Commit: https://github.com/laravel/passport/commit/97e3026790d953d7a67fe487e30775cd995e93df
The minimum Laravel version is now v6.0 and the minimum PHP version is now 7.2. The underlying league/oauth2-server has also been updated to v8.
PR: laravel#1065
Passport now supports public clients and PCKE. To leverage this feature, you should update the the secret column of the oauth_clients table to be nullable. If you use Passport migrations this will be done automatically for you upon the next migration. Otherwise, you'll need to create the following migration and migrate manually:
Schema::table('oauth_clients', function (Blueprint $table) {
$table->string('secret', 100)->nullable()->change();
});
PR: laravel#1066
OAuth exceptions can now be rendered. They will first be converted to Passport exceptions. If you are explicitly handling League\OAuth2\Server\Exception\OAuthServerException in your exception handler's report method you will now need to check for an instance of Laravel\Passport\Exceptions\OAuthServerException instead.
PR: laravel#1040
In the previous versions of Passport, you could pass tokens granted by a different client type to the CheckClientCredential and CheckClientCredentialForAnyScope middleware. This behavior has been corrected and an exception will be thrown if you attempt to pass a token generated by a different client type.