CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning, but only for the public API.

[3.2.0] - 2020-10-26

Added

• Jobs with the prefer-lowest composer flag to CI (#204)
• On delete CASCADE on authorization code entity client association (#216)
• Trikoder\Bundle\OAuth2Bundle\Event\AbstractUserResolveEvent abstract class for user resolve events (#221)
• Add per grant type configuration options (#199)
• CI testing - Symfony 5.1 (#230)
• Cleanup command (trikoder:oauth2:clear-revoked-tokens) for revoked tokens (#234)
• Setter for the secret property of the Client Doctrine entity (#239)

Changed

• Pass previous exception toOauth2AuthenticationFailedException exception (#223)
• Allow PHPUnit 9 (#238)

Deprecated

• Legacy service aliases (#203)

[3.1.1] - 2020-04-10

Removed

• userIdentifier index from oauth2_access_token and oauth2_authorization_code tables (6108915)

[3.1.0] - 2020-04-09

Added

• Ability to revoke credentials (access tokens, authorization codes and refresh tokens) programmatically (fee109d)
• Support for registering custom grant types (6b37588)

Fixed

• Console command trikoder:oauth2:list-clients not being able to list clients without a secret (da38b7a)

[3.0.0] - 2020-02-26

Added

• Ability to restrict clients from using the plain challenge method during PKCE (4562a1f)
• Ability to clear expired authorization codes (91b6447)
• Support for defining public (non-confidential) clients (8a71f55)
• The bundle is now compatible with Symfony 5.x (3f36977)

Changed

• PSR-7 Bridge version constraint to ^2.0 (3c741ca)
• The bundle now relies on 8.x versions of league/oauth2-server for base functionality (8becc18)

Removed

• Support for Symfony 3.4, 4.2 and 4.3 (3f36977)

[2.1.1] - 2020-02-25

Added

• The bundle is now additionally tested against PHP 7.4 (2b29be3)

Fixed

• Authentication provider not being aware of the current firewall context (d349329)
• Faulty logic when revoking authorization codes (24ad882)

[2.1.0] - 2019-12-09

Added

• Ability to change the scope role prefix using the role_prefix configuration option (b2ee617)
• Interfaces for converter type service classes (d2caf69)
• New testing target in Travis CI for Symfony 4.4 (8a44fd4)
• The bundle is now fully compatible with Symfony Flex (a4ccea1)

Changed

• DoctrineBundle version constraint to allow 2.x derived versions (885e398)
• Explicitly list league/oauth2-server version requirements in the documentation (9dce66a)
• Reduce distributed package size by excluding files that are used only for development (80b9e41)
• Simplify AuthorizationRequestResolveEvent class creation (32908c1)

Fixed

• Not being able to delete clients that have access/refresh tokens assigned to them (424b770)

[2.0.1] - 2019-08-13

Removed

• PSR-7/17 alias check during the container compile process (0847ea3)

[2.0.0] - 2019-08-08

Added

• Ability to specify a Defuse key as the encryption key (d83fefe)
• Ability to use different PSR-7/17 HTTP transport implementations (4973e1c)
• Allow configuration of the private key passphrase (f16ec67)
• Checks if dependent bundles are enabled in the application kernel (38f6641)
• Console command for clearing expired access and refresh tokens (de3e338)
• Console commands for client management (2425b3d, 56aafba)
• Server grant types can now be enabled/disabled through bundle configuration (baffa92)
• Support for the "authorization_code" server grant type (a61114a)
• Support for the "implicit" server grant type (91b3d75)
• Support for Symfony 4.3 (e4cf668)
• The bundle is now additionally tested against PHP 7.3 (9f5937b)

Changed

• Authentication exceptions are now thrown instead of setting the response object (8a505f6)
• Modernize bundle service definitions (fc1f855, ef2f557)
• Previously documented client scope inheriting and restricting is now the new default behavior (af9bffc)
• Relaxed the league/oauth2-server package version constraint to allow non-braking changes (26d9c0b)
• Use DateTimeInterface instead of DateTime whenever possible (4549252)

Fixed

• DoctrineBundle related deprecation notices (fbde15b)
• Not being able to override the "persistence" config tree from other configuration files (b62b331)
• Symfony related deprecation notices (601d482)

Removed

• Redundant configuration node options (5fa60ef)
• Support for Symfony 4.1 (4973e1c)
• Unsupported HTTP verbs on the /authorize and /token endpoints (51ef5ae)

[1.1.0] - 2019-01-07

Added

• The bundle is now compatible with Symfony 3.4 (0ba9cb3)

Changed

• Bundle dependency requirements are now more relaxed (158d221)
• Permission checks against private/public keys are no longer enforced (a24415a)

Fixed

• Bundle creating a default Doctrine connection if it didn't exist (d4e58a0)
• Improper class naming (b43be3d)

[1.0.0] - 2018-11-28

This is the initial release.