Added

• Nothing.

Changed

• #69 updates the minimum supported version of league/oauth-server to ^8.0.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

Added

• #62 adds the ability to configure and add event listeners for the underlying league/oauth2 implementation. See the event listeners configuration documentation for more information.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

Added

• Nothing.

Changed

• #55 changes how the OAuth2Adapter validates when a client ID is present. Previously, if a client ID was present, but not a user ID, it would attempt to pull a user from the user factory using the client ID, which was incorrect. With this release, it no longer does that.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #71 adds a check to AccessTokenRepository to verify that a row was returned before checking if a token was revoked, raising an exception if not.

• #72 updates the database schema in provided examples to reflect actual requirements.

Added

• #63
  registers the ConfigProvider with the package. If you are using zend-component-installer
  it will be added to your configuration during the installation.

• #64
  adds support for PHP 7.3.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

Added

• Nothing.

Changed

• #58 Upgrades the league/oauth2-server library to 7.3.0 in order to use it with Swoole. This is provided by league/oauth2-server thanks to #960 AuthorizationServer stateless

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #52 Wrong factory mapped to AuthorizationHandler
• #54 Fixed "WWW-Authenticate" header value format

Added

• #41 Allows existing PDO service to be used. This will allow us to reuse existing pdo services instead of opening up a second connection for oauth.
• #42 Adds TokenEndpointHandler, AuthorizationMiddleware and AuthorizationHandler in the Zend\Expressive\Authentication\OAuth2 namespace to implement an authorization server.
• #50 Adds all the OAuth2 identity data generated by thephpleague/oauth2-server to UserInterface PSR-7 attribute. These values are oauth_user_id, oauth_client_id, oauth_access_token_id, oauth_scopes`.

Changed

• #42 Splits Zend\Expressive\Authentication\OAuth2\OAuth2Middleware into individual implementations that allow OAuth RFC-6749 compliant authorization server implementations.

Deprecated

• Nothing.

Removed

• #42 Removes Zend\Expressive\Authentication\OAuth2\OAuth2Middleware.

Fixed

• #44 Fixes revocation of access token for PDO repository
• #45 Fixes issue with empty scope being passed throwing exception.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Removes auto-requiring of the encryption key via the configuration unless the default file
  actually exists and is readable. As the configuration is processed in every request, this is necessary
  to prevent issues when the file does not exist (e.g., if the user has specified an alternate location).

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Fixes an issue in the default configuration paths for public, private, and encryption keys,
  ensuring they will be based on the current working directory, and not the package directory.

Added

• #30
  adds the AuthenticationInterface to the config provider so OAuth2 works out of
  the box. Can always be overwritten in project configs.
• #38
  added the the /oauth route configuration in docs.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #21
  fixes unknown user will throw an exception. When a user tries to use a
  username that doesn't exist in the database an exception is thrown instead of
  an invalid_credentials error.
• #22
  fixes exception thrown when client secret is missing. When a client id is used
  that has no client_secret in the database an exception is thrown instead of an
  invalid_client error.
• #23
  updates the token insert statements to match schema located in data/oauth2.php
• #37
  fixes issue with script to generate keys writes to vendor dir