Merge branch 'master' into master

jumbojett · Nov 21, 2021 · dd30a3a · dd30a3a
2 parents c1d3d05 + 712bab2
commit dd30a3a
Show file tree

Hide file tree

Showing 6 changed files with 263 additions and 16 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,38 @@
+---
+name: build
+
+on: [push, pull_request]
+
+env:
+    DEFAULT_COMPOSER_FLAGS: "--prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi"
+
+jobs:
+    phpunit:
+        name: PHP ${{ matrix.php }} on ${{ matrix.os }}
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                os: [ubuntu-latest]
+                php: ['5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4']
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v2
+            - name: Install PHP
+              uses: shivammathur/setup-php@v2
+              with:
+                  php-version: ${{ matrix.php }}
+            - name: Get composer cache directory
+              id: composer-cache
+              run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+            - name: Cache composer dependencies
+              uses: actions/cache@v1
+              with:
+                  path: ${{ steps.composer-cache.outputs.dir }}
+                  key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+                  restore-keys: ${{ runner.os }}-composer-
+            - name: Install dependencies
+              run: composer update $DEFAULT_COMPOSER_FLAGS
+            - name: Run unit tests
+              run: vendor/bin/phpunit --verbose --colors=always tests
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,15 +4,39 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## [Unreleased]
+## [unreleased]
 
 ### Added
-*
+
+* Enabled `client_secret_basic` authentication on `refreshToken()` #215
+* Basic auth support for requestResourceOwnerToken #271
+
+## [0.9.3]
+
+### Added
+
+* getRedirectURL() will not log a warning for PHP 7.1+ #179
+* it is now possible to disable upgrading from HTTP to HTTPS for development purposes by calling `setHttpUpgradeInsecureRequests(false)` #241
+* bugfix in getSessionKey when _SESSION key does not exist #251
+* Added scope parameter to refresh token request #225
+* bugfix in verifyJWTclaims when $accessToken is empty and $claims->at_hash is not #276
+* bugfix with the `empty` function in PHP 5.4 #267
+
+## [0.9.2]
+
+### Added
+* Support for [PKCE](https://tools.ietf.org/html/rfc7636). Currently the supported methods are 'plain' and 'S256'.
+
+## [0.9.1]
+
+### Added
+* Add support for MS Azure Active Directory B2C user flows
 
 ### Changed
 * Fix at_hash verification #200
 * Getters for public parameters #204
-* Enabled `client_secret_basic` authentication on `refreshToken()`
+* Removed client ID query parameter when making a token request using Basic Auth
+* Use of `random_bytes()` for token generation instead of `uniqid()`; polyfill for PHP < 7.0 provided.
 
 ### Removed
 * Removed explicit content-length header - caused issues with proxy servers

diff --git a/README.md b/README.md
@@ -129,6 +129,20 @@ if (!$data->active) {
 
 ```
 
+## Example 8: PKCE Client ##
+
+```php
+use Jumbojett\OpenIDConnectClient;
+
+$oidc = new OpenIDConnectClient('https://id.provider.com',
+                                'ClientIDHere',
+                                null);
+$oidc->setCodeChallengeMethod('S256');
+$oidc->authenticate();
+$name = $oidc->requestUserInfo('given_name');
+
+```
+
 
 ## Development Environments ##
 In some cases you may need to disable SSL security on on your development systems.
@@ -139,10 +153,16 @@ $oidc->setVerifyHost(false);
 $oidc->setVerifyPeer(false);
 ```
 
+Also, your local system might not support HTTPS, so you might disable uprading to it:
+
+```php
+$oidc->httpUpgradeInsecureRequests(false);
+```
+
 ### Todo ###
 - Dynamic registration does not support registration auth tokens and endpoints
 
   [1]: http://openid.net/specs/openid-connect-basic-1_0-15.html#id_res
 
 ## Contributing ###
- - All pull requests, once merged, should be added to the changelog.md file.
+ - All pull requests, once merged, should be added to the CHANGELOG.md file.
diff --git a/composer.json b/composer.json
@@ -6,7 +6,8 @@
         "php": ">=5.4",
         "phpseclib/phpseclib" : "~2.0",
         "ext-json": "*",
-        "ext-curl": "*"
+        "ext-curl": "*",
+        "paragonie/random_compat": ">=2"
     },
     "require-dev": {
         "phpunit/phpunit": "^4.8",