Skip to content

Releases: auth0/auth0-PHP

5.1.0

05 Mar 17:41
Compare
Choose a tag to compare

State validation was added in 5.1.0 for improved security. By default, this uses session storage and will happen automatically if you are using a combination of Auth0::login() and any method which calls Auth0::exchange() in your callback.

If you need to use a different storage method, implement your own StateHandler and set it using the state_handler config key when you initialize an Auth0 instance.

If you are using Auth0::exchange() and a method other than Auth0::login() to generate the Authorize URL, you can disable automatic state validation by setting the state_handler key to false when you initialize the Auth0 instance. It is highly recommended to implement state validation, either automatically or otherwise

Closed issues

  • Support for php-jwt 5 #210

Added

  • Adding tests for state handler; correcting storage method used #228 (joshcanhelp)

Changed

5.0.6

24 Nov 15:43
Compare
Choose a tag to compare

Added

  • Add support for the new users by email API #213 (erichard)

Fixed

5.0.5: Merge pull request #207 from auth0/5.x.x-dev

30 Aug 19:48
Compare
Choose a tag to compare

5.0.4

26 Jun 15:32
Compare
Choose a tag to compare

Added

Changed

  • Restructured tests and fixed hhvm build #164 (Nyholm)
  • Update .env.example with more appropriate values #148 (AmaanC)

Removed

5.0.3: Merge pull request #147 from auth0/5.x.x-dev

16 Mar 19:17
Compare
Choose a tag to compare
Fix oauth token realm call + exception class name

5.0.0: Merge pull request #127 from auth0/5.x.x-dev

22 Feb 19:13
Compare
Choose a tag to compare
v5.0.0 - Oauth2 Api authentication

4.0.12: Merge pull request #141 from auth0/4.x.x-dev

21 Feb 12:40
Compare
Choose a tag to compare

4.0.11

30 Dec 21:40
d02f462
Compare
Choose a tag to compare
fix fetch code

4.0.10

30 Dec 21:28
fdf1f6c
Compare
Choose a tag to compare
fix

4.0.9: Merge pull request #130 from SeanZicari/get_or_post_code

30 Dec 12:51
Compare
Choose a tag to compare
Look for code in _GET or _POST explicitly.