Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Oauth Bundle
Release Notes

Oauth Bundle Laravel Package

hwi/oauth-bundle

Symfony bundle for OAuth1.0a/OAuth2 login and user authentication. Supports Symfony 6.4–8.0 (PHP 8.3+) and integrates dozens of providers (Google, GitHub, Facebook, Apple, LinkedIn, Azure, Keycloak, etc.).

View on GitHub
Deep Wiki
Context7
2.5.0
  • Added: PHP 8.5 test coverage,
  • Added: Support for Symfony 8.0,
  • Added: Handles absolute URL's in Amazon Cognito,
  • Bugfix: Wrong HTTP status code in RegisterController,
  • BC Break: Increased firebase/php-jwt support to 7.0,
  • BC Break: Dropped support for Symfony < 6.4,
  • BC Break: Dropped support for PHP < 8.3,
2.4.0
  • Added: PHP 8.4 test coverage,
  • Added: LinkedIn OpenID resource owner,
  • Added: show_dialog option to Spotify resource owner,
  • Use CSPRNG for generating nonce,
2.3.0
  • BC Break: Dropped support for Symfony: 6.3 and 7.0,
  • Added: Amazon Cognito resource owner,
  • Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
  • Bugfix: Prevent overwriting failure_handler in security configuration if set,
  • Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
  • Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,
2.2.0

What's Changed

New Contributors

Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/2.1.0...2.2.0

2.1.0

What's Changed

New Contributors

For details go and read the CHANGELOG file.

2.0.0

Long awaited 2.0 release!

The main changes:

  • completely reworked resource owners internals,
  • official support for Symfony 6,
  • official support for PHP 8,
  • dropped support for Symfony <5.4,
  • dropped support for PHP <7.4,
  • removed support for FOSUserBundle,

For details go and read the CHANGELOG file.

What's Changed

Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/2.0.0-BETA3...2.0.0

2.0.0-BETA3

Changelog

  • BC Break: Dropped support for Symfony: 4.4 & 6.0.*,
  • BC Break: Class Templating\Helper\OAuthHelper was merged into Twig\Extension\OAuthRuntime,
  • BC Break: When resource owner class doesn't define TYPE constant or is null, then key will be calculated by converting its class name without ResourceOwner suffix to snake_case, if neither is felt, then \LogicException will be thrown,
  • Deprecated: method UserResponseInterface::getUsername() was deprecated in favour of UserResponseInterface::getUserIdentifier() to match changes in Symfony Security component,
  • Enhancement: [@internal](https://github.com/internal) resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from GenericOAuth[X]ResourceOwner get oauth[X] type. If class only implements ResourceOwnerInterface then its oauth type is unknown. ResourceOwner key (parameter type in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented ResourceOwnerInterface will be registered automatically. If autoconfigure option is disabled user have to add the tag hwi_oauth.resource_owner to the service definition,
  • Enhancement: Class ConnectController was split into two smaller ones, Connect\ConnectController & Connect\RegisterController,
  • Bugfix: Added OAuth1ResourceOwner & OAuth2ResourceOwner to cover case of implementing custom oauth resource owners,
  • Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest,
  • Bugfix: Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method,
  • Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
  • Bugfix: Prevent fatal error in OAuthUserProvider::loadUserByOAuthUserResponse() when nickname is not available in OAuth response,
  • Bugfix: Use newer version of firebase/php-jwt library,
  • Chore: Removed not used Symfony Templating component

What's Changed

New Contributors

Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/2.0.0-BETA2...2.0.0-BETA3

2.0.0-BETA2

Changelog

  • Deprecated: configuration parameter firewall_names, firewalls are now computed automatically - all firewalls that have defined oauth authenticator/provider will be collected,
  • Added: Ability to automatically refresh expired access tokens (only for derived from GenericOAuth2ResourceOwner resource owners), if option refresh_on_expire set to true,
  • Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option refresh_on_expure set to true,
  • Enhancement: ([@internal](https://github.com/internal)) Removed/replaced redundant argument $firewallNames from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use $resourceOwnerMapLocator->getFirewallNames(),
  • Bugfix: RefreshTokenListener cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on kernel.response. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request,
  • Bugfix: InteractiveLoginEvent will be triggered also for OAuthAuthenticator,
  • Maintain: Changed config files from *.xml to *.php (services and routes). Xml routing configs connect.xml, login.xml and redirect.xml are steel present but deprecated. Please use *.php variants in your includes instead.

Details What's Changed

New Contributors

Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/1.4.5...2.0.0-BETA2

2.0.0-BETA1

Changelog

  • BC Break: Dropped PHP 7.3 support,
  • BC Break: Dropped support for Symfony: >=5.1 & <5.4 (still with BC layer included),
  • BC Break: OAuthExtension is now a lazy Twig extension using a Runtime,
  • BC Break: removed support for FOSUserBundle,
  • BC Break: changed process() argument for Form/RegistrationFormHandlerInterface, from Form $form to FormInterface $form,
  • BC Break: changed form class name in template Resources/views/Connect/connect_confirm.html.twig from fos_user_registration_register to registration_register,
  • BC Break: removed configuration option fosub from oauth_user_provider,
  • BC Break: removed configuration options hwi_oauth.fosub, & all related DI parameters,
  • BC Break: removed DI parameter hwi_oauth.registration.form.factory in favour of declaring form class name as DI parameter: hwi_oauth.connect.registration_form,
  • BC Break: changed ResourceOwnerMapInterface::hasResourceOwnerByName signature, update if you use a custom resource owner,
  • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByName signature, update if you use a custom resource owner,
  • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByRequest signature, update if you use a custom resource owner,
  • BC Break: changed ResourceOwnerMapInterface::getResourceOwnerCheckPath signature, update if you use a custom resource owner,
  • BC Break: ResourceOwnerMap uses service locator instead of DI container,
  • BC Break: Removed abstract services: hwi_oauth.abstract_resource_owner.generic, hwi_oauth.abstract_resource_owner.oauth1 & hwi_oauth.abstract_resource_owner.oauth2,
  • BC Break: Removed setName() method from OAuth/ResourceOwnerInterface,
  • BC Break: changed __construct() argument for OAuth/ResourceOwner/AbstractResourceOwner, from HttpMethodsClient $httpClient to HttpClientInterface $httpClient,
  • BC Break: replaced php-http/httplug-bundle with symfony/http-client
  • BC Break: removed hwi_oauth.http configuration,
  • BC Break: reworked bundles structure to match Symfony best practices:
    • bundle code moved to: src/,
    • tests moved to: tests/,
    • docs moved from Resources/doc into: docs/,
  • BC Break: routes provided by bundle now have methods requirements:
    • hwi_oauth_connect_service: GET & POST,
    • hwi_oauth_connect_registration: GET & POST,
    • hwi_oauth_connect: GET,
    • hwi_oauth_service_redirect: GET,
  • Added support for PHP 8.1,
  • Added support for Symfony 5.4 & 6.0,

Kudos to "Old" Contributors (random order)

New Contributors

Full Changelog: https://github.com/hwi/HWIOAuthBundle/compare/1.4.5...2.0.0-BETA1

1.4.5

Changelog:

  • Bugfix: Fixed BC break by restoring wrongly moved AbstractOAuthToken::getCredentials() method,
1.4.3

Changelog:

  • Bugfix: Fixed support for PHP 8.1,
  • Bugfix: Fixed support for Symfony 5.4,
  • Bugfix: Fixed VkontakteResourceOwner option: api_version to not point to deprecated one,
  • Bugfix: RequestStack::getMasterRequest() is deprecated since Symfony 5.3, use RequestStack::getMainRequest() if exists,
  • Maintain: Added GenericOAuth1ResourceOwnerTestCase, GenericOAuth2ResourceOwnerTestCase & ResourceOwnerTestCase test case classes for easier unit testing custom resource owners
1.4.2

Changelog:

  • Bugfix: remove [@final](https://github.com/final) declaration from OAuthFactory & FOSUBUserProvider,
  • Maintain: added .gitattributes to reduce amount of code in archives,
1.4.1

Changelog:

  • Bugfix: Define missing hwi_oauth.connect.confirmation parameter,
  • Bugfix: Added missing success/failure handlers,
1.4.0

Changelog:

  • BC Break: dropped Symfony 5.0 support as it is EOL,
  • BC Break: dropped PHP 7.2 support as it is EOL,
  • BC Break: changed __construct() argument for OAuth/RequestDataStorage/SessionStorage, from SessionInterface $session to RequestStack $requestStack,
  • BC Break: all internal classes are "softly" marked as final,
  • Added: Symfony 5.1 Security system support,
  • Added: Forward compatibility layer for session service deprecation,
  • Added: state support for service authentication URL's,
  • Added: ability to change the response after HWIOAuthEvents::CONNECT_COMPLETED is fired,
  • Added: PHPStan static analyse into CI,
  • Fixed: OAuthProvide to properly refresh data inside tokens,
  • Fixed: PHP notice in AppleResourceOwner,
  • Fixed: use new GitHub API in GitHubResourceOwner,
  • Fixed: functional tests with & without FOSUserBundle,
  • Fixed: controller don't depend on service container if possible,
  • Maintain: removed Wunderlist resource owner,
  • Maintain: removed several Symfony BC layers,
  • Maintain: removed Prophecy in favour of PHPUnit mocking,
1.3.0
  • BC Break: dropped support for Symfony <4.4,
  • BC Break: dropped support for Doctrine Bundle <2.0,
  • Added PHP 8 support,
  • Upgraded Facebook API to v8.0,
  • Upgraded Twitch resource owner to incorporate latest Twitch API,
  • Fixed: undefined id_token exception in Azure resource owner,
  • Docs: changed firewall name to match flex receipt,
  • Maintain: moved from Travis CI to Github Actions
1.2.0
  • BC Break: dropped Symfony 4.3 support,
  • Added first_name & last_name in AzureResourceOwner,
  • Added: support for multiple OAuth2 state parameters,
  • Added: Apple resource owner,
  • Fixed: updated Azure authorization & access_token urls,
  • Fixed: Doctrine persistence deprecation errors,
  • Allow modification of the response in FilterUserResponseEvent,
1.1.0
  • Added Symfony 5 support,
  • Added domain whitelist service to avoid open redirect on target_path,
  • Fixed: session service was not injected in LoginController,
  • Fixed: missing setContainer call to service configuration for LoginController,
  • Fixed: client id and client secret must be set in Auth0ResourceOwner::doGetTokenRequest,
  • Fixed: missing client id and client secret in Auth0ResourceOwner,
  • Twig dependency on LoginController is now optional,
1.0.0
  • Dropped support for PHP 5.6, 7.0 and 7.1,
  • Dropped support for FOSUserBundle 1.3,
  • Dropped support for Symfony 2.8,
  • Minimum Symfony 3 requirement is 3.4,
  • Minimum Symfony 4 requirement is 4.3,
  • Fixed: WindowsLive Resource Owner token request,
  • Fixed: Update Facebook API to v3.1,
  • Fixed: Update Linkedin API to v2,
  • Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments,
  • Fixed: Symfony deprecation warning in symfony/config,
  • Fixed: SensioConnect now uses new API URLs,
  • Fixed: Do not add Authorization header if no client_secret is present,
  • Fixed: LoginController::connectAction should not fail if no token is available,
  • Added: Genius.com resource owner,
  • Added: HTTPlug 2.0 support,
  • Added: Keycloak resource owner,
  • Added: The controller is now available as a service,
  • Added: Allow to use HTTP Basic auth for token request,
  • [BC break] Class Configuration has been marked final,
  • [BC break] Class ConnectController has been marked final,
  • [BC break] Class HWIOAuthExtension has been marked final,
  • [BC break] Class OAuthExtension has been marked final,
  • [BC break] Class SetResourceOwnerServiceNameCompilerPass has been marked final,
  • [BC break] Class ConnectController extends AbstractController instead of Controller,
  • [BC break] Service hwi_oauth.http_client has been marked private,
  • [BC break] Service hwi_oauth.security.oauth_utils has been marked private,
  • [BC break] Several service class parameters have been removed,
0.6.3

Here are some details what's in release:

  • Fixed: Vkontakte profile picture & nickname path,
  • Fixed: Content-Length header must be a string,
  • Fixed: Upgraded GitLab end point to v4,
  • Fixed: Resource owner map parameters must be public,
  • Fixed: Azure resource owner infos_url should not be empty,
  • Fixed: Don't start sessions twice & don't start sessions if already started,
  • Fixed: Updated BitBucket docs,
  • Added: Further compatibility changes for Symfony 4.1,
  • Added: LinkedIn first- & last- names,
  • Added: Facebook profile picture
0.6.2

Here are some details what's in release:

  • Fixed: VK requires API version now,
  • Fixed: Updated Slack resource owner to use new Slack API methods,
  • Fixed: Changing authorization and access token to v2 for LinkedIn,
  • Fixed: Fix double call of getUserInformation() in ConnectController,
  • Fixed: Fix serialization of AccountNotLinkedException,
  • Fixed: Check for grant_rule value IS_AUTHENTICATED_FULLY in DI configuration,
  • Fixed: Don't execute OAuthProvider::refreshAccessToken() when there is no refresh token
0.6.1

Here are some details what's in release:

  • BC BREAK: Replaced PHPUnit_Framework_TestCase with PHPUnit\Framework\TestCase in tests,
  • Added: Implemented getUserInformation() for Dropbox v2,
  • Fixed: Headers passed to httpRequest() method in various resource owners,
  • Fixed: Marked some services as public to make code compatible with Symfony 4
0.6.0

Finally a long awaited version 0.6.0 arrived!

Here are some details what's in release:

  • BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6,
  • BC BREAK: hwi.http_client config options are remove. HTTP configuration must rely on the HTTPlug client,
  • BC BREAK: Template engine other than Twig are no longer supported,
  • BC BREAK: Option hwi_oauth.templating_engine was removed,
  • Added: Symfony 4 support,
  • Added: php-http/httplug-bundle support, to auto-provide needed HTTPlug services and get full Symfony integration,
  • Added: hwi.http.client and hwi.http.message_factory config keys to provide your own HTTPlug services,
  • Added: HWIOAuthEvents class with definition of bundle events,
  • Added: ResourceOwnerInterface::addPaths() method for easier managing paths in resource owners,
  • Fixed: Update Facebook API to v2.8
0.5.3

Note: this is last bugfix release for version 0.5, please upgrade to version 0.6.

Here are some details what's in release:

  • Fixed: Bitbucket2 resource owner,
  • Fixed: GitHub resource owner documentation,
  • Fixed: Don't require any form for the connect feature,
  • Fixed: Uncaught exception with custom error page,
  • Fixed: php-cs-fixer updated to latest version & run on base code
0.5.2

Here are some details what's in release:

  • Fixed: Prevent uncaught exception when redirecting to invalid route,
  • Fixed: Add more details too exception when account was not linked,
  • Fixed: Odnoklassinki resource owner,
  • Fixed: Office365 resource owner,
  • Fixed: StackExchange resource owner,
  • Fixed: WeChat resource owner,
  • Fixed: WindowsLive resource owner
0.5.1

Here are some details what's in release:

  • Fixed error that could occur with message "302 Header already sent",
  • Exclude tests from Composer autoloader
0.5.0

Finally a long awaited version 0.5.0 arrived!

Here are some details what's in release:

  • Fixed: OAuthHelper should fallback to new Request in case of receiving null,
  • Fixed: Better FOSUserBundle integration,
  • Fixed: Serialization issue in WechatResourceOwner,
  • Fixed: Incorrect refresh token in WechatResourceOwner,
  • Fixed: Broken TrelloResourceOwner,
  • Fixed: Removed dead code in OAuthProvider,
  • Fixed: Update Facebook API to v2.7,
  • Added: Symfony 3 support,
  • Added: Redirect to target_path after successful registration/connection,
  • Added: Asana resource owner,
  • Added: Bitbucket resource owner,
  • Added: Clever resource owner,
  • Added: Itembase resource owner,
  • Added: Jawbon resource owner,
  • Added: Office365 resource owner,
  • Added: Wunderlist resource owner,
  • Added: Hungarian translation
0.4.3

Note: this is last bugfix release for version 0.4, please upgrade to version 0.5

Here are some details what's in release:

  • Fixed: Request parameters are not copied into new Request on forward
  • Fixed: Fixed scope deprecating message
  • Fixed: Resolved deprecated message in ConnectController
  • Fixed: Removed usage of deprecated code in tests
0.4.2

Here are some details what's in release:

  • Fixed: Change Discogs URL from http to https
  • Fixed: Update Facebook API URLs to not use outdated ones
0.4.1

Here are some details what's in release:

  • Fixed: Remove usage of deprecated Twig function form_enctype & replace with usage of form_start/form_end,
  • Fixed: Mark as not fully compatible with Symfony ~3.0,
  • Fixed: Multiple firewalls can now have different resource owners,
  • Fixed: Wrong URL generated for Safesforce resource owner,
  • Added: include_email option into Twitter resource owner,
  • Added: Hungarian translation,
  • Added: Documentation about FOSUser integration
0.4.0

Finally a long awaited version 0.4.0 arrived!

Here are some details what's in release:

  • [BC break] Added UserResponseInterface#getFirstName() method, also a new default path firstname was added, this path holds the first name of user,
  • [BC break] Added UserResponseInterface#getLastName() method, also a new default path lastname was added, this path holds the last name of user,
  • [BC break] Added UserResponseInterface::getOAuthToken() & basic implementation in AbstractUserResponse,
  • [BC break] GenericOAuth1ResourceOwner::getRequestToken() is now public method (was protected),
  • Added: configuration parameter firewall_name (will be removed in next major version) renamed to firewall_names to support multiple firewalls,
  • Added: configuration parameter: failed_auth_path which contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection),
  • Added: appsecret_proof functionality support to the Facebook resource owner,
  • Added: sandbox functionality support to the Salesforce resource owner,
  • Added Auth0 resource owner,
  • Added Azure resource owner,
  • Added BufferApp resource owner,
  • Added Deezer resource owner,
  • Added Discogs resource owner,
  • Added EveOnline resource owner,
  • Added Fiware resource owner,
  • Added Hubic resource owner,
  • Added Paypal resource owner,
  • Added Reddit resource owner,
  • Added Runkeeper resource owner,
  • Added Slack resource owner,
  • Added Spotify resource owner,
  • Added Soundcloud resource owner,
  • Added Strava resource owner,
  • Added Toshl resource owner,
  • Added Trakt resource owner,
  • Added Wechat resource owner,
  • Added Wordpress resource owner,
  • Added Xing resource owner,
  • Added Youtube resource owner,
  • Fixed: Revoking tokens for Facebook & Google resource owners,
  • Fixed: Instagram allows only GET calls to fetch user details,
  • Fixed: ResourceOwnerMap no longer depends on deprecated ContainerAware class,
  • Fixed: Wrong usage of json_decode in Mail.ru resource owner,
  • Fixed: Transform storage exceptions in OAuth1 resource owners into AuthenticationException
  • Fixed: Default scopes & fields for VKontakte resource owner
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
datacore/hub-sdk
alengo/sulu-http-cache-bundle
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
imbo/imbo-coding-standard
visualbuilder/filament-lottie
servicioslineaonce/starter-kit
atomcoder/laravel-reorderable
irajul/filament-shadcn-theme
agtp/agtp-php
agtp/mod-php
centraldesktop/protobuf-php
trappistes/laravel-custom-fields
splash/sonata-admin
splash/metadata