Skip to content

Releases: thephpleague/oauth2-server

2.0.4

23 Sep 13:44
Compare
Choose a tag to compare
  • Renamed primary key in oauth_client_endpoints table
  • Adding missing column to oauth_session_authcodes
  • SECURITY FIX: A refresh token should be bound to a client ID

2.0.3

23 Sep 13:44
Compare
Choose a tag to compare
  • Fixed a link to code in composer.json

2.0.2

23 Sep 13:45
Compare
Choose a tag to compare
  • Updated README with wiki guides
  • Removed null as default parameters in some methods in the storage interfaces
  • Fixed license copyright

2.0

23 Sep 13:45
Compare
Choose a tag to compare
2.0

If you're upgrading from v1.0.8 there are lots of breaking changes

  • Rewrote the session storage interface from scratch so methods are more obvious
  • Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
  • Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
  • A session can have multiple associated access tokens
  • Induvidual grants can have custom expire times for access tokens
  • Authorization codes now have a TTL of 10 minutes by default (can be manually set)
  • Refresh tokens now have a TTL of one week by default (can be manually set)
  • The client credentials grant will no longer gives out refresh tokens as per the specification