Merge branch 'master' into master-token-revocation-introspection

Author: hafezdivandari

.github/workflows/coding-standards.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       matrix:
         php-version:
-          - 8.3
+          - 8.5
         operating-system:
           - ubuntu-latest
 

.github/workflows/static-analysis.yml

@@ -12,7 +12,7 @@ jobs:
 
     strategy:
       matrix:
-        php-version: [8.1, 8.2, 8.3, 8.4, 8.5]
+        php-version: [8.2, 8.3, 8.4, 8.5]
         composer-stability: [prefer-lowest, prefer-stable]
         operating-system:
           - ubuntu-latest
@@ -34,4 +34,3 @@ jobs:
 
       - name: Run Static Analysis
         run: vendor/bin/phpstan analyse
-

.github/workflows/tests.yml

@@ -4,14 +4,14 @@ on:
   push:
   pull_request:
   schedule:
-    - cron: '0 0 * * *'
+    - cron: "0 0 * * *"
 
 jobs:
   tests:
     strategy:
       fail-fast: false
       matrix:
-        php: [8.1, 8.2, 8.3, 8.4, 8.5]
+        php: [8.2, 8.3, 8.4, 8.5]
         os: [ubuntu-latest, windows-latest]
         stability: [prefer-lowest, prefer-stable]
 
@@ -33,17 +33,14 @@ jobs:
           coverage: pcov
 
       - name: Install dependencies
-        run:
-          composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress
+        run: composer update --${{ matrix.stability }} --prefer-dist --no-interaction --no-progress
 
       - name: Install Scrutinizer/Ocular
-        run:
-          composer global require scrutinizer/ocular
+        run: composer global require scrutinizer/ocular
 
       - name: Execute tests
         run: vendor/bin/phpunit --coverage-clover=coverage.clover
 
       - name: Code coverage
         if: ${{ github.ref == 'refs/heads/master' && github.repository == 'thephpleague/oauth2-server' && startsWith(matrix.os, 'ubuntu') }}
-        run:
-          ~/.composer/vendor/bin/ocular code-coverage:upload --format=php-clover coverage.clover
+        run: ~/.composer/vendor/bin/ocular code-coverage:upload --format=php-clover coverage.clover

CHANGELOG.md

@@ -11,6 +11,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - User ID is now passed to the finalizeScopes method for the Refresh Grant (PR #1414)
 
+### Removed
+
+- Removed support for PHP 8.1 (PR #1500)
+
 ## [9.3.0] - released 2025-11-25
 
 ### Added

README.md

@@ -11,34 +11,33 @@
 
 Out of the box it supports the following grants:
 
-* Authorization code grant
-* Client credentials grant
-* Device authorization grant
-* Implicit grant
-* Refresh grant
-* Resource owner password credentials grant
+- Authorization code grant
+- Client credentials grant
+- Device authorization grant
+- Implicit grant
+- Refresh grant
+- Resource owner password credentials grant
 
 The following RFCs are implemented:
 
-* [RFC6749 "OAuth 2.0"](https://tools.ietf.org/html/rfc6749)
-* [RFC6750 "The OAuth 2.0 Authorization Framework: Bearer Token Usage"](https://tools.ietf.org/html/rfc6750)
-* [RFC7009 "OAuth 2.0 Token Revocation"](https://tools.ietf.org/html/rfc7009)
-* [RFC7519 "JSON Web Token (JWT)"](https://tools.ietf.org/html/rfc7519)
-* [RFC7636 "Proof Key for Code Exchange by OAuth Public Clients"](https://tools.ietf.org/html/rfc7636)
-* [RFC7662 "OAuth 2.0 Token Introspection"](https://tools.ietf.org/html/rfc7662)
-* [RFC8628 "OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628)
+- [RFC6749 "OAuth 2.0"](https://tools.ietf.org/html/rfc6749)
+- [RFC6750 "The OAuth 2.0 Authorization Framework: Bearer Token Usage"](https://tools.ietf.org/html/rfc6750)
+- [RFC7009 "OAuth 2.0 Token Revocation"](https://tools.ietf.org/html/rfc7009)
+- [RFC7519 "JSON Web Token (JWT)"](https://tools.ietf.org/html/rfc7519)
+- [RFC7636 "Proof Key for Code Exchange by OAuth Public Clients"](https://tools.ietf.org/html/rfc7636)
+- [RFC7662 "OAuth 2.0 Token Introspection"](https://tools.ietf.org/html/rfc7662)
+- [RFC8628 "OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628)
 
 This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](https://twitter.com/alexbilbie).
 
 ## Requirements
 
 The latest version of this package supports the following versions of PHP:
 
-* PHP 8.1
-* PHP 8.2
-* PHP 8.3
-* PHP 8.4
-* PHP 8.5
+- PHP 8.2
+- PHP 8.3
+- PHP 8.4
+- PHP 8.5
 
 The `openssl` and `json` extensions are also required.
 
@@ -69,12 +68,12 @@ We use [Github Actions](https://github.com/features/actions), [Scrutinizer](http
 
 ## Community Integrations
 
-* [Drupal](https://www.drupal.org/project/simple_oauth)
-* [Laravel Passport](https://github.com/laravel/passport)
-* [OAuth 2 Server for CakePHP 3](https://github.com/uafrica/oauth-server)
-* [OAuth 2 Server for Mezzio](https://github.com/mezzio/mezzio-authentication-oauth2)
-* [OAuth 2 Server Bundle (Symfony)](https://github.com/thephpleague/oauth2-server-bundle)
-* [Heimdall for CodeIgniter 4](https://github.com/ezralazuardy/heimdall)
+- [Drupal](https://www.drupal.org/project/simple_oauth)
+- [Laravel Passport](https://github.com/laravel/passport)
+- [OAuth 2 Server for CakePHP 3](https://github.com/uafrica/oauth-server)
+- [OAuth 2 Server for Mezzio](https://github.com/mezzio/mezzio-authentication-oauth2)
+- [OAuth 2 Server Bundle (Symfony)](https://github.com/thephpleague/oauth2-server-bundle)
+- [Heimdall for CodeIgniter 4](https://github.com/ezralazuardy/heimdall)
 
 ## Changelog
 

composer.json

@@ -1,87 +1,88 @@
 {
-    "name": "league/oauth2-server",
-    "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-    "homepage": "https://oauth2.thephpleague.com/",
-    "license": "MIT",
-    "require": {
-        "php": "~8.1.0 || ~8.2.0 || ~8.3.0 || ~8.4.0  || ~8.5.0",
-        "ext-openssl": "*",
-        "league/event": "^3.0",
-        "league/uri": "^7.0",
-        "lcobucci/jwt": "^5.0",
-        "psr/http-message": "^2.0",
-        "defuse/php-encryption": "^2.4",
-        "ext-json": "*",
-        "lcobucci/clock": "^2.3 || ^3.0",
-        "psr/http-server-middleware": "^1.0"
-    },
-    "require-dev": {
-        "phpunit/phpunit": "^10.5|^11.5|^12.0",
-        "laminas/laminas-diactoros": "^3.5",
-        "phpstan/phpstan": "^1.12|^2.0",
-        "phpstan/phpstan-phpunit": "^1.3.15|^2.0",
-        "roave/security-advisories": "dev-master",
-        "phpstan/extension-installer": "^1.3.1",
-        "phpstan/phpstan-deprecation-rules": "^1.1.4|^2.0",
-        "phpstan/phpstan-strict-rules": "^1.5.2|^2.0",
-        "slevomat/coding-standard": "^8.14.1",
-        "php-parallel-lint/php-parallel-lint": "^1.3.2",
-        "squizlabs/php_codesniffer": "^3.8"
-    },
-    "repositories": [
-        {
-            "type": "git",
-            "url": "https://github.com/thephpleague/oauth2-server.git"
-        }
-    ],
-    "keywords": [
-        "oauth",
-        "oauth2",
-        "oauth 2",
-        "oauth 2.0",
-        "server",
-        "auth",
-        "authorization",
-        "authorisation",
-        "authentication",
-        "resource",
-        "api",
-        "protect",
-        "secure"
-    ],
-    "authors": [
-        {
-            "name": "Alex Bilbie",
-            "email": "hello@alexbilbie.com",
-            "homepage": "http://www.alexbilbie.com",
-            "role": "Developer"
-        },
-        {
-            "name": "Andy Millington",
-            "email": "andrew@noexceptions.io",
-            "homepage": "https://www.noexceptions.io",
-            "role": "Developer"
-        }
-    ],
-    "replace": {
-        "lncd/oauth2": "*",
-        "league/oauth2server": "*"
-    },
-    "autoload": {
-        "psr-4": {
-            "League\\OAuth2\\Server\\": "src/"
-        }
-    },
-    "autoload-dev": {
-        "psr-4": {
-            "LeagueTests\\": "tests/"
-        }
+  "name": "league/oauth2-server",
+  "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
+  "homepage": "https://oauth2.thephpleague.com/",
+  "license": "MIT",
+  "require": {
+    "php": "~8.2.0 || ~8.3.0 || ~8.4.0 || ~8.5.0",
+    "ext-openssl": "*",
+    "league/event": "^3.0",
+    "league/uri": "^7.8",
+    "lcobucci/jwt": "^5.6",
+    "psr/http-message": "^2.0",
+    "defuse/php-encryption": "^2.4",
+    "ext-json": "*",
+    "lcobucci/clock": "^3.3",
+    "psr/http-server-middleware": "^1.0"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^11.5.50",
+    "laminas/laminas-diactoros": "^3.8",
+    "phpstan/phpstan": "^2.1.38",
+    "phpstan/phpstan-phpunit": "^2.0.12",
+    "roave/security-advisories": "dev-master",
+    "phpstan/extension-installer": "^1.4.3",
+    "phpstan/phpstan-deprecation-rules": "^2.0",
+    "phpstan/phpstan-strict-rules": "^2.0",
+    "slevomat/coding-standard": "^8.27.1",
+    "php-parallel-lint/php-parallel-lint": "^1.4",
+    "squizlabs/php_codesniffer": "^4.0",
+    "paragonie/random_compat": "^9.99.100"
+  },
+  "repositories": [
+    {
+      "type": "git",
+      "url": "https://github.com/thephpleague/oauth2-server.git"
+    }
+  ],
+  "keywords": [
+    "oauth",
+    "oauth2",
+    "oauth 2",
+    "oauth 2.0",
+    "server",
+    "auth",
+    "authorization",
+    "authorisation",
+    "authentication",
+    "resource",
+    "api",
+    "protect",
+    "secure"
+  ],
+  "authors": [
+    {
+      "name": "Alex Bilbie",
+      "email": "hello@alexbilbie.com",
+      "homepage": "http://www.alexbilbie.com",
+      "role": "Developer"
     },
-    "config": {
-        "allow-plugins": {
-            "ocramius/package-versions": true,
-            "phpstan/extension-installer": true,
-            "dealerdirect/phpcodesniffer-composer-installer": false
-        }
+    {
+      "name": "Andy Millington",
+      "email": "andrew@noexceptions.io",
+      "homepage": "https://www.noexceptions.io",
+      "role": "Developer"
+    }
+  ],
+  "replace": {
+    "lncd/oauth2": "*",
+    "league/oauth2server": "*"
+  },
+  "autoload": {
+    "psr-4": {
+      "League\\OAuth2\\Server\\": "src/"
+    }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "LeagueTests\\": "tests/"
+    }
+  },
+  "config": {
+    "allow-plugins": {
+      "ocramius/package-versions": true,
+      "phpstan/extension-installer": true,
+      "dealerdirect/phpcodesniffer-composer-installer": false
     }
+  }
 }