You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The server will now validate redirect uris according to rfc8252 (PR #1203)
Events emitted now include the refresh token and access token payloads (PR #1211)
Use the revokeRefreshTokens() function to decide whether refresh tokens are revoked or not upon use (PR #1189)
Changed
Keys are now validated using openssl_pkey_get_private() and openssl_pkey_get_public()` instead of regex matching (PR #1215)
Fixed
The server will now only recognise and handle an authorization header if the value of the header is non-empty. This is to circumvent issues where some common frameworks set this header even if no value is present (PR #1170)
Added type validation for redirect uri, client ID, client secret, scopes, auth code, state, username, and password inputs (PR #1210)
Allow scope "0" to be used. Previously this was removed from a request because it failed an empty() check (PR #1181)
