v5.6.0

Full Changelog

Closed issues

• [Auth0\SDK\Exception\CoreException] Invalid domain when trying to run unit tests with Codeception 3.1.0 #358
• JWT Verification fails everytime #356
• Bulk User Imports - I can't Use upsert as a paramater for the importUsers feature #353

Added

• Add \Auth0\SDK\Auth0::getLoginUrl() method and switch login() to use it #371 (joshcanhelp)
• Add JWKFetcher::getFormatted() method and switch validator to use #369 (joshcanhelp)
• Add additional API params to Jobs > importUsers #354 (pinodex)

Deprecated

• Deprecated unused JWKFetcher methods #373 (joshcanhelp)
• Deprecate magic __call method on RequestBuilder class #366 (joshcanhelp)
• Deprecate Management properties; add lazy-load methods #363 (joshcanhelp)
• Deprecate and stop using magic call method on ApiClient #362 (joshcanhelp)
• Deprecate addPathVariable and dump methods on RequestBuilder #361 (joshcanhelp)
• Deprecate TokenGenerator class #360 (joshcanhelp)
  Fixed
• Fix boolean form parameters not sending as strings #357 (joshcanhelp)

v5.5.1

Full Changelog

Closed issues

• No packagist package created for 5.5.0 #346

Fixed

• Fix empty url params #349 (joshcanhelp)
• Fix tests to reduce the number of sensitive credentials used #348 (joshcanhelp)
• Change normalizeIncludeTotals() in GenericResource to have sane defaults #347 (kler)

v5.5.0

Full Changelog

Closed issues

• Consider dropping PHP-5.x version supports #343
• Auth0 Error: 'Invalid state' in /auth0/vendor/auth0/auth0-php/src/Auth0.php: line#537 #333

Added

• Add missing User endpoints for Management API #341 (joshcanhelp)
• Add all Management API Roles endpoints #337 (joshcanhelp)
• Add missing Users test and switch to mocked calls. #336 (joshcanhelp)
• Add Authentication::refresh_token() method #335 (joshcanhelp)

v5.4.0

Full Changelog

Notes for this release:

• \Auth0\SDK\Auth0 now accepts a $config key called skip_userinfo that uses the decoded ID token for the user profile instead of a call to the /userinfo endpoint. This will save an HTTP call during login and should have no affect on most applications.

Closed issues

• Auth0::exchange() assumes a valid id_token #317
• Feature Request: Support sending auth0-forwarded-for header #208

Added

• Authentication class cleanup and tests #322 (joshcanhelp)
• Add Grants Management endpoint #321 (joshcanhelp)
• Add Auth0-Forwarded-For header for RO grant #320 (joshcanhelp)
• Improve API Telemetry #319 (joshcanhelp)
• Add Mock API Request Capability and Mocked Connections Tests #314 (joshcanhelp)

Changed

• Test suite improvements #313 (joshcanhelp)
• Improve repo documentation #312 (joshcanhelp)

Deprecated

• Official deprecation for JWKFetcher method #328 (joshcanhelp)
  • \Auth0\SDK\Helpers\JWKFetcher::fetchKeys()
• Official deprecation for User methods #327 (joshcanhelp)
  • \Auth0\SDK\API\Management\Users::search()
  • \Auth0\SDK\API\Management\Users::unlinkDevice()
• Official deprecation of ClientGrants method #326 (joshcanhelp)
  • \Auth0\SDK\API\Management\ClientGrants::get()
• Official deprecation of legacy InformationHeaders methods #325 (joshcanhelp)
  • \Auth0\SDK\API\Helpers\InformationHeaders::setEnvironment()
  • \Auth0\SDK\API\Helpers\InformationHeaders::setDependency()
  • \Auth0\SDK\API\Helpers\InformationHeaders::setDependencyData()
• Official deprecation of legacy Authentication methods #324 (joshcanhelp)
  • \Auth0\SDK\API\Authentication::setApiClient()
  • \Auth0\SDK\API\Authentication::sms_code_passwordless_verify()
  • \Auth0\SDK\API\Authentication::email_code_passwordless_verify()
  • \Auth0\SDK\API\Authentication::impersonate()

Fixed

• Fix Auth0::exchange() to handle missing id_token #318 (joshcanhelp)

v5.3.2

Full Changelog

Closed issues

• Something is wrong with the latest release 5.3.1 #303

Fixed

• Fix info headers Extend error in dependant libs #304 (joshcanhelp)

v5.3.1

Full Changelog

Closed issues

• Array to String exception when audience is an array #296
• Passing accessToken from frontend to PHP API #281
• Deprecated method email_code_passwordless_verify #280

Added

• Fix documentation for Auth0 constructor options #298 (biganfa)

Changed

• Change telemetry headers to new format and add tests #300 (joshcanhelp)

Fixed

• Fix bad exception message generation #297 (joshcanhelp)

v5.3.0

Full Changelog

Closed issues

• Question: Handling rate limits #277
• Allow configuration of the JWKS URL #276
• Allow changing the session key name #273
• SessionStore overrides PHP session cookie lifetime setting #215

Added

• Add custom JWKS path and kid check to JWKFetcher + tests #287 (joshcanhelp)
• Add config keys for session base name and cookie expires #279 (joshcanhelp)
• Add return request object #278 (joshcanhelp)
• Add pagination and tests to Resource Servers #275 (joshcanhelp)
• Fix formatting, code standards scan #274 (joshcanhelp)
• Add pagination, docs, and better tests for Rules #272 (joshcanhelp)
• Adding pagination, tests, + docs to Client Grants; minor test suite refactor #271 (joshcanhelp)
• Add tests, docblocks for Logs endpoints #270 (joshcanhelp)
• Add PHP_CodeSniffer + ruleset config #267 (joshcanhelp)
• Add session state and dummy state handler tests #266 (joshcanhelp)

Changed

• Build/PHPCS: update/improve the PHPCS configuration #284 (jrfnl)

Deprecated

• Deprecate Auth0\SDK\API\Oauth2Client class #269 (joshcanhelp)

Removed

• Remove examples, add links to Quickstarts #293 (joshcanhelp)

Fixed

• Whitespace pass with new standards using composer phpcbf #268 (joshcanhelp)

Security

• Add ID token validation #285 (joshcanhelp)

5.2.0

Full Changelog

Closed issues

• getAppMetadata - how to use? #248
• Auth0 class missing action to renew access token #234
• DOC maj #217

Added

• User pagination and fields, docblocks, formatting, test improvements #261 (joshcanhelp)
• Unit test for withDictParams method #260 (joshcanhelp)
• Pagination, additional parameters, and tests for the Connections endpoint #258 (joshcanhelp)
• Renew tokens method for Auth0 client class #257 (jspetrak)
• Clients endpoint pagination and improvements #256 (joshcanhelp)
• Add email template endpoints #251 (joshcanhelp)

Changed

• Code style scan and fixes #250 (joshcanhelp)

Fixed

• Fix PHPUnit test. #262 (maurobonfietti)
• Allow $page to be null for Clients so pagination is not triggered #259 (joshcanhelp)
• Rewrite README; add news and notes to CHANGELOG #253 (joshcanhelp)

5.1.1

5.1.1 (2018-04-03)

Full Changelog

Closed issues

• State Handler with Custom Session Store #233
• Implement ResourceServices::getAll #200

Added

• Implement ResourceServices::getAll() #236 joshcanhelp)

Fixed

• Incorrect type hint on SessionStateHandler __construct #235 (joshcanhelp)
• Auth0 class documentation fixed for store and state handler #232 (jspetrak)
• Fixing minor code quality issues #231 joshcanhelp)

5.1.0

State validation was added in 5.1.0 for improved security. By default, this uses session storage and will happen automatically if you are using a combination of Auth0::login() and any method which calls Auth0::exchange() in your callback.

If you need to use a different storage method, implement your own StateHandler and set it using the state_handler config key when you initialize an Auth0 instance.

If you are using Auth0::exchange() and a method other than Auth0::login() to generate the Authorize URL, you can disable automatic state validation by setting the state_handler key to false when you initialize the Auth0 instance. It is highly recommended to implement state validation, either automatically or otherwise

Closed issues

• Support for php-jwt 5 #210

Added

• Adding tests for state handler; correcting storage method used #228 (joshcanhelp)

Changed

• Bumping JWT package version #229 (joshcanhelp)