You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GrantTypeInterface has a new function, revokeRefreshTokens() for enabling or disabling refresh tokens after use (PR #1375)
A CryptKeyInterface to allow developers to change the CryptKey implementation with greater ease (PR #1044)
The authorization server can now finalize scopes when a client uses a refresh token (PR #1094)
An AuthorizationRequestInterface to make it easier to extend the AuthorizationRequest (PR #1110)
Added function getKeyContents() to the CryptKeyInterface (PR #1375)
Fixed
Basic authorization is now case insensitive (PR #1403)
If a refresh token has expired, been revoked, cannot be decrypted, or does not belong to the correct client, the server will now issue an invalid_grant error and a HTTP 400 response. In previous versions the server incorrectly issued an invalid_request and HTTP 401 response (PR #1042) (PR #1082)
Changed
All interfaces now specify types for all params and return values. Strict typing enforced (PR #1074)
Request parameters are now parsed into strings to use internally in the library (PR #1402)
Authorization Request objects are now created through the factory method, createAuthorizationRequest() (PR #1111)
Changed parameters for finalizeScopes() to allow a reference to an auth code ID (PR #1112)
AccessTokenEntityInterface now requires the implementation of toString() instead of the magic method __toString() (PR #1395)
Removed
Removed message property from OAuthException HTTP response. Now just use error_description as per the OAuth 2 spec (PR #1375)
