Releases: auth0/auth0-PHP
Releases · auth0/auth0-PHP
7.3.0
7.2.0
7.1.0
Closed issues
- Authorized Party (azp) claim mismatch in the ID token #422
- JWTVerifier alternatives #419
- Consider to customize the jwks path #417
Added
- Add TokenVerifier for non-OIDC-compliant JWTs #428 (joshcanhelp)
- Add signing key rotation and custom JWKS URI support #426 (joshcanhelp)
- Add Client ID to verification email method #423 (joshcanhelp)
7.0.0
BEFORE YOU UPGRADE
This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.
Added
- Add types for StoreInterface and implementors; add back EmptyStore #414 (joshcanhelp)
- Add select Guardian management endpoints #412 (joshcanhelp)
- Add Auth0->decodeIdToken() method for ID token decoding by deps #410 (joshcanhelp)
- Add SameSite cookie attribute handling #400 (joshcanhelp)
- Nonce and max_age handling with new CookieStore class #395 (joshcanhelp)
Changed
- Convert caching to PSR-16 interface #403 (joshcanhelp)
- Move AuthorizationBearer to new namespace #402 (joshcanhelp)
- Improve transient authorization data handling #397 (joshcanhelp)
- Cleanup Auth0 class constructor for clarification and better defaults #394 (joshcanhelp)
- Change client secret requirements #390 (joshcanhelp)
- Improved OIDC compliance #386 (joshcanhelp)
- Update minimum PHP from 5.5 to 7.1 #377 (joshcanhelp)
Removed
- Remove future iat check #411 (joshcanhelp)
- Remove Firebase JWT library #396 (joshcanhelp)
- Remove session cookie expiration option #389 (joshcanhelp)
- Remove deprecated Authentication methods and add types #385 (joshcanhelp)
- Remove deprecated JWKS methods and adjust tests #384 (joshcanhelp)
- Remove deprecated M-API methods #383 (joshcanhelp)
- Remove deprecated InformationHeaders methods and add types #382 (joshcanhelp)
- Remove deprecated methods and add types to RequestBuilder #381 (joshcanhelp)
- Remove deprecated token generator #380 (joshcanhelp)
- Remove deprecated legacy classes #379 (joshcanhelp)
- Update management props #378 (joshcanhelp)
v5.7.0
Added
- Add default scopes to Auth0 class #406 (joshcanhelp)
- fix: add missing options for renewTokens method #405 (bkotrys)
Deprecated
- Add deprecation notices for removals in v7 major release #407 (joshcanhelp)
Fixed
v5.6.0
Closed issues
- [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
- JWT Verification fails everytime #356
- Bulk User Imports - I can't Use
upsertas a paramater for theimportUsersfeature #353
Added
- Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
- Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
- Add additional API params to Jobs > importUsers #354 (pinodex)
Deprecated
- Deprecated unused JWKFetcher methods #373 (joshcanhelp)
- Deprecate magic __call method on RequestBuilder class #366 (joshcanhelp)
- Deprecate Management properties; add lazy-load methods #363 (joshcanhelp)
- Deprecate and stop using magic call method on ApiClient #362 (joshcanhelp)
- Deprecate addPathVariable and dump methods on RequestBuilder #361 (joshcanhelp)
- Deprecate TokenGenerator class #360 (joshcanhelp)
Fixed - Fix boolean form parameters not sending as strings #357 (joshcanhelp)
v5.5.1
Closed issues
- No packagist package created for 5.5.0 #346
Fixed
- Fix empty url params #349 (joshcanhelp)
- Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
- Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)
v5.5.0
Closed issues
- Consider dropping PHP-5.x version supports #343
- Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333
Added
- Add missing User endpoints for Management API #341 (joshcanhelp)
- Add all Management API Roles endpoints #337 (joshcanhelp)
- Add missing Users test and switch to mocked calls. #336 (joshcanhelp)
- Add Authentication::refresh_token() method #335 (joshcanhelp)
v5.4.0
Notes for this release:
\Auth0\SDK\Auth0now accepts a$configkey calledskip_userinfothat uses the decoded ID token for the user profile instead of a call to the/userinfoendpoint. This will save an HTTP call during login and should have no affect on most applications.
Closed issues
Auth0::exchange()assumes a valid id_token #317- Feature Request: Support sending
auth0-forwarded-forheader #208
Added
- Authentication class cleanup and tests #322 (joshcanhelp)
- Add Grants Management endpoint #321 (joshcanhelp)
- Add
Auth0-Forwarded-Forheader for RO grant #320 (joshcanhelp) - Improve API Telemetry #319 (joshcanhelp)
- Add Mock API Request Capability and Mocked Connections Tests #314 (joshcanhelp)
Changed
- Test suite improvements #313 (joshcanhelp)
- Improve repo documentation #312 (joshcanhelp)
Deprecated
- Official deprecation for
JWKFetchermethod #328 (joshcanhelp)\Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
- Official deprecation for
Usermethods #327 (joshcanhelp)\Auth0\SDK\API\Management\Users::search()\Auth0\SDK\API\Management\Users::unlinkDevice()
- Official deprecation of
ClientGrantsmethod #326 (joshcanhelp)\Auth0\SDK\API\Management\ClientGrants::get()
- Official deprecation of legacy
InformationHeadersmethods #325 (joshcanhelp)\Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()\Auth0\SDK\API\Helpers\InformationHeaders::setDependency()\Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
- Official deprecation of legacy
Authenticationmethods #324 (joshcanhelp)\Auth0\SDK\API\Authentication::setApiClient()\Auth0\SDK\API\Authentication::sms_code_passwordless_verify()\Auth0\SDK\API\Authentication::email_code_passwordless_verify()\Auth0\SDK\API\Authentication::impersonate()
Fixed
- Fix
Auth0::exchange()to handle missing id_token #318 (joshcanhelp)
v5.3.2
Closed issues
- Something is wrong with the latest release 5.3.1 #303
Fixed
- Fix info headers Extend error in dependant libs #304 (joshcanhelp)