3.4.4

Release Notes for 3.4.4

This release fixes a gap on our forward compatibility layer with v4 for multiple audience support, improving the documentation to state how users can migrate their code.

3.4.4

• Total issues resolved: 0
• Total pull requests resolved: 2
• Total contributors: 2

Bug

• 656: Fix forward compatibility layer gap for audience claim thanks to @lcobucci

Documentation,Improvement

• 630: Improve deprecation for aud claims thanks to @SvenRtbg

4.1.0

Release Notes for 4.1.0

This release provides a new algorithm (EdDSA over Curve25519) and a claim formatted that always uses integers for date claims.

4.1.0

• Total issues resolved: 1
• Total pull requests resolved: 37
• Total contributors: 8

Improvement

• 617: Provide the UnixTimestampDates formatter thanks to @Slamdunk
• 616: Expose interface that represents unencrypted tokens thanks to @Slamdunk
• 613: Prefer ext-sodium cache-timing-safe functions thanks to @Slamdunk
• 605: Implement EdDSA Signer thanks to @Slamdunk
• 555: Add StrictValidAt constraint, deprecate ValidAt to LooseValidAt thanks to @Slamdunk
• 554: [v4.0] Add stricter ValidAt constraint thanks to @Slamdunk

Documentation

• 607: Fix typo in validating-tokens.md thanks to @hunomina
• 601: Fix letter case error thanks to @baijunyao
• 600: Fix autoload.php path error thanks to @baijunyao
• 591: Fix validation documentation thanks to @vmikhav
• 572: Update validating-tokens.md thanks to @nikafzar

CI

• 624: Ignore mutations for now thanks to @lcobucci
• 619: Improve CI configuration thanks to @t0mmy742
• 614: [CI] Lint composer.json thanks to @Slamdunk

Dependencies

• 639: Bump infection/infection from 0.20.2 to 0.21.0 thanks to @dependabot-preview[bot]
• 599: Bump dealerdirect/phpcodesniffer-composer-installer from 0.7.0 to 0.7.1 thanks to @dependabot-preview[bot]
• 598: Bump phpstan/phpstan from 0.12.58 to 0.12.59 thanks to @dependabot-preview[bot]
• 597: Bump phpunit/phpunit from 9.4.4 to 9.5.0 thanks to @dependabot-preview[bot]
• 596: Bump nikic/php-parser from 4.10.2 to 4.10.3 thanks to @dependabot-preview[bot]
• 589: Bump phpunit/phpunit from 9.4.3 to 9.4.4 thanks to @dependabot-preview[bot]
• 588: Bump symfony/process from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 587: Bump symfony/string from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 586: Bump symfony/options-resolver from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 585: Bump symfony/finder from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 584: Bump symfony/console from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 583: Bump symfony/filesystem from 5.1.9 to 5.2.0 thanks to @dependabot-preview[bot]
• 581: Bump phar-io/version from 3.0.2 to 3.0.3 thanks to @dependabot-preview[bot]
• 580: Bump symfony/console from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 579: Bump symfony/debug from 4.4.16 to 4.4.17 thanks to @dependabot-preview[bot]
• 578: Bump symfony/filesystem from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 577: Bump symfony/finder from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 576: Bump symfony/string from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 575: Bump symfony/process from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 574: Bump symfony/options-resolver from 5.1.8 to 5.1.9 thanks to @dependabot-preview[bot]
• 573: Bump phpstan/phpstan from 0.12.57 to 0.12.58 thanks to @dependabot-preview[bot]
• 571: Bump phpunit/php-code-coverage from 9.2.4 to 9.2.5 thanks to @dependabot-preview[bot]
• 570: Bump sebastian/lines-of-code from 1.0.2 to 1.0.3 thanks to @dependabot-preview[bot]
• 567: Bump phpunit/php-code-coverage from 9.2.3 to 9.2.4 thanks to @dependabot-preview[bot]

4.0.1

Release Notes for 4.0.1

This release fixes the validation logic of the expiration claim, making sure we're properly following the RFC.

4.0.1

• Total issues resolved: 0
• Total pull requests resolved: 2
• Total contributors: 2

Bug

• 636: Token must expire the exact time of "exp" claim thanks to @Slamdunk

Documentation

• 632: Use the correct class name for in-memory keys in documentation thanks to @lots0logs

3.4.3

• Total issues resolved: 0
• Total pull requests resolved: 2
• Total contributors: 2

Bug

• 635: Token must expire the exact time of "exp" claim thanks to @Slamdunk

Documentation

• 634: Fix argument name in @param annotation of OpenSSL#doVerify() thanks to @chalasr

3.4.2

• Total issues resolved: 1
• Total pull requests resolved: 1
• Total contributors: 1

Bug

• 595: Avoid conflicts with other polyfills thanks to @digibeuk

3.4.1

This release fixes a bug and a BC-break introduced in v3.4.0.

• Total issues resolved: 1
• Total pull requests resolved: 2
• Total contributors: 2

Bug

• 562: Fix validation of the audience claim on the new API thanks to @b-water

BC-break

• 561: Remove RegisteredClaimGiven exception in favour of deprecation message for withClaim thanks to @Spomky

4.0.0

![Build Status]

This release ships several API improvements, making this lib much more extensible and easier to use.
It requires PHP 7.4 and it's compatible with PHP 8.0 as well (the latest RC).

Please follow our upgrading guide to perform the necessary adjustments to your code.

• Total issues resolved: 32
• Total pull requests resolved: 196
• Total contributors: 23

BC-break

• 533: Extract interface for keys thanks to @lcobucci
• 538: Rename getters thanks to @lcobucci
• 247: Use OpenSSL to handle ECDSA signature thanks to @lcobucci
• 113: Improve token builder interface thanks to @lcobucci
• 73: Replaced Token->validate with Validator class handling token validation thanks to @dannydorfel
• 72: Token Validation API thanks to @schnittstabil
• 52: Do we really need to throw an exception when verifying the signature of an unsigned token? thanks to @lcobucci
• 51: Move to PHP 7 thanks to @lcobucci

Improvement

• 544: Only prefix file:// if doesn't exist already thanks to @Sephster
• 536: Rename key implementation thanks to @lcobucci
• 531: Use lib exceptions thanks to @lcobucci
• 526: Minor improvements on docs and performance thanks to @lcobucci
• 508: Pull JOSE encoder back thanks to @lcobucci
• 462: Fix base exception concept thanks to @lcobucci
• 454: Allow users to configure format for date registered claims thanks to @t0mmy742
• 431: PHP 8.0 compatibility thanks to @lcobucci
• 399: Move object initialisation to constructor thanks to @lcobucci
• 355: add toString method thanks to @p4veI
• 351: Validator: raise exception when no constraint is given thanks to @Slamdunk
• 325: Allow users to provide custom token builders thanks to @lcobucci
• 319: adds tests for ES512 algorithm thanks to @ffflabs
• 292: Make audience argument variadic in builder thanks to @lcobucci and @samjudge
• 287: Require PHPUnit v8.0 thanks to @lcobucci
• 286: Upgrade Infection to 0.12 thanks to @lcobucci
• 285: Upgrade PHPStan to v0.11 thanks to @lcobucci
• 281: Fix deprecation notices thanks to @lcobucci
• 277: Upgrade infection thanks to @lcobucci
• 276: ECDSA Alg improvements thanks to @Spomky
• 275: Revert "Remove assertion count manipulation" thanks to @lcobucci
• 272: Various minor improvements thanks to @lcobucci
• 271: Add leeway to ValidAt constraint thanks to @lcobucci
• 270: Remove assertion count manipulation thanks to @lcobucci
• 269: Make build more strict thanks to @lcobucci
• 264: Add validation constraints to configuration object thanks to @daniruizcamacho
• 224: Improve build tools thanks to @lcobucci
• 204: Add validation constraints to configuration object thanks to @lcobucci
• 202: Remove file level docblock from all files thanks to @lcobucci
• 201: Improve build process thanks to @lcobucci
• 200: Re-enable Humbug since we now have a RC version thanks to @lcobucci
• 199: 198: Add CS checking to build thanks to @vanbrabantf
• 198: Add PHPCS as a dev dependency thanks to @lcobucci
• 197: Switched public and final to match PSR2 thanks to @vanbrabantf
• 189: Add PHPBench as performance test tool thanks to @lcobucci
• 188: Add PHPCS configuration thanks to @lcobucci
• 187: Implement ECDSA signer that uses OpenSSL thanks to @lcobucci
• 180: Use a time provider instead on ValidAt constraint thanks to @lcobucci
• 171: Handle claims conversion thanks to @lcobucci and @henriquemoody
• 170: Enhancement: Keep packages sorted without specifying --sort-packages thanks to @localheinz
• 169: Enhancement: Add .gitattributes thanks to @localheinz
• 168: Fix: Cache dependencies installed with composer between builds thanks to @localheinz
• 167: Fix: Remove unused imports thanks to @localheinz
• 166: Add keys to config thanks to @lcobucci
• 165: Simplify registered claims usage thanks to @lcobucci
• 164: Rename builder methods thanks to @lcobucci
• 163: Fix RSA failures and add tests to it thanks to @lcobucci
• 161: Add key(s) to configuration object thanks to @lcobucci
• 160: Create none signer thanks to @lcobucci
• 159: Move string references of registered claims to constants thanks to @lcobucci
• 153: Require PHP 7.1 thanks to @lcobucci
• 146: Require PHP 7.1 thanks to @lcobucci
• 139: Use a time provider to get the current system time thanks to @lcobucci
• 131: Make sure there are no duplicated audiences while building token thanks to @lcobucci
• 130: Extract the registered claim names to constants thanks to @lcobucci
• 129: Create new validation API thanks to @lcobucci
• 122: Simplify signer API thanks to @lcobucci
• 118: Improve tests and add humbug thanks to @lcobucci
• 117: Improve the token interface thanks to @lcobucci
• 95: Removing some bad mutations thanks to @lcobucci
• 84: Using external coverage (and keeping track of just unit tests coverage). thanks to @lcobucci
• 78: Allow arrays or audience claim and issuer validation. thanks to @SamThePsychoticLeprechaun
• 74: Introducing a configuration object thanks to @lcobucci
• 49: Introduce configuration object thanks to @lcobucci
• 38: Extract Encoder and Decoder so they can be used in other libs thanks to @lcobucci
• 29: Private/public claims validation thanks to @lcobucci

Documentation

• 534: Final preparations for 4.0.0-beta1 thanks to @lcobucci
• 326: Create documentation thanks to @lcobucci
• 94: Add information about how to extend the library thanks to @lcobucci
• 242: Fix travis link in readme thanks to @BackEndTea
• 221: Make it super obvious that the stable docs are at at 3.2 branch. thanks to @frankdejonge
• 218: Update license year thanks to @m1guelpf
• 208: Add information about Auth0's support thanks to @lcobucci
• 184: Fix README.md link to issue #37 thanks to @ricardoseriani
• 125: Documentation is incorrect / refers to changes not yet in dev-master thanks to @gramorris
• 87: Update required PHP version thanks to @Nyholm

Bug

• 121: Just try to send the report when it exists thanks to @lcobucci
• [111: Update to latest manter/ecc](htt...

3.4.0

This release introduces a forward compatibility layer for the next major release (v4.0.0), guiding users to make their code compatible with both versions.

⚠ This version also triggers E_USER_DEPRECATED errors in scenarios where we can't simply use @deprecated. Please make sure you follow the provided instructions before upgrading your production code.

• Total issues resolved: 9
• Total pull requests resolved: 12
• Total contributors: 5

Backporting

• 548: Final preparations for 3.4 thanks to @lcobucci
• 547: Use arrays for audience thanks to @lcobucci
• 545: Only prefix file:// if doesn't exist already thanks to @lcobucci
• 543: Ensure compatibility with new token namespace thanks to @lcobucci
• 542: Backport new APIs thanks to @lcobucci
• 539: Backport custom exceptions thanks to @lcobucci

CI

• 524: Prevent BC-breaks thanks to @lcobucci
• 433: Backport GH actions thanks to @lcobucci

Improvement

• 432: Allow null value to getClaim method thanks to @joanfont
• 422: Update getPassphrase PHPDoc thanks to @Spomky
• 354: [3.3] OutOfBoundsException: tell which header/claim failed thanks to @Slamdunk
• 249: Allow null as default value for getClaim thanks to @iluuu1994

4.0.0-beta1

![Build Status]

This release provides a stable interface for our new major release (v4.0).
We now have a library ready for PHP 8.0, fully documented, and able to be more easily extended.

Please check our upgrading guide, test your code, and report any issue.

Attention: There are a few BC-breaks (when comparing to the previous alpha releases), so please check the change set (especially PRs 538 and 533).

• Total issues resolved: 7
• Total pull requests resolved: 142
• Total contributors: 7

Improvement (BC-break)

• 533: Extract interface for keys thanks to @lcobucci
• 538: Rename getters thanks to @lcobucci

Improvement

• 536: Rename key implementation thanks to @lcobucci
• 531: Use lib exceptions thanks to @lcobucci
• 526: Minor improvements on docs and performance thanks to @lcobucci
• 508: Pull JOSE encoder back thanks to @lcobucci
• 462: Fix base exception concept thanks to @lcobucci
• 454: Allow users to configure format for date registered claims thanks to @t0mmy742
• 431: PHP 8.0 compatibility thanks to @lcobucci
• 399: Move object initialisation to constructor thanks to @lcobucci
• 355: add toString method thanks to @p4veI
• 351: Validator: raise exception when no constraint is given thanks to @Slamdunk
• 325: Allow users to provide custom token builders thanks to @lcobucci
• 319: adds tests for ES512 algorithm thanks to @ffflabs

Documentation

• 534: Final preparations for 4.0.0-beta1 thanks to @lcobucci
• 326: Create documentation thanks to @lcobucci
• 94: Add information about how to extend the library thanks to @lcobucci

CI

• 461: Add makefile thanks to @lcobucci
• 429: Migrate to GH actions thanks to @lcobucci
• 337: Add more files to .gitattributes thanks to @reedy

Dependencies

• 535: Bump infection/infection from 0.20.1 to 0.20.2 thanks to @dependabot-preview[bot]
• 532: Bump phpstan/phpstan from 0.12.55 to 0.12.56 thanks to @dependabot-preview[bot]
• 530: Bump phpstan/phpstan from 0.12.54 to 0.12.55 thanks to @dependabot-preview[bot]
• 529: Bump myclabs/deep-copy from 1.10.1 to 1.10.2 thanks to @dependabot-preview[bot]
• 528: Bump composer/xdebug-handler from 1.4.4 to 1.4.5 thanks to @dependabot-preview[bot]
• 527: Bump seld/jsonlint from 1.8.2 to 1.8.3 thanks to @dependabot-preview[bot]
• 523: Bump doctrine/instantiator from 1.3.1 to 1.4.0 thanks to @dependabot-preview[bot]
• 522: Bump phpunit/phpunit from 9.4.2 to 9.4.3 thanks to @dependabot-preview[bot]
• 509: Bump phpstan/phpstan from 0.12.53 to 0.12.54 thanks to @dependabot-preview[bot]
• 507: Bump infection/infection from 0.20.0 to 0.20.1 thanks to @dependabot-preview[bot]
• 506: Bump infection/infection from 0.19.2 to 0.20.0 thanks to @dependabot-preview[bot] and @lcobucci
• 505: Bump phpstan/phpstan from 0.12.52 to 0.12.53 thanks to @dependabot-preview[bot]
• 504: Bump phpunit/php-code-coverage from 9.2.2 to 9.2.3 thanks to @dependabot-preview[bot]
• 503: Bump infection/infection from 0.19.1 to 0.19.2 thanks to @dependabot-preview[bot]
• 500: Bump symfony/debug from 4.4.15 to 4.4.16 thanks to @dependabot-preview[bot]
• 499: Bump symfony/options-resolver from 5.1.7 to 5.1.8 thanks to @dependabot-preview[bot]
• 497: Bump infection/infection from 0.19.0 to 0.19.1 thanks to @dependabot-preview[bot]
• 496: Bump phpunit/php-code-coverage from 9.2.1 to 9.2.2 thanks to @dependabot-preview[bot]
• 493: Bump symfony/filesystem from 5.1.7 to 5.1.8 thanks to @dependabot-preview[bot]
• 492: Bump doctrine/annotations from 1.11.0 to 1.11.1 thanks to @dependabot-preview[bot] and @lcobucci
• 491: Bump infection/infection from 0.18.2 to 0.19.0 thanks to @dependabot-preview[bot] and @lcobucci
• 490: Bump phpunit/php-code-coverage from 9.2.0 to 9.2.1 thanks to @dependabot-preview[bot]
• 489: Bump sebastian/comparator from 4.0.5 to 4.0.6 thanks to @dependabot-preview[bot]
• 488: Bump sebastian/global-state from 5.0.1 to 5.0.2 thanks to @dependabot-preview[bot]
• 487: Bump phpunit/php-timer from 5.0.2 to 5.0.3 thanks to @dependabot-preview[bot]
• 486: Bump sebastian/type from 2.3.0 to 2.3.1 thanks to @dependabot-preview[bot]
• 485: Bump sebastian/object-enumerator from 4.0.3 to 4.0.4 thanks to @dependabot-preview[bot]
• 484: Bump sebastian/diff from 4.0.3 to 4.0.4 thanks to @dependabot-preview[bot]
• 483: Bump sebastian/code-unit from 1.0.7 to 1.0.8 thanks to @dependabot-preview[bot]
• 482: Bump sanmai/pipeline from 5.0.1 to 5.1.0 thanks to @dependabot-preview[bot]
• 481: Bump phpunit/php-text-template from 2.0.3 to 2.0.4 thanks to @dependabot-preview[bot]
• 480: Bump doctrine/coding-standard from 8.1.0 to 8.2.0 thanks to @dependabot-preview[bot]
• 479: Bump phpstan/phpstan from 0.12.50 to 0.12.52 thanks to @dependabot-preview[bot] and @lcobucci
• 478: Bump symfony/polyfill-mbstring from 1.18.1 to 1.20.0 thanks to @dependabot-preview[bot]
• 477: Bump symfony/polyfill-php73 from 1.18.1 to 1.20.0 thanks to @dependabot-preview[bot]
• 475: Bump symfony/polyfill-intl-grapheme from 1.18.1 to 1.20.0 thanks to @dependabot-preview[bot]
• 476: Bump symfony/polyfill-ctype from 1.18.1 to 1.20.0 thanks to @dependabot-preview[bot]
• 474: Bump symfony/polyfill-php80 from 1.19.0 to 1.20.0 thanks to @dependabot-preview[bot]
• 473: Bump symfony/polyfill-intl-normalizer from 1.19.0 to 1.20.0 thanks to @dependabot-preview[bot]
• 472: Bump doctrine/annotations from 1.10.4 to 1.11.0 thanks to @dependabot-preview[bot] and @lcobucci
• 471: Bump composer/xdebug-handler from 1.4.3 to 1.4.4 thanks to @dependabot-preview[bot]
• 469: Bump squizlabs/php_codesniffer from 3.5.6 to 3.5.8 thanks to @dependabot-preview[bot]
• 464: Bump symfony/polyfill-php80 from 1.18.1 to 1.19.0 thanks to @dependabot-preview[bot]
• 463: Bump symfony/polyfill-intl-normalizer from 1.18.1 to 1.19.0 thanks to @dependabot-preview[bot]
• 460: Bump thecodingmachine/safe from 1.3.1 to 1.3.2 thanks to @dependabot-preview[bot]
• 459: Bump infection/infection from 0.17.3 to 0.18.2 thanks to @dependabot-preview[bot]
• 458: Bump phpunit/phpunit from 9.4.1 to 9.4.2 thanks to @dependabot-preview[bot]
• 457: Bump phpstan/phpstan from 0.12.49 to 0.12.50 thanks to @dependabot-preview[bot]
• 455: Bump lstrojny/functional-php from 1.14.0 to 1.14.1 thanks to @dependabot-preview[bot]
• 453: Bump phpstan/phpstan from 0.12.48 to 0.12.49 thanks to @dependabot-preview[bot]
• 451: Bump phpunit/phpunit from 9.4.0 to 9.4.1 thanks to @dependabot-preview[bot]
• [450: B...

3.3.3

• Total issues resolved: 1
• Total pull requests resolved: 1
• Total contributors: 1

Documentation Bug

• 368: Claim::getValue can return anything thanks to @carusogabriel