5.1.1

@alexbilbie alexbilbie released this Jul 26, 2016 · 18 commits to master since this release

  • Improved test suite (Issue #614)
  • Updated docblocks (Issue #616)
  • Replace array_shift with foreach loop (Issue #621)
  • Allow easy addition of custom fields to Bearer token response (Issue #624)
  • Key file auto-generation from string (Issue #625)

Downloads

5.1.0

@alexbilbie alexbilbie released this Jun 28, 2016 · 35 commits to master since this release

  • Implemented RFC7636 (Issue #574)
  • Unify middleware exception responses (Issue #578)
  • Updated examples (Issue #589)
  • Ensure state is in access denied redirect (Issue #597)
  • Remove redundant isExpired() method from entity interfaces and traits (Issue #600)
  • Added a check for unique access token constraint violation (Issue #601)
  • Look at Authorization header directly for HTTP Basic auth checks (Issue #604)
  • Added catch Runtime exception when parsing JWT string (Issue #605)
  • Allow paragonie/random_compat 2.x (Issue #606)
  • Added indigophp/hash-compat to Composer suggestions and require-dev for PHP 5.5 support

Downloads

5.0.3

@alexbilbie alexbilbie released this May 4, 2016 · 56 commits to master since this release

  • Fix hints in PasswordGrant (Issue #560)
  • Add meaning of Resource owner to terminology.md (Issue #561)
  • Use constant for event name instead of explicit string (Issue #563)
  • Remove unused request property (Issue #564)
  • Correct wrong phpdoc (Issue #569)
  • Fixed typo in exception string (Issue #570)

Downloads

5.0.2

@alexbilbie alexbilbie released this Apr 19, 2016 · 73 commits to master since this release

  • state parameter is now correctly returned after implicit grant authorization
  • Small code and docblock improvements

Downloads

5.0.1

@alexbilbie alexbilbie released this Apr 18, 2016 · 87 commits to master since this release

  • Fixes an issue (#550) whereby it was unclear whether or not to validate a client's secret during a request.

Downloads

5.0.0

@alexbilbie alexbilbie released this Apr 17, 2016 · 90 commits to master since this release

Version 5 is a complete code rewrite.

  • JWT support
  • PSR-7 support
  • Improved exception errors
  • Replace all occurrences of the term "Storage" with "Repository"
  • Simplify repositories
  • Entities conform to interfaces and use traits
  • Auth code grant updated
    • Allow support for public clients
    • Add support for #439
  • Client credentials grant updated
  • Password grant updated
    • Allow support for public clients
  • Refresh token grant updated
  • Implement Implicit grant
  • Bearer token output type
  • Remove MAC token output type
  • Authorization server rewrite
  • Resource server class moved to PSR-7 middleware
  • Tests
  • Much much better documentation

Changes since RC2:

  • Renamed Server class to AuthorizationServer
  • Added ResourceServer class
  • Run unit tests again PHP 5.5.9 as it's the minimum supported version
  • Enable PHPUnit 5.0 support
  • Improved examples and documentation
  • Make it clearer that the implicit grant doesn't support refresh tokens
  • Improved refresh token validation errors
  • Fixed refresh token expiry date

Downloads

5.0.0-RC2

@alexbilbie alexbilbie released this Apr 10, 2016 · 183 commits to master since this release

RC2 changes

  • Allow multiple client redirect URIs (Issue #511)
  • Remove unused mac token interface (Issue #503)
  • Handle RSA key passphrase (Issue #502)
  • Remove access token repository from response types (Issue #501)
  • Remove unnecessary methods from entity interfaces (Issue #490)
  • Ensure incoming JWT hasn't expired (Issue #509)
  • Fix client identifier passed where user identifier is expected (Issue #498)
  • Removed built-in entities; added traits to for quick re-use (Issue #504)
  • Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
  • Removed templating for auth code and implicit grants (Issue #499)

About version 5

Version 5 is a complete code rewrite.

  • JWT support
  • PSR-7 support
  • Improved exception errors
  • Replace all occurrences of the term "Storage" with "Repository"
  • Simplify repositories
  • Entities conform to interfaces and use traits
  • Auth code grant updated
    • Allow support for public clients
    • Add support for #439
  • Client credentials grant updated
  • Password grant updated
    • Allow support for public clients
  • Refresh token grant updated
  • Implement Implicit grant
  • Bearer token output type
  • Remove MAC token output type
  • Authorization server rewrite
  • Resource server class moved to PSR-7 middleware
  • Tests
  • Much much better documentation

Downloads