0.5.0

• Using any of the mixins is now completely optional; Ember.SimpleAuth will
  work without the mixins as well (see example 9).
• The session's authorizationFailed event will now be triggered for any
  failed XHRs and not only for those made in routes' model hooks.
• Fixed the Devise authenticator's restore method, see #171
• The AuthenticationControllerMixin's authenticate action now returns the
  promise that's returned from the session's authenticate action.
• The authenticator's 'updated' event was renamed to 'sessionDataUpdated'.
• The store's 'updated' event was renamed to 'sessionDataUpdated'.
• The API docs now include the events an object might trigger.
• The tests now run with the latest Ember and jQuery versions.

0.4.0

• [BREAKING] Ember.SimpleAuth's factories are now registered with
  "namespaced" names with Ember's container to avoid conflicts, see #159;
  this requires all references to these factories (e.g.
  authenticatorFactory in controllers to be prepended with
  'ember-simple-auth-').
• [BREAKING] Ember.SimpleAuth.Authorizers.Devise now sends the user's
  token and email address in one header that's compatible to
  Rails' token auth module
• [BREAKING] Ember.SimpleAuth.Authenticators.Devise now sends the
  (configurable) resource name for session authentication, see #157
• The name of the property that Ember.SimpleAuth injects the session with into
  routes and controllers can now be customized, see #159
• fixed Ember.SimpleAuth.Utils.isSecureUrl so that it checks the passed URL
  not the current location
• improved the instructions for server side setup for ember-simple-auth-devise,
  see #155

0.3.1

• Fixed a bug where the arguments from session events were not passed to router
  actions.

0.3.0

Ember.SimpleAuth has been split up into a base library and a set of extension libraries - the OAuth 2.0 authenticator/authorizer, the cookie session store as well as the new Devise authenticator/authorizer now reside in their own extension libraries so everybody can include only what they need. If you're currently using the OAuth 2.0 authenticator and/or authorizer, you now need to include the ember-simple-auth-oauth2.js file in your app! If you're using the Cookie store you need to include ember-simple-auth-cookie-store.js.

Also using an authorizer is now optional; if none is specified no requests will be authorized. If you're currently using an authorized be sure to specify it for Ember.SimpleAuth.setup now, e.g.:

Ember.SimpleAuth.setup(container, application, {
  authorizerFactory: 'authorizer:oauth2-bearer'
});

Other changes in this release:

• the new Devise authenticator and authorizer have been added, see README in the package.
• the session is no longer injected into models and views - it was probably not working for both for some time anyway and it was also not a good idea to do it in the first place as anything related to the session should be managed by the routes and controllers; see #122.
• the authenticator's update event is now handled correctly so that it might lead to the session being invalidated, see #121.
• examples have been updated
• the OAuth 2.0 authenticator will now try to refresh an expired token on refresh and only reject when that fails, see #102

0.2.1

• removed check for identification and password being present in LoginControllerMixin so an error is triggered with the server's response, see #130
• serve both examples and tests with grunt dev_server task
• README improvements
• improved examples

0.2.0

• Ember.SimpleAuth now reloads the application's root page on logout so all sensitive in-memory data etc. gets cleared - this also works across tabs now, see #92
• the OAuth 2.0 authenticator rejects restoration when the access token is known to have expired, see #102
• the store is not updated unnecessarily anymore, see #97
• the library is now built with grunt, uses ES6 modules and is tested with mocha - all Ruby dependencies have been removed
• added warnings when credentials/tokens etc. are transmitted via insecure connections (HTTP)
• the test suite now runs against all supported major versions of Ember.js as well as the latest releases of the jQuery 1.x and 2.x branches.

0.1.3

• fixed synchronization of stores, see #91

0.1.2

• Ember.SimpleAuth.setup now expects the container and the application as arguments (Ember.SimpleAuth.setup(container, application);)
• the authenticator to use is now looked up via Ember's container instead of the class name which fixes all sorts of problems especially when using Ember AppKit with the new ES6 modules lookup
• the examples will now always build a new release of Ember.SimpleAuth when starting
• origin validation now works in IE, see #84

0.1.1

includes some bug fixes:

• use absolute expiration times for tokens, see #76
• fix for cross origin check in IE, see #72
• make sure errors bubble up, see #79
• added documentation for customizing/extending the library

0.1.0 - the big refactor™

This has long been in the works and now it's finally released: the Big Strategies Refactoring.

The most significant change in this release is the extraction of everything specific to concrete authentication/authorization mechanisms (e.g. the default OAuth 2.0 implementation) into strategy classes which significantly improves customizability and extensibility.

See the CHANGELOG and the updated README. There's also a blog post that introduces the release: http://log.simplabs.com/post/73940085063/ember-simpleauth-0-1-0.

I hope this is a significant step towards 1.0!