This changelog references the relevant changes (bug and security fixes) done in 1.x minor versions.
To see the files changed for a given bug, go to https://github.com/bshaffer/oauth2-server-php/issues/### where ### is the bug number To get the diff between two versions, go to https://github.com/bshaffer/oauth2-server-php/compare/v1.0...v1.1 To get the diff for a specific change, go to https://github.com/bshaffer/oauth2-server-php/commit/XXX where XXX is the change hash
-
1.3 (2014-02-27)
PR: bshaffer#325
- bug #311 adds cassandra storage
- bug #298 fixes response code for user credentials grant type
- bug #318 adds 'use_crypto_tokens' config to Server class for better DX
- [BC] bug #320 pass client_id to getDefaultScope
- bug #324 better feedback when running tests
- bug #335 adds support for non-expiring refresh tokens
- bug #333 fixes Pdo storage for getClientKey
- bug #336 fixes Redis storage for expireAuthorizationCode
-
1.2 (2014-01-03)
PR: bshaffer#288
- bug #285 changed response header from 200 to 401 when empty token received
- bug #286 adds documentation and links to spec for not including error messages when no token is supplied
- bug #280 ensures PHP warnings do not get thrown as a result of an invalid argument to $jwt->decode()
- bug #279 predis wrong number of arguments
- bug #277 Securing JS WebApp client secret w/ password grant type
-
1.1 (2013-12-17)
PR: bshaffer#276
- bug #278 adds refresh token configuration to Server class
- bug #274 Supplying a null client_id and client_secret grants API access
- bug #244 [MongoStorage] More detailed implementation info
- bug #268 Implement jti for JWT Bearer tokens to prevent replay attacks.
- bug #266 Removing unused argument to getAccessTokenData
- bug #247 Make Bearer token type consistent
- bug #253 Fixing CryptoToken refresh token lifetime
- bug #246 refactors public key logic to be more intuitive
- bug #245 adds support for JSON crypto tokens
- bug #230 Remove unused columns in oauth_clients
- bug #215 makes Redis Scope Storage obey the same paradigm as PDO
- bug #228 removes scope group
- bug #227 squelches open basedir restriction error
- bug #223 Updated docblocks for RefreshTokenInterface.php
- bug #224 Adds protected properties
- bug #217 Implement ScopeInterface for PDO, Redis
-
1.0 (2013-08-12)
- bug #203 Add redirect_status_code config param for AuthorizeController
- bug #205 ensures unnecessary ? is not set when ** bug
- bug #204 Fixed call to LogicException
- bug #202 Add explode to checkRestrictedGrant in PDO Storage
- bug #197 adds support for 'false' default scope ** bug
- bug #192 reference errors and adds tests
- bug #194 makes some appropriate properties ** bug
- bug #191 passes config to HttpBasic
- bug #190 validates client credentials before ** bug
- bug #171 Fix wrong redirect following authorization step
- bug #187 client_id is now passed to getDefaultScope().
- bug #176 Require refresh_token in getRefreshToken response
- bug #174 make user_id not required for refresh_token grant
- bug #173 Duplication in JwtBearer Grant
- bug #168 user_id not required for authorization_code grant
- bug #133 hardens default security for user object
- bug #163 allows redirect_uri on authorization_code to be NULL in docs example
- bug #162 adds getToken on ResourceController for convenience
- bug #161 fixes fatal error
- bug #163 Invalid redirect_uri handling
- bug #156 user_id in OAuth2_Storage_AuthorizationCodeInterface::getAuthorizationCode() response
- bug #157 Fix for extending access and refresh tokens
- bug #154 ResponseInterface: getParameter method is used in the library but not defined in the interface
- bug #148 Add more detail to examples in Readme.md