Skip to content

Latest commit

 

History

History
355 lines (220 loc) · 21.2 KB

CHANGELOG.md

File metadata and controls

355 lines (220 loc) · 21.2 KB
Raw

Change Log

8.12.0 (2024-11-05)

Full Changelog

Added

Fixed

8.11.1 (2024-01-10)

Full Changelog

Fixed

  • fix: Resolve erroneous exception throw on tenant domain validation #755 (ramonschriks)

8.11.0 (2024-01-08)

Full Changelog

Added

  • feat: Support validating tokens with tenant domain in the case of custom domains #753 (ramonschriks)

8.10.0 (2023-12-05)

Full Changelog

Added

  • feat(SDK-4731): Implement support for Back-Channel Logout #747 (evansims)

Changed

  • PHP 8.1 is now the minimum supported runtime #748 (evansims)

8.9.3 (2023-11-30)

Full Changelog

Fixed

  • fix: Remove redundant token verification step #742 (evansims)

8.9.2 (2023-11-29)

Full Changelog

Fixed

  • fix: Remove redundant token verification step #742 (evansims)

8.9.1 (2023-11-20)

Full Changelog

Fixed

  • fix(SDK-4716): Resolve thrown exception when enumerating device cookies that include non-string keys/names #739 (evansims)

8.9.0 (2023-11-13)

Full Changelog

Added

  • feat(SDK-4543): Support Organizations with Client Grants #736 (evansims)

8.8.0 - 2023-10-18

Added

  • Support initiate_login_uri property for PATCH requests to the /api/v2/clients/:id Management API endpoint. #732

Fixed

  • Token generator typo in claim header. #729

Changed

  • composer.json now identifies mbstring as a required extension. #730
  • PHP 8.3 nightlies have been added to the continuous integration testing matrix. #733

8.7.1 - 2023-08-06

Fixed

  • Corrected Management API route for deploy action endpoint by @speercy (#723)

8.7.0 - 2023-07-20

Added

  • Organization Name support added for Authentication API and token handling¹ (#719)

Note ¹ To use this feature, an Auth0 tenant must have support for it enabled. This feature is not yet available to all tenants.

8.6.0 - 2023-05-02

Added

  • PAR (Pushed Authorization Request) support¹ (#714):
    • Auth0\SDK\API\Authentication\PushedAuthorizationRequest is a new class for issuing Pushed Authorization Requests and producing authorization links for them.
    • Auth0\SDK\API\Authentication::pushedAuthorizationRequest() has been added as a shortcut method for returning a configured instantiation of the above class.
    • Auth0\SDK\Auth0::login() has been updated to support issuing Pushed Authorization Requests and returning authorization links for them.
    • Auth0\SDK\Configuration\SdkConfiguration has been updated to accept a pushedAuthorizationRequest boolean to enable this feature.
  • Auth0\SDK\Auth0::isAuthenticated() has been added as a shortcut method. It is an alias for getCredentials() !== null.

Note ¹ To use this feature, an Auth0 tenant must have support for it enabled. This feature is not yet available to all tenants.

8.5.0 - 2023-03-27

This release improves the SDK's automatic discovery process of compatible HTTP clients, factories and messages (PSR-18, 17 and 7, respectively). If you encounter issues with your implementation not being discovered, please open an issue.

This release also introduces support for a number of additional Management API endpoints.

Added

  • State Management

    • Added Auth0\SDK\Auth0::refreshState() to force a refresh of the SDK's internal state. This is useful when you have updated the SDK's configuration and want to ensure the SDK is using the latest values.

  • Management API

    • Auth0\APIs\Management\Users
      • DELETE /users/:id/authenticatorsdeleteAllAuthenticators() (#702) (Documentation)
    • Support for Authentication Method endpoints: (#707):
      • GET /api/v2/users/:user/authentication-methodsgetAuthenticationMethods() (Documentation)
      • PUT /api/v2/users/:user/authentication-methodsreplaceAuthenticationMethods() (Documentation)
      • DELETE /api/v2/users/:user/authentication-methodsdeleteAuthenticationMethods(string user) (Documentation)
      • POST /api/v2/users/:user/authentication-methodscreateAuthenticationMethod() (Documentation)
      • GET /api/v2/users/:user/authentication-methods/:methodgetAuthenticationMethod() (Documentation)
      • PATCH /api/v2/users/:user/authentication-methods/:methodupdateAuthenticationMethod() (Documentation)
      • DELETE /api/v2/users/:user/authentication-methods/:methoddeleteAuthenticationMethod() (Documentation)

Fixed

  • Transient storage would sometimes not be fully cleared after a successful code exchange under certain conditions.
  • Calls to certain methods under Auth0\SDK\API\Authentication with manually assigned client_id or client_secret parameters could have those values overwritten by the SDK's assigned configuration. #705

Changed

  • Upgraded test suite to PEST 2.0 framework.
  • Updated code styling rules, along with some light refactoring.
  • Updated production dependencies:
    • Replaced php-http/discovery dependency with psr-discovery/all.
    • Replaced php-http/httplug dependency with psr-discovery/all.
  • Updated development dependencies:
    • Removed ergebnis/composer-normalize as it now runs in CI.
    • Removed firebase/php-jwt as it was replaced by an in-library generator.
    • Replaced hyperf/event with symfony/event-dispatcher.
    • Replaced laravel/pint with friendsofphp/php-cs-fixer.
    • Replaced nyholm/psr7 with psr-mock/http-factory-implementation.
    • Replaced php-http/mock-client with psr-mock/http-client-implementation.
    • Updated vimeo/psalm to 5.8.
    • Updated phpstan/phpstan to 1.10.
    • Updated rector/rector to 0.15.

Thanks to our contributors for this release: knash94

8.4.0 - 2023-01-24

Added

Changed

  • Restore test coverage to 100% #697 (evansims)
  • Exclude unnecessary files from distribution package #696 (ramsey)

8.3.8 - 2022-11-28

Fixed

  • fix: Always store provided state in transient medium #674 (evansims)

8.3.7 - 2022-11-07

Fixed

  • fix: emailPasswordlessStart() incorrectly passes params as array under some conditions #670 (evansims)
  • fix: Remove redundant Cache getItem() call in Auth0\SDK\Token\Verifier::getKeySet() #669 (pkivits-litebit)

8.3.6 - 2022-10-24

Fixed

  • fix: Restore previous behavior of SdkConfiguration::setScope() being nullable #665 (evansims)

8.3.5 - 2022-10-21

Fixed

  • [SDK-3722] Fix: Stateless strategies should not invoke stateful session classes #662 (evansims)

8.3.4 - 2022-10-19

Fixed

  • Fix SdkConfiguration::setScope() not assigning default values when an empty array is passed #659 (evansims)

8.3.3 - 2022-10-19

Fixed

8.3.2 - 2022-10-18

Fixed

  • [SDK-3719] Fix PHP 8.0+ SdkConfiguration named arguments usage #654 (evansims)

8.3.1 - 2022-09-24

Changed

  • [SDK-3647] Add PHP 8.2.0-dev to test matrix #650 (evansims)

Fixed

  • [SDK-3646] Reliability and performance improvements to CookieStore #649 (evansims)

8.3.0 - 2022-09-22

Added

  • [SDK-3636] Add PSR-14 Event Dispatcher, for ultra customizable session storage purposes #646 (evansims)

Changed

  • [SDK-3633] Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
  • [SDK-3635] Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
  • [SDK-3634] Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
  • [SDK-3632] Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
  • [SDK-3631] Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

8.2.1 - 2022-06-06

Fixed

  • Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

8.2.0 - 2022-04-25

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

  • Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
  • Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

  • Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
  • Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

Documentation Contributions

Other Improvements

  • Relax pestphp/pest-plugin-parallel dev dependency from ^0.2 to ^0.2 || ^1.0 #617
  • Bump firebase/php-jwt dev dependency to ^6.0 #613 (evansims)
  • Add Semgrep to continous integration test suite #616 (evansims)

8.1.0 - 2022-02-17

Added

8.0.6 - 2022-01-25

Fixed

  • Auth0->renew(): now correctly updates all appropriate session details after a successful token refresh #593 (evansims)

8.0.5 - 2022-01-04

Fixed

  • Auth0->exchange(): optimize setcookie() calls #591 (Nebual)

8.0.4 - 2021-12-13

Fixed

  • Require domain configuration for management strategy #589 (evansims)

Documentation

  • Update UPGRADE.md with additional notes about Auth0::login() changes from v7. #585 (BGehrels)
  • Update UPGRADE.md with additional notes about Auth0::exchange() changes from v7. #584 (BGehrels)

Tests

8.0.3 - 2021-11-01

Changes

8.0.2 - 2021-10-18

Fixed

  • Resolve SessionStore::purge() not iterating over session storage when a falsey value is stored #577 (evansims)

8.0.1 - 2021-09-23

Fixed

  • Simplify decoding of Access Tokens via Auth0::decode() #534 (shadowhand)

8.0.0 - 2021-09-20

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
  • The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
  • PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

8.0 Highlights

  • Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
  • Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
  • New configuration object, SdkConfiguration, allows for dynamic changes within your application.
  • Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
  • Added support for the following PHP-FIG standards interfaces:
    • PSR-6 caches are now used for caching JWKs and Management API tokens.
    • PSR-7 HTTP messages are now returned by methods that initiate network requests.
    • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
    • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
    • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
  • Improved Token handling system.
  • Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
  • New Management API auto-pagination helper for iterating through API results.
  • PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

Changelog entries for releases prior to 8.0 have been relocated to CHANGELOG.ARCHIVE.md.