Releases: thephpleague/oauth2-server
Releases · thephpleague/oauth2-server
2.0.4
- Renamed primary key in oauth_client_endpoints table
- Adding missing column to oauth_session_authcodes
- SECURITY FIX: A refresh token should be bound to a client ID
2.0.3
- Fixed a link to code in composer.json
2.0.2
- Updated README with wiki guides
- Removed
null
as default parameters in some methods in the storage interfaces - Fixed license copyright
2.0
If you're upgrading from v1.0.8 there are lots of breaking changes
- Rewrote the session storage interface from scratch so methods are more obvious
- Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
- Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
- A session can have multiple associated access tokens
- Induvidual grants can have custom expire times for access tokens
- Authorization codes now have a TTL of 10 minutes by default (can be manually set)
- Refresh tokens now have a TTL of one week by default (can be manually set)
- The client credentials grant will no longer gives out refresh tokens as per the specification