This file contains the upgrade notes. These notes highlight changes that could break your
application when you upgrade the package from one version to another.
Even though we try to ensure backwards compatibility (BC) as much as possible, sometimes
it is not possible or very complicated to avoid it and still create a good solution to
a problem.
The Yii2-Oauth2-Server follows Semantic Versioning 2.0
Please see the Change Log for more information on version history.
Note: The following upgrading instructions are cumulative. That is, if you want to upgrade from version A to version C and there is version B between A and C, you need to follow the instructions for both A and B.
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha18 added the
post_logout_redirect_urisandoidc_rp_initiated_logoutcolumn to theoauth2_clienttable.
In order to apply these changes you can run the following statement: MySQL:ALTER TABLE `oauth2_client` ADD COLUMN `post_logout_redirect_uris` JSON AFTER `redirect_uris`; ALTER TABLE `oauth2_client` ADD COLUMN `oidc_rp_initiated_logout` INTEGER DEFAULT 0 NOT NULL AFTER `oidc_allow_offline_access_without_consent`;
PostgeSQL:
ALTER TABLE oauth2_client ADD COLUMN `post_logout_redirect_uris` JSONB; ALTER TABLE oauth2_client ADD COLUMN `oidc_rp_initiated_logout` INTEGER DEFAULT 0 NOT NULL;
-
The namespaces of the
Oauth2OidcBearerTokenResponseInterfaceandOauth2OidcBearerTokenResponsehave changed to\rhertogh\Yii2Oauth2Server\interfaces\components\openidconnect\server\responses\andrhertogh\Yii2Oauth2Server\components\openidconnect\server\responsesrespectively (the "\responses" part has been added). Unless you use these classes directly this won't require any change, otherwise you will need to update your import statements. -
The
Oauth2OidcBearerTokenResponseInterfacenow extends fromrhertogh\Yii2Oauth2Server\interfaces\components\server\responses\Oauth2BearerTokenResponseInterface(instead ofLeague\OAuth2\Server\ResponseTypes\ResponseTypeInterface). If you have a custom implementation of theOauth2OidcBearerTokenResponseInterfaceyou should update your class accordingly, most likely by extending your class from\rhertogh\Yii2Oauth2Server\components\openidconnect\server\responses\Oauth2OidcBearerTokenResponseand in case you overwrite thegetExtraParams()method merge the return value from the parent class. -
The
\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\Oauth2ScopeAuthorizationRequestInterfaceand implementing classes have been renamed toOauth2ClientScopeAuthorizationRequestInterface(note the "Client" part). If you use any of these classes you will need to update your import statements, otherwise this won't require any change. -
The namespaces for
\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\*and implementing classes have been changed to\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\client\*(note the "client" part). If you use any of these classes you will need to update your import statements, otherwise this won't require any change.
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha17 changed the
scope_accesscolumn toallow_generic_scopesand introduces a new column for theoauth2_clienttable.
In order to apply these changes you can run the following statement: MySQL:UPDATE `oauth2_client` SET `scope_access`= 0 WHERE `scope_access` < 2; UPDATE `oauth2_client` SET `scope_access`= 1 WHERE `scope_access` > 1; ALTER TABLE `oauth2_client` CHANGE `scope_access` `allow_generic_scopes` TINYINT(1) DEFAULT 0 NOT NULL; ALTER TABLE `oauth2_client` ADD COLUMN `exception_on_invalid_scope` TINYINT(1) AFTER `allow_generic_scopes`;
PostgeSQL:
ALTER TABLE oauth2_client RENAME COLUMN scope_access TO allow_generic_scopes; ALTER TABLE oauth2_client ALTER COLUMN allow_generic_scopes DROP DEFAULT; ALTER TABLE oauth2_client ALTER COLUMN allow_generic_scopes TYPE BOOLEAN USING CASE WHEN allow_generic_scopes=2 THEN true ELSE false END; ALTER TABLE oauth2_client ALTER COLUMN allow_generic_scopes SET DEFAULT false; ALTER TABLE oauth2_client ALTER COLUMN allow_generic_scopes SET NOT NULL; ALTER TABLE oauth2_client ADD COLUMN exception_on_invalid_scope BOOLEAN;
-
Oauth2ClientInterface"ScopeAccess" has been split into "AllowGenericScopes" and "ExceptionOnInvalidScope". If your code uses thegetScopeAccess()and/orsetScopeAccess()functions you will have to change the getter togetAllowGenericScopes()andgetExceptionOnInvalidScope()and the setter tosetAllowGenericScopes()andsetExceptionOnInvalidScope()respectively. In case you have a custom implementation ofOauth2ClientInterfaceyou might need to update it accordingly. -
Since v1.0.0-alpha17 the server no longer throws an exception when the Client requests an unknown/unauthorized scope by default. This behavior can be changed via the
Oauth2Module::$exceptionOnInvalidScopeor per Client via theoauth2_client.exception_on_invalid_scopesetting. -
The signature of
Oauth2ClientInterface::validateAuthRequestScopes()has been changed by the introduction of the$unknownScopesparameter. In case you use this function directly or have a custom implementation ofOauth2ClientInterfaceyou might need to update it accordingly.
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha16 introduces a new column for the
oauth2_clienttable.
In order to apply these changes you can run the following statement: MySQL:ALTER TABLE `oauth2_client` ADD COLUMN `env_var_config` JSON AFTER `old_secret_valid_until`;
PostgeSQL:
ALTER TABLE oauth2_client ADD COLUMN env_var_config JSONB;
-
The
Oauth2Module::$clientRedirectUriEnvVarConfigproperty is renamed toOauth2Module::$clientRedirectUrisEnvVarConfig(note the plural 's' in 'Uris'), if you are using this property rename it accordingly. -
The
Oauth2ModelRepositoryInterfacenow defines thefindModelByPkOrIdentifier()method. If your implementation uses theOauth2ModelRepositoryTraitthis function is implemented automatically,
otherwise you will need to implement it yourself.
- Using environment variable substitution in the
redirect_uriofOauth2Clientnow requires those environment variables to be explicitly allowed by configuring theOauth2Mudule::$clientRedirectUriEnvVarConfig.
Please see the Yii2-Oauth2-Server Redirect URIs Configuration documentation for more details. - The
Oauth2ClientInterfacenow definesgetRedirectUriEnvVarConfigandsetRedirectUriEnvVarConfigfunctions.
If you don't define a custom implementation for this interface this won't affect you, otherwise you might have to implement these functions. - The
Oauth2EncryptorInterfacehas been renamed toOauth2CryptographerInterface. This also applies to all related classes and functions like theOauth2Cryptographeritself andOauth2Module::getCryptographer.
If you don't define a custom implementation for the interface and don't use the classes and functions directly this won't affect you, otherwise you might have to rename the class(es)/function(s).
- The
Oauth2UserInterfacenow defines thegetId()function and theOauth2ClientInterfacenow definesgetMinimumSecretLengthandsetMinimumSecretLengthfunctions.
If you don't define a custom implementation for these interfaces this won't affect you, otherwise you might have to implement these functions.
- The Model interfaces and traits have been refactored to use a more generic findByPk() instead of findById().
If you don't use these interfaces and traits directly this won't affect you.
- The
Oauth2ModelRepositoryInterfacenow extendsOauth2RepositoryInterfaceand introducesfindModelByPk($pk). - The
Oauth2RepositoryIdentifierTraitis renamed toOauth2ModelRepositoryTraitand introducesfindModelByPk($pk) - The
Oauth2ActiveRecordIdInterfaceandOauth2ActiveRecordIdTraithave been removed, their functionality is replaced by theOauth2ActiveRecordInterfaceandOauth2ActiveRecordTraitrespectively. - The
Oauth2ClientInterfacehas additional getters and setters and asyncClientScopes()function.
- The
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha11 introduces a new columns for the
oauth2_clienttable.
In order to apply these changes you can run the following statements:
MySQL:ALTER TABLE `oauth2_client` ADD COLUMN `allow_variable_redirect_uri_query` TINYINT(1) NOT NULL DEFAULT 0 AFTER `redirect_uris`;
PostgeSQL:
ALTER TABLE oauth2_client ADD COLUMN allow_variable_redirect_uri_query BOOLEAN NOT NULL DEFAULT false;
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha6 introduces a new columns for the
oauth2_clienttable.
In order to apply these changes you can run the following statements:
MySQL:ALTER TABLE `oauth2_client` ADD COLUMN `end_users_may_authorize_client` TINYINT(1) NOT NULL DEFAULT 1 AFTER `scope_access`;
PostgeSQL:
ALTER TABLE oauth2_client ADD COLUMN end_users_may_authorize_client BOOLEAN NOT NULL DEFAULT true;
-
The interface
\rhertogh\Yii2Oauth2Server\interfaces\models\external\user\Oauth2UserInterfacedefines a new methodisOauth2ClientAllowed(). This method determines if a user can use the client and/or grant.
If all of your users may access any Oauth2 client and all grant types you can add the following function to your user identity class (e.g.app\models\User):public function isOauth2ClientAllowed($client, $grantType) { return true; // Allow all users to use all clients with any grant type. }
-
The
rhertogh\Yii2Oauth2Server\interfaces\components\user\Oauth2PasswordGrantUserComponentInterfacehas been removed in favor of events and theOauth2UserInterface::isOauth2ClientAllowed().
In case your code relied on thebeforeOauth2PasswordGrantLogin()method, you can now use theisOauth2ClientAllowed()method (which is more flexible and is called for all grant types). As a replacement forafterOauth2PasswordGrantLogin($identity, $grant)you can register an event handler for theOauth2Module::EVENT_AFTER_ACCESS_TOKEN_ISSUANCEevent. -
The
\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\Oauth2ClientAuthorizationRequestInterfacedefines a new methodisAuthorizationAllowed().
The default implementation calls the newOauth2ClientInterface::endUsersMayAuthorizeClient()(see below). -
The
\rhertogh\Yii2Oauth2Server\interfaces\models\Oauth2ClientInterfacedefines a new methodendUsersMayAuthorizeClient()to determine if an end-user is allowed to authorize an Oauth2 client.
The default implementation uses theoauth2_client.end_users_may_authorize_clientdatabase field. -
The method
\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\Oauth2ClientAuthorizationRequestInterface::getScopesAppliedByDefaultAutomatically()
has been renamed to:\rhertogh\Yii2Oauth2Server\interfaces\components\authorization\Oauth2ClientAuthorizationRequestInterface::getScopesAppliedByDefaultWithoutConfirm()
This most likely only affect you if you use your own implementation of theOauth2ClientAuthorizationRequestInterface
-
Note: Database changes will not be incremental till the first stable release.
v1.0.0-alpha3 introduces two new columns for the
oauth2_clienttable.
In order to apply these changes you can run the following statements:ALTER TABLE `oauth2_client` ADD COLUMN `old_secret` TEXT AFTER `secret`; ALTER TABLE `oauth2_client` ADD COLUMN `old_secret_valid_until` DATETIME AFTER `old_secret`;
-
The signature for
\rhertogh\Yii2Oauth2Server\Oauth2Module::createClient()has changed. The$typeand$secretparameters have been moved and$secretis now optional. If you use this method you'll need to update it accordingly. -
The namespace for the User identity model interfaces has changed
fromrhertogh\Yii2Oauth2Server\interfaces\models
torhertogh\Yii2Oauth2Server\interfaces\models\external\userThis affects the following interfaces:
Oauth2PasswordGrantUserInterfaceOauth2OidcUserSessionStatusInterfaceOauth2UserInterfaceOauth2OidcUserInterface
You will have to update their imports (
usestatements) in your User identity model accordingly.