v12.3.1 - 2024-11-11
- Update logo to support dark/light theme by @milewski in #1787
- Fix repeated word "the" in upgrade guide by @caendesilva in #1798
v12.3.0 - 2024-08-05
v12.2.1 - 2024-07-10
- [12.x] Fix purge command by @hafezdivandari in #1772
v12.2.0 - 2024-04-17
- [12.x] Add
refreshToken
relation toToken
model by @gdebrauwer in #1739
v12.1.0 - 2024-04-15
v12.0.3 - 2024-04-05
- Adjust newFactory method visibility by @brandonfarber in #1735
v12.0.2 - 2024-03-21
- [12.x] Make commands lazy by @timacdonald in #1731
- [12.x] Allow token "expires in" to be defined as date interval by @jacobmllr95 in #1733
v12.0.1 - 2024-03-14
- [12.x] Cast session lifetime to int by @kindslayer in #1727
- [12.x] Fixes used version of L9 by @nunomaduro in #1730
v12.0.0 - 2024-03-12
- [12.x] Adds Laravel 11 support by @nunomaduro in #1702
- [12.x] Disable password grant by default by @hafezdivandari in #1715
- [12.x] Make
Client::$plainSecret
public by @axlon in #1719 - [12.x] Use more secure key permissions by @axlon in #1721
- [12.x] Enhance console commands by @hafezdivandari in #1724
v11.10.6 - 2024-03-01
v11.10.5 - 2024-02-09
v11.10.4 - 2024-01-30
- Consistently retrieve client uuids value from Passport by @rojtjo in #1711
- [11.x] Allow developers to disable the password grant type by @axlon in #1712
v11.10.2 - 2024-01-17
v11.10.1 - 2024-01-10
- [11.x] Allow unsetting a user's access token by @axlon in #1698
- [11.x] Add getGrantTypesAttribute method to fix Eloquent strict mode error by @gdebrauwer in #1705
v11.10.0 - 2023-11-02
- [11.x] Named static methods for middleware by @michaelnabil230 in #1695
- Simplify Conditional Statement by @michaelnabil230 in #1696
v11.9.2 - 2023-10-16
- Add return to revokeRefreshTokensByAccessTokenId method by @aminkhoshzahmat in #1693
v11.9.1 - 2023-09-01
v11.9.0 - 2023-08-29
- [11.x] Add the ability to limit scopes by client by @axlon in #1682
- [11.x] Add support for inherited scopes when limiting scopes on clients by @axlon in #1683
v11.8.8 - 2023-07-07
- Add generics to client factory by @axlon in #1669
- Update composer.json by @Smoggert in #1674
- Update composer.json by @drhoussem in #1677
v11.8.7 - 2023-04-28
- Revert "[11.x] Add Provider Guard to ClientRepository for Personal Access Clients" by @driesvints in #1658
v11.8.6 - 2023-04-24
- Add Provider Guard to ClientRepository for Personal Access Clients by @michaelnabil230 in #1655
v11.8.5 - 2023-04-04
- Allow
lcobucci/jwt
v5 and cleaned up version constraints by @GrahamCampbell in #1649 - Pass user identifier through to finalize scopes in personal access grant by @GrahamCampbell in #1650
v11.8.4 - 2023-03-18
- Removed deprecated
dates
property fromRefreshToken
model by @siarheipashkevich in #1645 - Removed deprecated
dates
property fromAuthCode
model by @siarheipashkevich in #1644 - Fix doc block types by @hafezdivandari in #1647
v11.8.3 - 2023-03-01
- Allow overriding the
AccessToken
class by @hafezdivandari in #1638 - Make
$userId
nullable inClientRepository->createPersonalAccessClient
by @bram-pkg in #1642
v11.8.2 - 2023-02-20
- Re-apply "Added AuthenticationException to extend the behaviour of Laravel's default exception handler" by @driesvints in https://github.com/laravel/passport/commit/67c3e336af163f6eba5dbca8e5db46275ff0e433
v11.8.1 - 2023-02-20
- Revert "Move AuthenticationException into the scope of Laravel Passport" by @driesvints in https://github.com/laravel/passport/commit/db543b0cc13ed3f56f1bffda04707fbe2a8c7ab5
v11.8.0 - 2023-02-17
- Move AuthenticationException into the scope of Laravel Passport by @chrispage1 in #1633
- Custom authorization view response by @JonErickson in #1629
- Fix deprecated $dates property by @TonyWong9527 in #1636
v11.7.0 - 2023-02-08
- Add support for
EncryptCookies
middleware by @axlon in #1628
v11.6.1 - 2023-02-03
- Indicate current token can be
TransientToken
by @axlon in #1627
v11.6.0 - 2023-01-31
- Update ClientCommand.php's user_id description by @Smoggert in #1619
- Get model PK instead of forcibly id column by @lucaspanik in #1626
- Fix doc block for
withAccessToken()
by @axlon in #1620
v11.5.1 - 2023-01-16
- Get authenticated user from the guard by @hafezdivandari in #1617
v11.5.0 - 2023-01-09
- Laravel v10 Support by @driesvints in #1615
v11.4.0 - 2023-01-03
- Uses PHP Native Type Declarations 🐘 by @nunomaduro in #1594
v11.3.1 - 2022-12-02
- Add auth guard to routes by @hafezdivandari in #1603
v11.3.0 - 2022-10-22
- Support prompting login when redirecting for authorization by @hafezdivandari in #1577
- Update PurgeCommand.php by @fatoskurtishi in #1586
- Fix ClientRepository doc blocks by @axlon in #1587
- Update docblock by @mnabialek in #1588
v11.2.1 - 2022-09-29
- Improve token guard return type by @axlon in #1579
v11.2.0 - 2022-09-07
- Let OAuth2 server handle the denying response by @hafezdivandari in #1572
v11.1.0 - 2022-09-05
- Support prompting re-consent when redirecting for authorization by @hafezdivandari in #1567
- Support disabling prompt when redirecting for authorization by @hafezdivandari in #1569
v11.0.1 - 2022-08-29
- Custom days and hours to passport purge command by @rubengg86 in #1563
- Allow for bootstrapping without loading routes by @axlon in #1564
v11.0.0 - 2022-08-19
- Allow authenticated client to be retrieved from the guard by @axlon in #1508
- Revert model DB connection customization by @driesvints in #1412
- Allow timestamps on Token model by @driesvints in #1425
- Improve authenticateViaBearerToken() performance by @alecpl in #1447
- Refactor routes to dedicated file by @driesvints in #1464
- Stub client on guard when calling Passport::actingAsClient() by @axlon in #1519
- Fix scope inheritance when using Passport::actingAs() by @axlon in #1551
- Drop PHP 7.x and Laravel v8 by @driesvints in #1558
- Remove deprecated properties by @driesvints in #1560
- Remove deprecated functionality and simplify some feature tests by @driesvints in #1559
v10.4.1 - 2022-04-16
- Add new URI Rule to validate URI and use it to RedirectRule. by @victorbalssa in #1544
v10.4.0 - 2022-03-30
- Upgrade firebase/php-jwt to ^6.0 by @prufrock in #1538
v10.3.3 - 2022-03-08
- Use anonymous migrations by @mmachatschek in #1531
v10.3.2 - 2022-02-22
- Fix Faker deprecations by @X-Coder264 in #1530
- Allow to use custom authorization server response (#1521)
- Laravel 9 Support (#1516)
- Fix jsonSerialize PHP 8.1 issue (#1512)
- Fix
str_replace
error when third parameter ($subject) is null (#1511)
- Add custom encryption key for JWT tokens (#1501)
- Refactor expiry dates to intervals (#1500)
- Ensure client model factory always creates models with a primary key (#1492
- Use app helper (3d1e6bb)
- Fix binding (e3478de)
- Backport phpseclib v2 (#1418)
- Update to phpseclib v3 (#1410)
- PHP 8 Support (#1373)
- Remove Vue components (#1352)
- Use newFactory to properly reference factory (#1349)
- Support Laravel 8 & drop PHP 7.2 support (#1336)
- Guzzle 7 support (#1311)
- Nonstandard ID in the token's relationship with the user (#1267)
- Implement secret modal (#1258)
- Warn about one-time-hashed-secret (#1259)
- Add force option to hash command (#1251)
- Implement personal access client config (#1260)
- Fix displaying secret in Vue component (#1244)
- Moved provider check to bearer token only (#1246)
- Fix create client call (aff9d09)
- Allow client credentials secret to be hashed (#1145, ccbcfeb, 1c40ae0)
- Implement
passport:hash
command (#1238) - Initial support for multiple providers (#1220)
- Client credentials middleware should allow any valid client (#1132)
- Switch from
getKey()
togetAuthIdentifier()
to match Laravel core (#1134) - Use Hasher interface instead of HashManager (#1157)
- Bump league server dependency (#1237)
- Automatic configuration of client UUIDs (#1231)
- Fix 500 Internal Server Error response (#1222)
- Fix resolveInheritedScopes (#1207)
mergeConfigFrom
already checked if app is running with config cached (#1205)
- Implement auth token for access requests (#1188)
- Revoke refresh tokens when auth tokens get revoked (#1186)
- Remove foreign keys (20e9b66)
- Add a Passport Client factory to Passport publishing (#1171)
- Update ClientCommand to support public clients (#1151)
- Purge Command for revoked and/or expired tokens and auth codes (#1159, 6c1ea42)
- Replace deprecated package and namespaces (#1158)
- Allow access to HTTP response status code on OAuthServerException (#1148)
- Modify UserRepository to check for 'findAndValidateForPassport' method (#1144)
- Add abstract CheckCredentials middleware and allows to create (#1127)
- Fix
actingAsClient
testing method (#1119)
- Rework HandlesOAuthErrors trait to middleware (#937)
- Use a renderable exception for OAuth errors (#1066)
- Use diactoros 2.0 and psr-http-factory (aadf603)
- Replaced helpers with Blade directives (#939)
- Use caret for constraints (d906804)
- Dropped support for Laravel 5.8 (654cc09)
- Dropped support for PHP 7.1 (3c830ac)
- Upgrade to league/oauth2-server 8.0 (97e3026)
- Fix exception will thrown if token belongs to first party clients (#1040)
- Fix auth codes table customization (#1044)
- Add key type to refresh token model (e400c2b)
- Cast returned client identifier value to string (#1091)
- Add
actingAsClient
method for tests (#1083)
- Let Passport support inherited parent scopes (#1068)
- Accept requests with the encrypted X-XSRF-TOKEN HTTP header (#1069)
- Use
bigInteger
column type foruser_id
columns (#1057)
- Remove old 5.9 constraints (58eb99c)
- Update version constraints for Laravel 6.0 (609b5e8)
- Change server property type in
CheckClientCredentialForAnyScope
(#1034)
- Allow first party clients to skip the authorization prompt (#1022)
- Fix AccessToken docblock (#996)
- Allow installs of zend-diactoros 2 (c0c3fca)
- Change
wasRecentlyCreated
tofalse
(#979)
- Changed the way to get action path from
url()
toroute()
(#950) - Allow
'*'
scope to be used with Client Credentials (#949)
- Replace
fire()
withdispatch()
(#952)
- Make name an optional question (#926)
- Do not auto increment
AuthCode
ID (#929) - Allow multiple redirects when creating clients (#928)
- Add responses for destroy methods (#942)
- Rename property (#920)
- Add middleware CheckClientCredentialsForAnyScope (#855)
- Support a default scope when no scope was requested by the client (#879)
- Allow setting expiration of personal access tokens (#919)
- Change auth code table to the model's table (#865)
- Made whereRevoked consistent (#868)
- Use unsignedInteger column type for
client_id
columns (47f0021)
- Prevent passing empty string variable to retrieveById method (#861)
- Add names to routes for re-usability (#846)
- Add user relationship to client model (#851, 3213be8)
- Add the ability to retrieve current client (#854)
- Fix migrations tag publish (#832)
Authcode
model is now used for persisting new authcodes (#808)resources/assets
directory was flattened (#813)
- Add option to enable cookie serialization (9012496)
- Don't serialize by default (29e9d53)