Release 5.1.0 · auth0/auth0-PHP

State validation was added in 5.1.0 for improved security. By default, this uses session storage and will happen automatically if you are using a combination of Auth0::login() and any method which calls Auth0::exchange() in your callback.

If you need to use a different storage method, implement your own StateHandler and set it using the state_handler config key when you initialize an Auth0 instance.

If you are using Auth0::exchange() and a method other than Auth0::login() to generate the Authorize URL, you can disable automatic state validation by setting the state_handler key to false when you initialize the Auth0 instance. It is highly recommended to implement state validation, either automatically or otherwise

Closed issues

Support for php-jwt 5 #210

Added

Adding tests for state handler; correcting storage method used #228 (joshcanhelp)

Changed

Bumping JWT package version #229 (joshcanhelp)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.1.0