2.2.0

What's Changed

• Add Telegram resource owner by @zorn-v in #1966
• Drop not supported PHP 7.4 & 8.0 by @stloyd in #1969
• Allow "use_authorization_to_get_token" to be configured to false for generic OAuth2 by @ldaspt in #1974
• Update API version for Facebook to the latest available by @stloyd in #1975
• Replace custom authenticator passport with custom badge usage by @stloyd in #1976
• Replace custom authenticator passport with custom badge usage by @stloyd in #1978
• Fix registration of failure handler by @stloyd in #1979
• Don't miss the refresh token by @kurian86 in #1963
• Fix security setup docs by @stloyd in #1980
• Add GH action to close stale stuff by @stloyd in #1981
• Allow null as $registrationForm in RegisterController by @stloyd in #1983
• Make Twig & Symfony Routing hard requirement by @stloyd in #1984
• Document how to configure entity provider by @stloyd in #1985
• Remove Twig usage from AuthenticationFailureHandler by @stloyd in #1986
• Add connect functionality docs by @stloyd in #1987
• Adjust changelog for release 2.2 by @stloyd in #1988

New Contributors

• @zorn-v made their first contribution in #1966
• @ldaspt made their first contribution in #1974
• @kurian86 made their first contribution in #1963

Full Changelog: 2.1.0...2.2.0

2.1.0

What's Changed

• Add resource owner Passage by @malteschlueter in #1962
• Allow usage of Symfony 7 by @stloyd in #1968
• Fixed compatiblity with Symfony 6.4+

New Contributors

• @malteschlueter made their first contribution in #1962

For details go and read the CHANGELOG file.

2.0.0

Long awaited 2.0 release!

The main changes:

• completely reworked resource owners internals,
• official support for Symfony 6,
• official support for PHP 8,
• dropped support for Symfony <5.4,
• dropped support for PHP <7.4,
• removed support for FOSUserBundle,

For details go and read the CHANGELOG file.

What's Changed

• Remove direct deprecations reported on Symfony 6 by @stloyd in #1946
• Enable integration tests on Symfony 6 by @stloyd in #1947
• Prevent refreshing non-expired token by @stloyd in #1948
• Update GH actions by @stloyd in #1949
• Remove deprecations reported by Symfony 6.x by @stloyd in #1951
• Improve compatibility with Symfony 6.x by @stloyd in #1950
• Prevent fatal error when token doesn't have resource owner name set by @stloyd in #1952
• Run tests against PHP 8.3 by @stloyd in #1953

Full Changelog: 2.0.0-BETA3...2.0.0

2.0.0-BETA3

Changelog

• BC Break: Dropped support for Symfony: 4.4 & 6.0.*,
• BC Break: Class Templating\Helper\OAuthHelper was merged into Twig\Extension\OAuthRuntime,
• BC Break: When resource owner class doesn't define TYPE constant or is null, then key will be calculated by converting its class name without ResourceOwner suffix to snake_case, if neither is felt, then \LogicException will be thrown,
• Deprecated: method UserResponseInterface::getUsername() was deprecated in favour of UserResponseInterface::getUserIdentifier() to match changes in Symfony Security component,
• Enhancement: @internal resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from GenericOAuth[X]ResourceOwner get oauth[X] type. If class only implements ResourceOwnerInterface then its oauth type is unknown. ResourceOwner key (parameter type in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented ResourceOwnerInterface will be registered automatically. If autoconfigure option is disabled user have to add the tag hwi_oauth.resource_owner to the service definition,
• Enhancement: Class ConnectController was split into two smaller ones, Connect\ConnectController & Connect\RegisterController,
• Bugfix: Added OAuth1ResourceOwner & OAuth2ResourceOwner to cover case of implementing custom oauth resource owners,
• Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest,
• Bugfix: Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method,
• Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
• Bugfix: Prevent fatal error in OAuthUserProvider::loadUserByOAuthUserResponse() when nickname is not available in OAuth response,
• Bugfix: Use newer version of firebase/php-jwt library,
• Chore: Removed not used Symfony Templating component

What's Changed

• Add Apple client_secret auto generation by @Seb33300 in #1884
• Update ConnectController.php by @stephanvierkant in #1886
• Merged Templating\Helper\OAuthHelper class directly into Twig\Extension\OAuthRuntime by @stloyd in #1888
• Added OAuth1ResourceOwner & OAuth2ResourceOwner by @stloyd in #1889
• Refactor ConnectController & split it into smaller ones by @stloyd in #1887
• Improve RefreshOAuthTokenCompilerPass class quality by @stloyd in #1881
• Added getIdentifier() into PathUserResponse to match Symfony changes by @stloyd in #1883
• Improve Configuration.php readability by @gassan in #1891
• Fixed wrong class name in SensioConnectUserResponse by @stloyd in #1894
• Allow "symfony/flex" plugin by @stloyd in #1908
• Removed support for Symfony ~6.0 by @stloyd in #1907
• Fixed links to documentation by @stloyd in #1909
• Remove invalid CI job by @stloyd in #1910
• Fix typo by @dlondero in #1899
• Fix Authorization header for CleverResourceOwner.php by @gassan in #1868
• Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method by @stloyd in #1911
• Current matched Firewall is respected during generation of check path links. by @gassan in #1890
• Added funding button by @stloyd in #1912
• All ResourceOwners are collected automatically. by @gassan in #1872
• Fixed configuration of custom resource owners by @stloyd in #1915
• Add custom resource owner to confirm it's working correctly by @stloyd in #1916
• Fix typo in configuration comment by @reyostallenberg in #1933
• Update apple connector doc link by @Nek- in #1929
• Fix PHP 8.2 compatibility by @IonBazan in #1926
• Avoid confusion about Symfony version support dropped by @lyrixx in #1936
• Added feature to auto hint towards specific idp by @pimjansen in #1931
• Prevent fatal error in loadUserByOAuthUserResponse() when nickname is not available in OAuth response by @stloyd in #1913
• Fixed wrong PHP version used in CI by @stloyd in #1941
• Fix CS and PHPStan by @Seb33300 in #1938
• Remove symfony/templating by @GromNaN in #1940
• Temporary skip broken test on Symfony 6 by @stloyd in #1942
• Don't use native file session in tests by @stloyd in #1943
• Remove BC layer for Symfony 4.4 by @stloyd in #1945

New Contributors

• @Seb33300 made their first contribution in #1884
• @dlondero made their first contribution in #1899
• @reyostallenberg made their first contribution in #1933
• @lyrixx made their first contribution in #1936
• @pimjansen made their first contribution in #1931
• @GromNaN made their first contribution in #1940

Full Changelog: 2.0.0-BETA2...2.0.0-BETA3

2.0.0-BETA2

Changelog

• Deprecated: configuration parameter firewall_names, firewalls are now computed automatically - all firewalls that have defined oauth authenticator/provider will be collected,
• Added: Ability to automatically refresh expired access tokens (only for derived from GenericOAuth2ResourceOwner resource owners), if option refresh_on_expire set to true,
• Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option refresh_on_expure set to true,
• Enhancement: (@internal) Removed/replaced redundant argument $firewallNames from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use $resourceOwnerMapLocator->getFirewallNames(),
• Bugfix: RefreshTokenListener cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on kernel.response. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request,
• Bugfix: InteractiveLoginEvent will be triggered also for OAuthAuthenticator,
• Maintain: Changed config files from *.xml to *.php (services and routes). Xml routing configs connect.xml, login.xml and redirect.xml are steel present but deprecated. Please use *.php variants in your includes instead.

Details What's Changed

• increase phpstan to level 2 by @dmaicher in #1754
• Define hwi_oauth.connect.confirmation parameter by @franmomu in #1756
• Maintain | Remove Makefile in favour of composer scripts by @stloyd in #1766
• make twig extension lazy by using a Runtime by @dmaicher in #1741
• Remove support for FOSUser bundle by @stloyd in #1732
• bump to phpstan level 3 by @dmaicher in #1770
• Bump minimal PHP version to 7.4 by @XWB in #1774
• Maintain | Adjust codebase to match PHPStan level 5 by @stloyd in #1771
• Use type hints and return types in ResourceOwnerMapInterface by @XWB in #1773
• Rework ResourceOwnerMap to use service locator instead of whole DI container by @stloyd in #1775
• Bugfix | Prevent issue with missing parameter when connect option is not enabled by @stloyd in #1782
• Maintain | Update min. Twig version to work with PHP 8 by @stloyd in #1789
• [BC Break] Rework resource owners to use Symfony Http Client internally by @stloyd in #1681
• BC Break | Make classes final where expected & adjust types to PHP 7.4 by @stloyd in #1778
• Maintain | Update tests to use type & return hints by @stloyd in #1791
• Update Yahoo resource owner to use OAuth2 by @stloyd in #1790
• [2.x] Fix HTTP client definition by @Jean85 in #1792
• Maintain | Fixed php-cs-fixer & phpstan reports by @stloyd in #1801
• Rework Github Actions to be more efficient by @stloyd in #1807
• Update link to LinkedIn by @alexislefebvre in #1811
• Fix EntityUserProviderTest by @sjerdo in #1822
• Fix parsing OAuth1.0a responses for Twitter by @sjerdo in #1821
• Spotify | Add path for profile picture by @sjerdo in #1819
• Pass content in HTTP POST request on OAuth server by @rmlev in #1826
• Fix code style issue by @sjerdo in #1827
• Maintain | Update compatibility with PHP 8.1 by @stloyd in #1828
• Maintain | Rework CI by @stloyd in #1829
• Maintain | Update PHPStan to version 1.0 by @stloyd in #1830
• Maintain | Add support for Symfony 6 by @stloyd in #1800
• Maintain | Merge branch 1.4 into master one by @stloyd in #1834
• Maintain | Run new security already on Symfony 5.4 by @stloyd in #1837
• Bugfix | Test BC layer for Symfony Security <5.4 by @stloyd in #1839
• Bugfix | Fixed issue when connect configuration is not set but ConnectController was used by @stloyd in #1844
• Reviewed authenticator and made refreshToken method public. by @gassan in #1831
• Maintain | Adjust docs to follow Symfony changes by @stloyd in #1845
• Bugfix | Added missing RememberMeBadge into OAuth passport by @stloyd in #1846
• Force particular methods on internal routes by @stloyd in #1847
• Maintain | Rework bundle structure to match Symfony best practices by @stloyd in #1799
• oauth token of the same class will be created. fix in tests by @gassan in #1849
• Track oauth requests by symfony-profiler by @gassan in #1852
• Allow null User for refreshing oauth token by @gassan in #1855
• Http client for symfony 4.4 by @gassan in #1856
• RFC | Lets switch configs from xml to php by @gassan in #1859
• Review: Removed/replaced redundant parameter $firewallNames in Controllers by @gassan in #1861
• auto refresh oauth2 token on expire by @gassan in #1850
• Maintain | Improved code quality by adding hint & return types by @stloyd in #1863
• Keycloak: default paths mapping for a new created keycloak realm by @gassan in #1858
• Removed option firewall_names by @gassan in #1864
• Maintain | Added new Composer 2.2 config for "allow-plugins" by @stloyd in #1865
• Bugfix: Refresh token listener should not be lazy. by @gassan in #1867
• set resourceOwner services directly without using tag by @dmaicher in #1874
• Bugfix: InteractiveLoginEvent Event will be triggered also for OAuthAuthenticator by @gassan in #1877

New Contributors

• @sjerdo made their first contribution in #1822
• @rmlev made their first contribution in #1826
• @gassan made their first contribution in #1831

Full Changelog: 1.4.5...2.0.0-BETA2

2.0.0-BETA1

Changelog

• BC Break: Dropped PHP 7.3 support,
• BC Break: Dropped support for Symfony: >=5.1 & <5.4 (still with BC layer included),
• BC Break: OAuthExtension is now a lazy Twig extension using a Runtime,
• BC Break: removed support for FOSUserBundle,
• BC Break: changed process() argument for Form/RegistrationFormHandlerInterface, from Form $form to FormInterface $form,
• BC Break: changed form class name in template Resources/views/Connect/connect_confirm.html.twig from fos_user_registration_register to registration_register,
• BC Break: removed configuration option fosub from oauth_user_provider,
• BC Break: removed configuration options hwi_oauth.fosub, & all related DI parameters,
• BC Break: removed DI parameter hwi_oauth.registration.form.factory in favour of declaring form class name as DI parameter: hwi_oauth.connect.registration_form,
• BC Break: changed ResourceOwnerMapInterface::hasResourceOwnerByName signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByName signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByRequest signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerCheckPath signature, update if you use a custom resource owner,
• BC Break: ResourceOwnerMap uses service locator instead of DI container,
• BC Break: Removed abstract services: hwi_oauth.abstract_resource_owner.generic, hwi_oauth.abstract_resource_owner.oauth1 & hwi_oauth.abstract_resource_owner.oauth2,
• BC Break: Removed setName() method from OAuth/ResourceOwnerInterface,
• BC Break: changed __construct() argument for OAuth/ResourceOwner/AbstractResourceOwner, from HttpMethodsClient $httpClient to HttpClientInterface $httpClient,
• BC Break: replaced php-http/httplug-bundle with symfony/http-client
• BC Break: removed hwi_oauth.http configuration,
• BC Break: reworked bundles structure to match Symfony best practices:
  • bundle code moved to: src/,
  • tests moved to: tests/,
  • docs moved from Resources/doc into: docs/,
• BC Break: routes provided by bundle now have methods requirements:
  • hwi_oauth_connect_service: GET & POST,
  • hwi_oauth_connect_registration: GET & POST,
  • hwi_oauth_connect: GET,
  • hwi_oauth_service_redirect: GET,
• Added support for PHP 8.1,
• Added support for Symfony 5.4 & 6.0,

Kudos to "Old" Contributors (random order)

• @stloyd - you can sponsor my work on this bundle 😍
• @dmaicher
• @franmomu
• @XWB
• @Jean85
• @alexislefebvre

New Contributors

• @sjerdo made their first contribution in #1822
• @rmlev made their first contribution in #1826
• @gassan made their first contribution in #1831

Full Changelog: 1.4.5...2.0.0-BETA1

1.4.5

Changelog:

• Bugfix: Fixed BC break by restoring wrongly moved AbstractOAuthToken::getCredentials() method,

1.4.3

Changelog:

• Bugfix: Fixed support for PHP 8.1,
• Bugfix: Fixed support for Symfony 5.4,
• Bugfix: Fixed VkontakteResourceOwner option: api_version to not point to deprecated one,
• Bugfix: RequestStack::getMasterRequest() is deprecated since Symfony 5.3, use RequestStack::getMainRequest() if exists,
• Maintain: Added GenericOAuth1ResourceOwnerTestCase, GenericOAuth2ResourceOwnerTestCase & ResourceOwnerTestCase test case classes for easier unit testing custom resource owners

1.4.2

Changelog:

• Bugfix: remove @final declaration from OAuthFactory & FOSUBUserProvider,
• Maintain: added .gitattributes to reduce amount of code in archives,

1.4.1

Changelog:

• Bugfix: Define missing hwi_oauth.connect.confirmation parameter,
• Bugfix: Added missing success/failure handlers,