7.5.0 (2020-11-16)
Closed issues
- createPasswordChangeTicket doesn't support 'ttl_sec' parameter #457
- Make the CACHE_TTL used in the JWKFetcher configurable. #450
- Allow programmatic clearing of cache values managed by Auth0Service #441
Added
- Add support for Authorization Code Flow with PKCE #449 (ls-youssef-jlidat)
- Allow specifying TTL when creating password change tickets #463 (evansims)
- Expand control over TTL/Caching in JWKFetcher #462 (evansims)
- Add support for Management V2 users export job endpoint #461 (evansims)
7.4.0 (2020-09-28)
Added
- Add support for new identity field for email verifications #455 (jimmyjames)
7.3.0 (2020-08-27)
Closed issues
- TokenVerifier::verify throws a \RuntimeException instead of an InvalidTokenException #438
- Support Guzzle 7 #421
Added
- Add Support for Log Streams Management APIs #451 (jimmyjames)
- Update composer requirements to support guzzle ~7.0 #443 (banderon1)
Fixed
- Throw InvalidTokenException instead of RuntimeException when parsing malformed token #439 (B-Galati)
7.2.0 (2020-04-23)
Closed issues
Added
Fixed
- Allow no nonce option #434 (joshcanhelp)
7.1.0 (2020-02-19)
Closed issues
- Authorized Party (azp) claim mismatch in the ID token #422
- JWTVerifier alternatives #419
- Consider to customize the jwks path #417
Added
- Add TokenVerifier for non-OIDC-compliant JWTs #428 (joshcanhelp)
- Add signing key rotation and custom JWKS URI support #426 (joshcanhelp)
- Add Client ID to verification email method #423 (joshcanhelp)
7.0.0 (2020-01-15)
BEFORE YOU UPGRADE
This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.
Added
- Add types for StoreInterface and implementors; add back EmptyStore #414 (joshcanhelp)
- Add select Guardian management endpoints #412 (joshcanhelp)
- Add Auth0->decodeIdToken() method for ID token decoding by deps #410 (joshcanhelp)
- Add SameSite cookie attribute handling #400 (joshcanhelp)
- Nonce and max_age handling with new CookieStore class #395 (joshcanhelp)
Changed
- Convert caching to PSR-16 interface #403 (joshcanhelp)
- Move AuthorizationBearer to new namespace #402 (joshcanhelp)
- Improve transient authorization data handling #397 (joshcanhelp)
- Cleanup Auth0 class constructor for clarification and better defaults #394 (joshcanhelp)
- Change client secret requirements #390 (joshcanhelp)
- Improved OIDC compliance #386 (joshcanhelp)
- Update minimum PHP from 5.5 to 7.1 #377 (joshcanhelp)
Removed
- Remove future iat check #411 (joshcanhelp)
- Remove Firebase JWT library #396 (joshcanhelp)
- Remove session cookie expiration option #389 (joshcanhelp)
- Remove deprecated Authentication methods and add types #385 (joshcanhelp)
- Remove deprecated JWKS methods and adjust tests #384 (joshcanhelp)
- Remove deprecated M-API methods #383 (joshcanhelp)
- Remove deprecated InformationHeaders methods and add types #382 (joshcanhelp)
- Remove deprecated methods and add types to RequestBuilder #381 (joshcanhelp)
- Remove deprecated token generator #380 (joshcanhelp)
- Remove deprecated legacy classes #379 (joshcanhelp)
- Update management props #378 (joshcanhelp)
5.7.0 (2019-12-09)
Added
- Add default scopes to Auth0 class #406 (joshcanhelp)
- fix: add missing options for renewTokens method #405 (bkotrys)
Deprecated
- Add deprecation notices for removals in v7 major release #407 (joshcanhelp)
Fixed
5.6.0 (2019-09-26)
Closed issues
- [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
- JWT Verification fails everytime #356
- Bulk User Imports - I can't Use
upsert
as a paramater for theimportUsers
feature #353
Added
- Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
- Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
- Add additional API params to Jobs > importUsers #354 (pinodex)
Deprecated
- Deprecated unused JWKFetcher methods #373 (joshcanhelp)
- Deprecate magic __call method on RequestBuilder class #366 (joshcanhelp)
- Deprecate Management properties; add lazy-load methods #363 (joshcanhelp)
- Deprecate and stop using magic call method on ApiClient #362 (joshcanhelp)
- Deprecate addPathVariable and dump methods on RequestBuilder #361 (joshcanhelp)
- Deprecate TokenGenerator class #360 (joshcanhelp)
Fixed
- Fix boolean form parameters not sending as strings #357 (joshcanhelp)
5.5.1 (2019-07-15)
Closed issues
- No packagist package created for 5.5.0 #346
Fixed
- Fix empty url params #349 (joshcanhelp)
- Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
- Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)
5.5.0 (2019-06-07)
Closed issues
- Consider dropping PHP-5.x version supports #343
- Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333
Added
- Add missing User endpoints for Management API #341 (joshcanhelp)
- Add all Management API Roles endpoints #337 (joshcanhelp)
- Add missing Users test and switch to mocked calls. #336 (joshcanhelp)
- Add Authentication::refresh_token() method #335 (joshcanhelp)
5.4.0 (2019-02-28)
Notes for this release:
\Auth0\SDK\Auth0
now accepts a$config
key calledskip_userinfo
that uses the decoded ID token for the user profile instead of a call to the/userinfo
endpoint. This will save an HTTP call during login and should have no affect on most applications.
Closed issues
Auth0::exchange()
assumes a valid id_token #317- Feature Request: Support sending
auth0-forwarded-for
header #208
Added
- Authentication class cleanup and tests #322 (joshcanhelp)
- Add Grants Management endpoint #321 (joshcanhelp)
- Add
Auth0-Forwarded-For
header for RO grant #320 (joshcanhelp) - Improve API Telemetry #319 (joshcanhelp)
- Add Mock API Request Capability and Mocked Connections Tests #314 (joshcanhelp)
Changed
- Test suite improvements #313 (joshcanhelp)
- Improve repo documentation #312 (joshcanhelp)
Deprecated
- Official deprecation for
JWKFetcher
method #328 (joshcanhelp)\Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
- Official deprecation for
User
methods #327 (joshcanhelp)\Auth0\SDK\API\Management\Users::search()
\Auth0\SDK\API\Management\Users::unlinkDevice()
- Official deprecation of
ClientGrants
method #326 (joshcanhelp)\Auth0\SDK\API\Management\ClientGrants::get()
- Official deprecation of legacy
InformationHeaders
methods #325 (joshcanhelp)\Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()
\Auth0\SDK\API\Helpers\InformationHeaders::setDependency()
\Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
- Official deprecation of legacy
Authentication
methods #324 (joshcanhelp)\Auth0\SDK\API\Authentication::setApiClient()
\Auth0\SDK\API\Authentication::sms_code_passwordless_verify()
\Auth0\SDK\API\Authentication::email_code_passwordless_verify()
\Auth0\SDK\API\Authentication::impersonate()
Fixed
- Fix
Auth0::exchange()
to handle missing id_token #318 (joshcanhelp)
5.3.2 (2018-11-2)
Closed issues
- Something is wrong with the latest release 5.3.1 #303
Fixed
- Fix info headers Extend error in dependant libs #304 (joshcanhelp)
5.3.1 (2018-10-31)
Closed issues
- Array to String exception when audience is an array #296
- Passing accessToken from frontend to PHP API #281
- Deprecated method email_code_passwordless_verify #280
Added
Changed
- Change telemetry headers to new format and add tests #300 (joshcanhelp)
Fixed
- Fix bad exception message generation #297 (joshcanhelp)
5.3.0 (2018-10-09)
Closed issues
- Question: Handling rate limits #277
- Allow configuration of the JWKS URL #276
- Allow changing the session key name #273
- SessionStore overrides PHP session cookie lifetime setting #215
Added
- Add custom JWKS path and kid check to JWKFetcher + tests #287 (joshcanhelp)
- Add config keys for session base name and cookie expires #279 (joshcanhelp)
- Add return request object #278 (joshcanhelp)
- Add pagination and tests to Resource Servers #275 (joshcanhelp)
- Fix formatting, code standards scan #274 (joshcanhelp)
- Add pagination, docs, and better tests for Rules #272 (joshcanhelp)
- Adding pagination, tests, + docs to Client Grants; minor test suite refactor #271 (joshcanhelp)
- Add tests, docblocks for Logs endpoints #270 (joshcanhelp)
- Add PHP_CodeSniffer + ruleset config #267 (joshcanhelp)
- Add session state and dummy state handler tests #266 (joshcanhelp)
Changed
Deprecated
- Deprecate Auth0\SDK\API\Oauth2Client class #269 (joshcanhelp)
Removed
- Remove examples, add links to Quickstarts #293 (joshcanhelp)
Fixed
- Whitespace pass with new standards using composer phpcbf #268 (joshcanhelp)
Security
- Add ID token validation #285 (joshcanhelp)
5.2.0 (2018-06-13)
Closed issues
- getAppMetadata - how to use? #248
- Auth0 class missing action to renew access token #234
- DOC maj #217
Added
- User pagination and fields, docblocks, formatting, test improvements #261 (joshcanhelp)
- Unit test for withDictParams method #260 (joshcanhelp)
- Pagination, additional parameters, and tests for the Connections endpoint #258 (joshcanhelp)
- Renew tokens method for Auth0 client class #257 (jspetrak)
- Clients endpoint pagination and improvements #256 (joshcanhelp)
- Add email template endpoints #251 (joshcanhelp)
Changed
- Code style scan and fixes #250 (joshcanhelp)
Fixed
- Fix PHPUnit test. #262 (maurobonfietti)
- Allow $page to be null for Clients so pagination is not triggered #259 (joshcanhelp)
- Rewrite README; add news and notes to CHANGELOG #253 (joshcanhelp)
5.1.1 (2018-04-03)
Closed issues
Added
- Implement ResourceServices::getAll() #236 (joshcanhelp)
Fixed
- Incorrect type hint on SessionStateHandler __construct #235 (joshcanhelp)
- Auth0 class documentation fixed for store and state handler #232 (jspetrak)
- Fixing minor code quality issues #231 (joshcanhelp)
5.1.0 (2018-03-02)
Notes on this release:
State validation was added for improved security. Please see our troubleshooting page for more information on how this works and potential issues.
Closed issues
- Support for php-jwt 5 #210
Added
- Added XSRF State Storage / Validation #214 (cocojoe)
- Adding tests for state handler; correcting storage method used #228 (joshcanhelp)
Changed
- Bumping JWT package version #229 (joshcanhelp)
5.0.6 (2017-11-24)
Added
Fixed
5.0.4 (2017-06-26)
Added
Changed
- Restructured tests and fixed hhvm build #164 (Nyholm)
- Update .env.example with more appropriate values #148 (AmaanC)
Removed
3.4.0 (2016-06-21)
Closed issues:
- More descriptive error message when code exchange fails #86
Merged pull requests:
- Correctly build logout url query string #87 (robinvdvleuten)
3.3.7 (2016-06-09)
3.3.6 (2016-06-09)
Merged pull requests:
3.3.5 (2016-05-24)
Closed issues:
- Create password change ticket fails #84
- UnexpectedValueException is used in Auth0JWT.php but is not defined #80
- Add support for auth api endpoints (/ro) #22
3.3.4 (2016-05-24)
3.3.3 (2016-05-24)
2.2.3 (2016-05-10)
3.3.2 (2016-05-10)
3.3.1 (2016-05-10)
2.2.2 (2016-05-10)
3.3.0 (2016-05-09)
Merged pull requests:
- deleted uneccessary code, fixed typos #83 (Amialc)
- Add Docker support #82 (smtx)
- changed UnexpectedValueException to CoreException #81 (dryror)
- Added auth api support #78 (glena)
3.2.1 (2016-05-02)
2.2.1 (2016-04-27)
Closed issues:
- outdated dependency in api example #75
Merged pull requests:
3.2.0 (2016-04-15)
- Now the SDK supports RS256 codes, it will decode using the
.well-known/jwks.json
endpoint to fetch the public key
2.2.0 (2016-04-15)
Notes
- Now the SDK fetches the user using the
tokeninfo
endpoint to be fully compliant with the openid spec - Now the SDK supports RS256 codes, it will decode using the
.well-known/jwks.json
endpoint to fetch the public key
Closed issues:
Merged pull requests:
3.1.0 (2016-03-10)
Closed issues:
- API seed incomptaible with auth0-php 3 #70
- "cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html\)", #69
- basic-webapp outdated dependencies #68
- basic-webapp project relative path #67
- Typo on README #63
- Missing updateAppMetadata() method? #59
Merged pull requests:
- 3.1.0 #74 (glena)
- Compatibility with new version of Auth0php #72 (Annyv2)
- depedencies update, fix routes to css and js #71 (Amialc)
- update lock version #66 (Amialc)
- Fixed typo #65 (thijsvdanker)
- Update README.md #64 (Annyv2)
- Test travis env vars #62 (glena)
- Fix typo #58 (vboctor)
3.0.1 (2016-02-03)
Merged pull requests:
- Fixed Importing users #61 (polishdeveloper)
1.0.11 (2016-01-27)
Closed issues:
- Exception: Cannot handle token prior to [timestamp] #56
Merged pull requests:
- Fix ApiConnections class name #60 (bjyoungblood)
3.0.0 (2016-01-18)
General 3.x notes
- SDK api changes, now the Auth0 API client is not build of static classes anymore. Usage example:
$token = "eyJhbGciO....eyJhdWQiOiI....1ZVDisdL...";
$domain = "account.auth0.com";
$guzzleOptions = [ ... ];
$auth0Api = new \Auth0\SDK\Auth0Api($token, $domain, $guzzleOptions); /* $guzzleOptions is optional */
$usersList = $auth0Api->users->search([ "q" => "[email protected]" ]);
Closed issues:
- Missing instruccions step 2 Configure Auth0 PHP Plugin #55
- Outdated Lock #52
- Deprecated method in basic-webapp #50
Merged pull requests:
2.1.2 (2016-01-14)
Merged pull requests:
2.1.1 (2015-11-29)
Merged pull requests:
2.1.0 (2015-11-24)
Closed issues:
- Update to use v3.0 of firebase/php-jwt #47
Merged pull requests:
2.0.0 (2015-11-23)
General 2.x notes
- Session storage now returns null (and null is expected by the sdk) if there is no info stored (this change was made since false is a valid value to be stored in session).
- Guzzle 6.1 required
Closed issues:
- Guzzle 6 #43
- User is null not false #41
- Issues with PHP Seed project #38
- authParams... how do I retrieve the results? #37
Merged pull requests:
1.0.10 (2015-09-23)
Closed issues:
- Improve error message when no id_token is received after code exchange #35
- PHP should be 5.4+, not 5.3+ #34
Merged pull requests:
1.0.9 (2015-08-03)
Closed issues:
- Stable dependencies in composer.json instead of "dev-master" #30
Merged pull requests:
- tagged adoy to ~1.3 #31 (glena)
- Bad reference in Android PHP API Seed Project Readme file #67 #29 (glena)
1.0.8 (2015-07-27)
Closed issues:
- Class 'JWT' not found #25
- Correct way to use the JWT Token generated in API v2 if we want expanded scope #19
Merged pull requests:
1.0.7 (2015-07-17)
Closed issues:
Merged pull requests:
- v1.0.7 #26 (glena)
- Readme file call URL port fixed #18 (jose-e-rodriguez)
- ApiUsers link account identities fix #16 (deboorn)
1.0.6 (2015-06-12)
Merged pull requests:
1.0.5 (2015-06-02)
Merged pull requests:
- Updates the changed endpoints (tickets) #15 (glena)
- Api users search link accounts fix #14 (deboorn)
- Auth0JWT encode fix to allow scope with null custom payload #13 (deboorn)
1.0.4 (2015-05-19)
1.0.3 (2015-05-15)
Merged pull requests:
1.0.2 (2015-05-13)
Closed issues:
- EU tenants are getting Unauthorize on api calls #10
- PHP Fatal error: Class 'Auth0\SDK\API\ApiUsers' not found in vendor/auth0/auth0-php/src/Auth0.php on line 256 #9
Merged pull requests:
1.0.1 (2015-05-12)
Closed issues:
Merged pull requests:
1.0.0 (2015-05-07)
General 1.x notes
- Now, all the SDK is under the namespace
\Auth0\SDK
- The exceptions were moved to the namespace
\Auth0\SDK\Exceptions
- The Auth0 class, now provides two methods to access the user metadata,
getUserMetadata
andgetAppMetadata
. For more info, check the API v2 changes - The Auth0 class, now provides a way to update the UserMetadata with the method
updateUserMetadata
. Internally, it uses the update user endpoint, check the method documentation for more info. - The new service
\Auth0\SDK\API\ApiUsers
provides an easy way to consume the API v2 Users endpoints. - A simple API client (
\Auth0\SDK\API\ApiClient
) is also available to use. - A JWT generator and decoder is also available (
\Auth0\SDK\Auth0JWT
) - Now provides an interface for the Authentication API.
Closed issues:
- Unexpected token #4
Merged pull requests:
0.6.6 (2014-04-14)
Closed issues:
- generateUrl() in BaseAuth0 is creating bad URLs #1
0.6.5 (2014-04-02)
0.6.4 (2014-02-13)
0.6.3 (2014-01-06)
* This Change Log was automatically generated by github_changelog_generator