.0

@Sephster Sephster released this Dec 23, 2017 · 147 commits to master since this release

  • Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
  • Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
  • Allow specification of query delimiter character in the Password Grant (PR #801)
  • Add Zend Diactoros library dependency to examples (PR #678)
  • Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
  • Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)

5.1.6

@Sephster Sephster released this Nov 29, 2017

  • Add toggle to disable key permissions check. (Issue #776)

6.0.2

@alexbilbie alexbilbie released this Aug 3, 2017 · 223 commits to master since this release

  • An invalid refresh token that can't be decrypted now returns a HTTP 401 error instead of HTTP 400 (Issue #759)
  • Removed chmod from CryptKey and add toggle to disable checking (Issue #776)
  • Fixes invalid code challenge method payload key name (Issue #777)