7.5.2

Fixed

• Relaxed response types from middleware to use low-level Symfony\Component\HttpFoundation\Response class, allowing for broader and custom response types.

7.5.1

Fixed

• Resolved an issue wherein custom user repositories could fail to be instantiated under certain circumstances.

7.5.0

This release includes support for Laravel 10, and major improvements to the internal state handling mechanisms of the SDK.

Added

— Support for Laravel 10 #349
— New Auth0\Laravel\Traits\Imposter trait to allow for easier testing. Example usage
— New Exception types have been added for more precise error catching.

Changed
The following changes have no effect on the external API of this package, but may affect internal usage.

— Guard will now more reliably detect changes in the underlying Auth0-PHP SDK session state.
— Guard will now more reliably sync changes back to the underlying Auth0-PHP SDK session state.
— StateInstance concept has been replaced by new Credentials entity.
— Guard updated to use new Credentials entity as primary internal storage for user data.
— Auth0\Laravel\Traits\ActingAsAuth0User was updated to use newCredentials entity.
— The HTTP middleware have been refactored to more clearly differentiate between token and session based identities.
— The authenticate, authenticate.optional and authorize.optional HTTP middleware now support scope filtering, as authorize already did.

Fixed

— A 'Session store not set on request' error could occur when downstream applications implemented unit testing that use the Guard. This should be resolved now.
— Guard would not always honor the provider configuration value in config/auth.php.
— Guard is no longer defined as a Singleton to better support applications that need multi-guard configurations.

Maintenance

— Upgraded test suite to use PEST 2.0 framework.
— Updated test coverage to 100%.

Important Notes

1. Changes to user() behavior
This release includes a significant behavior change around the user() method of the Guard. Previously, by simply invoking the method, the SDK would search for any available credential (access token, device session, etc.) and automatically assign the user within the Guard. The HTTP middleware have been upgraded to handle the user assignment step, and user() now only returns the current state of user assignment without altering it.

A new property has been added to the config/auth0.php configuration file: behavior. This is an array. At this time, there is a single option: legacyGuardUserMethod, a bool. If this value is set to true, or if the key is missing, the previously expected behavior will be applied, and user() will behave as it did before this release. The property defaults to false.

2. Changes to Guard and Provider driver aliases
We identified an issue with using identical alias naming for both the Guard and Provider singletons under Laravel 10, which has required us to rename these aliases. As previous guidance had been to instantiate these using their class names, this should not be a breaking change in most cases. However, if you had used auth0 as the name for either the Guard or the Provider drivers, kindly note that these have changed. Please use auth0.guard for the Guard driver, and auth0.provider for the Provider driver. This is a regrettable change, but was necessary for adequate Laravel 10 support.

Thanks to our contributors for this release: taida957789

7.4.0

Added

• Added Auth0\Laravel\Event\Middleware\... event hooks #340 (evansims)
• Added Auth0\Laravel\Event\Configuration\Building event hook #339 (evansims)

7.3.0

Full Changelog

Added

• add: Raise additional Laravel Auth Events #331 (evansims)

Fixed

• fix: env() incorrectly assigns cookieExpires to a string value #332 (evansims)
• fix: Auth0\Laravel\Cache\LaravelCachePool::createItem returning a cache miss #329 (pkivits-litebit)

7.2.2

Full Changelog

Fixed

• [SDK-3720] Restore php artisan vendor:publish command #321 (evansims)
• [SDK-3721] Bump minimum auth0/auth0-php version to ^8.3.4 #322 (evansims)

7.2.1

Fixed

• Auth0\Laravel\Auth0 no longer requires a session configuration for stateless strategies, restoring previous behavior. #317 (evansims)
• The SDK now requires ^3.0 of the psr/cache dependency, to accommodate breaking changes made in the upstream interface (typed parameters and return types) for PHP 8.0+. #316 (evansims)

7.2.0

Laravel.SDK.7.2.mp4

Thank you to tonyfox-disguise, jeovajr and nie7321 for their contributions to this release.

Changed

• Auth0\Laravel\Store\LaravelSession has been added as the default sessionStorage and transientStorage interfaces for the underlying Auth0-PHP SDK. The SDK now leverages the native Laravel Session APIs by default. #307 (evansims)¹
• Auth0\Laravel\Cache\LaravelCachePool and Auth0\Laravel\Cache\LaravelCacheItem have been added as the default tokenCache and managementTokenCache interfaces for the underlying Auth0-PHP SDK. The SDK now leverages the native Laravel Cache APIs by default. #307 (evansims)
• Auth0\Laravel\Auth\Guard now supports the viaRemember method. #306 (tonyfox-disguise)
• Auth0\Laravel\Http\Middleware\Stateless\Authorize now returns a 401 status instead of 403 for unauthenticated users. #304 (jeovajr)
• PHP 8.0 is now the minimum supported runtime version. Please review the README for more information on support windows.

¹ This change may require your application's users to re-authenticate. You can avoid this by changing the sessionStorage and transientStorage options in your SDK configuration to their previous default instances of Auth0\SDK\Store\CookieStore, but it is recommended you migrate to the new LaravelSession default.

7.1.0

Full Changelog

Changed

• [SDK-3576] Return interfaces instead of concrete classes #296 (evansims)
• Use class names for app() calls #291 (evansims)

Fixed

• [SDK-3585] Fix: Missing Code error on Callback Route for Octane Customers* #297 (evansims)

*Please note that Octane support is considered experimental and pre-release, and should not be used in production.

7.0.1

Full Changelog

Fixed

• Fixed an issue in Auth0\Laravel\Http\Controller\Stateful\Callback where $errorDescription's value was assigned an incorrect value when an error was encountered. #266 (evansims)

Closed Issues

• Resolves #287 (piljac1)