- BC Break: Dropped support for Symfony:
6.3
and7.0
, - Bugfix: Prevent overwriting
failure_path
inAuthenticationFailureHandler
when connect functionality is not enabled, - Bugfix: Prevent overwriting
failure_handler
in security configuration if set, - Bugfix: Type hint
AuthenticatorInterface
instead ofOAuthAuthenticator
inRefreshAccessTokenListener
, - Bugfix: Add missing parameters to
OdnoklassnikiResourceOwner
,
- BC Break: Dropped support for PHP 7.4 & 8.0,
- Added: Telegram resource owner,
- Bugfix: Allow
use_authorization_to_get_token
to be configured tofalse
for generic OAuth2, - Bugfix: Update API version for Facebook to latest available
- Bugfix: Replace custom authenticator passport with custom badge usage,
- Bugfix: Fix registration of failure handler,
- Bugfix: Don't miss refresh token in registration controller,
- Bugfix: Allow
null
as$registrationForm
inRegisterController
, - Bugfix: Fix connect functionality with authentication managers,
- BC Break: Dropped support for Symfony:
>6.0, <6.3
, - Added: New Passage resource owner,
- Bugfix: Remove deprecations reported by Symfony 6.4,
- Chore: Added support for Symfony 7,
- Bugfix: Prevent refreshing non-expired tokens
- Bugfix: Remove deprecations reported by Symfony 6.x
- Bugfix: Prevent fatal error when token doesn't have resource owner name set
- BC Break: Dropped support for Symfony: 6.0.*,
- BC Break: Class
Templating\Helper\OAuthHelper
was merged intoTwig\Extension\OAuthRuntime
, - BC Break: When resource owner class doesn't define
TYPE
constant or isnull
, then key will be calculated by converting its class name withoutResourceOwner
suffix tosnake_case
, if neither is felt, then\LogicException
will be thrown, - Deprecated: method
UserResponseInterface::getUsername()
was deprecated in favour ofUserResponseInterface::getUserIdentifier()
to match changes in Symfony Security component, - Enhancement:
@internal
resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended fromGenericOAuth[X]ResourceOwner
getoauth[X]
type. If class only implements ResourceOwnerInterface then its oauth type isunknown
. ResourceOwner key (parametertype
in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implementedResourceOwnerInterface
will be registered automatically. Ifautoconfigure
option is disabled user have to add the taghwi_oauth.resource_owner
to the service definition, - Enhancement: Class
ConnectController
was split into two smaller ones,Connect\ConnectController
&Connect\RegisterController
, - Bugfix: Added
OAuth1ResourceOwner
&OAuth2ResourceOwner
to cover case of implementing custom oauth resource owners, - Bugfix: Fixed Authorization Header in
CleverResourceOwner::doGetRequest
, - Bugfix: Catch also the
TransportExceptionInterface
inAbstractResourceOwner::getResponseContent()
method, - Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
- Bugfix: Prevent fatal error in
OAuthUserProvider::loadUserByOAuthUserResponse()
whennickname
is not available in OAuth response, - Bugfix: Use newer version of
firebase/php-jwt
library, - Chore: Removed not used Symfony Templating component
- Deprecated: configuration parameter
firewall_names
, firewalls are now computed automatically - all firewalls that have definedoauth
authenticator/provider will be collected, - Added: Ability to automatically refresh expired access tokens (only for derived from
GenericOAuth2ResourceOwner
resource owners), if optionrefresh_on_expire
set totrue
, - Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option
refresh_on_expure
set totrue
, - Enhancement: (
@internal
) Removed/replaced redundant argument$firewallNames
from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use$resourceOwnerMapLocator->getFirewallNames()
, - Bugfix:
RefreshTokenListener
cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing onkernel.response
. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request, - Bugfix:
InteractiveLoginEvent
will be triggered also forOAuthAuthenticator
, - Maintain: Changed config files from
*.xml
to*.php
(services and routes). Xml routing configsconnect.xml
,login.xml
andredirect.xml
are steel present but deprecated. Please use*.php
variants in your includes instead.
- BC Break: Dropped PHP 7.3 support,
- BC Break: Dropped support for Symfony: >=5.1 & <5.4,
- BC Break:
OAuthExtension
is now a lazy Twig extension using a Runtime, - BC Break: removed support for
FOSUserBundle
, - BC Break: changed
process()
argument forForm/RegistrationFormHandlerInterface
, fromForm $form
toFormInterface $form
, - BC Break: changed form class name in template
Resources/views/Connect/connect_confirm.html.twig
fromfos_user_registration_register
toregistration_register
, - BC Break: removed configuration option
fosub
fromoauth_user_provider
, - BC Break: removed configuration options
hwi_oauth.fosub
, & all related DI parameters, - BC Break: removed DI parameter
hwi_oauth.registration.form.factory
in favour of declaring form class name as DI parameter:hwi_oauth.connect.registration_form
, - BC Break: changed
ResourceOwnerMapInterface::hasResourceOwnerByName
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByName
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByRequest
signature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerCheckPath
signature, update if you use a custom resource owner, - BC Break:
ResourceOwnerMap
uses service locator instead of DI container, - BC Break: Removed abstract services:
hwi_oauth.abstract_resource_owner.generic
,hwi_oauth.abstract_resource_owner.oauth1
&hwi_oauth.abstract_resource_owner.oauth2
, - BC Break: Removed
setName()
method fromOAuth/ResourceOwnerInterface
, - BC Break: changed
__construct()
argument forOAuth/ResourceOwner/AbstractResourceOwner
, fromHttpMethodsClient $httpClient
toHttpClientInterface $httpClient
, - BC Break: replaced
php-http/httplug-bundle
withsymfony/http-client
- BC Break: removed
hwi_oauth.http
configuration, - BC Break: reworked bundles structure to match Symfony best practices:
- bundle code moved to:
src/
, - tests moved to:
tests/
, - docs moved from
Resources/doc
into:docs/
,
- bundle code moved to:
- BC Break: routes provided by bundle now have
methods
requirements:hwi_oauth_connect_service
:GET
&POST
,hwi_oauth_connect_registration
:GET
&POST
,hwi_oauth_connect
:GET
,hwi_oauth_service_redirect
:GET
,
- Added support for PHP 8.1,
- Added support for Symfony 5.6,
- Bugfix: Fixed: BC break by restoring wrongly moved
AbstractOAuthToken::getCredentials()
method,
- Bugfix: Fixed support for PHP 8.1,
- Bugfix: Fixed support for Symfony 5.4,
- Bugfix: Fixed
VkontakteResourceOwner
option:api_version
to not point to deprecated one, - Bugfix:
RequestStack::getMasterRequest()
is deprecated since Symfony 5.3, useRequestStack::getMainRequest()
if exists, - Maintain: Added
GenericOAuth1ResourceOwnerTestCase
,GenericOAuth2ResourceOwnerTestCase
&ResourceOwnerTestCase
test case classes for easier unit testing custom resource owners
- Bugfix: remove
@final
declaration fromOAuthFactory
&FOSUBUserProvider
, - Maintain: added
.gitattributes
to reduce amount of code in archives,
- Bugfix: Define missing
hwi_oauth.connect.confirmation
parameter, - Bugfix: Added missing success/failure handlers,
- BC Break: dropped Symfony 5.0 support as it is EOL,
- BC Break: dropped PHP 7.2 support as it is EOL,
- BC Break: changed
__construct()
argument forOAuth/RequestDataStorage/SessionStorage
, fromSessionInterface $session
toRequestStack $requestStack
, - BC Break: all internal classes are "softly" marked as
final
, - Added: Symfony 5.1 Security system support,
- Added: Forward compatibility layer for session service deprecation,
- Added: state support for service authentication URL's,
- Added: ability to change the response after
HWIOAuthEvents::CONNECT_COMPLETED
is fired, - Added: PHPStan static analyse into CI,
- Fixed:
OAuthProvide
to properly refresh data inside tokens, - Fixed: PHP notice in
AppleResourceOwner
, - Fixed: use new GitHub API in
GitHubResourceOwner
, - Fixed: functional tests with & without FOSUserBundle,
- Fixed: controller don't depend on service container if possible,
- Maintain: removed
Wunderlist
resource owner, - Maintain: removed several Symfony BC layers,
- Maintain: removed Prophecy in favour of PHPUnit mocking,
- BC Break: dropped support for Symfony
<4.4
, - BC Break: dropped support for Doctrine Bundle
<2.0
, - Added PHP 8 support,
- Upgraded Facebook API to v8.0,
- Upgraded Twitch resource owner to incorporate latest Twitch API,
- Fixed: undefined
id_token
exception in Azure resource owner, - Docs: changed firewall name to match flex receipt,
- Maintain: moved from Travis CI to Github Actions,
- BC Break: dropped Symfony 4.3 support,
- Added
first_name
&last_name
in AzureResourceOwner, - Added: support for multiple OAuth2 state parameters,
- Added: Apple resource owner,
- Fixed: updated Azure
authorization
&access_token
urls, - Fixed: Doctrine persistence deprecation errors,
- Allow modification of the response in
FilterUserResponseEvent
,
- Added Symfony 5 support,
- Added domain whitelist service to avoid open redirect on
target_path
, - Fixed: session service was not injected in
LoginController
, - Fixed: missing
setContainer
call to service configuration forLoginController
, - Fixed: client id and client secret must be set in
Auth0ResourceOwner::doGetTokenRequest
, - Fixed: missing client id and client secret in
Auth0ResourceOwner
, - Twig dependency on
LoginController
is now optional,
- Dropped support for PHP 5.6, 7.0 and 7.1,
- Dropped support for FOSUserBundle 1.3,
- Dropped support for Symfony 2.8,
- Minimum Symfony 3 requirement is 3.4,
- Minimum Symfony 4 requirement is 4.3,
- Fixed: WindowsLive Resource Owner token request,
- Fixed: Update Facebook API to v3.1,
- Fixed: Update Linkedin API to v2,
- Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments,
- Fixed: Symfony deprecation warning in
symfony/config
, - Fixed: SensioConnect now uses new API URLs,
- Fixed: Do not add Authorization header if no client_secret is present,
- Fixed:
LoginController::connectAction
should not fail if no token is available, - Added: Genius.com resource owner,
- Added: HTTPlug 2.0 support,
- Added: Keycloak resource owner,
- Added: The controller is now available as a service,
- Added: Allow to use HTTP Basic auth for token request,
- [BC break] Class
Configuration
has been marked final, - [BC break] Class
ConnectController
has been marked final, - [BC break] Class
HWIOAuthExtension
has been marked final, - [BC break] Class
OAuthExtension
has been marked final, - [BC break] Class
SetResourceOwnerServiceNameCompilerPass
has been marked final, - [BC break] Class
ConnectController
extendsAbstractController
instead ofController
, - [BC break] Service
hwi_oauth.http_client
has been marked private, - [BC break] Service
hwi_oauth.security.oauth_utils
has been marked private, - [BC break] Several service class parameters have been removed,
- Fixed: Vkontakte profile picture & nickname path,
- Fixed:
Content-Length
header must be a string, - Fixed: Upgraded GitLab end point to v4,
- Fixed: Resource owner map parameters must be public,
- Fixed: Azure resource owner
infos_url
should not be empty, - Fixed: Don't start sessions twice & don't start sessions if already started,
- Fixed: Updated BitBucket docs,
- Added: Further compatibility changes for Symfony 4.1,
- Added: LinkedIn
first-
&last-
names, - Added: Facebook profile picture
- Fixed: VK requires API version now,
- Fixed: Updated Slack resource owner to use new Slack API methods,
- Fixed: Changing authorization and access token to v2 for LinkedIn,
- Fixed: Fix double call of
getUserInformation()
inConnectController
, - Fixed: Fix serialization of
AccountNotLinkedException
, - Fixed: Check for grant_rule value
IS_AUTHENTICATED_FULLY
in DI configuration, - Fixed: Don't execute
OAuthProvider::refreshAccessToken()
when there is no refresh token
- BC BREAK: Replaced
PHPUnit_Framework_TestCase
withPHPUnit\Framework\TestCase
in tests, - Added: Implemented
getUserInformation()
for Dropbox v2, - Fixed: Headers passed to
httpRequest()
method in various resource owners, - Fixed: Marked some services as
public
to make code compatible with Symfony 4
- BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6,
- BC BREAK:
hwi.http_client
config options are remove. HTTP configuration must rely on the HTTPlug client, - BC BREAK: Template engine other than Twig are no longer supported,
- BC BREAK: Option
hwi_oauth.templating_engine
was removed, - Added: Symfony 4 support,
- Added:
php-http/httplug-bundle
support, to auto-provide needed HTTPlug services and get full Symfony integration, - Added:
hwi.http.client
andhwi.http.message_factory
config keys to provide your own HTTPlug services, - Added:
HWIOAuthEvents
, - Added:
ResourceOwnerInterface::addPaths()
method for easier managing paths in resource owners, - Fixed: Update Facebook API to v2.8,
- Fixed: Bitbucket2 resource owner,
- Fixed: GitHub resource owner documentation,
- Fixed: Don't require any form for the connect feature,
- Fixed: Uncaught exception with custom error page,
- Fixed:
php-cs-fixer
updated to latest version & run on base code
- Fixed: Prevent uncaught exception when redirecting to invalid route,
- Fixed: Add more details too exception when account was not linked,
- Fixed: Odnoklassinki resource owner,
- Fixed: Office365 resource owner,
- Fixed: StackExchange resource owner,
- Fixed: WeChat resource owner,
- Fixed: WindowsLive resource owner
- Fixed error that could occur with message "302 Header already sent",
- Exclude tests from Composer autoloader
- Fixed:
OAuthHelper
should fallback to newRequest
in case of receivingnull
, - Fixed: Better
FOSUserBundle
integration, - Fixed: Serialization issue in
WechatResourceOwner
, - Fixed: Incorrect refresh token in
WechatResourceOwner
, - Fixed: Broken
TrelloResourceOwner
, - Fixed: Removed dead code in
OAuthProvider
, - Fixed: Update Facebook API to v2.7,
- Added: Symfony 3 support,
- Added: Redirect to
target_path
after successful registration/connection, - Added: Asana resource owner,
- Added: Bitbucket resource owner,
- Added: Clever resource owner,
- Added: Itembase resource owner,
- Added: Jawbon resource owner,
- Added: Office365 resource owner,
- Added: Wunderlist resource owner,
- Added: Hungarian translation
- Fixed: Request parameters are not copied into new Request on forward,
- Fixed: Fixed scope deprecating message,
- Fixed: Resolved deprecated message in ConnectController,
- Fixed: Removed usage of deprecated code in tests
- Fixed: Change Discogs URL from http to https,
- Fixed: Update Facebook API URLs to not use outdated ones
- Fixed: Remove usage of deprecated Twig function
form_enctype
& replace with usage ofform_start
/form_end
, - Fixed: Mark as not fully compatible with Symfony
~3.0
, - Fixed: Multiple firewalls can now have different resource owners,
- Fixed: Wrong URL generated for Safesforce resource owner,
- Added:
include_email
option into Twitter resource owner, - Added: Hungarian translation,
- Added: Documentation about FOSUser integration
- [BC break] Added
UserResponseInterface#getFirstName()
method, also a new default pathfirstname
was added, this path holds the first name of user, - [BC break] Added
UserResponseInterface#getLastName()
method, also a new default pathlastname
was added, this path holds the last name of user, - [BC break] Added
UserResponseInterface::getOAuthToken()
& basic implementation inAbstractUserResponse
, - [BC break]
GenericOAuth1ResourceOwner::getRequestToken()
is now public method (was protected), - Added: configuration parameter
firewall_name
(will be removed in next major version) renamed tofirewall_names
to support multiple firewalls, - Added: configuration parameter:
failed_auth_path
which contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection), - Added:
appsecret_proof
functionality support to the Facebook resource owner, - Added:
sandbox
functionality support to the Salesforce resource owner, - Added Auth0 resource owner,
- Added Azure resource owner,
- Added BufferApp resource owner,
- Added Deezer resource owner,
- Added Discogs resource owner,
- Added EveOnline resource owner,
- Added Fiware resource owner,
- Added Hubic resource owner,
- Added Paypal resource owner,
- Added Reddit resource owner,
- Added Runkeeper resource owner,
- Added Slack resource owner,
- Added Spotify resource owner,
- Added Soundcloud resource owner,
- Added Strava resource owner,
- Added Toshl resource owner,
- Added Trakt resource owner,
- Added Wechat resource owner,
- Added Wordpress resource owner,
- Added Xing resource owner,
- Added Youtube resource owner,
- Fixed: Revoking tokens for Facebook & Google resource owners,
- Fixed: Instagram allows only GET calls to fetch user details,
- Fixed:
ResourceOwnerMap
no longer depends on deprecatedContainerAware
class, - Fixed: Wrong usage of
json_decode
in Mail.ru resource owner, - Fixed: Transform storage exceptions in OAuth1 resource owners into
AuthenticationException
- Fixed: Default scopes & fields for VKontakte resource owner
- Fix: Remove deprecated Twig features
- Fix: Undefined variable in
FOSUBUserProvider::refreshUser
- Fix: Restore property accessor for Symfony 2.3
- Fix: Remove BC break for Symfony < 2.5,
- Fix: Compatibility issues with Symfony 2.6+,
- Fix: Deprecated graph URLs for
FacebookResourceOwner
- Fix:
SessionStorage::save()
could throw php error, - Fix:
OAuthToken::isExpired()
always returnedfalse
, - Fix:
FoursquareResourceOwner
,TwitchResourceOwner
,SensioConnectResourceOwner
not working with bearer header, - Fix: Don't use deprecated fields in
FacebookResourceOwner
, - Fix:
FOSUBUserProvider::refreshUser()
always returning old user,
- Fix:
InstagramResourceOwner
regression while getting user details, - Fix: Add smooth migration for session (de)serialization
- Fix:
LinkedinResourceOwner
regression while getting user details, - Fix: OAuth
revoke
functionality to be available wider, - Fix: Removed undocumented functionality from
SinaWeiboResourceOwner
, - Fix: Always remove default ports from URLs to match OAuth 1.0a, Spec: 9.1.2
- Fix: Instagram OAuth redirect to one url,
- Fix:
FOSUBUserProvider
should also implementUserProviderInterface
, - Fix:
YahooResourceOwner
infos_url
to use new format, - Fix: Send authorization via headers instead of URL parameter,
- Fix:
GithubResourceOwner
revoke method, - Fix: Add login routing documentation note
- Fix: Incorrect redirect URL when no parameters are set,
- Fix: Add missing parameter
prompt
forGoogleResourceOwner
, - Fix:
WordpressResourceOwner
user details API call, - Fix: PHP Notice when
oauth_callback_confirmed
was set toofalse
, - Fix: PHP Fatal when session returns boolean instead of object,
- Fix: Add missing query parameters for
FacebookResourceOwner
- Fix: Prevent
SessionUnavailableException
when returns back from service, - Fix:
EntityUserProvider
should implementUserProviderInterface
, - Fix:
createdAt
property was missing when serializing theOAuthToken
, - Added Italian translations
- Fix: Change Twitter API call to use SSL URL,
- Fix: Problems with options in
VkontakteResourceOwner
, - Fix: Problems with OAuth 1.0a token &
YahooResourceOwner
, - Fix: Throw exception in
FOSUBUserProvider
when username is missing - Added SalesForce resource owner
- [BC break]
AccountConnectorInterface::connect()
method now requires the first parameter to be instance ofSymfony\Component\Security\Core\User\UserInterface
- [BC break]
ConnectController::authenticateUser()
method now requires the first parameter to be instance ofSymfony\Component\HttpFoundation\Request
- [BC break] Removed
AbstractResourceOwner::addOptions()
method - [BC break]
OAuthUtils::getAuthorizationUrl()
&OAuthUtils::getLoginUrl()
methods now expect first parameter to be instance ofSymfony\Component\HttpFoundation\Request
- [BC break] LinkedIn resource owner now uses OAuth2 approach, visit official web page for details how to migrate: https://developer.linkedin.com/documents/authentication#migration
- [BC break] Dropbox resource owner now uses OAuth2 approach
- Added ability to merge response parts into single path
- Added Bitly resource owner
- Added Box resource owner
- Added Dailymotion resource owner
- Added DeviantArt resource owner
- Added Eventbrite resource owner
- Added Mail.ru resource owner
- Added Sina Weibo resource owner
- Added QQ.com resource owner
- Added Trello resource owner
- Added Wordpress resource owner
- [BC break] Added
ResourceOwnerInterface::isCsrfTokenValid()
method - [BC break] Removed
OAuth1RequestTokenStorageInterface
along with the implementations - [BC break]
AbstractResourceOwner::__construct()
now requiresRequestDataStorageInterface
instance as last argument - Fix: Yandex resource owner using invalid parameter when requesting user data
- Fix: To prevent unusual content headers response from resource owners should be first threaten as json and only in case of failure threaten as query text
- Fix: Instagram resource owner is not able to receive user data more than once
- Added ability to disable confirmation page when connecting accounts
- Added CSRF protection for OAuth2 providers (turned off by default)
- Added
RequestDataStorageInterface
along with implementation - Added Stereomood resource owner
- [BC break]
GenericOAuth2ResourceOwner::getAccessToken()
now returns an array instead of a string. This array contains the access token and its 'expires_in' value, along with any other parameters returned from the authentication provider - [BC break] Added
OAuthAwareExceptionInterface#setToken()
,OAuthAwareExceptionInterface#getRefreshToken()
,OAuthAwareExceptionInterface#getRawToken()
,OAuthAwareExceptionInterface#getExpiresIn()
methods - [BC break] Renamed
AbstractResourceOwner::doGetAccessTokenRequest
todoGetTokenRequest
- [BC break] Removed
AdvancedPathUserResponse
&AdvancedUserResponseInterface
- [BC break] Added
UserResponseInterface#getEmail()
,UserResponseInterface#getProfilePicture()
,UserResponseInterface#getRefreshToken()
,UserResponseInterface#getExpiresIn()
,UserResponseInterface#setOAuthToken()
methods - [BC break] Removed
UserResponseInterface::setAccessToken()
method - [BC break] Removed
AbstractUserResponse::getOAuthToken()
method because it was ambiguous - [BC break]
PathUserResponse#setPaths()
method no longer overwrite default paths - [BC break]
PathUserResponse#getPath()
method no longer throws an exception if path not exists - [BC break]
PathUserResponse#getValueForPath()
removed second argument from this method, it will not throw exception anymore if response or value is missing, but now will returnnull
instead - [BC break] Added
ResourceOwnerInterface#getOption($name)
method - [BC break]
ResourceOwnerInterface#getUserInformation()
now must receive array ($accessToken
) as first parameter, also added second parameter ($extraParameters
) to be consistent along all implementations - Added
OAuthToken::getRefreshToken()
,OAuthToken::setRefreshToken()
,OAuthToken::getExpiresIn()
,OAuthToken::setExpiresIn()
,OAuthToken::getRawToken()
,OAuthToken::setRawToken()
- Added
AbstractResourceOwner#addOptions()
&ResourceOwnerInterface#setOption($name, $value)
methods which allows easy overwriting resource specific options - Added support for options:
access_type
,request_visible_actions
,approval_prompt
&hd
in Google resource owner - Added 37signals resource owner
- Added Amazon resource owner
- Added Bitbucket resource owner
- Added Disqus resource owner
- Added Dropbox resource owner
- Added Flickr resource owner
- Added Instagram resource owner
- Added Odnoklassniki resource owner
- Added Yandex resource owner
- Fix: use
Symfony\Component\Security\Core\User\UserInterface
inEntityUserProvider::refreshUser
- Fix: made
SessionStorage
compatible with Symfony 2.0
- Fix: Regression done in version
0.2.8
blocking usage withoutFOSUserBundle
- Fix:
OAuthUtils::getAuthorizationUrl()
ignoring given redirect URL
- Fix: Added missing parts in user providers like:
loadUserByUsername()
orrefreshUser()
methods - Fix: Registering of user provider services
- Fix: Make
OAuthUtils::signRequest()
compatible with OAuth1.0a specification
- Fix: Polish oauth error detection to cover cases from i.e. Facebook resource owner
- Fix: Changed authorization url for Vkontakte resource owner
- Fix: Use same check for FOSUserBundle compatibility to prevent strange errors with calls of undefined services
- Fix: User-land aliased (resource owner) services have the appropriate name
- Fix: Use user identifier represented as string for Twitter to prevent issues with losing accuracy for large numbers (i.e. Javascript) or type comparison (i.e. MongoDB)
- Fix: Don't depend on
arg_separator.output
data for URL generation to prevent issues
- Fix: Throw
Symfony\Component\Security\Core\Exception\AccessDeniedException
&Symfony\Component\HttpKernel\Exception\NotFoundHttpException
instead of\Exception
to make cases more clear - Fix: Detect
oauth_problem
as authorization error and inform user instead logging error in background - Fix: Request extra parameters should have higher priority than default
- Fix: How urls are build in resource owners
- Fix: Missing parameter in
YahooResourceOwner
- Added
AbstractUserResponse::getOAuthToken()
method to allow fetching only OAuth token details - Added french translation
- Fix: FB incompatibility with 'error' field in response
- Fix: FOSUB registration form handler
- Fix: Use API 1.1 for Twitter, not the deprecated 1.0
- Fixed issue with FOSUserBundle 2.x integration
- Added support for a
target_path_parameter
in order to control the redirect path after login - Added
hwi_oauth_authorization_url()
twig helper function - Added Jira resource owner
- Added Yahoo resource owner
- Added setting
realm
in configuration - Added support for FOSUserBundle 2.x integration
- Added Stack Exchange resource owner
- Fix: configuration parameter
firewall_name
is required - Fix: prevent throwing
AlreadyBoundException
when using FOSUserBundle 1.x integration - Fix: check for availability of
profilePicture
in views before calling it - Fix:
InMemoryProvider
now shows user nickname as name instead of unique identifier - Fix: don't set
realm
option if is empty in request headers - Fix: for infinity loop blockade and error token response handling
- [BC break] Renamed path
username
toidentifier
to make it more clear that this path should hold the unique user identifier (previouslyusername
) - [BC break] Method
UserResponseInterface#getUsername()
now always returns a real unique user identifier, and uses pathidentifier
- [BC break]
OAuth1RequestTokenStorageInterface#save()
second param$token
must now be an array - [BC break] Configuration type 'generic' is renamed to 'oauth2'
- [BC break]
redirect.xml
routing has to be imported. See the setup docs - Added
UserResponseInterface#getRealName()
method, also a new default pathrealname
was added, this path holds the real name of user - Added
UserResponseInterface#getNickName()
method, also a new default pathnickname
was added, this path holds the nickname of user - Added
UserResponseInterface#getAccessToken()
andUserResponseInterface#setAccessToken
- Added
OAuthToken#getCredentials()
returns an empty string to be consistent with the security component. The access token can still be retrieved from thegetAccessToken()
method - Added change that forces all authentication requests are now redirected to the login path
- Added change that makes
firewall_name
option required setting - Added OAuth 1.0a support (linkedin/twitter/generic)