4.4.2

What's Changed

• Prevent returning 401 for other successful OAuth2 plugins by @akirk in #263

Full Changelog: 4.4.1...4.4.2

Version 4.4.1

What's Changed

• Refine Tickets by @dshanske in #259
• Add IndieAuth Client Discovery using MF2 and Bump Version by @dshanske in #260

Full Changelog: 4.4.0...4.4.1

4.4.0

What's Changed

• Remove remote endpoint functionality already disabled
• Rearrange so each endpoint is more independent and registers its own parameters
• Add way to register new grant types.
• Rewrite Web Signin to support latest version of flow.
• Add PKCE support to websignin flow
• Fix issue with PKCE support where it would not actually verify PKCE for token flow because PKCE is optional
• Invert PKCE message to highlight when PKCE is not being used over it being used.
• Do not do client discovery on a non-retrievable URL
• Validate identifiers to IndieAuth Spec
• Remove URL plus password login as part of effort to simplify code.
• Fix error message surfacing in websignin form
• Fix CSS on websignin and authorization forms to not misrender the language bar.
• Fix deprecation notice by @janboddez in #254
• Update Web Sign In and PKCE by @dshanske in #257
• Remove Remote Endpoint Code and Refactor Code by @dshanske in #255
• Add Validation Functions and Fix CSS by @dshanske in #258

4.3.0

What's Changed

• Resolve Issue 237 by @dshanske in #239
• Clients by @dshanske in #231
• Allow other OAuth2 providers by @akirk in #245
• fix cli calls by @pfefferle in #247
• Dev Dependencies Fixes by @dshanske in #240
• version bump by @pfefferle in #249
• Switch from using name as the slug to client ID by @dshanske in #250
• Update yoast/phpunit-polyfills requirement from ^1.0 to ^2.0 by @dependabot in #251
• Update dealerdirect/phpcodesniffer-composer-installer requirement from ^0.7 to ^1.0 by @dependabot in #241

Full Changelog: 4.2.1...4.3.0

4.2.1

Bump version to release

Version 4.2.0

What's Changed

• Add IndieAuth Metadata Endpoint by @dshanske in #226
• New Endpoints by @dshanske in #227

Full Changelog: 4.1.1...4.2.0

Version 4.1.0

• Add experimental ticket auth endpoint
• Bug fix on endpoint discovery discovered during ticket auth development
• Introduce Token Introspection Endpoint as per proposal to integrate RFC7662. For now, will exist concurrently with the older token verification response until it is deprecated.
• Ensure profile responses are returned when appropriate.
• Misc Bug Fixes discovered in unit testing
• Updating of settings configuration
• Improved default for user who gets to identify as root of site.
• Introduce Refresh Token Functionality
• Create was not pre-checked in new selections when offered as an option.

Version 4.0.0

Adds expiring tokens

Version 3.6.0

Major release to update to latest revision of the spec.

Release 3.5.1

Merge pull request #180 from dshanske/3.5.1

3.5.1