All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning, but only for the public API.
userIdentifierindex fromoauth2_access_tokenandoauth2_authorization_codetables (6108915)
- Ability to revoke credentials (access tokens, authorization codes and refresh tokens) programmatically (fee109d)
- Support for registering custom grant types (6b37588)
- Console command
league:oauth2-server:list-clientsnot being able to list clients without a secret (da38b7a)
- Ability to restrict clients from using the
plainchallenge method during PKCE (4562a1f) - Ability to clear expired authorization codes (91b6447)
- Support for defining public (non-confidential) clients (8a71f55)
- The bundle is now compatible with Symfony 5.x (3f36977)
- PSR-7 Bridge version constraint to
^2.0(3c741ca) - The bundle now relies on
8.xversions of league/oauth2-server for base functionality (8becc18)
- Support for Symfony 3.4, 4.2 and 4.3 (3f36977)
- The bundle is now additionally tested against PHP 7.4 (2b29be3)
- Authentication provider not being aware of the current firewall context (d349329)
- Faulty logic when revoking authorization codes (24ad882)
- Ability to change the scope role prefix using the
role_prefixconfiguration option (b2ee617) - Interfaces for converter type service classes (d2caf69)
- New testing target in Travis CI for Symfony 4.4 (8a44fd4)
- The bundle is now fully compatible with Symfony Flex (a4ccea1)
- DoctrineBundle version constraint to allow
2.xderived versions (885e398) - Explicitly list league/oauth2-server version requirements in the documentation (9dce66a)
- Reduce distributed package size by excluding files that are used only for development (80b9e41)
- Simplify
AuthorizationRequestResolveEventclass creation (32908c1)
- Not being able to delete clients that have access/refresh tokens assigned to them (424b770)
- PSR-7/17 alias check during the container compile process (0847ea3)
- Ability to specify a Defuse key as the encryption key (d83fefe)
- Ability to use different PSR-7/17 HTTP transport implementations (4973e1c)
- Allow configuration of the private key passphrase (f16ec67)
- Checks if dependent bundles are enabled in the application kernel (38f6641)
- Console command for clearing expired access and refresh tokens (de3e338)
- Console commands for client management (2425b3d, 56aafba)
- Server grant types can now be enabled/disabled through bundle configuration (baffa92)
- Support for the "authorization_code" server grant type (a61114a)
- Support for the "implicit" server grant type (91b3d75)
- Support for Symfony 4.3 (e4cf668)
- The bundle is now additionally tested against PHP 7.3 (9f5937b)
- Authentication exceptions are now thrown instead of setting the response object (8a505f6)
- Modernize bundle service definitions (fc1f855, ef2f557)
- Previously documented client scope inheriting and restricting is now the new default behavior (af9bffc)
- Relaxed the league/oauth2-server package version constraint to allow non-braking changes (26d9c0b)
- Use
DateTimeInterfaceinstead ofDateTimewhenever possible (4549252)
- DoctrineBundle related deprecation notices (fbde15b)
- Not being able to override the "persistence" config tree from other configuration files (b62b331)
- Symfony related deprecation notices (601d482)
- Redundant configuration node options (5fa60ef)
- Support for Symfony 4.1 (4973e1c)
- Unsupported HTTP verbs on the
/authorizeand/tokenendpoints (51ef5ae)
- The bundle is now compatible with Symfony 3.4 (0ba9cb3)
- Bundle dependency requirements are now more relaxed (158d221)
- Permission checks against private/public keys are no longer enforced (a24415a)
- Bundle creating a
defaultDoctrine connection if it didn't exist (d4e58a0) - Improper class naming (b43be3d)
This is the initial release.