8.9.1

Full Changelog

Fixed

• fix(SDK-4716): Resolve thrown exception when enumerating device cookies that include non-string keys/names #739 (evansims)

8.9.0

Full Changelog

Added

• feat(SDK-4543): Support Organizations with Client Grants #736 (evansims)

8.8.0

Added

• Support initiate_login_uri property for PATCH requests to the /api/v2/clients/:id Management API endpoint. #732

Fixed

• Token generator typo in claim header. #729

Changed

• composer.json now identifies mbstring as a required extension. #730
• PHP 8.3 nightlies have been added to the continuous integration testing matrix. #733

8.7.1

Fixed

• Corrected Management API route for deploy action endpoint by @speercy (#723)

8.7.0

Added

• Organization Name support added for Authentication API and token handling ¹ (#719)

Note
¹ To use this feature, an Auth0 tenant must have support for it enabled. This feature is not yet available to all tenants.

8.6.0

Added

• PAR (Pushed Authorization Request) support¹ (#714):
  • Auth0\SDK\API\Authentication\PushedAuthorizationRequest is a new class for issuing Pushed Authorization Requests and producing authorization links for them.
  • Auth0\SDK\API\Authentication::pushedAuthorizationRequest() has been added as a shortcut method for returning a configured instantiation of the above class.
  • Auth0\SDK\Auth0::login() has been updated to support issuing Pushed Authorization Requests and returning authorization links for them.
  • Auth0\SDK\Configuration\SdkConfiguration has been updated to accept a pushedAuthorizationRequest boolean to enable this feature.
• Auth0\SDK\Auth0::isAuthenticated() has been added as a shortcut method. It is an alias for getCredentials() !== null.

¹ Note: To use this feature, an Auth0 tenant must have support for it enabled. This feature is not yet available to all tenants.

8.5.0

This release improves the SDK's automatic discovery process of compatible HTTP clients, factories and messages (PSR-18, 17 and 7, respectively). If you encounter issues with your implementation not being discovered, please open an issue.

This release also introduces support for a number of additional Management API endpoints.

Added

• State Management

  • Added Auth0\SDK\Auth0::refreshState() to force a refresh of the SDK's internal state. This is useful when you have updated the SDK's configuration and want to ensure the SDK is using the latest values.

• Management API

  • Auth0\APIs\Management\Users
    • DELETE /users/:id/authenticators → deleteAllAuthenticators() (#702) (Documentation)
  • Support for Authentication Method endpoints: (#707):
    • GET /api/v2/users/:user/authentication-methods → getAuthenticationMethods() (Documentation)
    • PUT /api/v2/users/:user/authentication-methods → replaceAuthenticationMethods() (Documentation)
    • DELETE /api/v2/users/:user/authentication-methods → deleteAuthenticationMethods(string user) (Documentation)
    • POST /api/v2/users/:user/authentication-methods → createAuthenticationMethod() (Documentation)
    • GET /api/v2/users/:user/authentication-methods/:method → getAuthenticationMethod() (Documentation)
    • PATCH /api/v2/users/:user/authentication-methods/:method → updateAuthenticationMethod() (Documentation)
    • DELETE /api/v2/users/:user/authentication-methods/:method → deleteAuthenticationMethod() (Documentation)

Fixed

• Transient storage would sometimes not be fully cleared after a successful code exchange under certain conditions.
• Calls to certain methods under Auth0\SDK\API\Authentication with manually assigned client_id or client_secret parameters could have those values overwritten by the SDK's assigned configuration. #705

Changed

• Upgraded test suite to PEST 2.0 framework.
• Updated code styling rules, along with some light refactoring.
• Updated production dependencies:
  • Replaced php-http/discovery dependency with psr-discovery/all.
  • Replaced php-http/httplug dependency with psr-discovery/all.
• Updated development dependencies:
  • Removed ergebnis/composer-normalize as it now runs in CI.
  • Removed firebase/php-jwt as it was replaced by an in-library generator.
  • Replaced hyperf/event with symfony/event-dispatcher.
  • Replaced laravel/pint with friendsofphp/php-cs-fixer.
  • Replaced nyholm/psr7 with psr-mock/http-factory-implementation.
  • Replaced php-http/mock-client with psr-mock/http-client-implementation.
  • Updated vimeo/psalm to 5.8.
  • Updated phpstan/phpstan to 1.10.
  • Updated rector/rector to 0.15.

Thanks to our contributors for this release: knash94

8.4.0

Added

• Client Assertion (private_key_jwt) support #699 (evansims)
• Client Credentials management endpoints #700 (evansims)
• JSON Web Token generator classes, Auth0\SDK\Token\Generator and Auth0\SDK\Token\ClientAssertionGenerator. #698 (evansims)

Changed

• Restore test coverage to 100% #697 (evansims)
• Exclude unnecessary files from distribution package #696 (ramsey)

8.3.8

Full Changelog

Fixed

• fix: Always store provided state in transient medium #674 (evansims)

8.3.7

Full Changelog

Fixed

• fix: emailPasswordlessStart() incorrectly passes params as array under some conditions #670 (evansims)
• fix: Remove redundant Cache getItem() call in Auth0\SDK\Token\Verifier::getKeySet() #669 (pkivits-litebit)