Release Notes

Unreleased

v12.2.0 - 2024-04-17

[12.x] Add refreshToken relation to Token model by @gdebrauwer in #1739

v12.1.0 - 2024-04-15

[12.x] Make Passport's database connection configurable by @axlon in #1738

v12.0.3 - 2024-04-05

Adjust newFactory method visibility by @brandonfarber in #1735

v12.0.2 - 2024-03-21

[12.x] Make commands lazy by @timacdonald in #1731
[12.x] Allow token "expires in" to be defined as date interval by @jacobmllr95 in #1733

v12.0.1 - 2024-03-14

[12.x] Cast session lifetime to int by @kindslayer in #1727
[12.x] Fixes used version of L9 by @nunomaduro in #1730

v12.0.0 - 2024-03-12

[12.x] Adds Laravel 11 support by @nunomaduro in #1702
[12.x] Disable password grant by default by @hafezdivandari in #1715
[12.x] Make Client::$plainSecret public by @axlon in #1719
[12.x] Use more secure key permissions by @axlon in #1721
[12.x] Enhance console commands by @hafezdivandari in #1724

v11.10.6 - 2024-03-01

Check that properties grant_types and scopes exist by @uintaam in #1722

v11.10.5 - 2024-02-09

[11.x] Fix getting/setting client scopes and grant types by @axlon in #1717

v11.10.4 - 2024-01-30

Consistently retrieve client uuids value from Passport by @rojtjo in #1711
[11.x] Allow developers to disable the password grant type by @axlon in #1712

v11.10.2 - 2024-01-17

Add getScopesAttribute and getScopesAttribute methods by @uintaam in #1709

v11.10.1 - 2024-01-10

[11.x] Allow unsetting a user's access token by @axlon in #1698
[11.x] Add getGrantTypesAttribute method to fix Eloquent strict mode error by @gdebrauwer in #1705

v11.10.0 - 2023-11-02

[11.x] Named static methods for middleware by @michaelnabil230 in #1695
Simplify Conditional Statement by @michaelnabil230 in #1696

v11.9.2 - 2023-10-16

Add return to revokeRefreshTokensByAccessTokenId method by @aminkhoshzahmat in #1693

v11.9.1 - 2023-09-01

[11.x] Allow scope repository to be constructed without parameters by @axlon in #1686

v11.9.0 - 2023-08-29

[11.x] Add the ability to limit scopes by client by @axlon in #1682
[11.x] Add support for inherited scopes when limiting scopes on clients by @axlon in #1683

v11.8.8 - 2023-07-07

Add generics to client factory by @axlon in #1669
Update composer.json by @Smoggert in #1674
Update composer.json by @drhoussem in #1677

v11.8.7 - 2023-04-28

Revert "[11.x] Add Provider Guard to ClientRepository for Personal Access Clients" by @driesvints in #1658

v11.8.6 - 2023-04-24

Add Provider Guard to ClientRepository for Personal Access Clients by @michaelnabil230 in #1655

v11.8.5 - 2023-04-04

Allow lcobucci/jwt v5 and cleaned up version constraints by @GrahamCampbell in #1649
Pass user identifier through to finalize scopes in personal access grant by @GrahamCampbell in #1650

v11.8.4 - 2023-03-18

Removed deprecated dates property from RefreshToken model by @siarheipashkevich in #1645
Removed deprecated dates property from AuthCode model by @siarheipashkevich in #1644
Fix doc block types by @hafezdivandari in #1647

v11.8.3 - 2023-03-01

Allow overriding the AccessToken class by @hafezdivandari in #1638
Make $userId nullable in ClientRepository->createPersonalAccessClient by @bram-pkg in #1642

v11.8.2 - 2023-02-20

Re-apply "Added AuthenticationException to extend the behaviour of Laravel's default exception handler" by @driesvints in https://github.com/laravel/passport/commit/67c3e336af163f6eba5dbca8e5db46275ff0e433

v11.8.1 - 2023-02-20

Revert "Move AuthenticationException into the scope of Laravel Passport" by @driesvints in https://github.com/laravel/passport/commit/db543b0cc13ed3f56f1bffda04707fbe2a8c7ab5

v11.8.0 - 2023-02-17

Move AuthenticationException into the scope of Laravel Passport by @chrispage1 in #1633
Custom authorization view response by @JonErickson in #1629
Fix deprecated $dates property by @TonyWong9527 in #1636

v11.7.0 - 2023-02-08

Added

Add support for EncryptCookies middleware by @axlon in #1628

v11.6.1 - 2023-02-03

Changed

Indicate current token can be TransientToken by @axlon in #1627

v11.6.0 - 2023-01-31

Changed

Update ClientCommand.php's user_id description by @Smoggert in #1619
Get model PK instead of forcibly id column by @lucaspanik in #1626

Fixed

Fix doc block for withAccessToken() by @axlon in #1620

v11.5.1 - 2023-01-16

Fixed

Get authenticated user from the guard by @hafezdivandari in #1617

v11.5.0 - 2023-01-09

Added

Laravel v10 Support by @driesvints in #1615

v11.4.0 - 2023-01-03

Changed

Uses PHP Native Type Declarations 🐘 by @nunomaduro in #1594

v11.3.1 - 2022-12-02

Changed

Add auth guard to routes by @hafezdivandari in #1603

v11.3.0 - 2022-10-22

Added

Support prompting login when redirecting for authorization by @hafezdivandari in #1577

Changed

Update PurgeCommand.php by @fatoskurtishi in #1586
Fix ClientRepository doc blocks by @axlon in #1587
Update docblock by @mnabialek in #1588

v11.2.1 - 2022-09-29

Fixed

Improve token guard return type by @axlon in #1579

v11.2.0 - 2022-09-07

Changed

Let OAuth2 server handle the denying response by @hafezdivandari in #1572

v11.1.0 - 2022-09-05

Added

Support prompting re-consent when redirecting for authorization by @hafezdivandari in #1567
Support disabling prompt when redirecting for authorization by @hafezdivandari in #1569

v11.0.1 - 2022-08-29

Changed

Custom days and hours to passport purge command by @rubengg86 in #1563
Allow for bootstrapping without loading routes by @axlon in #1564

v11.0.0 - 2022-08-19

Added

Allow authenticated client to be retrieved from the guard by @axlon in #1508

Changed

Revert model DB connection customization by @driesvints in #1412
Allow timestamps on Token model by @driesvints in #1425
Improve authenticateViaBearerToken() performance by @alecpl in #1447
Refactor routes to dedicated file by @driesvints in #1464

Fixed

Stub client on guard when calling Passport::actingAsClient() by @axlon in #1519
Fix scope inheritance when using Passport::actingAs() by @axlon in #1551

Removed

Drop PHP 7.x and Laravel v8 by @driesvints in #1558
Remove deprecated properties by @driesvints in #1560
Remove deprecated functionality and simplify some feature tests by @driesvints in #1559

v10.4.1 - 2022-04-16

Changed

Add new URI Rule to validate URI and use it to RedirectRule. by @victorbalssa in #1544

v10.4.0 - 2022-03-30

Changed

Upgrade firebase/php-jwt to ^6.0 by @prufrock in #1538

v10.3.3 - 2022-03-08

Changed

Use anonymous migrations by @mmachatschek in #1531

v10.3.2 - 2022-02-22

Fixed

Fix Faker deprecations by @X-Coder264 in #1530

v10.3.1 (2022-01-25)

Changed

Allow to use custom authorization server response (#1521)

v10.3.0 (2022-01-12)

Changed

Laravel 9 Support (#1516)

v10.2.2 (2021-12-07)

Fixed

Fix jsonSerialize PHP 8.1 issue (#1512)

v10.2.1 (2021-12-07)

Fixed

Fix str_replace error when third parameter ($subject) is null (#1511)

v10.2.0 (2021-11-02)

Added

Add custom encryption key for JWT tokens (#1501)

Changed

Refactor expiry dates to intervals (#1500)

v10.1.4 (2021-10-19)

Fixed

Ensure client model factory always creates models with a primary key (#1492

v10.1.3 (2021-04-06)

Changed

Use app helper (3d1e6bb)

Fixed

Fix binding (e3478de)

v10.1.2 (2021-03-02)

Fixed

Backport phpseclib v2 (#1418)

v10.1.1 (2021-02-23)

Changed

Update to phpseclib v3 (#1410)

v10.1.0 (2020-11-26)

Added

PHP 8 Support (#1373)

Removed

Remove Vue components (#1352)

v10.0.1 (2020-09-15)

Fixed

Use newFactory to properly reference factory (#1349)

v10.0.0 (2020-09-08)

Added

Support Laravel 8 & drop PHP 7.2 support (#1336)

Changed

forceFill new auth code attributes (#1266)
Use only one PSR 7 implementation (#1330)

Removed

Remove old static personal client methods (#1325)
Remove Guzzle dependency (#1327)

v9.3.2 (2020-07-27)

Fixes

Fix cookie handling for security release (#1322, 75f1ad2)

v9.3.1 (2020-07-21)

Fixed

Use custom models in purge command if set (#1316)
Apply table responsive on table class (#1318)

v9.3.0 (2020-06-30)

Added

Guzzle 7 support (#1311)

v9.2.2 (2020-06-25)

Fixed

Fix maxlength for token names (#1300)
Improve passport:install command (#1294)

v9.2.1 (2020-05-14)

Fixed

Fix actingAsClient token relation (#1268)
Fix HashCommand (bedf02c)

v9.2.0 (2020-05-12

Added

Allow to change Models database connection (#1255, 7ab3bdb)

Fixed

Nonstandard ID in the token's relationship with the user (#1267)

v9.1.0 (2020-05-08

Added

Implement secret modal (#1258)
Warn about one-time-hashed-secret (#1259)
Add force option to hash command (#1251)

Fixed

Implement personal access client config (#1260)

v9.0.1 (2020-05-06)

Fixed

Fix displaying secret in Vue component (#1244)
Moved provider check to bearer token only (#1246)
Fix create client call (aff9d09)

v9.0.0 (2020-05-05)

Added

Allow client credentials secret to be hashed (#1145, ccbcfeb, 1c40ae0)
Implement passport:hash command (#1238)
Initial support for multiple providers (#1220)

Changed

Client credentials middleware should allow any valid client (#1132)
Switch from getKey() to getAuthIdentifier() to match Laravel core (#1134)
Use Hasher interface instead of HashManager (#1157)
Bump league server dependency (#1237)

Removed

Remove deprecated functionality (#1235)
Drop support for old JWT versions (#1236)

v8.5.0 (2020-05-05)

Added

Automatic configuration of client UUIDs (#1231)

v8.4.4 (2020-04-21)

Fixed

Fix 500 Internal Server Error response (#1222)

v8.4.3 (2020-03-31)

Fixed

Fix resolveInheritedScopes (#1207)

v8.4.2 (2020-03-24)

Fixed

mergeConfigFrom already checked if app is running with config cached (#1205)

v8.4.1 (2020-03-04)

Fixed

Forget session keys on invalid match (#1192)
Update dependencies for PSR request (#1201)

v8.4.0 (2020-02-12)

Changed

Implement auth token for access requests (#1188)

Fixed

Revoke refresh tokens when auth tokens get revoked (#1186)

v8.3.1 (2020-01-29)

Fixed

Remove foreign keys (20e9b66)

v8.3.0 (2020-01-28)

Added

Add a Passport Client factory to Passport publishing (#1171)

Changed

Use bigIncrements and indexes on relationships (#1169, 140a693)

v8.2.0 (2020-01-07)

Added

Update ClientCommand to support public clients (#1151)
Purge Command for revoked and/or expired tokens and auth codes (#1159, 6c1ea42)

Changed

Replace deprecated package and namespaces (#1158)

v8.1.0 (2019-12-30)

Added

Allow access to HTTP response status code on OAuthServerException (#1148)
Modify UserRepository to check for 'findAndValidateForPassport' method (#1144)

v8.0.2 (2019-11-26)

Changed

Add abstract CheckCredentials middleware and allows to create (#1127)

v8.0.1 (2019-11-19)

Fixed

Fix actingAsClient testing method (#1119)

v8.0.0 (2019-10-29)

Added

Add ability to customize the RefreshToken (#966)
Add support for "public" clients (#1065)

Changed

Rework HandlesOAuthErrors trait to middleware (#937)
Use a renderable exception for OAuth errors (#1066)
Use diactoros 2.0 and psr-http-factory (aadf603)
Replaced helpers with Blade directives (#939)
Use caret for constraints (d906804)
Dropped support for Laravel 5.8 (654cc09)
Dropped support for PHP 7.1 (3c830ac)
Upgrade to league/oauth2-server 8.0 (97e3026)

Fixed

Fix exception will thrown if token belongs to first party clients (#1040)
Fix auth codes table customization (#1044)
Add key type to refresh token model (e400c2b)

v7.5.1 (2019-10-08)

Fixed

Cast returned client identifier value to string (#1091)

v7.5.0 (2019-09-24)

Added

Add actingAsClient method for tests (#1083)

v7.4.1 (2019-09-10)

Fixed

Fixed key types for models (#1078, a9a885d3)

v7.4.0 (2019-08-20)

Added

Let Passport support inherited parent scopes (#1068)
Accept requests with the encrypted X-XSRF-TOKEN HTTP header (#1069)

v7.3.5 (2019-08-06)

Fixed

Use bigInteger column type for user_id columns (#1057)

v7.3.4 (2019-07-30)

Changed

Remove old 5.9 constraints (58eb99c)

v7.3.3 (2019-07-29)

Changed

Update version constraints for Laravel 6.0 (609b5e8)

v7.3.2 (2019-07-11)

Fixed

Merge default Passport configuration (#1039, e260c86)

v7.3.1 (2019-07-02)

Changed

Change server property type in CheckClientCredentialForAnyScope (#1034)

v7.3.0 (2019-05-28)

Added

Allow first party clients to skip the authorization prompt (#1022)

Fixed

Fix AccessToken docblock (#996)

v7.2.2 (2019-03-13)

Fixed

Allow installs of zend-diactoros 2 (c0c3fca)

v7.2.1 (2019-03-12)

Fixed

Change wasRecentlyCreated to false (#979)

v7.2.0 (2019-02-14)

Changed

Changed the way to get action path from url() to route() (#950)
Allow '*' scope to be used with Client Credentials (#949)

Fixed

Replace fire() with dispatch() (#952)

v7.1.0 (2019-01-22)

Added

Added redirect_uri and user_id options to cli (#921, 8b8570c)
Add ext-json dependency (#940)

Changed

Make name an optional question (#926)

Fixed

Do not auto increment AuthCode ID (#929)
Allow multiple redirects when creating clients (#928)
Add responses for destroy methods (#942)

v7.0.5 (2019-01-02)

Fixed

Rename property (#920)

v7.0.4 (2018-12-31)

Added

Add middleware CheckClientCredentialsForAnyScope (#855)
Support a default scope when no scope was requested by the client (#879)
Allow setting expiration of personal access tokens (#919)

Changed

Change auth code table to the model's table (#865)
Made whereRevoked consistent (#868)
Use unsignedInteger column type for client_id columns (47f0021)

Fixed

Prevent passing empty string variable to retrieveById method (#861)

v7.0.3 (2018-10-22)

Added

Add names to routes for re-usability (#846)
Add user relationship to client model (#851, 3213be8)
Add the ability to retrieve current client (#854)

Fixed

Fix migrations tag publish (#832)

v7.0.2 (2018-09-25)

Changed

Authcode model is now used for persisting new authcodes (#808)
resources/assets directory was flattened (#813)

Fixed

Personal client exception (#831, 7bb53d1)

v7.0.1 (2018-08-13)

Added

Add option to enable cookie serialization (9012496)

v7.0.0 (2018-08-13)

Changed

Don't serialize by default (29e9d53)