oauth2-server/CHANGELOG.md
2013-05-10 17:59:08 -07:00

3.3 KiB

Changelog

2.1 (released 2013-05-10)

  • Moved zetacomponents/database to "suggest" in composer.json. If you rely on this feature you now need to include " zetacomponents/database" into "require" key in your own composer.json. (Issue #51)
  • New method in Refresh grant called rotateRefreshTokens(). Pass in true to issue a new refresh token each time an access token is refreshed. This parameter needs to be set to true in order to request reduced scopes with the new access token. (Issue #47)
  • Rename key column in oauth_scopes table to scope as key is a reserved SQL word. (Issue #45)
  • The scope parameter is no longer required by default as per the RFC. (Issue #43)
  • You can now set multiple default scopes by passing an array into setDefaultScope(). (Issue #42)
  • The password and client credentials grants now allow for multiple sessions per user. (Issue #32)
  • Scopes associated to authorization codes are not held in their own table (Issue #44)
  • Database schema updates.

2.0.5 (released 2013-05-09)

  • Fixed oauth_session_token_scopes table primary key
  • Removed DEFAULT '' that has slipped into some tables
  • Fixed docblock for SessionInterface::associateRefreshToken()

2.0.4 (released 2013-05-09)

  • Renamed primary key in oauth_client_endpoints table
  • Adding missing column to oauth_session_authcodes
  • SECURITY FIX: A refresh token should be bound to a client ID

2.0.3 (released 2013-05-08)

  • Fixed a link to code in composer.json

2.0.2 (released 2013-05-08)

  • Updated README with wiki guides
  • Removed null as default parameters in some methods in the storage interfaces
  • Fixed license copyright

2.0.0 (released 2013-05-08)

If you're upgrading from v1.0.8 there are lots of breaking changes

  • Rewrote the session storage interface from scratch so methods are more obvious
  • Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
  • Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
  • A session can have multiple associated access tokens
  • Induvidual grants can have custom expire times for access tokens
  • Authorization codes now have a TTL of 10 minutes by default (can be manually set)
  • Refresh tokens now have a TTL of one week by default (can be manually set)
  • The client credentials grant will no longer gives out refresh tokens as per the specification

1.0.8 (released 2013-03-18)

  • Fixed check for required state parameter
  • Fixed check that user's credentials are correct in Password grant

1.0.7 (released 2013-03-04)

  • Added method requireStateParam()
  • Added method requireScopeParam()

1.0.6 (released 2013-02-22)

  • Added links to tutorials in the README
  • Added missing state parameter request to the checkAuthoriseParams() method.

1.0.5 (released 2013-02-21)

  • Fixed the SQL example for SessionInterface::getScopes()

1.0.3 (released 2013-02-20)

  • Changed all instances of the "authentication server" to "authorization server"

1.0.2 (released 2013-02-20)

  • Fixed MySQL create table order
  • Fixed version number in composer.json

1.0.1 (released 2013-02-19)

  • Updated AuthServer.php to use self::getParam()

1.0.0 (released 2013-02-15)

  • First major release