2013-02-15 22:38:41 +05:30
# Changelog
2015-01-01 18:26:20 +05:30
## 4.1.2 (released 2015-01-01)
* Remove side-effects in hash_equals() implementation (Issue #290 )
2014-12-31 21:33:26 +05:30
## 4.1.1 (released 2014-12-31)
* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
2014-12-28 04:31:11 +05:30
## 4.1.0 (released 2014-12-27)
* Added MAC token support (Issue #158 )
* Fixed example init code (Issue #280 )
* Toggle refresh token rotation (Issue #286 )
* Docblock fixes
2014-12-15 23:04:38 +05:30
## 4.0.5 (released 2014-12-15)
* Prevent duplicate session in auth code grant (Issue #282 )
2014-12-04 04:55:45 +05:30
## 4.0.4 (released 2014-12-03)
* Ensure refresh token hasn't expired (Issue #270 )
2014-12-02 16:15:18 +05:30
## 4.0.3 (released 2014-12-02)
* Fix bad type hintings (Issue #267 )
* Do not forget to set the expire time (Issue #268 )
2014-11-21 05:49:43 +05:30
## 4.0.2 (released 2014-11-21)
* Improved interfaces (Issue #255 )
* Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
* Docblock improvements (Issue #254 )
2014-11-09 17:17:02 +05:30
## 4.0.1 (released 2014-11-09)
* Alias the master branch in composer.json (Issue #243 )
* Numerous PHP CodeSniffer fixes (Issue #244 )
* .travis.yml update (Issue #245 )
* The getAccessToken method should return an AccessTokenEntity object instead of a string in ResourceServer.php (#246)
2014-11-08 22:51:49 +05:30
## 4.0.0 (released 2014-11-08)
* Complete rewrite
* Check out the documentation - [http://oauth2.thephpleague.com ](http://oauth2.thephpleague.com )
## 3.2.0 (released 2014-04-16)
2014-04-07 02:34:12 +05:30
* Added the ability to change the algorithm that is used to generate the token strings (Issue #151 )
2014-02-27 04:05:34 +05:30
## 3.1.2 (released 2014-02-26)
* Support Authorization being an environment variable. [See more ](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header )
2013-12-06 02:39:35 +05:30
## 3.1.1 (released 2013-12-05)
* Normalize headers when `getallheaders()` is available (Issues #108 and #114 )
## 3.1.0 (released 2013-12-05)
2013-12-06 02:12:42 +05:30
* No longer necessary to inject the authorisation server into a grant, the server will inject itself
* Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
2013-12-03 00:19:44 +05:30
## 3.0.1 (released 2013-12-02)
* Forgot to tell TravisCI from testing PHP 5.3
2013-12-06 02:39:35 +05:30
## 3.0.0 (released 2013-12-02)
2013-11-29 18:04:18 +05:30
* Fixed spelling of Implicit grant class (Issue #84 )
* Travis CI now tests for PHP 5.5
* Fixes for checking headers for resource server (Issues #79 and #)
* The word "bearer" now has a capital "B" in JSON output to match OAuth 2.0 spec
* All grants no longer remove old sessions by default
* All grants now support custom access token TTL (Issue #92 )
* All methods which didn't before return a value now return `$this` to support method chaining
* Removed the build in DB providers - these will be put in their own repos to remove baggage in the main repository
* Removed support for PHP 5.3 because this library now uses traits and will use other modern PHP features going forward
2013-12-03 00:13:42 +05:30
* Moved some grant related functions into a trait to reduce duplicate code
2013-11-29 18:04:18 +05:30
2013-06-02 18:24:54 +05:30
## 2.1.1 (released 2013-06-02)
* Added conditional `isValid()` flag to check for Authorization header only (thanks @alexmcroberts )
* Fixed semantic meaning of `requireScopeParam()` and `requireStateParam()` by changing their default value to true
* Updated some duff docblocks
* Corrected array key call in Resource.php (Issue #63 )
2013-05-11 06:29:08 +05:30
## 2.1 (released 2013-05-10)
* Moved zetacomponents/database to "suggest" in composer.json. If you rely on this feature you now need to include " zetacomponents/database" into "require" key in your own composer.json. (Issue #51 )
* New method in Refresh grant called `rotateRefreshTokens()` . Pass in `true` to issue a new refresh token each time an access token is refreshed. This parameter needs to be set to true in order to request reduced scopes with the new access token. (Issue #47 )
* Rename `key` column in oauth_scopes table to `scope` as `key` is a reserved SQL word. (Issue #45 )
* The `scope` parameter is no longer required by default as per the RFC. (Issue #43 )
* You can now set multiple default scopes by passing an array into `setDefaultScope()` . (Issue #42 )
* The password and client credentials grants now allow for multiple sessions per user. (Issue #32 )
* Scopes associated to authorization codes are not held in their own table (Issue #44 )
* Database schema updates.
2013-05-09 22:17:07 +05:30
## 2.0.5 (released 2013-05-09)
* Fixed `oauth_session_token_scopes` table primary key
* Removed `DEFAULT ''` that has slipped into some tables
* Fixed docblock for `SessionInterface::associateRefreshToken()`
2013-05-09 20:31:18 +05:30
## 2.0.4 (released 2013-05-09)
* Renamed primary key in oauth_client_endpoints table
* Adding missing column to oauth_session_authcodes
* SECURITY FIX: A refresh token should be bound to a client ID
## 2.0.3 (released 2013-05-08)
* Fixed a link to code in composer.json
## 2.0.2 (released 2013-05-08)
* Updated README with wiki guides
* Removed `null` as default parameters in some methods in the storage interfaces
* Fixed license copyright
## 2.0.0 (released 2013-05-08)
2013-05-08 23:22:13 +05:30
**If you're upgrading from v1.0.8 there are lots of breaking changes**
* Rewrote the session storage interface from scratch so methods are more obvious
* Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
* Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
* A session can have multiple associated access tokens
* Induvidual grants can have custom expire times for access tokens
* Authorization codes now have a TTL of 10 minutes by default (can be manually set)
* Refresh tokens now have a TTL of one week by default (can be manually set)
* The client credentials grant will no longer gives out refresh tokens as per the specification
2013-03-18 22:18:38 +05:30
## 1.0.8 (released 2013-03-18)
* Fixed check for required state parameter
* Fixed check that user's credentials are correct in Password grant
2013-03-04 18:48:34 +05:30
## 1.0.7 (released 2013-03-04)
* Added method `requireStateParam()`
* Added method `requireScopeParam()`
## 1.0.6 (released 2013-02-22)
2013-02-22 21:12:32 +05:30
* Added links to tutorials in the README
* Added missing `state` parameter request to the `checkAuthoriseParams()` method.
2013-02-21 23:21:51 +05:30
## 1.0.5 (released 2013-02-21)
2013-02-21 23:14:26 +05:30
* Fixed the SQL example for SessionInterface::getScopes()
2013-02-20 18:47:36 +05:30
## 1.0.3 (released 2013-02-20)
* Changed all instances of the "authentication server" to "authorization server"
2013-02-20 18:10:42 +05:30
## 1.0.2 (released 2013-02-20)
* Fixed MySQL create table order
* Fixed version number in composer.json
## 1.0.1 (released 2013-02-19)
* Updated AuthServer.php to use `self::getParam()`
## 1.0.0 (released 2013-02-15)
2013-02-15 22:38:41 +05:30
2013-03-04 18:48:34 +05:30
* First major release
