Released: 2024-12-11
- This version is certified for PHP 8.3 and PHP 8.4! 🎉
- Fix cases where
expires
is not a number #929 - Add
SettableRefreshTokenInterface
to support setting the refresh token #994 - Set minimum version of Guzzle to 6.5.8 and 7.4.5, due to security vulnerabilities reported in earlier versions #1022
- Fix parameter docblock type hint for
AbstractProvider::prepareAccessTokenResponse()
#1025- Take note, this might affect static analysis reports for downstream providers
- Send scopes with access token request #1029 #1030
- Explicitly mark nullable parameter #1034
#1039
- This change requires PHP 7.1 as the minimum version for this library
- Plus a number of test and documentation improvements; see the commit log for more details
Released: 2023-04-16
- Add support for PKCE (Proof Key for Code Exchange, RFC 7636) #901
- Various type improvements for static analysis #939 #959 #972 #997
Released: 2021-12-22
Released: 2020-10-27
- Indicate support for PHP 8
- Allow time to be set for testing purposes #852
Released: 2020-07-18
- Allow Guzzle 7.x to be used #847
Released: 2018-11-22
- Revert to use of
AccessToken
in type hints to preserve backwards compatibility; this fixes the issue reported in #752 and #753
Released: 2018-11-21
- Add
HttpBasicAuthOptionProvider
to ease implementation for providers requiring HTTP basic auth - Add
GuardedPropertyTrait
to allow providers the ability to specify properties that may not be overridden by user-defined values passed to the provider constructor - Add
AccessTokenInterface
andResourceOwnerAccessTokenInterface
to allow providers the ability to override the defaultAccessToken
Released: 2018-11-19
- Allow paragonie/random_compat's empty 9.99.99 placeholder
- Throw an
UnexpectedValueException
on non-JSON responses from access token request (when callingAbstractProvider::getAccessToken()
)
Released: 2018-01-13
- Add
ProviderRedirectTrait
tool for 3rd-party provider libraries to use when handling provider redirections - Fix TypeError thrown because
getResourceOwner()
receives a non-JSON Response - Gracefully handle non-standard errors received from providers
- Update README to reflect official support of PHP 7.2
Released: 2017-04-25
- Fix potential type error when HTTP 500 errors are encountered
- Allow broader range of
random_compat
versions
Released: 2017-02-01
- Allow base URLs to contain query parameters
- Protect against
+
being improperly encoded in URL parameters - Remove misleading
state
option from authorization parameters - Stop generating more random bytes than necessary
Released: 2017-01-24
- Allow
expires_in
with a value of0
Released: 2017-01-12
- Rename
getResponse()
togetParsedResponse()
- Add
getResponse()
method that returns the unparsed PSR-7Response
instance - Removed
RandomFactory
, switched to native random functions
Released: 2016-04-29
- Add
QueryBuilderTrait
to standardize query string generation.
Released: 2016-04-19
- Add
AccessToken::getValues()
to access additional vendor data provided with tokens.
Released: 2016-02-13
- Enable dynamic parameters being passed into the authorization URL.
- Minor documentation updates.
Released: 2016-01-23
- Add
resource_owner_id
to the JSON-serialized representation of the access token. - Minor documentation updates and improved test coverage.
Released: 2015-11-13
- Add
ArrayAccessorTrait
, updateAbstractProvider
to utilize. - Use
expires
to serialize access tokens. - Documentation updates.
Released: 2015-09-22
- Allow access tokens to be created from storage (see #431).
- Minor fixes and documentation updates.
Released: 2015-08-26
- Allow required parameters checked using the
RequiredParameterTrait
to be set asfalse
,null
,"0"
, etc.
Released: 2015-08-19
- We are running code-quality builds through Scrutinizer, and we are running unit test builds on the new Travis CI container-based infrastructure.
- Cleaned up code, as recommended by Scrutinizer.
- Documentation updates.
Released: 2015-08-12
- BREAK: Add toArray() to ResourceOwnerInterface.
- Always attempt to parse responses as JSON and fallback on failure.
- Add dot notation support to access token resource owner ID.
- Use the Bearer authorization header for the generic provider.
- Documentation updates.
Released: 2015-07-16
- API for 1.0 is now frozen!
- BREAK: Convert all uses of "User" to "ResourceOwner" to more closely match the OAuth 2.0 specification.
- BREAK: Rename
StandardProvider
toGenericProvider
. - BREAK: Move access token creation to the
AbstractProvider
. It was previously handled in theAbstractGrant
. - FIX: Add
Content-Type
header with value ofapplication/x-www-form-urlencoded
to the request header when retrieving access tokens. This adheres to the OAuth 2.0 specification and fixes issues where certain OAuth servers expect this header. - Enhanced
json_encode()
serialization of AccessToken; when usingjson_encode()
on an AccessToken, it will return a JSON object with these properties:access_token
,refresh_token
, andexpires_in
.
Released: 2015-07-04
- BREAK: Renamed
AbstractProvider::ACCESS_TOKEN_METHOD_GET
toAbstractProvider::METHOD_GET
. - BREAK: Renamed
AbstractProvider::ACCESS_TOKEN_METHOD_POST
toAbstractProvider::METHOD_POST
. - BREAK: Renamed
AbstractProvider::prepareUserDetails()
toAbstractProvider::createUser()
. - BREAK: Renamed
AbstractProvider::getUserDetails()
toAbstractProvider::getUser()
. - BREAK: Removed
$token
parameter fromAbstractProvider::getDefaultHeaders()
. - BREAK: Modify
AbstractProvider::getBaseAccessTokenUrl()
to accept a required array of parameters, allowing providers the ability to vary the access token URL, based on the parameters. - Removed newline characters from MAC Authorization header.
- Documentation updates, notably:
- Moved list of providers to
README.PROVIDERS.md
. - Moved provider creation notes to
README.PROVIDER-GUIDE.md
.
- Moved list of providers to
Released: 2015-06-25
This release contains numerous BC breaks from the 0.x series. Please note these breaks and refer to the upgrade guide.
- BREAK: Requires PHP 5.5.0 and greater.
- BREAK: All providers have been moved to separate repositories, one for each provider.
- BREAK: All
public
properties have been set asprotected
orprivate
and getters/setters have been introduced for access to these properties. - BREAK: The
Provider\ProviderInterface
has been removed. Please extend from and overrideProvider\AbstractProvider
. - BREAK: The
Entity\User
has been removed. Providers should implement theProvider\UserInterface
and provide user functionality instead of expecting it in this base library. - BREAK: The
Grant\GrantInterface
has been removed. Providers needing to provide a new grant type should extend from and overrideGrant\AbstractGrant
. - A generic
Provider\StandardProvider
has been introduced, which may be used as a client to integrate with most OAuth 2.0 compatible servers. - A
Grant\GrantFactory
has been introduced as a means to register and retrieve singleton grants from a registry. - Introduced traits for bearer and MAC authorization (
Tool\BearerAuthorizationTrait
andTool\MacAuthorizationTrait
), which providers may use to enable these header authorization types.
Released: 2015-06-20
- FIX: Scope separators for LinkedIn and Instagram are now correctly a single space
Released: 2015-06-15
- BREAK: LinkedIn Provider: Default scopes removed from LinkedIn Provider. See "Managing LinkedIn Scopes" in the README for information on how to set scopes. See #327 and #307 for details on this change.
- FIX: LinkedIn Provider: A scenario existed in which
publicProfileUrl
was not set, generating a PHP notice; this has been fixed. - FIX: Instagram Provider: Fixed scope separator.
- Documentation updates and corrections.
Released: 2015-04-25
- Identity Provider: Better handling of error responses
- Documentation updates
Released: 2015-04-02
- FIX: Invalid JSON triggering fatal error
- FIX: Sending headers along with auth
getAccessToken()
requests - Now running Travis CI tests on PHP 7
- Documentation updates
Released: 2015-03-10
- Providers: Added
getHeaders()
to ProviderInterface and updated AbstractProvider to provide the method - Providers: Updated all bundled providers to support new
$authorizationHeader
property - Identity Provider: Update IDPException to account for empty strings
- Identity Provider: Added
getResponseBody()
method to IDPException - Documentation updates, minor bug fixes, and coding standards fixes
Released: 2015-02-24
- Add
AbstractProvider::prepareAccessTokenResult()
to provide additional token response preparation to providers - Remove custom provider code from AccessToken
- Add links to README for Dropbox and Square providers
Released: 2015-02-12
- Allow
approval_prompt
to be set by providers. This fixes an issue where some providers have problems if theapproval_prompt
is present in the query string.
Released: 2015-02-10
- Facebook Provider: Upgrade to Graph API v2.2
- Google Provider: Add
access_type
parameter for Google authorization URL - Get a more reliable response body on errors
Released: 2015-02-03
- GitHub Provider: Fix regression
- Documentation updates
Released: 2015-01-06
- Google Provider: fixed issue where Google API was not returning the user ID
Released: 2014-12-29
- Improvements to Provider\AbstractProvider (addition of
userUid()
,userEmail()
, anduserScreenName()
) - GitHub Provider: Support for GitHub Enterprise
- GitHub Provider: Methods to allow fetching user email addresses
- Google Provider: Updated scopes and endpoints to remove deprecated values
- Documentation updates, minor bug fixes, and coding standards fixes
Released: 2014-12-03
- Added ability to specify a redirect handler for providers through use of a callback (see Provider\AbstractProvider::setRedirectHandler())
- Updated authorize and token URLs for the Microsoft provider; the old URLs had been phased out and were no longer working (see #146)
- Increased test coverage
- Documentation updates, minor bug fixes, and coding standards fixes
Released: 2014-11-28
- Added
ClientCredentials
andPassword
grants - Added support for providers to set their own
uid
parameter key name - Added support for Google's
hd
(hosted domain) parameter - Added support for providing a custom
state
parameter to the authorization URL - LinkedIn
pictureUrl
is now an optional response element - Added Battle.net provider package link to README
- Added Meetup provider package link to README
- Added
.gitattributes
file - Increased test coverage
- A number of documentation fixes, minor bug fixes, and coding standards fixes
Released: 2014-10-28
- Added
ProviderInterface
and removedIdentityProvider
. - Expose generated state to allow for CSRF validation.
- Renamed
League\OAuth2\Client\Provider\User
toLeague\OAuth2\Client\Entity\User
. - Entity: User: added
gender
andlocale
properties - Updating logic for populating the token expiration time.
Released: 2014-04-26
- This release made some huge leaps forward, including 100% unit-coverage and a bunch of new features.
Released: 2013-05-28
- No release notes available.
Released: 2013-05-25
- Initial release.