- Bugfix: Prevent overwriting
failure_pathinAuthenticationFailureHandlerwhen connect functionality is not enabled, - Bugfix: Prevent overwriting
failure_handlerin security configuration if set,
- BC Break: Dropped support for PHP 7.4 & 8.0,
- Added: Telegram resource owner,
- Bugfix: Allow
use_authorization_to_get_tokento be configured tofalsefor generic OAuth2, - Bugfix: Update API version for Facebook to latest available
- Bugfix: Replace custom authenticator passport with custom badge usage,
- Bugfix: Fix registration of failure handler,
- Bugfix: Don't miss refresh token in registration controller,
- Bugfix: Allow
nullas$registrationForminRegisterController, - Bugfix: Fix connect functionality with authentication managers,
- BC Break: Dropped support for Symfony:
>6.0, <6.3, - Added: New Passage resource owner,
- Bugfix: Remove deprecations reported by Symfony 6.4,
- Chore: Added support for Symfony 7,
- Bugfix: Prevent refreshing non-expired tokens
- Bugfix: Remove deprecations reported by Symfony 6.x
- Bugfix: Prevent fatal error when token doesn't have resource owner name set
- BC Break: Dropped support for Symfony: 6.0.*,
- BC Break: Class
Templating\Helper\OAuthHelperwas merged intoTwig\Extension\OAuthRuntime, - BC Break: When resource owner class doesn't define
TYPEconstant or isnull, then key will be calculated by converting its class name withoutResourceOwnersuffix tosnake_case, if neither is felt, then\LogicExceptionwill be thrown, - Deprecated: method
UserResponseInterface::getUsername()was deprecated in favour ofUserResponseInterface::getUserIdentifier()to match changes in Symfony Security component, - Enhancement:
@internalresourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended fromGenericOAuth[X]ResourceOwnergetoauth[X]type. If class only implements ResourceOwnerInterface then its oauth type isunknown. ResourceOwner key (parametertypein configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implementedResourceOwnerInterfacewill be registered automatically. Ifautoconfigureoption is disabled user have to add the taghwi_oauth.resource_ownerto the service definition, - Enhancement: Class
ConnectControllerwas split into two smaller ones,Connect\ConnectController&Connect\RegisterController, - Bugfix: Added
OAuth1ResourceOwner&OAuth2ResourceOwnerto cover case of implementing custom oauth resource owners, - Bugfix: Fixed Authorization Header in
CleverResourceOwner::doGetRequest, - Bugfix: Catch also the
TransportExceptionInterfaceinAbstractResourceOwner::getResponseContent()method, - Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
- Bugfix: Prevent fatal error in
OAuthUserProvider::loadUserByOAuthUserResponse()whennicknameis not available in OAuth response, - Bugfix: Use newer version of
firebase/php-jwtlibrary, - Chore: Removed not used Symfony Templating component
- Deprecated: configuration parameter
firewall_names, firewalls are now computed automatically - all firewalls that have definedoauthauthenticator/provider will be collected, - Added: Ability to automatically refresh expired access tokens (only for derived from
GenericOAuth2ResourceOwnerresource owners), if optionrefresh_on_expireset totrue, - Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option
refresh_on_expureset totrue, - Enhancement: (
@internal) Removed/replaced redundant argument$firewallNamesfrom controllers. If controller class was copied and replaced, adapt list of arguments: In controller use$resourceOwnerMapLocator->getFirewallNames(), - Bugfix:
RefreshTokenListenercannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing onkernel.response. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request, - Bugfix:
InteractiveLoginEventwill be triggered also forOAuthAuthenticator, - Maintain: Changed config files from
*.xmlto*.php(services and routes). Xml routing configsconnect.xml,login.xmlandredirect.xmlare steel present but deprecated. Please use*.phpvariants in your includes instead.
- BC Break: Dropped PHP 7.3 support,
- BC Break: Dropped support for Symfony: >=5.1 & <5.4,
- BC Break:
OAuthExtensionis now a lazy Twig extension using a Runtime, - BC Break: removed support for
FOSUserBundle, - BC Break: changed
process()argument forForm/RegistrationFormHandlerInterface, fromForm $formtoFormInterface $form, - BC Break: changed form class name in template
Resources/views/Connect/connect_confirm.html.twigfromfos_user_registration_registertoregistration_register, - BC Break: removed configuration option
fosubfromoauth_user_provider, - BC Break: removed configuration options
hwi_oauth.fosub, & all related DI parameters, - BC Break: removed DI parameter
hwi_oauth.registration.form.factoryin favour of declaring form class name as DI parameter:hwi_oauth.connect.registration_form, - BC Break: changed
ResourceOwnerMapInterface::hasResourceOwnerByNamesignature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByNamesignature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerByRequestsignature, update if you use a custom resource owner, - BC Break: changed
ResourceOwnerMapInterface::getResourceOwnerCheckPathsignature, update if you use a custom resource owner, - BC Break:
ResourceOwnerMapuses service locator instead of DI container, - BC Break: Removed abstract services:
hwi_oauth.abstract_resource_owner.generic,hwi_oauth.abstract_resource_owner.oauth1&hwi_oauth.abstract_resource_owner.oauth2, - BC Break: Removed
setName()method fromOAuth/ResourceOwnerInterface, - BC Break: changed
__construct()argument forOAuth/ResourceOwner/AbstractResourceOwner, fromHttpMethodsClient $httpClienttoHttpClientInterface $httpClient, - BC Break: replaced
php-http/httplug-bundlewithsymfony/http-client - BC Break: removed
hwi_oauth.httpconfiguration, - BC Break: reworked bundles structure to match Symfony best practices:
- bundle code moved to:
src/, - tests moved to:
tests/, - docs moved from
Resources/docinto:docs/,
- bundle code moved to:
- BC Break: routes provided by bundle now have
methodsrequirements:hwi_oauth_connect_service:GET&POST,hwi_oauth_connect_registration:GET&POST,hwi_oauth_connect:GET,hwi_oauth_service_redirect:GET,
- Added support for PHP 8.1,
- Added support for Symfony 5.6,
- Bugfix: Fixed: BC break by restoring wrongly moved
AbstractOAuthToken::getCredentials()method,
- Bugfix: Fixed support for PHP 8.1,
- Bugfix: Fixed support for Symfony 5.4,
- Bugfix: Fixed
VkontakteResourceOwneroption:api_versionto not point to deprecated one, - Bugfix:
RequestStack::getMasterRequest()is deprecated since Symfony 5.3, useRequestStack::getMainRequest()if exists, - Maintain: Added
GenericOAuth1ResourceOwnerTestCase,GenericOAuth2ResourceOwnerTestCase&ResourceOwnerTestCasetest case classes for easier unit testing custom resource owners
- Bugfix: remove
@finaldeclaration fromOAuthFactory&FOSUBUserProvider, - Maintain: added
.gitattributesto reduce amount of code in archives,
- Bugfix: Define missing
hwi_oauth.connect.confirmationparameter, - Bugfix: Added missing success/failure handlers,
- BC Break: dropped Symfony 5.0 support as it is EOL,
- BC Break: dropped PHP 7.2 support as it is EOL,
- BC Break: changed
__construct()argument forOAuth/RequestDataStorage/SessionStorage, fromSessionInterface $sessiontoRequestStack $requestStack, - BC Break: all internal classes are "softly" marked as
final, - Added: Symfony 5.1 Security system support,
- Added: Forward compatibility layer for session service deprecation,
- Added: state support for service authentication URL's,
- Added: ability to change the response after
HWIOAuthEvents::CONNECT_COMPLETEDis fired, - Added: PHPStan static analyse into CI,
- Fixed:
OAuthProvideto properly refresh data inside tokens, - Fixed: PHP notice in
AppleResourceOwner, - Fixed: use new GitHub API in
GitHubResourceOwner, - Fixed: functional tests with & without FOSUserBundle,
- Fixed: controller don't depend on service container if possible,
- Maintain: removed
Wunderlistresource owner, - Maintain: removed several Symfony BC layers,
- Maintain: removed Prophecy in favour of PHPUnit mocking,
- BC Break: dropped support for Symfony
<4.4, - BC Break: dropped support for Doctrine Bundle
<2.0, - Added PHP 8 support,
- Upgraded Facebook API to v8.0,
- Upgraded Twitch resource owner to incorporate latest Twitch API,
- Fixed: undefined
id_tokenexception in Azure resource owner, - Docs: changed firewall name to match flex receipt,
- Maintain: moved from Travis CI to Github Actions,
- BC Break: dropped Symfony 4.3 support,
- Added
first_name&last_namein AzureResourceOwner, - Added: support for multiple OAuth2 state parameters,
- Added: Apple resource owner,
- Fixed: updated Azure
authorization&access_tokenurls, - Fixed: Doctrine persistence deprecation errors,
- Allow modification of the response in
FilterUserResponseEvent,
- Added Symfony 5 support,
- Added domain whitelist service to avoid open redirect on
target_path, - Fixed: session service was not injected in
LoginController, - Fixed: missing
setContainercall to service configuration forLoginController, - Fixed: client id and client secret must be set in
Auth0ResourceOwner::doGetTokenRequest, - Fixed: missing client id and client secret in
Auth0ResourceOwner, - Twig dependency on
LoginControlleris now optional,
- Dropped support for PHP 5.6, 7.0 and 7.1,
- Dropped support for FOSUserBundle 1.3,
- Dropped support for Symfony 2.8,
- Minimum Symfony 3 requirement is 3.4,
- Minimum Symfony 4 requirement is 4.3,
- Fixed: WindowsLive Resource Owner token request,
- Fixed: Update Facebook API to v3.1,
- Fixed: Update Linkedin API to v2,
- Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments,
- Fixed: Symfony deprecation warning in
symfony/config, - Fixed: SensioConnect now uses new API URLs,
- Fixed: Do not add Authorization header if no client_secret is present,
- Fixed:
LoginController::connectActionshould not fail if no token is available, - Added: Genius.com resource owner,
- Added: HTTPlug 2.0 support,
- Added: Keycloak resource owner,
- Added: The controller is now available as a service,
- Added: Allow to use HTTP Basic auth for token request,
- [BC break] Class
Configurationhas been marked final, - [BC break] Class
ConnectControllerhas been marked final, - [BC break] Class
HWIOAuthExtensionhas been marked final, - [BC break] Class
OAuthExtensionhas been marked final, - [BC break] Class
SetResourceOwnerServiceNameCompilerPasshas been marked final, - [BC break] Class
ConnectControllerextendsAbstractControllerinstead ofController, - [BC break] Service
hwi_oauth.http_clienthas been marked private, - [BC break] Service
hwi_oauth.security.oauth_utilshas been marked private, - [BC break] Several service class parameters have been removed,
- Fixed: Vkontakte profile picture & nickname path,
- Fixed:
Content-Lengthheader must be a string, - Fixed: Upgraded GitLab end point to v4,
- Fixed: Resource owner map parameters must be public,
- Fixed: Azure resource owner
infos_urlshould not be empty, - Fixed: Don't start sessions twice & don't start sessions if already started,
- Fixed: Updated BitBucket docs,
- Added: Further compatibility changes for Symfony 4.1,
- Added: LinkedIn
first-&last-names, - Added: Facebook profile picture
- Fixed: VK requires API version now,
- Fixed: Updated Slack resource owner to use new Slack API methods,
- Fixed: Changing authorization and access token to v2 for LinkedIn,
- Fixed: Fix double call of
getUserInformation()inConnectController, - Fixed: Fix serialization of
AccountNotLinkedException, - Fixed: Check for grant_rule value
IS_AUTHENTICATED_FULLYin DI configuration, - Fixed: Don't execute
OAuthProvider::refreshAccessToken()when there is no refresh token
- BC BREAK: Replaced
PHPUnit_Framework_TestCasewithPHPUnit\Framework\TestCasein tests, - Added: Implemented
getUserInformation()for Dropbox v2, - Fixed: Headers passed to
httpRequest()method in various resource owners, - Fixed: Marked some services as
publicto make code compatible with Symfony 4
- BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6,
- BC BREAK:
hwi.http_clientconfig options are remove. HTTP configuration must rely on the HTTPlug client, - BC BREAK: Template engine other than Twig are no longer supported,
- BC BREAK: Option
hwi_oauth.templating_enginewas removed, - Added: Symfony 4 support,
- Added:
php-http/httplug-bundlesupport, to auto-provide needed HTTPlug services and get full Symfony integration, - Added:
hwi.http.clientandhwi.http.message_factoryconfig keys to provide your own HTTPlug services, - Added:
HWIOAuthEvents, - Added:
ResourceOwnerInterface::addPaths()method for easier managing paths in resource owners, - Fixed: Update Facebook API to v2.8,
- Fixed: Bitbucket2 resource owner,
- Fixed: GitHub resource owner documentation,
- Fixed: Don't require any form for the connect feature,
- Fixed: Uncaught exception with custom error page,
- Fixed:
php-cs-fixerupdated to latest version & run on base code
- Fixed: Prevent uncaught exception when redirecting to invalid route,
- Fixed: Add more details too exception when account was not linked,
- Fixed: Odnoklassinki resource owner,
- Fixed: Office365 resource owner,
- Fixed: StackExchange resource owner,
- Fixed: WeChat resource owner,
- Fixed: WindowsLive resource owner
- Fixed error that could occur with message "302 Header already sent",
- Exclude tests from Composer autoloader
- Fixed:
OAuthHelpershould fallback to newRequestin case of receivingnull, - Fixed: Better
FOSUserBundleintegration, - Fixed: Serialization issue in
WechatResourceOwner, - Fixed: Incorrect refresh token in
WechatResourceOwner, - Fixed: Broken
TrelloResourceOwner, - Fixed: Removed dead code in
OAuthProvider, - Fixed: Update Facebook API to v2.7,
- Added: Symfony 3 support,
- Added: Redirect to
target_pathafter successful registration/connection, - Added: Asana resource owner,
- Added: Bitbucket resource owner,
- Added: Clever resource owner,
- Added: Itembase resource owner,
- Added: Jawbon resource owner,
- Added: Office365 resource owner,
- Added: Wunderlist resource owner,
- Added: Hungarian translation
- Fixed: Request parameters are not copied into new Request on forward,
- Fixed: Fixed scope deprecating message,
- Fixed: Resolved deprecated message in ConnectController,
- Fixed: Removed usage of deprecated code in tests
- Fixed: Change Discogs URL from http to https,
- Fixed: Update Facebook API URLs to not use outdated ones
- Fixed: Remove usage of deprecated Twig function
form_enctype& replace with usage ofform_start/form_end, - Fixed: Mark as not fully compatible with Symfony
~3.0, - Fixed: Multiple firewalls can now have different resource owners,
- Fixed: Wrong URL generated for Safesforce resource owner,
- Added:
include_emailoption into Twitter resource owner, - Added: Hungarian translation,
- Added: Documentation about FOSUser integration
- [BC break] Added
UserResponseInterface#getFirstName()method, also a new default pathfirstnamewas added, this path holds the first name of user, - [BC break] Added
UserResponseInterface#getLastName()method, also a new default pathlastnamewas added, this path holds the last name of user, - [BC break] Added
UserResponseInterface::getOAuthToken()& basic implementation inAbstractUserResponse, - [BC break]
GenericOAuth1ResourceOwner::getRequestToken()is now public method (was protected), - Added: configuration parameter
firewall_name(will be removed in next major version) renamed tofirewall_namesto support multiple firewalls, - Added: configuration parameter:
failed_auth_pathwhich contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection), - Added:
appsecret_prooffunctionality support to the Facebook resource owner, - Added:
sandboxfunctionality support to the Salesforce resource owner, - Added Auth0 resource owner,
- Added Azure resource owner,
- Added BufferApp resource owner,
- Added Deezer resource owner,
- Added Discogs resource owner,
- Added EveOnline resource owner,
- Added Fiware resource owner,
- Added Hubic resource owner,
- Added Paypal resource owner,
- Added Reddit resource owner,
- Added Runkeeper resource owner,
- Added Slack resource owner,
- Added Spotify resource owner,
- Added Soundcloud resource owner,
- Added Strava resource owner,
- Added Toshl resource owner,
- Added Trakt resource owner,
- Added Wechat resource owner,
- Added Wordpress resource owner,
- Added Xing resource owner,
- Added Youtube resource owner,
- Fixed: Revoking tokens for Facebook & Google resource owners,
- Fixed: Instagram allows only GET calls to fetch user details,
- Fixed:
ResourceOwnerMapno longer depends on deprecatedContainerAwareclass, - Fixed: Wrong usage of
json_decodein Mail.ru resource owner, - Fixed: Transform storage exceptions in OAuth1 resource owners into
AuthenticationException - Fixed: Default scopes & fields for VKontakte resource owner
- Fix: Remove deprecated Twig features
- Fix: Undefined variable in
FOSUBUserProvider::refreshUser - Fix: Restore property accessor for Symfony 2.3
- Fix: Remove BC break for Symfony < 2.5,
- Fix: Compatibility issues with Symfony 2.6+,
- Fix: Deprecated graph URLs for
FacebookResourceOwner
- Fix:
SessionStorage::save()could throw php error, - Fix:
OAuthToken::isExpired()always returnedfalse, - Fix:
FoursquareResourceOwner,TwitchResourceOwner,SensioConnectResourceOwnernot working with bearer header, - Fix: Don't use deprecated fields in
FacebookResourceOwner, - Fix:
FOSUBUserProvider::refreshUser()always returning old user,
- Fix:
InstagramResourceOwnerregression while getting user details, - Fix: Add smooth migration for session (de)serialization
- Fix:
LinkedinResourceOwnerregression while getting user details, - Fix: OAuth
revokefunctionality to be available wider, - Fix: Removed undocumented functionality from
SinaWeiboResourceOwner, - Fix: Always remove default ports from URLs to match OAuth 1.0a, Spec: 9.1.2
- Fix: Instagram OAuth redirect to one url,
- Fix:
FOSUBUserProvidershould also implementUserProviderInterface, - Fix:
YahooResourceOwnerinfos_urlto use new format, - Fix: Send authorization via headers instead of URL parameter,
- Fix:
GithubResourceOwnerrevoke method, - Fix: Add login routing documentation note
- Fix: Incorrect redirect URL when no parameters are set,
- Fix: Add missing parameter
promptforGoogleResourceOwner, - Fix:
WordpressResourceOwneruser details API call, - Fix: PHP Notice when
oauth_callback_confirmedwas set toofalse, - Fix: PHP Fatal when session returns boolean instead of object,
- Fix: Add missing query parameters for
FacebookResourceOwner
- Fix: Prevent
SessionUnavailableExceptionwhen returns back from service, - Fix:
EntityUserProvidershould implementUserProviderInterface, - Fix:
createdAtproperty was missing when serializing theOAuthToken, - Added Italian translations
- Fix: Change Twitter API call to use SSL URL,
- Fix: Problems with options in
VkontakteResourceOwner, - Fix: Problems with OAuth 1.0a token &
YahooResourceOwner, - Fix: Throw exception in
FOSUBUserProviderwhen username is missing - Added SalesForce resource owner
- [BC break]
AccountConnectorInterface::connect()method now requires the first parameter to be instance ofSymfony\Component\Security\Core\User\UserInterface - [BC break]
ConnectController::authenticateUser()method now requires the first parameter to be instance ofSymfony\Component\HttpFoundation\Request - [BC break] Removed
AbstractResourceOwner::addOptions()method - [BC break]
OAuthUtils::getAuthorizationUrl()&OAuthUtils::getLoginUrl()methods now expect first parameter to be instance ofSymfony\Component\HttpFoundation\Request - [BC break] LinkedIn resource owner now uses OAuth2 approach, visit official web page for details how to migrate: https://developer.linkedin.com/documents/authentication#migration
- [BC break] Dropbox resource owner now uses OAuth2 approach
- Added ability to merge response parts into single path
- Added Bitly resource owner
- Added Box resource owner
- Added Dailymotion resource owner
- Added DeviantArt resource owner
- Added Eventbrite resource owner
- Added Mail.ru resource owner
- Added Sina Weibo resource owner
- Added QQ.com resource owner
- Added Trello resource owner
- Added Wordpress resource owner
- [BC break] Added
ResourceOwnerInterface::isCsrfTokenValid()method - [BC break] Removed
OAuth1RequestTokenStorageInterfacealong with the implementations - [BC break]
AbstractResourceOwner::__construct()now requiresRequestDataStorageInterfaceinstance as last argument - Fix: Yandex resource owner using invalid parameter when requesting user data
- Fix: To prevent unusual content headers response from resource owners should be first threaten as json and only in case of failure threaten as query text
- Fix: Instagram resource owner is not able to receive user data more than once
- Added ability to disable confirmation page when connecting accounts
- Added CSRF protection for OAuth2 providers (turned off by default)
- Added
RequestDataStorageInterfacealong with implementation - Added Stereomood resource owner
- [BC break]
GenericOAuth2ResourceOwner::getAccessToken()now returns an array instead of a string. This array contains the access token and its 'expires_in' value, along with any other parameters returned from the authentication provider - [BC break] Added
OAuthAwareExceptionInterface#setToken(),OAuthAwareExceptionInterface#getRefreshToken(),OAuthAwareExceptionInterface#getRawToken(),OAuthAwareExceptionInterface#getExpiresIn()methods - [BC break] Renamed
AbstractResourceOwner::doGetAccessTokenRequesttodoGetTokenRequest - [BC break] Removed
AdvancedPathUserResponse&AdvancedUserResponseInterface - [BC break] Added
UserResponseInterface#getEmail(),UserResponseInterface#getProfilePicture(),UserResponseInterface#getRefreshToken(),UserResponseInterface#getExpiresIn(),UserResponseInterface#setOAuthToken()methods - [BC break] Removed
UserResponseInterface::setAccessToken()method - [BC break] Removed
AbstractUserResponse::getOAuthToken()method because it was ambiguous - [BC break]
PathUserResponse#setPaths()method no longer overwrite default paths - [BC break]
PathUserResponse#getPath()method no longer throws an exception if path not exists - [BC break]
PathUserResponse#getValueForPath()removed second argument from this method, it will not throw exception anymore if response or value is missing, but now will returnnullinstead - [BC break] Added
ResourceOwnerInterface#getOption($name)method - [BC break]
ResourceOwnerInterface#getUserInformation()now must receive array ($accessToken) as first parameter, also added second parameter ($extraParameters) to be consistent along all implementations - Added
OAuthToken::getRefreshToken(),OAuthToken::setRefreshToken(),OAuthToken::getExpiresIn(),OAuthToken::setExpiresIn(),OAuthToken::getRawToken(),OAuthToken::setRawToken() - Added
AbstractResourceOwner#addOptions()&ResourceOwnerInterface#setOption($name, $value)methods which allows easy overwriting resource specific options - Added support for options:
access_type,request_visible_actions,approval_prompt&hdin Google resource owner - Added 37signals resource owner
- Added Amazon resource owner
- Added Bitbucket resource owner
- Added Disqus resource owner
- Added Dropbox resource owner
- Added Flickr resource owner
- Added Instagram resource owner
- Added Odnoklassniki resource owner
- Added Yandex resource owner
- Fix: use
Symfony\Component\Security\Core\User\UserInterfaceinEntityUserProvider::refreshUser - Fix: made
SessionStoragecompatible with Symfony 2.0
- Fix: Regression done in version
0.2.8blocking usage withoutFOSUserBundle - Fix:
OAuthUtils::getAuthorizationUrl()ignoring given redirect URL
- Fix: Added missing parts in user providers like:
loadUserByUsername()orrefreshUser()methods - Fix: Registering of user provider services
- Fix: Make
OAuthUtils::signRequest()compatible with OAuth1.0a specification
- Fix: Polish oauth error detection to cover cases from i.e. Facebook resource owner
- Fix: Changed authorization url for Vkontakte resource owner
- Fix: Use same check for FOSUserBundle compatibility to prevent strange errors with calls of undefined services
- Fix: User-land aliased (resource owner) services have the appropriate name
- Fix: Use user identifier represented as string for Twitter to prevent issues with losing accuracy for large numbers (i.e. Javascript) or type comparison (i.e. MongoDB)
- Fix: Don't depend on
arg_separator.outputdata for URL generation to prevent issues
- Fix: Throw
Symfony\Component\Security\Core\Exception\AccessDeniedException&Symfony\Component\HttpKernel\Exception\NotFoundHttpExceptioninstead of\Exceptionto make cases more clear - Fix: Detect
oauth_problemas authorization error and inform user instead logging error in background - Fix: Request extra parameters should have higher priority than default
- Fix: How urls are build in resource owners
- Fix: Missing parameter in
YahooResourceOwner
- Added
AbstractUserResponse::getOAuthToken()method to allow fetching only OAuth token details - Added french translation
- Fix: FB incompatibility with 'error' field in response
- Fix: FOSUB registration form handler
- Fix: Use API 1.1 for Twitter, not the deprecated 1.0
- Fixed issue with FOSUserBundle 2.x integration
- Added support for a
target_path_parameterin order to control the redirect path after login - Added
hwi_oauth_authorization_url()twig helper function - Added Jira resource owner
- Added Yahoo resource owner
- Added setting
realmin configuration - Added support for FOSUserBundle 2.x integration
- Added Stack Exchange resource owner
- Fix: configuration parameter
firewall_nameis required - Fix: prevent throwing
AlreadyBoundExceptionwhen using FOSUserBundle 1.x integration - Fix: check for availability of
profilePicturein views before calling it - Fix:
InMemoryProvidernow shows user nickname as name instead of unique identifier - Fix: don't set
realmoption if is empty in request headers - Fix: for infinity loop blockade and error token response handling
- [BC break] Renamed path
usernametoidentifierto make it more clear that this path should hold the unique user identifier (previouslyusername) - [BC break] Method
UserResponseInterface#getUsername()now always returns a real unique user identifier, and uses pathidentifier - [BC break]
OAuth1RequestTokenStorageInterface#save()second param$tokenmust now be an array - [BC break] Configuration type 'generic' is renamed to 'oauth2'
- [BC break]
redirect.xmlrouting has to be imported. See the setup docs - Added
UserResponseInterface#getRealName()method, also a new default pathrealnamewas added, this path holds the real name of user - Added
UserResponseInterface#getNickName()method, also a new default pathnicknamewas added, this path holds the nickname of user - Added
UserResponseInterface#getAccessToken()andUserResponseInterface#setAccessToken - Added
OAuthToken#getCredentials()returns an empty string to be consistent with the security component. The access token can still be retrieved from thegetAccessToken()method - Added change that forces all authentication requests are now redirected to the login path
- Added change that makes
firewall_nameoption required setting - Added OAuth 1.0a support (linkedin/twitter/generic)