Skip to content
This repository has been archived by the owner on Sep 23, 2024. It is now read-only.

Latest commit

 

History

History
996 lines (596 loc) · 53.7 KB

CHANGELOG.md

File metadata and controls

996 lines (596 loc) · 53.7 KB

CHANGELOG

8.0.3 (2021-11-01)

Full Changelog

Changes

8.0.2 (2021-10-18)

Full Changelog

Fixed

  • Resolve SessionStore::purge() not iterating over session storage when a falsey value is stored #577 (evansims)

8.0.1 (2021-09-23)

Full Changelog

Fixed

  • Simplify decoding of Access Tokens via Auth0::decode() #534 (shadowhand)

8.0.0 (2021-09-20)

Full Changelog

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
  • The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
  • PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

8.0 Highlights

  • Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
  • Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
  • New configuration object, SdkConfiguration, allows for dynamic changes within your application.
  • Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
  • Added support for the following PHP-FIG standards interfaces:
    • PSR-6 caches are now used for caching JWKs and Management API tokens.
    • PSR-7 HTTP messages are now returned by methods that initiate network requests.
    • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
    • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
    • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
  • Improved Token handling system.
  • Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
  • New Management API auto-pagination helper for iterating through API results.
  • PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

8.0.0-BETA3 (2021-09-03)

Full Changelog

Changes Since BETA2

  • Cookie namespace prefixes are now configurable from SdkConfiguration interface. #534 (Nyholm)
  • Improvements to and standardization of variable filtering rules. #535 (evansims)
  • Fixed Management API calls incorrectly converted child arrays into objects. #541 (evansims)
  • Fixed explicit SdkConfiguration object reference passing on arguments. #548 (Nyholm)
  • Performance improvements to session/cookie transient storage. #542 (evansims)
  • Add new MemoryStore storage medium for tests. #544 (Nyholm)
  • Add new Psr6Store storage medium. #549 (Nyholm)
  • Delay restoring session state (no longer occurs during constructor initialization; now just-in-time.) #550 (evansims)
  • Improve support for custom domains with new customDomain option in SdkConfiguration #554 (evansims)
  • Support for Actions API endpoints in Management SDK #551 (evansims)
  • Expand test coverage to 100% and transition to PEST test framework #552 (evansims)

8.0.0-BETA2 (2021-08-06)

Full Changelog

Changes Since BETA1

  • Auth0\SDK\API\Management endpoint factory magic methods documented for proper IDE hinting.
  • Auth0\SDK\API\Authentication and Auth0\SDK\API\Management create their HTTP client instances as needed when getHttpClient() is invoked, rather than at class initialization.
  • Auth0\SDK\Configuration\SdkConfiguration now supports passing a strategy option to customize what configuration options are necessary at initialization appropriate for different use cases. Defaults to the general use webapp with the same configuration requirements as previously used. See the README for more information.
  • Auth0\SDK\Utility\HttpRequest now intercepts 429 rate-limit errors from Auth0 API responses and will automatically retry these requests on your behalf, using an exponential backoff strategy. Defaults to 3 retry attempts, configurable with httpMaxRetires during SDK configuration up to 10, or 0 to opt-out of this behavior.

7.9.2 (2021-08-03)

Full Changelog

Fixed

  • Add missing API2 POST /tickets/password-change params #523 (evansims)

7.9.1 (2021-07-06)

Full Changelog

Fixed

8.0.0-BETA1 (2021-06-30)

Full Changelog

BEFORE YOU UPGRADE

  • This is a major release that includes breaking changes. Please see UPGRADE.md before upgrading. This release will require changes to your application.
  • The SDK no longer specifically relies on Guzzle for network requests. Options for supplying your libraries of choice have been added through PSR-18 and PSR-17 configuration options.
  • PHP 7.4 is now the minimum supported PHP version, but we encourage using PHP 8.0. PHP 7.4 will be the last supported 7.x release. This library follows the official support schedule for PHP.

8.0 Highlights

  • Updated SDK API for more intuitive use and improved usability. Now follows fluent interface principles.
  • Updated SDK API designed with PHP 8.0's named arguments as the encouraged interface method.
  • New configuration object, SdkConfiguration, allows for dynamic changes within your application.
  • Updated PHP language support, including typed properties and return types, are now used throughout the SDK.
  • Added support for the following PHP-FIG standards interfaces:
    • PSR-6 caches are now used for caching JWKs and Management API tokens.
    • PSR-7 HTTP messages are now returned by methods that initiate network requests.
    • PSR-14 events are now raised, allowing for deeper integration into the SDK's behavior.
    • PSR-17 HTTP factories are now used during network requests for generating PSR-7 messages.
    • PSR-18 HTTP clients are now supported, allowing you to choose your network client.
  • Improved Token handling system.
  • Encrypted session cookies, with cookies being the default session handler. PHP sessions may be phased out in a future release.
  • New Management API auto-pagination helper for iterating through API results.
  • PKCE is now enabled by default.

For a complete overview of API changes, please see UPGRADE.md.

For guidance on using the new configuration interface or SDK API, please see README.md.

7.9.0 (2021-05-03)

Full Changelog

Changed

7.8.0 (2021-03-19)

Full Changelog

This release expands Organizations support to the Management API client. Please see the README for details on Organizations, currently in closed beta testing.

Added

  • Add Organizations support to Management API Client #483 (evansims)

7.7.0 (2021-03-19)

Full Changelog

This release includes initial support for Organizations, a new feature from Auth0 currently in closed beta testing. Please see the updated README for usage instructions.

Added

  • Add Organizations support to Authentication API Client #482 (evansims)

Changed

  • Support client_id on /tickets/password-change #481 (evansims)

7.6.2 (2021-01-01)

Full Changelog

Fixed

  • Ensure ?include_totals are handled properly on GET /users and GET /roles requests for Management API #476 (evansims)

7.6.1 (2021-01-01)

Full Changelog

This hotfix addresses an issue with a dependency reference.

7.6.0 (2021-01-01)

Full Changelog

SDK 7.6 introduces support for the newly released PHP 8.0 and drops supported for PHP 7.1 and 7.2 (which have reached their end of support cycles.) Please ensure you are running supported versions of PHP in your environments.

Added

7.5.0 (2020-11-16)

Full Changelog

Closed issues

  • createPasswordChangeTicket doesn't support 'ttl_sec' parameter #457
  • Make the CACHE_TTL used in the JWKFetcher configurable. #450
  • Allow programmatic clearing of cache values managed by Auth0Service #441

Added

  • Add support for Authorization Code Flow with PKCE #449 (ls-youssef-jlidat)
  • Allow specifying TTL when creating password change tickets #463 (evansims)
  • Expand control over TTL/Caching in JWKFetcher #462 (evansims)
  • Add support for Management V2 users export job endpoint #461 (evansims)

7.4.0 (2020-09-28)

Full Changelog

Added

  • Add support for new identity field for email verifications #455 (jimmyjames)

7.3.0 (2020-08-27)

Full Changelog

Closed issues

  • TokenVerifier::verify throws a \RuntimeException instead of an InvalidTokenException #438
  • Support Guzzle 7 #421

Added

Fixed

  • Throw InvalidTokenException instead of RuntimeException when parsing malformed token #439 (B-Galati)

7.2.0 (2020-04-23)

Full Changelog

Closed issues

  • Renew Tokens throws nonce error #432
  • email_passwordless_start not setting client_secret #431

Added

Fixed

7.1.0 (2020-02-19)

Full Changelog

Closed issues

  • Authorized Party (azp) claim mismatch in the ID token #422
  • JWTVerifier alternatives #419
  • Consider to customize the jwks path #417

Added

7.0.0 (2020-01-15)

Full Changelog

BEFORE YOU UPGRADE

This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.

Added

Changed

Removed

5.7.0 (2019-12-09)

Full Changelog

Added

Deprecated

  • Add deprecation notices for removals in v7 major release #407 (joshcanhelp)

Fixed

  • Fix mkdir race condition in FileSystemCacheHandler #375 (B-Galati)

5.6.0 (2019-09-26)

Full Changelog

Closed issues

  • [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
  • JWT Verification fails everytime #356
  • Bulk User Imports - I can't Use upsert as a paramater for the importUsers feature #353

Added

  • Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
  • Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
  • Add additional API params to Jobs > importUsers #354 (pinodex)

Deprecated

Fixed

5.5.1 (2019-07-15)

Full Changelog

Closed issues

  • No packagist package created for 5.5.0 #346

Fixed

  • Fix empty url params #349 (joshcanhelp)
  • Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
  • Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)

5.5.0 (2019-06-07)

Full Changelog

Closed issues

  • Consider dropping PHP-5.x version supports #343
  • Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333

Added

5.4.0 (2019-02-28)

Full Changelog

Notes for this release:

  • \Auth0\SDK\Auth0 now accepts a $config key called skip_userinfo that uses the decoded ID token for the user profile instead of a call to the /userinfo endpoint. This will save an HTTP call during login and should have no affect on most applications.

Closed issues

  • Auth0::exchange() assumes a valid id_token #317
  • Feature Request: Support sending auth0-forwarded-for header #208

Added

Changed

Deprecated

  • Official deprecation for JWKFetcher method #328 (joshcanhelp)
    • \Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
  • Official deprecation for User methods #327 (joshcanhelp)
    • \Auth0\SDK\API\Management\Users::search()
    • \Auth0\SDK\API\Management\Users::unlinkDevice()
  • Official deprecation of ClientGrants method #326 (joshcanhelp)
    • \Auth0\SDK\API\Management\ClientGrants::get()
  • Official deprecation of legacy InformationHeaders methods #325 (joshcanhelp)
    • \Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()
    • \Auth0\SDK\API\Helpers\InformationHeaders::setDependency()
    • \Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
  • Official deprecation of legacy Authentication methods #324 (joshcanhelp)
    • \Auth0\SDK\API\Authentication::setApiClient()
    • \Auth0\SDK\API\Authentication::sms_code_passwordless_verify()
    • \Auth0\SDK\API\Authentication::email_code_passwordless_verify()
    • \Auth0\SDK\API\Authentication::impersonate()

Fixed

5.3.2 (2018-11-2)

Full Changelog

Closed issues

  • Something is wrong with the latest release 5.3.1 #303

Fixed

5.3.1 (2018-10-31)

Full Changelog

Closed issues

  • Array to String exception when audience is an array #296
  • Passing accessToken from frontend to PHP API #281
  • Deprecated method email_code_passwordless_verify #280

Added

  • Fix documentation for Auth0 constructor options #298 (biganfa)

Changed

Fixed

5.3.0 (2018-10-09)

Full Changelog

Closed issues

  • Question: Handling rate limits #277
  • Allow configuration of the JWKS URL #276
  • Allow changing the session key name #273
  • SessionStore overrides PHP session cookie lifetime setting #215

Added

Changed

  • Build/PHPCS: update/improve the PHPCS configuration #284 (jrfnl)

Deprecated

Removed

Fixed

  • Whitespace pass with new standards using composer phpcbf #268 (joshcanhelp)

Security

5.2.0 (2018-06-13)

Full Changelog

Closed issues

  • getAppMetadata - how to use? #248
  • Auth0 class missing action to renew access token #234
  • DOC maj #217

Added

Changed

Fixed

5.1.1 (2018-04-03)

Full Changelog

Closed issues

  • State Handler with Custom Session Store #233
  • Implement ResourceServices::getAll #200

Added

Fixed

5.1.0 (2018-03-02)

Full Changelog

Notes on this release:

State validation was added for improved security. Please see our troubleshooting page for more information on how this works and potential issues.

Closed issues

  • Support for php-jwt 5 #210

Added

  • Added XSRF State Storage / Validation #214 (cocojoe)
  • Adding tests for state handler; correcting storage method used #228 (joshcanhelp)

Changed

5.0.6 (2017-11-24)

Full Changelog

Added

  • Add support for the new users by email API #213 (erichard)

Fixed

5.0.4 (2017-06-26)

Full Changelog

Added

Changed

  • Restructured tests and fixed hhvm build #164 (Nyholm)
  • Update .env.example with more appropriate values #148 (AmaanC)

Removed

3.4.0 (2016-06-21)

Full Changelog

Closed issues:

  • More descriptive error message when code exchange fails #86

Merged pull requests:

3.3.7 (2016-06-09)

Full Changelog

3.3.6 (2016-06-09)

Full Changelog

Merged pull requests:

  • $this->access_token is an array, not object #85 (dev101)

3.3.5 (2016-05-24)

Full Changelog

Closed issues:

  • Create password change ticket fails #84
  • UnexpectedValueException is used in Auth0JWT.php but is not defined #80
  • Add support for auth api endpoints (/ro) #22

3.3.4 (2016-05-24)

Full Changelog

3.3.3 (2016-05-24)

Full Changelog

2.2.3 (2016-05-10)

Full Changelog

3.3.2 (2016-05-10)

Full Changelog

3.3.1 (2016-05-10)

Full Changelog

2.2.2 (2016-05-10)

Full Changelog

3.3.0 (2016-05-09)

Full Changelog

Merged pull requests:

  • deleted uneccessary code, fixed typos #83 (Amialc)
  • Add Docker support #82 (smtx)
  • changed UnexpectedValueException to CoreException #81 (dryror)
  • Added auth api support #78 (glena)

3.2.1 (2016-05-02)

Full Changelog

2.2.1 (2016-04-27)

Full Changelog

Closed issues:

  • outdated dependency in api example #75

Merged pull requests:

  • dependencies update in basic api example #79 (Amialc)

3.2.0 (2016-04-15)

Full Changelog

  • Now the SDK supports RS256 codes, it will decode using the .well-known/jwks.json endpoint to fetch the public key

2.2.0 (2016-04-15)

Full Changelog

Notes

  • Now the SDK fetches the user using the tokeninfo endpoint to be fully compliant with the openid spec
  • Now the SDK supports RS256 codes, it will decode using the .well-known/jwks.json endpoint to fetch the public key

Closed issues:

  • /tokeninfo API support #76
  • Specify GuzzleHttp config #73

Merged pull requests:

3.1.0 (2016-03-10)

Full Changelog

Closed issues:

Merged pull requests:

3.0.1 (2016-02-03)

Full Changelog

Merged pull requests:

1.0.11 (2016-01-27)

Full Changelog

Closed issues:

  • Exception: Cannot handle token prior to [timestamp] #56

Merged pull requests:

3.0.0 (2016-01-18)

Full Changelog

General 3.x notes

  • SDK api changes, now the Auth0 API client is not build of static classes anymore. Usage example:
$token = "eyJhbGciO....eyJhdWQiOiI....1ZVDisdL...";
$domain = "account.auth0.com";
$guzzleOptions = [ ... ];

$auth0Api = new \Auth0\SDK\Auth0Api($token, $domain, $guzzleOptions); /* $guzzleOptions is optional */

$usersList = $auth0Api->users->search([ "q" => "[email protected]" ]);

Closed issues:

  • Missing instruccions step 2 Configure Auth0 PHP Plugin #55
  • Outdated Lock #52
  • Deprecated method in basic-webapp #50

Merged pull requests:

  • V3 with new API and full support for API V2 #57 (glena)

2.1.2 (2016-01-14)

Full Changelog

Merged pull requests:

2.1.1 (2015-11-29)

Full Changelog

Merged pull requests:

2.1.0 (2015-11-24)

Full Changelog

Closed issues:

  • Update to use v3.0 of firebase/php-jwt #47

Merged pull requests:

  • 2.0.1 updated JWT dependency #48 (glena)

2.0.0 (2015-11-23)

Full Changelog

General 2.x notes

  • Session storage now returns null (and null is expected by the sdk) if there is no info stored (this change was made since false is a valid value to be stored in session).
  • Guzzle 6.1 required

Closed issues:

  • Guzzle 6 #43
  • User is null not false #41
  • Issues with PHP Seed project #38
  • authParams... how do I retrieve the results? #37

Merged pull requests:

1.0.10 (2015-09-23)

Full Changelog

Closed issues:

  • Improve error message when no id_token is received after code exchange #35
  • PHP should be 5.4+, not 5.3+ #34

Merged pull requests:

  • Release 1.0.10 #36 (glena)
  • Remove code that rewrites user_id property in $body #33 (Ring)

1.0.9 (2015-08-03)

Full Changelog

Closed issues:

  • Stable dependencies in composer.json instead of "dev-master" #30

Merged pull requests:

  • tagged adoy to ~1.3 #31 (glena)
  • Bad reference in Android PHP API Seed Project Readme file #67 #29 (glena)

1.0.8 (2015-07-27)

Full Changelog

Closed issues:

  • Class 'JWT' not found #25
  • Correct way to use the JWT Token generated in API v2 if we want expanded scope #19

Merged pull requests:

  • Fix create client api call + new create user example #28 (glena)

1.0.7 (2015-07-17)

Full Changelog

Closed issues:

  • Error at Auth0JWT::encode when using custom payload #23
  • Error in composer install #21
  • Test #20

Merged pull requests:

1.0.6 (2015-06-12)

Full Changelog

Merged pull requests:

  • Make Auth0::setUser public in order to let update the stored user #17 (glena)

1.0.5 (2015-06-02)

Full Changelog

Merged pull requests:

  • Updates the changed endpoints (tickets) #15 (glena)
  • Api users search link accounts fix #14 (deboorn)
  • Auth0JWT encode fix to allow scope with null custom payload #13 (deboorn)

1.0.4 (2015-05-19)

Full Changelog

1.0.3 (2015-05-15)

Full Changelog

Merged pull requests:

  • Applied the new Info Headers schema #12 (glena)

1.0.2 (2015-05-13)

Full Changelog

Closed issues:

  • EU tenants are getting Unauthorize on api calls #10
  • PHP Fatal error: Class 'Auth0\SDK\API\ApiUsers' not found in vendor/auth0/auth0-php/src/Auth0.php on line 256 #9

Merged pull requests:

  • Fix EU api calls and autoloading issue #11 (glena)

1.0.1 (2015-05-12)

Full Changelog

Closed issues:

  • SDK Client headers spec compliant #7
  • Example is out of date #5

Merged pull requests:

  • SDK Client headers spec compliant #7 #8 (glena)

1.0.0 (2015-05-07)

Full Changelog

General 1.x notes

  • Now, all the SDK is under the namespace \Auth0\SDK
  • The exceptions were moved to the namespace \Auth0\SDK\Exceptions
  • The Auth0 class, now provides two methods to access the user metadata, getUserMetadata and getAppMetadata. For more info, check the API v2 changes
  • The Auth0 class, now provides a way to update the UserMetadata with the method updateUserMetadata. Internally, it uses the update user endpoint, check the method documentation for more info.
  • The new service \Auth0\SDK\API\ApiUsers provides an easy way to consume the API v2 Users endpoints.
  • A simple API client (\Auth0\SDK\API\ApiClient) is also available to use.
  • A JWT generator and decoder is also available (\Auth0\SDK\Auth0JWT)
  • Now provides an interface for the Authentication API.

Closed issues:

  • Unexpected token #4

Merged pull requests:

  • Auth0 API v2 support #6 (glena)
  • Fixed port number on PHP README #2 (mgonto)

0.6.6 (2014-04-14)

Full Changelog

Closed issues:

  • generateUrl() in BaseAuth0 is creating bad URLs #1

0.6.5 (2014-04-02)

Full Changelog

0.6.4 (2014-02-13)

Full Changelog

0.6.3 (2014-01-06)

* This Change Log was automatically generated by github_changelog_generator