Merge 7.8.0 (#393)

.gitattributes

@@ -2,8 +2,10 @@
 .gitattributes         export-ignore
 .github/               export-ignore
 .gitignore             export-ignore
+.php-cs-fixer.dist.php export-ignore
 .semgrepignore         export-ignore
 .shiprc                export-ignore
+CHANGELOG.ARCHIVE.md   export-ignore
 CHANGELOG.md           export-ignore
 docs/                  export-ignore
 EXAMPLES.md            export-ignore
@@ -16,6 +18,3 @@ rector.php             export-ignore
 tests/                 export-ignore
 UPGRADE.md             export-ignore
 vendor/                export-ignore
-CHANGELOG.ARCHIVE.md   export-ignore
-infection.json5.dist   export-ignore
-.php-cs-fixer.dist.php export-ignore

.github/workflows/php_pest.yml

@@ -24,7 +24,7 @@ jobs:
 
       - run: composer install --no-progress
 
-      - run: vendor/bin/pest --order-by random --parallel
+      - run: vendor/bin/pest --order-by random --fail-on-risky --stop-on-defect --coverage --parallel --min=95
 
       - uses: codecov/codecov-action@v3
         with:

.php-cs-fixer.dist.php

@@ -1,5 +1,7 @@
 <?php
 
+declare(strict_types=1);
+
 return (new PhpCsFixer\Config())
     ->setRiskyAllowed(true)
     ->setRules([
@@ -8,14 +10,15 @@
         'array_syntax' => ['syntax' => 'short'],
         'assign_null_coalescing_to_coalesce_equal' => true,
         'backtick_to_shell_exec' => true,
-        'binary_operator_spaces' => ['operators' => ['=' => 'align', 'xor' => null, '+=' => 'align_single_space', '===' => 'align_single_space_minimal', '|' => 'single_space', '=>' => 'align_single_space_minimal_by_scope']],
+        'binary_operator_spaces' => true,
         'blank_line_after_namespace' => true,
         'blank_line_after_opening_tag' => true,
         'blank_line_before_statement' => true,
+        'blank_line_between_import_groups' => true,
         'braces' => true,
         'cast_spaces' => true,
-        'class_attributes_separation' => ['elements' => ['const' => 'only_if_meta', 'method' => 'one', 'property' => 'only_if_meta', 'trait_import' => 'one', 'case' => 'one']],
-        'class_definition' => true,
+        'class_attributes_separation' => ['elements' => ['const' => 'one', 'method' => 'one', 'property' => 'one', 'trait_import' => 'one', 'case' => 'one']],
+        'class_definition' => ['multi_line_extends_each_single_line' => true, 'single_line' => true, 'single_item_single_line' => true, 'space_before_parenthesis' => false, 'inline_constructor_arguments' => false],
         'class_reference_name_casing' => true,
         'clean_namespace' => true,
         'combine_consecutive_issets' => true,
@@ -25,7 +28,9 @@
         'compact_nullable_typehint' => true,
         'concat_space' => ['spacing' => 'one'],
         'constant_case' => ['case' => 'lower'],
+        'curly_braces_position' => ['control_structures_opening_brace' => 'same_line', 'functions_opening_brace' => 'next_line_unless_newline_at_signature_end', 'anonymous_functions_opening_brace' => 'same_line', 'classes_opening_brace' => 'next_line_unless_newline_at_signature_end', 'anonymous_classes_opening_brace' => 'same_line', 'allow_single_line_empty_anonymous_classes' => true, 'allow_single_line_anonymous_functions' => true],
         'date_time_create_from_format_call' => true,
+        'date_time_immutable' => true,
         'declare_equal_normalize' => ['space' => 'none'],
         'declare_parentheses' => true,
         'declare_strict_types' => true,
@@ -78,7 +83,7 @@
         'magic_constant_casing' => true,
         'magic_method_casing' => true,
         'mb_str_functions' => true,
-        'method_argument_space' => true,
+        'method_argument_space' => ['on_multiline' => 'ensure_fully_multiline', 'after_heredoc' => true],
         'method_chaining_indentation' => true,
         'modernize_strpos' => true,
         'modernize_types_casting' => true,
@@ -139,7 +144,7 @@
         'object_operator_without_whitespace' => true,
         'octal_notation' => true,
         'operator_linebreak' => true,
-        'ordered_class_elements' => ['sort_algorithm' => 'alpha', 'order' => ['use_trait', 'case', 'constant', 'constant_private', 'constant_protected', 'constant_public', 'property_private', 'property_private_readonly', 'property_private_static', 'property_protected', 'property_protected_readonly', 'property_protected_static', 'property_public', 'property_public_readonly', 'property_public_static', 'property_static', 'protected', 'construct', 'destruct', 'magic', 'method', 'public', 'method_abstract', 'method_private', 'method_private_abstract', 'method_private_abstract_static', 'method_private_static', 'method_protected', 'method_protected_abstract', 'method_protected_abstract_static', 'method_protected_static', 'method_public', 'method_public_abstract', 'method_public_abstract_static', 'method_public_static', 'method_static', 'phpunit', 'private', 'property']],
+        'ordered_class_elements' => ['sort_algorithm' => 'alpha', 'order' => ['use_trait', 'case', 'constant', 'constant_private', 'constant_protected', 'constant_public', 'property_private', 'property_private_readonly', 'property_private_static', 'property_protected', 'property_protected_readonly', 'property_protected_static', 'property_public', 'property_public_readonly', 'property_public_static', 'property_static', 'protected', 'construct', 'destruct', 'magic', 'method', 'public', 'method_public', 'method_abstract', 'method_public_abstract', 'method_public_abstract_static', 'method_public_static', 'method_static', 'method_private', 'method_private_abstract', 'method_private_abstract_static', 'method_private_static', 'method_protected', 'method_protected_abstract', 'method_protected_abstract_static', 'method_protected_static', 'phpunit', 'private', 'property']],
         'ordered_imports' => ['sort_algorithm' => 'alpha', 'imports_order' => ['const', 'class', 'function']],
         'ordered_interfaces' => true,
         'ordered_traits' => true,
@@ -192,6 +197,7 @@
         'single_line_throw' => true,
         'single_quote' => true,
         'single_space_after_construct' => true,
+        'single_space_around_construct' => true,
         'single_trait_insert_per_statement' => true,
         'space_after_semicolon' => true,
         'standardize_increment' => true,
@@ -208,9 +214,9 @@
         'ternary_operator_spaces' => true,
         'ternary_to_elvis_operator' => true,
         'ternary_to_null_coalescing' => true,
-        'trailing_comma_in_multiline' => ['after_heredoc' => true, 'elements' => ['arguments', 'parameters']],
+        'trailing_comma_in_multiline' => ['after_heredoc' => true, 'elements' => ['arguments', 'arrays', 'match', 'parameters']],
         'trim_array_spaces' => true,
-        'types_spaces' => ['space' => 'single'],
+        'types_spaces' => ['space' => 'single', 'space_multiple_catch' => 'single'],
         'unary_operator_spaces' => true,
         'use_arrow_functions' => true,
         'visibility_required' => true,
@@ -221,6 +227,5 @@
     ->setFinder(
         PhpCsFixer\Finder::create()
             ->exclude('vendor')
-            ->in([__DIR__.'/src/'])
-    )
-;
+            ->in([__DIR__ . '/src/', __DIR__ . '/deprecated/']),
+    );

.phpcs.xml.dist

@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<ruleset>
+    <rule ref="Squiz.Commenting.FunctionComment">
+        <properties>
+            <property name="minimumVisibility" value="public" />
+            <property name="skipIfInheritdoc" value="true" />
+        </properties>
+    </rule>
+
+	<rule ref="Generic.PHP.Syntax">
+		<exclude name="Generic.PHP.Syntax" />
+	</rule>
+</ruleset>

CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## [Unreleased]
+
+### Added
+
+-   This release adds support for authenticating using **[Pushed Authorization Requests](https://www.rfc-editor.org/rfc/rfc6749)**.
+
+-   This release introduces **two new Authentication Guards** which provide a streamlined integration experience for developers that need to simultaneously support both session-based authentication and token-based endpoint authorization in their Laravel applications.
+
+    | Guard                 | Class                                           | Description                   |
+    | --------------------- | ----------------------------------------------- | ----------------------------- |
+    | `auth0.authenticator` | `Auth0\Laravel\Auth\Guards\AuthenticationGuard` | Session-based authentication. |
+    | `auth0.authorizer`    | `Auth0\Laravel\Auth\Guards\AuthorizationGuard`  | Token-based authorization.    |
+
+-   These guards are compatible with Laravel's Authentication API and support the native `auth` middleware.
+
+-   These guards are compatible with Laravel's Authorization API and support the native `can` middleware, and the `Guard` facade, and work with the Policies API.
+
+-   3 new pre-built Guards are available: `scope` and `permission`, as well as a dynamic `*:*`. This enables you to verify whether the user's access token has a particular scope or (if RBAC is enabled on the Auth0 API) a particular permission. For example `Gate::check('scope', 'email')` or `Route::get(/*...*/)->can('read:messages')`.
+
+-   The SDK now automatically registers these guards to Laravel's standard `web` and `api` middleware groups, respectively. Manual Guard setup in `config/auth.php` is no longer necessary.
+
+-   The SDK now automatically registers the Authentication routes. Manual route setup in `routes/web.php` is no longer necessary.
+
+-   2 new routing Middleware have been added: `Auth0\Laravel\Http\Middleware\Authenticator` and `Auth0\Laravel\Http\Middleware\Authorizer`. These are automatically registered with your Laravel application, and ensure the Auth0 Guards are used for authentication and authorization, respectively. This replaces the need for the `guard` middleware or otherwise manual Guard assignment in your routes.
+
+### Improved
+
+-   We've introduced **a new configuration syntax**. This new syntax is more flexible and allows for more complex configuration scenarios. It also allows more efficient configuration of multiple guards. Developers using the previous syntax will have their existing configurations applied to all guards uniformly, to avoid a breaking change.
+
+-   The SDK can now **configure itself using a `.auth0.json` file in the project root directory**. This file can be generated [using the Auth0 CLI](./docs/JSON%20Configuration.md), and provides a significantly simpler configuration experience for developers.
+
+-   The previous `auth0.guard` Guard (`Auth0\Laravel\Auth\Guard`) has been **refactored** as a lightweight wrapper around the new `SessionGuard` and `TokenGuard` guards.
+
 ## [7.7.0](https://github.com/auth0/laravel-auth0/tree/7.7.0) (2023-04-26)
 
 ### Added