You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,13 +4,16 @@ All notable changes to this project will be documented in this file.
4
4
The format is based on [Keep a Changelog](http://keepachangelog.com/)
5
5
and this project adheres to [Semantic Versioning](http://semver.org/).
6
6
7
-
## [unreleased]
7
+
## [0.9.9]
8
+
9
+
### Added
10
+
11
+
* Added support for back-channel logout. #302
8
12
* Added support for `private_key_jwt` Client Authentication method #322
9
13
10
14
## Fixed
11
15
12
16
* Harden self-signed JWK header usage. #323
13
-
* Added support for back-channel logout. #302
14
17
15
18
## [0.9.8]
16
19
@@ -64,13 +67,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
64
67
* it is now possible to disable upgrading from HTTP to HTTPS for development purposes by calling `setHttpUpgradeInsecureRequests(false)`#241
65
68
* bugfix in getSessionKey when _SESSION key does not exist #251
66
69
* Added scope parameter to refresh token request #225
67
-
* bugfix in verifyJWTclaims when $accessToken is empty and $claims->at_hash is not #276
70
+
* bugfix in `verifyJWTclaims` when $accessToken is empty and $claims->at_hash is not #276
68
71
* bugfix with the `empty` function in PHP 5.4 #267
69
72
70
73
## [0.9.2]
71
74
72
75
### Added
73
-
* Support for [PKCE](https://tools.ietf.org/html/rfc7636). Currently the supported methods are 'plain' and 'S256'.
76
+
* Support for [PKCE](https://tools.ietf.org/html/rfc7636). Currently, the supported methods are 'plain' and 'S256'.
74
77
75
78
## [0.9.1]
76
79
@@ -133,7 +136,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
133
136
* Add option to send additional registration parameters like post_logout_redirect_uris. #140
134
137
135
138
### Changed
136
-
* disabled autoload for Crypt_RSA + makre refreshToken() method tolerant for errors #137
139
+
* disabled autoload for Crypt_RSA + make refreshToken() method tolerant for errors #137
137
140
138
141
### Removed
139
142
*
@@ -143,7 +146,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
143
146
### Added
144
147
* Added five minutes leeway due to clock skew between openidconnect server and client.
145
148
* Fix save access_token from request in implicit flow authentication #129
146
-
* verifyJWTsignature() method private -> public #126
149
+
*`verifyJWTsignature()` method private -> public #126
147
150
* Support for providers where provider/login URL is not the same as the issuer URL. #125
148
151
* Support for providers that has a different login URL from the issuer URL, for instance Azure Active Directory. Here, the provider URL is on the format: https://login.windows.net/(tenant-id), while the issuer claim actually is on the format: https://sts.windows.net/(tenant-id).
0 commit comments