7.9.2 (2021-08-03)
Fixed
7.9.1 (2021-07-06)
Fixed
- Replace deprated/removed GuzzleHttp\Psr7\build_query #500 (bartvanraaij)
7.9.0 (2021-05-03)
Changed
- Reintroduce Guzzle 6 support #489 (marko-ilic)
- Update Auth0\SDK\Auth0::getState() visibility to public #498 (evansims)
7.8.0 (2021-03-19)
This release expands Organizations support to the Management API client. Please see the README for details on Organizations, currently in closed beta testing.
Added
7.7.0 (2021-03-19)
This release includes initial support for Organizations, a new feature from Auth0 currently in closed beta testing. Please see the updated README for usage instructions.
Added
Changed
7.6.2 (2021-01-01)
Fixed
- Ensure ?include_totals are handled properly on GET /users and GET /roles requests for Management API #476 (evansims)
7.6.1 (2021-01-01)
This hotfix addresses an issue with a dependency reference.
7.6.0 (2021-01-01)
SDK 7.6 introduces support for the newly released PHP 8.0 and drops supported for PHP 7.1 and 7.2 (which have reached their end of support cycles.) Please ensure you are running supported versions of PHP in your environments.
Added
- PHP 8.0 support #467 (evansims)
- Static code analysis #470 (FrontEndCoffee)
7.5.0 (2020-11-16)
Closed issues
- createPasswordChangeTicket doesn't support 'ttl_sec' parameter #457
- Make the CACHE_TTL used in the JWKFetcher configurable. #450
- Allow programmatic clearing of cache values managed by Auth0Service #441
Added
- Add support for Authorization Code Flow with PKCE #449 (ls-youssef-jlidat)
- Allow specifying TTL when creating password change tickets #463 (evansims)
- Expand control over TTL/Caching in JWKFetcher #462 (evansims)
- Add support for Management V2 users export job endpoint #461 (evansims)
7.4.0 (2020-09-28)
Added
- Add support for new identity field for email verifications #455 (jimmyjames)
7.3.0 (2020-08-27)
Closed issues
- TokenVerifier::verify throws a \RuntimeException instead of an InvalidTokenException #438
- Support Guzzle 7 #421
Added
- Add Support for Log Streams Management APIs #451 (jimmyjames)
- Update composer requirements to support guzzle ~7.0 #443 (banderon1)
Fixed
- Throw InvalidTokenException instead of RuntimeException when parsing malformed token #439 (B-Galati)
7.2.0 (2020-04-23)
Closed issues
Added
Fixed
- Allow no nonce option #434 (joshcanhelp)
7.1.0 (2020-02-19)
Closed issues
- Authorized Party (azp) claim mismatch in the ID token #422
- JWTVerifier alternatives #419
- Consider to customize the jwks path #417
Added
- Add TokenVerifier for non-OIDC-compliant JWTs #428 (joshcanhelp)
- Add signing key rotation and custom JWKS URI support #426 (joshcanhelp)
- Add Client ID to verification email method #423 (joshcanhelp)
7.0.0 (2020-01-15)
BEFORE YOU UPGRADE
This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.
Added
- Add types for StoreInterface and implementors; add back EmptyStore #414 (joshcanhelp)
- Add select Guardian management endpoints #412 (joshcanhelp)
- Add Auth0->decodeIdToken() method for ID token decoding by deps #410 (joshcanhelp)
- Add SameSite cookie attribute handling #400 (joshcanhelp)
- Nonce and max_age handling with new CookieStore class #395 (joshcanhelp)
Changed
- Convert caching to PSR-16 interface #403 (joshcanhelp)
- Move AuthorizationBearer to new namespace #402 (joshcanhelp)
- Improve transient authorization data handling #397 (joshcanhelp)
- Cleanup Auth0 class constructor for clarification and better defaults #394 (joshcanhelp)
- Change client secret requirements #390 (joshcanhelp)
- Improved OIDC compliance #386 (joshcanhelp)
- Update minimum PHP from 5.5 to 7.1 #377 (joshcanhelp)
Removed
- Remove future iat check #411 (joshcanhelp)
- Remove Firebase JWT library #396 (joshcanhelp)
- Remove session cookie expiration option #389 (joshcanhelp)
- Remove deprecated Authentication methods and add types #385 (joshcanhelp)
- Remove deprecated JWKS methods and adjust tests #384 (joshcanhelp)
- Remove deprecated M-API methods #383 (joshcanhelp)
- Remove deprecated InformationHeaders methods and add types #382 (joshcanhelp)
- Remove deprecated methods and add types to RequestBuilder #381 (joshcanhelp)
- Remove deprecated token generator #380 (joshcanhelp)
- Remove deprecated legacy classes #379 (joshcanhelp)
- Update management props #378 (joshcanhelp)
5.7.0 (2019-12-09)
Added
- Add default scopes to Auth0 class #406 (joshcanhelp)
- fix: add missing options for renewTokens method #405 (bkotrys)
Deprecated
- Add deprecation notices for removals in v7 major release #407 (joshcanhelp)
Fixed
5.6.0 (2019-09-26)
Closed issues
- [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
- JWT Verification fails everytime #356
- Bulk User Imports - I can't Use
upsertas a paramater for theimportUsersfeature #353
Added
- Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
- Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
- Add additional API params to Jobs > importUsers #354 (pinodex)
Deprecated
- Deprecated unused JWKFetcher methods #373 (joshcanhelp)
- Deprecate magic __call method on RequestBuilder class #366 (joshcanhelp)
- Deprecate Management properties; add lazy-load methods #363 (joshcanhelp)
- Deprecate and stop using magic call method on ApiClient #362 (joshcanhelp)
- Deprecate addPathVariable and dump methods on RequestBuilder #361 (joshcanhelp)
- Deprecate TokenGenerator class #360 (joshcanhelp)
Fixed
- Fix boolean form parameters not sending as strings #357 (joshcanhelp)
5.5.1 (2019-07-15)
Closed issues
- No packagist package created for 5.5.0 #346
Fixed
- Fix empty url params #349 (joshcanhelp)
- Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
- Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)
5.5.0 (2019-06-07)
Closed issues
- Consider dropping PHP-5.x version supports #343
- Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333
Added
- Add missing User endpoints for Management API #341 (joshcanhelp)
- Add all Management API Roles endpoints #337 (joshcanhelp)
- Add missing Users test and switch to mocked calls. #336 (joshcanhelp)
- Add Authentication::refresh_token() method #335 (joshcanhelp)
5.4.0 (2019-02-28)
Notes for this release:
\Auth0\SDK\Auth0now accepts a$configkey calledskip_userinfothat uses the decoded ID token for the user profile instead of a call to the/userinfoendpoint. This will save an HTTP call during login and should have no affect on most applications.
Closed issues
Auth0::exchange()assumes a valid id_token #317- Feature Request: Support sending
auth0-forwarded-forheader #208
Added
- Authentication class cleanup and tests #322 (joshcanhelp)
- Add Grants Management endpoint #321 (joshcanhelp)
- Add
Auth0-Forwarded-Forheader for RO grant #320 (joshcanhelp) - Improve API Telemetry #319 (joshcanhelp)
- Add Mock API Request Capability and Mocked Connections Tests #314 (joshcanhelp)
Changed
- Test suite improvements #313 (joshcanhelp)
- Improve repo documentation #312 (joshcanhelp)
Deprecated
- Official deprecation for
JWKFetchermethod #328 (joshcanhelp)\Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
- Official deprecation for
Usermethods #327 (joshcanhelp)\Auth0\SDK\API\Management\Users::search()\Auth0\SDK\API\Management\Users::unlinkDevice()
- Official deprecation of
ClientGrantsmethod #326 (joshcanhelp)\Auth0\SDK\API\Management\ClientGrants::get()
- Official deprecation of legacy
InformationHeadersmethods #325 (joshcanhelp)\Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()\Auth0\SDK\API\Helpers\InformationHeaders::setDependency()\Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
- Official deprecation of legacy
Authenticationmethods #324 (joshcanhelp)\Auth0\SDK\API\Authentication::setApiClient()\Auth0\SDK\API\Authentication::sms_code_passwordless_verify()\Auth0\SDK\API\Authentication::email_code_passwordless_verify()\Auth0\SDK\API\Authentication::impersonate()
Fixed
- Fix
Auth0::exchange()to handle missing id_token #318 (joshcanhelp)
5.3.2 (2018-11-2)
Closed issues
- Something is wrong with the latest release 5.3.1 #303
Fixed
- Fix info headers Extend error in dependant libs #304 (joshcanhelp)
5.3.1 (2018-10-31)
Closed issues
- Array to String exception when audience is an array #296
- Passing accessToken from frontend to PHP API #281
- Deprecated method email_code_passwordless_verify #280
Added
Changed
- Change telemetry headers to new format and add tests #300 (joshcanhelp)
Fixed
- Fix bad exception message generation #297 (joshcanhelp)
5.3.0 (2018-10-09)
Closed issues
- Question: Handling rate limits #277
- Allow configuration of the JWKS URL #276
- Allow changing the session key name #273
- SessionStore overrides PHP session cookie lifetime setting #215
Added
- Add custom JWKS path and kid check to JWKFetcher + tests #287 (joshcanhelp)
- Add config keys for session base name and cookie expires #279 (joshcanhelp)
- Add return request object #278 (joshcanhelp)
- Add pagination and tests to Resource Servers #275 (joshcanhelp)
- Fix formatting, code standards scan #274 (joshcanhelp)
- Add pagination, docs, and better tests for Rules #272 (joshcanhelp)
- Adding pagination, tests, + docs to Client Grants; minor test suite refactor #271 (joshcanhelp)
- Add tests, docblocks for Logs endpoints #270 (joshcanhelp)
- Add PHP_CodeSniffer + ruleset config #267 (joshcanhelp)
- Add session state and dummy state handler tests #266 (joshcanhelp)
Changed
Deprecated
- Deprecate Auth0\SDK\API\Oauth2Client class #269 (joshcanhelp)
Removed
- Remove examples, add links to Quickstarts #293 (joshcanhelp)
Fixed
- Whitespace pass with new standards using composer phpcbf #268 (joshcanhelp)
Security
- Add ID token validation #285 (joshcanhelp)
5.2.0 (2018-06-13)
Closed issues
- getAppMetadata - how to use? #248
- Auth0 class missing action to renew access token #234
- DOC maj #217
Added
- User pagination and fields, docblocks, formatting, test improvements #261 (joshcanhelp)
- Unit test for withDictParams method #260 (joshcanhelp)
- Pagination, additional parameters, and tests for the Connections endpoint #258 (joshcanhelp)
- Renew tokens method for Auth0 client class #257 (jspetrak)
- Clients endpoint pagination and improvements #256 (joshcanhelp)
- Add email template endpoints #251 (joshcanhelp)
Changed
- Code style scan and fixes #250 (joshcanhelp)
Fixed
- Fix PHPUnit test. #262 (maurobonfietti)
- Allow $page to be null for Clients so pagination is not triggered #259 (joshcanhelp)
- Rewrite README; add news and notes to CHANGELOG #253 (joshcanhelp)
5.1.1 (2018-04-03)
Closed issues
Added
- Implement ResourceServices::getAll() #236 (joshcanhelp)
Fixed
- Incorrect type hint on SessionStateHandler __construct #235 (joshcanhelp)
- Auth0 class documentation fixed for store and state handler #232 (jspetrak)
- Fixing minor code quality issues #231 (joshcanhelp)
5.1.0 (2018-03-02)
Notes on this release:
State validation was added for improved security. Please see our troubleshooting page for more information on how this works and potential issues.
Closed issues
- Support for php-jwt 5 #210
Added
- Added XSRF State Storage / Validation #214 (cocojoe)
- Adding tests for state handler; correcting storage method used #228 (joshcanhelp)
Changed
- Bumping JWT package version #229 (joshcanhelp)
5.0.6 (2017-11-24)
Added
Fixed
5.0.4 (2017-06-26)
Added
Changed
- Restructured tests and fixed hhvm build #164 (Nyholm)
- Update .env.example with more appropriate values #148 (AmaanC)
Removed
3.4.0 (2016-06-21)
Closed issues:
- More descriptive error message when code exchange fails #86
Merged pull requests:
- Correctly build logout url query string #87 (robinvdvleuten)
3.3.7 (2016-06-09)
3.3.6 (2016-06-09)
Merged pull requests:
3.3.5 (2016-05-24)
Closed issues:
- Create password change ticket fails #84
- UnexpectedValueException is used in Auth0JWT.php but is not defined #80
- Add support for auth api endpoints (/ro) #22
3.3.4 (2016-05-24)
3.3.3 (2016-05-24)
2.2.3 (2016-05-10)
3.3.2 (2016-05-10)
3.3.1 (2016-05-10)
2.2.2 (2016-05-10)
3.3.0 (2016-05-09)
Merged pull requests:
- deleted uneccessary code, fixed typos #83 (Amialc)
- Add Docker support #82 (smtx)
- changed UnexpectedValueException to CoreException #81 (dryror)
- Added auth api support #78 (glena)
3.2.1 (2016-05-02)
2.2.1 (2016-04-27)
Closed issues:
- outdated dependency in api example #75
Merged pull requests:
3.2.0 (2016-04-15)
- Now the SDK supports RS256 codes, it will decode using the
.well-known/jwks.jsonendpoint to fetch the public key
2.2.0 (2016-04-15)
Notes
- Now the SDK fetches the user using the
tokeninfoendpoint to be fully compliant with the openid spec - Now the SDK supports RS256 codes, it will decode using the
.well-known/jwks.jsonendpoint to fetch the public key
Closed issues:
Merged pull requests:
3.1.0 (2016-03-10)
Closed issues:
- API seed incomptaible with auth0-php 3 #70
- "cURL error 60: SSL certificate problem: self signed certificate in certificate chain (see http://curl.haxx.se/libcurl/c/libcurl-errors.html\)", #69
- basic-webapp outdated dependencies #68
- basic-webapp project relative path #67
- Typo on README #63
- Missing updateAppMetadata() method? #59
Merged pull requests:
- 3.1.0 #74 (glena)
- Compatibility with new version of Auth0php #72 (Annyv2)
- depedencies update, fix routes to css and js #71 (Amialc)
- update lock version #66 (Amialc)
- Fixed typo #65 (thijsvdanker)
- Update README.md #64 (Annyv2)
- Test travis env vars #62 (glena)
- Fix typo #58 (vboctor)
3.0.1 (2016-02-03)
Merged pull requests:
- Fixed Importing users #61 (polishdeveloper)
1.0.11 (2016-01-27)
Closed issues:
- Exception: Cannot handle token prior to [timestamp] #56
Merged pull requests:
- Fix ApiConnections class name #60 (bjyoungblood)
3.0.0 (2016-01-18)
General 3.x notes
- SDK api changes, now the Auth0 API client is not build of static classes anymore. Usage example:
$token = "eyJhbGciO....eyJhdWQiOiI....1ZVDisdL...";
$domain = "account.auth0.com";
$guzzleOptions = [ ... ];
$auth0Api = new \Auth0\SDK\Auth0Api($token, $domain, $guzzleOptions); /* $guzzleOptions is optional */
$usersList = $auth0Api->users->search([ "q" => "email@test.com" ]);Closed issues:
- Missing instruccions step 2 Configure Auth0 PHP Plugin #55
- Outdated Lock #52
- Deprecated method in basic-webapp #50
Merged pull requests:
2.1.2 (2016-01-14)
Merged pull requests:
2.1.1 (2015-11-29)
Merged pull requests:
2.1.0 (2015-11-24)
Closed issues:
- Update to use v3.0 of firebase/php-jwt #47
Merged pull requests:
2.0.0 (2015-11-23)
General 2.x notes
- Session storage now returns null (and null is expected by the sdk) if there is no info stored (this change was made since false is a valid value to be stored in session).
- Guzzle 6.1 required
Closed issues:
- Guzzle 6 #43
- User is null not false #41
- Issues with PHP Seed project #38
- authParams... how do I retrieve the results? #37
Merged pull requests:
1.0.10 (2015-09-23)
Closed issues:
- Improve error message when no id_token is received after code exchange #35
- PHP should be 5.4+, not 5.3+ #34
Merged pull requests:
1.0.9 (2015-08-03)
Closed issues:
- Stable dependencies in composer.json instead of "dev-master" #30
Merged pull requests:
- tagged adoy to ~1.3 #31 (glena)
- Bad reference in Android PHP API Seed Project Readme file #67 #29 (glena)
1.0.8 (2015-07-27)
Closed issues:
- Class 'JWT' not found #25
- Correct way to use the JWT Token generated in API v2 if we want expanded scope #19
Merged pull requests:
1.0.7 (2015-07-17)
Closed issues:
Merged pull requests:
- v1.0.7 #26 (glena)
- Readme file call URL port fixed #18 (jose-e-rodriguez)
- ApiUsers link account identities fix #16 (deboorn)
1.0.6 (2015-06-12)
Merged pull requests:
1.0.5 (2015-06-02)
Merged pull requests:
- Updates the changed endpoints (tickets) #15 (glena)
- Api users search link accounts fix #14 (deboorn)
- Auth0JWT encode fix to allow scope with null custom payload #13 (deboorn)
1.0.4 (2015-05-19)
1.0.3 (2015-05-15)
Merged pull requests:
1.0.2 (2015-05-13)
Closed issues:
- EU tenants are getting Unauthorize on api calls #10
- PHP Fatal error: Class 'Auth0\SDK\API\ApiUsers' not found in vendor/auth0/auth0-php/src/Auth0.php on line 256 #9
Merged pull requests:
1.0.1 (2015-05-12)
Closed issues:
Merged pull requests:
1.0.0 (2015-05-07)
General 1.x notes
- Now, all the SDK is under the namespace
\Auth0\SDK - The exceptions were moved to the namespace
\Auth0\SDK\Exceptions - The Auth0 class, now provides two methods to access the user metadata,
getUserMetadataandgetAppMetadata. For more info, check the API v2 changes - The Auth0 class, now provides a way to update the UserMetadata with the method
updateUserMetadata. Internally, it uses the update user endpoint, check the method documentation for more info. - The new service
\Auth0\SDK\API\ApiUsersprovides an easy way to consume the API v2 Users endpoints. - A simple API client (
\Auth0\SDK\API\ApiClient) is also available to use. - A JWT generator and decoder is also available (
\Auth0\SDK\Auth0JWT) - Now provides an interface for the Authentication API.
Closed issues:
- Unexpected token #4
Merged pull requests:
0.6.6 (2014-04-14)
Closed issues:
- generateUrl() in BaseAuth0 is creating bad URLs #1
0.6.5 (2014-04-02)
0.6.4 (2014-02-13)
0.6.3 (2014-01-06)
* This Change Log was automatically generated by github_changelog_generator