v6.0.0

• Added migration guide to document breaking changes and migration steps
• Added LaunchValidatorInterface, PlatformLaunchValidatorInterface and ToolLaunchValidatorInterface
• Added AccessTokenResponseGeneratorInterface
• Added RequestAccessTokenValidatorInterface and RequestAccessTokenValidationResultInterface
• Moved PlatformLaunchValidator in Platform sub namespace
• Moved ToolLaunchValidator in Tool sub namespace
• Fixed LtiServiceServer media type handling
• Fixed LtiServiceClient grant assertion aud claim
• Fixed AgsClaim with not mandatory line item container url
• Fixed OAuth2 token validation to support multiple audiences
• Fixed proctoring start assessment message validator with resource link check
• Updated LtiServiceServerRequestHandlerInterface signature
• Updated Guzzle dependency to ^6.5 || ^7.0
• Updated documentation

v5.0.1

• Fixed CVE-2021-30130 issue

v5.0.0

• Added migration guide to document breaking changes and migration steps
• Added psalm support
• Added support of nullable error for Result based classes
• Added LtiServiceServer component to ease providing LTI services
• Moved Service\Server namespace into Security\OAuth2
• Moved UserAuthenticationResultInterface in Result sub namespace
• Moved UserAuthenticationResult in Result sub namespace
• Renamed JwksServer into JwksRequestHandler
• Renamed OidcInitiationServer into OidcInitiationRequestHandler
• Renamed OidcAuthenticationServer into OidcAuthenticationRequestHandler
• Renamed AccessTokenRequestValidator into RequestAccessTokenValidator
• Renamed AccessTokenRequestValidatorResult into RequestAccessTokenValidatorResult
• Renamed ServiceClientInterface into LtiServiceClientInterface
• Renamed ServiceClient into LtiServiceClient
• Fixed globally nullable parameters for classes constructors
• Fixed deprecated legacy user identifier claim
• Updated UserAuthenticatorInterface signature
• Updated documentation

v4.2.0

• Added enhanced role management: type (system, institution, context), core / non core, long / short names & automatic validation
• Updated LtiMessagePayloadInterface with getValidatedRoleCollection() method (allows easy access to validated roles from launches)
• Updated documentation

v4.1.0

• Added invalid access token cache busting on 401 LTI service response (with auto retry)

v4.0.0

• Added PHP 8 support (and kept >=7.2)
• Added algorithms support for RS384/512, HS256/384/512, ES256/384/512 (on top of RS256)
• Added wrapper interfaces for JWT handling (builder, parser, validator), with default implementation based on lcobucci/jwt
• Added multiple audiences support in JWT handling
• Added collection, result and ids generator utils
• Added migration guide to document breaking changes and migration steps
• Added more security testing tools
• Fixed issue #74
• Fixed ServiceClient to work with 201 access token endpoint response
• Updated documentation

v3.3.1

• Updated the version of ramsey/uuid dependency to allow the use of version 4

v3.3.0

• Added OidcTestingTrait to ease OIDC based testing flows

v3.2.2

• Fixed lcobucci/jwt dependency to version 3.3.3

v3.2.1

• Added fallback to JWKS lookup to check URL if key is not found in cache