8.3.0

Full Changelog

Added

• Add PSR-14 Event Dispatcher, for highly customizable session storage mediums #646 (evansims)

Changed

• Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
• Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
• Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
• Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
• Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

8.2.1

Full Changelog

Fixed

• Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

• Resolves #630 (barasimumatik)

8.2.0

Full Changelog

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

• Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
• Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

• Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
• Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

Documentation Contributions

• Correct the new method name for get_authorize_link() for 8.x in UPGRADE.md #623 (jeromefitzpatrick)
• Remove PHP 7.3 README note (deprecated) #610 (evansims)
• Update CONTRIBUTING.md guidance #609 (sepiariver)
• Update README.md guidance on management configuration strategy (domain is required) #604 (fullstackfool)
• Correct README.md typos in Management API example #602 (elbebass)

Other Improvements

• Relax pestphp/pest-plugin-parallel dev dependency from ^0.2 to ^0.2 || ^1.0 #617
• Bump firebase/php-jwt dev dependency to ^6.0 #613 (evansims)
• Add Semgrep to continous integration test suite #616 (evansims)

8.1.0

Full Changelog

Added

• Add Attack Protection endpoints #593 (evansims)

8.0.6

Full Changelog

Fixed

• Auth0->renew(): now updates additional session details after a successful token refresh #593 (evansims)

8.0.5

Full Changelog

Fixed

• Auth0->exchange(): optimize setcookie() calls #591 (Nebual)

8.0.4

Full Changelog

Fixed

• Require domain configuration for management strategy #589 (evansims)

Documentation

• Update UPGRADE.md with additional notes about Auth0::login() changes from v7. #585 (BGehrels)
• Update UPGRADE.md with additional notes about Auth0::exchange() changes from v7. #584 (BGehrels)

Tests

• Add Semgrep to test suite #588 (evansims)
• Upgrade test suite to use 8.1 GA (up from RC builds) #587 (evansims)
• Fix warnings introduced in new Psalm update #586 (evansims)

8.0.3

Full Changelog

Changes

• Introduce Interfaces to Final Classes #581 (komando82)

8.0.2

Full Changelog

Fixed

• Resolve SessionStore::purge() not iterating over session storage when a falsey value is stored #577 (evansims)

8.0.1

Full Changelog

Fixed

• Simplify decoding of Access Tokens via Auth0::decode() #534 (shadowhand)