v0.4.0

• Allow multiple redirect URI for client (there is a minor table schema change, as a consequence)
• Fix a potential security issue by being more restrictive on the redirect URI when creating an authorization code. Now, if someone send a custom redirect_uri in the query params, the OAuth2 server will first check if the given redirect URI is in the list of the authorized redirect URIs by the client. If that's not the case, an InvalidRequest exception will be returned, and no authorization code will be generated.

v0.3.0

• Add support for the ZF2 event manager. You can now attach listeners that are called whenever a new authorization code is created or failed, or when a new access token is created or failed.

v0.2.0

• [BC] The isRequestValid from the ResourceServer is now gone in favour of a simpler approach: you just need to call the getAccessToken from the ResourceServer (with optional scopes), and null will be returned if the token is either expired, does not exist or does not match given scopes.

v0.1.1

• Tokens do not contain \ and / characters anymore (as it can lead to problems when the token is passed as a query param).

v0.1.0

• First release!