2.7.0

• Add support for PKCE (Proof Key for Code Exchange, RFC 7636) #901
• Various type improvements for static analysis #939 #959 #972 #997

2.6.1

• Fix deprecation notices, providing full support for PHP 8.1 #919 #920

2.6.0

• Indicate support for PHP 8
• Allow time to be set for testing purposes #852

2.5.0

• Allow Guzzle 7.x to be used #847

2.4.1

• Revert to use of AccessToken in type hints to preserve backwards compatibility; this fixes the issue reported in #752 and #753

2.4.0

• Add HttpBasicAuthOptionProvider to ease implementation for providers requiring HTTP basic auth
• Add GuardedPropertyTrait to allow providers the ability to specify properties that may not be overridden by user-defined values passed to the provider constructor
• Add AccessTokenInterface and ResourceOwnerAccessTokenInterface to allow providers the ability to override the default AccessToken

2.3.1

• Allow paragonie/random_compat's empty 9.99.99 placeholder
• Throw an UnexpectedValueException on non-JSON responses from access token
  request (when calling AbstractProvider::getAccessToken())

2.3.0

• Add ProviderRedirectTrait tool for 3rd-party provider libraries to use when
  handling provider redirections
• Fix TypeError thrown because getResourceOwner() receives a non-JSON Response
• Gracefully handle non-standard errors received from providers
• Update README to reflect official support of PHP 7.2

2.2.1

• Fix potential type error when HTTP 500 errors are encountered
• Allow broader range of random_compat versions

2.2.0

• Allow base URLs to contain query parameters
• Protect against + being improperly encoded in URL parameters
• Remove misleading state option from authorization parameters
• Stop generating more random bytes than necessary