8.3.2

Fixed

• Fix PHP 8.0+ SdkConfiguration named arguments usage #654 (evansims)

8.3.1

Full Changelog

Changed

• [SDK-3647] Add PHP 8.2.0-dev to test matrix #650 (evansims)

Fixed

• [SDK-3646] Reliability and performance improvements to CookieStore #649 (evansims)

Note: Previously in some circumstances, cookie secrets were not always being required in strategies where they should have been required. This has been resolved as part of the fixes in this release. If you are suddenly prompted to configure a cookie secret in an app that doesn't use sessions/cookies, please ensure you are using the correct strategy: https://github.com/auth0/auth0-PHP/tree/8.3.1#configuration-strategies

8.3.0

Full Changelog

Added

• Add PSR-14 Event Dispatcher, for highly customizable session storage mediums #646 (evansims)

Changed

• Treat passing an empty string to SdkConfiguration as the default undefined value type of NULL #643 (evansims)
• Enable configuration of SessionStore and CookieStore samesite property #645 (evansims)
• Add hardcoded debugging flag to CookieStore to disable encryption of session cookies #644 (evansims)
• Update getRequestParameter() filter to use FILTER_SANITIZE_FULL_SPECIAL_CHARS and allow passing extra filter options #642 (evansims)
• Defer/batch "Set-Cookie" headers at login() for transient cookies, and clear() #641 (evansims)

8.2.1

Full Changelog

Fixed

• Fixed an issue in Auth0\SDK\Configuration\SdkConfiguration where customDomain was not properly formatted in some configurations, leading to inconsistencies in certain SDK functions, such as Token validation. customDomain is now formatted identically to domain. #633 (evansims)

Closed Issues

• Resolves #630 (barasimumatik)

8.2.0

Full Changelog

Many thanks to our community contributors for this release: elbebass, fullstackfool, jeromefitzpatrick, marko-ilic and sepiariver.

Added

• Add bearer token extraction helper, Auth0\SDK\Auth0::getBearerToken() #620 (evansims)
• Add configuration strategy constants, e.g. Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API #619 (evansims)

Changed

• Throw Auth0\SDK\Exception\InvalidTokenException on JsonException #614 (marko-ilic)
• Throw Auth0\SDK\Exception\NetworkException when Management API credential exchange fails #608 (sepiariver)

Documentation Contributions

• Correct the new method name for get_authorize_link() for 8.x in UPGRADE.md #623 (jeromefitzpatrick)
• Remove PHP 7.3 README note (deprecated) #610 (evansims)
• Update CONTRIBUTING.md guidance #609 (sepiariver)
• Update README.md guidance on management configuration strategy (domain is required) #604 (fullstackfool)
• Correct README.md typos in Management API example #602 (elbebass)

Other Improvements

• Relax pestphp/pest-plugin-parallel dev dependency from ^0.2 to ^0.2 || ^1.0 #617
• Bump firebase/php-jwt dev dependency to ^6.0 #613 (evansims)
• Add Semgrep to continous integration test suite #616 (evansims)

8.1.0

Full Changelog

Added

• Add Attack Protection endpoints #593 (evansims)

8.0.6

Full Changelog

Fixed

• Auth0->renew(): now updates additional session details after a successful token refresh #593 (evansims)

8.0.5

Full Changelog

Fixed

• Auth0->exchange(): optimize setcookie() calls #591 (Nebual)

8.0.4

Full Changelog

Fixed

• Require domain configuration for management strategy #589 (evansims)

Documentation

• Update UPGRADE.md with additional notes about Auth0::login() changes from v7. #585 (BGehrels)
• Update UPGRADE.md with additional notes about Auth0::exchange() changes from v7. #584 (BGehrels)

Tests

• Add Semgrep to test suite #588 (evansims)
• Upgrade test suite to use 8.1 GA (up from RC builds) #587 (evansims)
• Fix warnings introduced in new Psalm update #586 (evansims)

8.0.3

Full Changelog

Changes

• Introduce Interfaces to Final Classes #581 (komando82)