v13.0.6

• [13.x] Fix broken token relation when auth identifier is not PK by @axlon in #1835

v13.0.5

• [13.x] Fix Exception Caused by Missing AccessToken Attributes by @hafezdivandari in #1829

v13.0.4

• [13.x] Fix skipping authorization consent when no scopes are requested by @hafezdivandari in #1825
• [13.x] Document changes to oauth_clients table in upgrade guide by @gdebrauwer in #1823

v13.0.3

• [13.x] Fix object returned by mocked validateAuthenticatedRequest() method in Passport::actingAsClient() method by @gdebrauwer in #1822

v13.0.2

• Changed getTokenFromRequest method to handle null value and prevent type error by @eldair in #1819
• fix: possible php error if redirect column is an empty string by @Tofandel in #1821

v13.0.1

• [13.x] Fix access to undefined route by @axlon in #1812
• [13.x] Fix access to uninitialised typed static property by @owenvoke in #1811
• Use isset to check for initialisation by @patrickomeara in #1813
• [13.x] Fix middleware type error by @axlon in #1815

v13.0.0

• [13.x] Support OAuth2 Server v9 by @hafezdivandari in #1734
• [13.x] Always hash client secret by @hafezdivandari in #1745
• [13.x] Remove redundant PAT client table and model by @hafezdivandari in #1749
• [13.x] Fix determining revoked records by @hafezdivandari in #1751
• [13.x] Use the oauth_scopes property of the bearer token on TokenGuard by @hafezdivandari in #1755
• [13.x] Refactor migrations by @hafezdivandari in #1759
• [13.x] Cleanup by @hafezdivandari in #1758
• [13.x] Use unique IDs on client model by @hafezdivandari in #1757
• [13.x] Force confidential PAT client by @hafezdivandari in #1761
• [13.x] Fix register a custom rendering closure for OAuthServerException by @hafezdivandari in #1763
• [13.x] Use UUID to identify clients by default by @hafezdivandari in #1764
• [13.x] Disable PAT requests by @hafezdivandari in #1766
• [13.x] Cleanup and add feature tests by @hafezdivandari in #1767
• [13.x] Always validate auth token by @hafezdivandari in #1769
• [13.x] Configure the user provider for PAT by @hafezdivandari in #1768
• [13.x] Fix user-token relations by @hafezdivandari in #1773
• [13.x] Make client RFC compatible by @hafezdivandari in #1744
• [13.x] Fix skipping consent prompt by @hafezdivandari in #1777
• [13.x] Improve issuing PATs by @hafezdivandari in #1780
• [13.x] Fix clients confidentiality by @hafezdivandari in #1782
• [13.x] Make Passport headless (Support Laravel Jetstream and Breeze) by @hafezdivandari in #1771
• [13.x] Improve performance, fix minor bugs, and add tests by @hafezdivandari in #1783
• bug: mockery not setup correctly by @JimTools in #1785
• [13.x] Cleanup, improve types and tests by @hafezdivandari in #1788
• [13.x] Enhance error responses by @hafezdivandari in #1791
• [13.x] Rename CheckClientCredentials middleware by @hafezdivandari in #1792
• [13.x] Improve resolving and converting PSR responses by @hafezdivandari in #1793
• [13.x] Deprecate JSON API by @hafezdivandari in #1778
• [13.x] Add new EnsureClientIsResourceOwner middleware by @hafezdivandari in #1794
• [13.x] Make revoking refresh tokens optional by @hafezdivandari in #1790
• [13.x] Validate key files' permissions by @hafezdivandari in #1789
• [13.x] Determine if the client handles the specified grant by @hafezdivandari in #1762
• [13.x] Device Authorization Grant RFC8628 by @hafezdivandari in #1750
• [13.x] Release Passport 13.x by @hafezdivandari in #1797

v12.4.2

• [12.x] Update property annotation for $userId to match constructor type by @ukkok in #1805

v12.4.1

• Supports Laravel 12 by @crynobone in #1803

v12.4.0

• [12.x] Supports PHP 8.4 by @crynobone in #1799