7.3.1

Fixed

• Fix issue with previous release where interface had changed for the AuthorizationServer. Reverted to the previous interface while maintaining functionality changes (PR #970)

7.3.0

Changed

• Moved the finalizeScopes() call from validateAuthorizationRequest method to the completeAuthorizationRequest method so it is called just before the access token is issued (PR #923)

Added

• Added a ScopeTrait to provide an implementation for jsonSerialize (PR #952)
• Ability to nest exceptions (PR #965)

Fixed

• Fix issue where AuthorizationServer is not stateless as ResponseType could store state of a previous request (PR #960)

7.2.0

Changed

• Added newvalidateRedirectUri method AbstractGrant to remove three instances of code duplication (PR #912)
• Allow 640 as a crypt key file permission (PR #917)

Added

• Function hasRedirect() added to OAuthServerException (PR #703)

Fixed

• Catch and handle BadMethodCallException from the verify() method of the JWT token in the validateAuthorization method (PR #904)

4.1.7

Fixed

• Ensure empty() function call only contains variable to be compatible with PHP 5.4 (PR #918)

7.1.1

Fixed

• No longer set a WWW-Authenticate header for invalid clients if the client did not send an Authorization header in the original request (PR #902)

7.1.0

Changed

• Changed hint for unsupportedGrantType exception so it no longer references the grant type parameter which isn't always expected (PR #893)
• Upgrade PHPStan checks to level 7 (PR #856)

Added

• Added event emitters for issued access and refresh tokens (PR #860)
• Can now use Defuse\Crypto\Key for encryption/decryption of keys which is faster than the Cryto class (PR #812)

7.0.0

Merge pull request #854 from Sephster/master

Version 7

6.1.1

• Removing check on empty scopes

6.1.0

• Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
• Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
• Allow specification of query delimiter character in the Password Grant (PR #801)
• Add Zend Diactoros library dependency to examples (PR #678)
• Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
• Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)

5.1.6

• Add toggle to disable key permissions check. (Issue #776)