5.0.0-RC2

RC2 changes

• Allow multiple client redirect URIs (Issue #511)
• Remove unused mac token interface (Issue #503)
• Handle RSA key passphrase (Issue #502)
• Remove access token repository from response types (Issue #501)
• Remove unnecessary methods from entity interfaces (Issue #490)
• Ensure incoming JWT hasn't expired (Issue #509)
• Fix client identifier passed where user identifier is expected (Issue #498)
• Removed built-in entities; added traits to for quick re-use (Issue #504)
• Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
• Removed templating for auth code and implicit grants (Issue #499)

About version 5

Version 5 is a complete code rewrite.

• JWT support
• PSR-7 support
• Improved exception errors
• Replace all occurrences of the term "Storage" with "Repository"
• Simplify repositories
• Entities conform to interfaces and use traits
• Auth code grant updated
  • Allow support for public clients
  • Add support for #439
• Client credentials grant updated
• Password grant updated
  • Allow support for public clients
• Refresh token grant updated
• Implement Implicit grant
• Bearer token output type
• Remove MAC token output type
• Authorization server rewrite
• Resource server class moved to PSR-7 middleware
• Tests
• Much much better documentation

5.0.0-RC1

Version 5 is a complete code rewrite.

• JWT support
• PSR-7 support
• Improved exception errors
• Replace all occurrences of the term "Storage" with "Repository"
• Simplify repositories
• Entities conform to interfaces and use traits
• Auth code grant updated
  • Allow support for public clients
  • Add support for #439
• Client credentials grant updated
• Password grant updated
  • Allow support for public clients
• Refresh token grant updated
• Implement Implicit grant
• Bearer token output type
• Remove MAC token output type
• Authorization server rewrite
• Resource server class moved to PSR-7 middleware
• Tests
• Much much better documentation

4.1.5

• Enable Symfony 3.0 support (#412)

4.1.4

• Fix for determining access token in header (Issue #328)
• Refresh tokens are now returned for MAC responses (Issue #356)
• Added integration list to readme (Issue #341)
• Expose parameter passed to exceptions (Issue #345)
• Removed duplicate routing setup code (Issue #346)
• Docs fix (Issues #347, #360, #380)
• Examples fix (Issues #348, #358)
• Fix typo in docblock (Issue #352)
• Improved timeouts for MAC tokens (Issue #364)
• hash_hmac() should output raw binary data, not hexits (Issue #370)
• Improved regex for matching all Base64 characters (Issue #371)
• Fix incorrect signature parameter (Issue #372)
• AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
• Added priority argument to event listener (Issue #388)

4.1.3

• Docblock, namespace and inconsistency fixes (Issue #303)
• Docblock type fix (Issue #310)
• Example bug fix (Issue #300)
• Updated league/event to ~2.1 (Issue #311)
• Fixed missing session scope (Issue #319)
• Updated interface docs (Issue #323)
• .travis.yml updates

4.1.2

• Remove side-effects in hash_equals() implementation (Issue #290)

4.1.1

• Changed symfony/http-foundation dependency version to ~2.4 so package can be installed in Laravel 4.1.*

4.1.0

• Added MAC token support (Issue #158)
• Fixed example init code (Issue #280)
• Toggle refresh token rotation (Issue #286)
• Docblock fixes

4.0.5

• Prevent duplicate session in auth code grant (Issue #282)

4.0.4

• Ensure refresh token hasn't expired (Issue #270)