7.6.2

Full Changelog

Fixed

• Ensure ?include_totals are handled properly on GET /users and GET /roles requests for Management API #476 (evansims)

7.6.1

Full Changelog

This is a hotfix release to address an issue with a Composer dependency reference and apply a testing configuration change. There are no additional new features or changes.

7.6.0

Full Changelog

SDK 7.6 introduces support for the newly released PHP 8.0 and drops support for PHP 7.1 and 7.2 (which have reached their end of support cycles.) Please ensure you are running supported versions of PHP in your environments.

Added

• PHP 8.0 support #467 (evansims)
• Static code analysis #470 (FrontEndCoffee)

7.5.0

Full Changelog

Closed issues

• createPasswordChangeTicket doesn't support 'ttl_sec' parameter #457
• Make the CACHE_TTL used in the JWKFetcher configurable. #450
• Allow programmatic clearing of cache values managed by Auth0Service #441

Added

• Add support for Authorization Code Flow with PKCE #449 (ls-youssef-jlidat)
• Allow specifying TTL when creating password change tickets #463 (evansims)
• Expand control over TTL/Caching in JWKFetcher #462 (evansims)
• Add support for Management V2 users export job endpoint #461 (evansims)

7.4.0

Full Changelog

Added

• Add support for new identity field for email verifications #455 (jimmyjames)

7.3.0

Full Changelog

Closed issues

• TokenVerifier::verify throws a \RuntimeException instead of an InvalidTokenException #438
• Support Guzzle 7 #421

Added

• Add Support for Log Streams Management APIs #451 (jimmyjames)
• Update composer requirements to support guzzle ~7.0 #443 (banderon1)

Fixed

• Throw InvalidTokenException instead of RuntimeException when parsing malformed token #439 (B-Galati)

7.2.0

Full Changelog

Closed issues

• Renew Tokens throws nonce error #432
• email_passwordless_start not setting client_secret #431

Added

• /passwordless/start accepts client_secret now #430 (abbaspour)

Fixed

• Allow no nonce option #434 (joshcanhelp)

7.1.0

Full Changelog

Closed issues

• Authorized Party (azp) claim mismatch in the ID token #422
• JWTVerifier alternatives #419
• Consider to customize the jwks path #417

Added

• Add TokenVerifier for non-OIDC-compliant JWTs #428 (joshcanhelp)
• Add signing key rotation and custom JWKS URI support #426 (joshcanhelp)
• Add Client ID to verification email method #423 (joshcanhelp)

7.0.0

Full Changelog

BEFORE YOU UPGRADE

This is a major release with several breaking changes. Please see the v5 to v7 migration guide here before you upgrade.

Added

• Add types for StoreInterface and implementors; add back EmptyStore #414 (joshcanhelp)
• Add select Guardian management endpoints #412 (joshcanhelp)
• Add Auth0->decodeIdToken() method for ID token decoding by deps #410 (joshcanhelp)
• Add SameSite cookie attribute handling #400 (joshcanhelp)
• Nonce and max_age handling with new CookieStore class #395 (joshcanhelp)

Changed

• Convert caching to PSR-16 interface #403 (joshcanhelp)
• Move AuthorizationBearer to new namespace #402 (joshcanhelp)
• Improve transient authorization data handling #397 (joshcanhelp)
• Cleanup Auth0 class constructor for clarification and better defaults #394 (joshcanhelp)
• Change client secret requirements #390 (joshcanhelp)
• Improved OIDC compliance #386 (joshcanhelp)
• Update minimum PHP from 5.5 to 7.1 #377 (joshcanhelp)

Removed

• Remove future iat check #411 (joshcanhelp)
• Remove Firebase JWT library #396 (joshcanhelp)
• Remove session cookie expiration option #389 (joshcanhelp)
• Remove deprecated Authentication methods and add types #385 (joshcanhelp)
• Remove deprecated JWKS methods and adjust tests #384 (joshcanhelp)
• Remove deprecated M-API methods #383 (joshcanhelp)
• Remove deprecated InformationHeaders methods and add types #382 (joshcanhelp)
• Remove deprecated methods and add types to RequestBuilder #381 (joshcanhelp)
• Remove deprecated token generator #380 (joshcanhelp)
• Remove deprecated legacy classes #379 (joshcanhelp)
• Update management props #378 (joshcanhelp)

v5.7.0

Full Changelog

Added

• Add default scopes to Auth0 class #406 (joshcanhelp)
• fix: add missing options for renewTokens method #405 (bkotrys)

Deprecated

• Add deprecation notices for removals in v7 major release #407 (joshcanhelp)

Fixed

• Fix mkdir race condition in FileSystemCacheHandler #375 (B-Galati)