Passport Laravel Package

• Add notice of invalid tokens when user and client id match by [@Levivb](https://github.com/Levivb) in https://github.com/laravel/passport/pull/1910
• Clarify that running passport:hash is not optional by [@bram-pkg](https://github.com/bram-pkg) in https://github.com/laravel/passport/pull/1911

• [13.x] Support space-delimited prompt parameter by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1906

• [13.x] Fix session JSON serialization by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1905

• [13.X] fix: resolve user as null when user ID matches client ID on integer key setups by [@Can-Kar](https://github.com/Can-Kar) in https://github.com/laravel/passport/pull/1902

This change permanently invalidates client credential tokens for any user whose user ID happens to match the client ID of the token issuer.

• Prevent user impersonation via client credentials token by [@pushpak1300](https://github.com/pushpak1300) in https://github.com/laravel/passport/pull/1901

• [13.x] Add middleware attribute by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1897

• Add Boost skill for Passport development by [@pushpak1300](https://github.com/pushpak1300) in https://github.com/laravel/passport/pull/1893

• Add mixin annotation for Token model in AccessToken by [@fjkorf](https://github.com/fjkorf) in https://github.com/laravel/passport/pull/1886
• Add dedicated token lifetime for client credentials grant by [@sajanp](https://github.com/sajanp) in https://github.com/laravel/passport/pull/1880
• Add missing OAuthenticatable interface step to upgrade guide by [@FeBe95](https://github.com/FeBe95) in https://github.com/laravel/passport/pull/1887
• Improve code syntax highlighting in upgrade guide by [@FeBe95](https://github.com/FeBe95) in https://github.com/laravel/passport/pull/1890
• Allow custom middleware to be registered by [@timacdonald](https://github.com/timacdonald) in https://github.com/laravel/passport/pull/1892
• Update UPGRADE.md by [@siarheipashkevich](https://github.com/siarheipashkevich) in https://github.com/laravel/passport/pull/1891

• [13.x] Supports Laravel 13 by [@crynobone](https://github.com/crynobone) in https://github.com/laravel/passport/pull/1885
• [13.x] Add can and cant methods to Token model by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1882

• [13.x] Allow firebase/php-jwt v7 by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1879

• [13.x] PHP 8.5 Compatibility by [@crynobone](https://github.com/crynobone) in https://github.com/laravel/passport/pull/1869
• Remove the usage of deprecated $request->get() by [@hivokas](https://github.com/hivokas) in https://github.com/laravel/passport/pull/1873
• [13.x] Allow setting the client with Passport::actingAs() by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1876

• [13.x] Fix possible 500 error when retrieving user on token guard by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1871

• [13.x] Add static setter for authorizationServerResponseType by [@RSpeekenbrink](https://github.com/RSpeekenbrink) in https://github.com/laravel/passport/pull/1867

• chore(UPGRADE): v13, update oauth_clients table schema changes by [@maximepvrt](https://github.com/maximepvrt) in https://github.com/laravel/passport/pull/1865
• feat: Allow findForPassport to optionally receive the OAuth client by [@maximepvrt](https://github.com/maximepvrt) in https://github.com/laravel/passport/pull/1866

• Fix »OAuth Client Table Changes« migration snippet in the upgrade guide by [@hettiger](https://github.com/hettiger) in https://github.com/laravel/passport/pull/1859
• [13.x] Fix accessing the plain secret after creating a new confidential client via deprecated ClientController::store by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1861

• [13.x] add trailing commas in multiline constructor signatures by [@browner12](https://github.com/browner12) in https://github.com/laravel/passport/pull/1848
• Update Client Model by [@samsin33](https://github.com/samsin33) in https://github.com/laravel/passport/pull/1850
• [13.x] Test Improvements by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1853
• [13.x] Fix issuing PAT with configured trusted hosts by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1852

• [13.x] Added device code grant exception to purge command by [@SuperDJ](https://github.com/SuperDJ) in https://github.com/laravel/passport/pull/1846

• [13.x] Add an option to disable device code grant by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1842
• [13.x] Add an upgrade guide entry for key file permissions by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1841
• [13.x] Fallback to list of auth user providers if no auth guard for Passport is defined by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1840
• [13.x] Add an optional migration for oauth_clients table to the upgrade guide by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1843
• Fix viewPrefix Method to Match Documentation Example by [@trippo](https://github.com/trippo) in https://github.com/laravel/passport/pull/1844

• [13.x] Fix broken token relation when auth identifier is not PK by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1835

• [13.x] Fix Exception Caused by Missing AccessToken Attributes by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1829

• [13.x] Fix skipping authorization consent when no scopes are requested by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1825
• [13.x] Document changes to oauth_clients table in upgrade guide by [@gdebrauwer](https://github.com/gdebrauwer) in https://github.com/laravel/passport/pull/1823

• [13.x] Fix object returned by mocked validateAuthenticatedRequest() method in Passport::actingAsClient() method by [@gdebrauwer](https://github.com/gdebrauwer) in https://github.com/laravel/passport/pull/1822

• Changed getTokenFromRequest method to handle null value and prevent type error by [@eldair](https://github.com/eldair) in https://github.com/laravel/passport/pull/1819
• fix: possible php error if redirect column is an empty string by [@Tofandel](https://github.com/Tofandel) in https://github.com/laravel/passport/pull/1821

• [13.x] Fix access to undefined route by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1812
• [13.x] Fix access to uninitialised typed static property by [@owenvoke](https://github.com/owenvoke) in https://github.com/laravel/passport/pull/1811
• Use isset to check for initialisation by [@patrickomeara](https://github.com/patrickomeara) in https://github.com/laravel/passport/pull/1813
• [13.x] Fix middleware type error by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1815

• [13.x] Support OAuth2 Server v9 by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1734
• [13.x] Always hash client secret by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1745
• [13.x] Remove redundant PAT client table and model by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1749
• [13.x] Fix determining revoked records by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1751
• [13.x] Use the oauth_scopes property of the bearer token on TokenGuard by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1755
• [13.x] Refactor migrations by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1759
• [13.x] Cleanup by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1758
• [13.x] Use unique IDs on client model by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1757
• [13.x] Force confidential PAT client by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1761
• [13.x] Fix register a custom rendering closure for OAuthServerException by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1763
• [13.x] Use UUID to identify clients by default by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1764
• [13.x] Disable PAT requests by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1766
• [13.x] Cleanup and add feature tests by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1767
• [13.x] Always validate auth token by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1769
• [13.x] Configure the user provider for PAT by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1768
• [13.x] Fix user-token relations by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1773
• [13.x] Make client RFC compatible by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1744
• [13.x] Fix skipping consent prompt by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1777
• [13.x] Improve issuing PATs by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1780
• [13.x] Fix clients confidentiality by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1782
• [13.x] Make Passport headless (Support Laravel Jetstream and Breeze) by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1771
• [13.x] Improve performance, fix minor bugs, and add tests by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1783
• bug: mockery not setup correctly by [@JimTools](https://github.com/JimTools) in https://github.com/laravel/passport/pull/1785
• [13.x] Cleanup, improve types and tests by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1788
• [13.x] Enhance error responses by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1791
• [13.x] Rename CheckClientCredentials middleware by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1792
• [13.x] Improve resolving and converting PSR responses by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1793
• [13.x] Deprecate JSON API by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1778
• [13.x] Add new EnsureClientIsResourceOwner middleware by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1794
• [13.x] Make revoking refresh tokens optional by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1790
• [13.x] Validate key files' permissions by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1789
• [13.x] Determine if the client handles the specified grant by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1762
• [13.x] Device Authorization Grant RFC8628 by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1750
• [13.x] Release Passport 13.x by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1797

• [12.x] Update property annotation for $userId to match constructor type by [@ukkok](https://github.com/ukkok) in https://github.com/laravel/passport/pull/1805

• Supports Laravel 12 by [@crynobone](https://github.com/crynobone) in https://github.com/laravel/passport/pull/1803

• [12.x] Supports PHP 8.4 by [@crynobone](https://github.com/crynobone) in https://github.com/laravel/passport/pull/1799

• Update logo to support dark/light theme by [@milewski](https://github.com/milewski) in https://github.com/laravel/passport/pull/1787
• Fix repeated word "the" in upgrade guide by [@caendesilva](https://github.com/caendesilva) in https://github.com/laravel/passport/pull/1798

• [12.x] Add access token revoked event by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1776

• [12.x] Fix purge command by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1772

• [12.x] Add refreshToken relation to Token model by [@gdebrauwer](https://github.com/gdebrauwer) in https://github.com/laravel/passport/pull/1739

• [12.x] Make Passport's database connection configurable by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1738

• Adjust newFactory method visibility by [@brandonfarber](https://github.com/brandonfarber) in https://github.com/laravel/passport/pull/1735

• [12.x] Make commands lazy by [@timacdonald](https://github.com/timacdonald) in https://github.com/laravel/passport/pull/1731
• [12.x] Allow token "expires in" to be defined as date interval by [@jacobmllr95](https://github.com/jacobmllr95) in https://github.com/laravel/passport/pull/1733

• [12.x] Cast session lifetime to int by [@kindslayer](https://github.com/kindslayer) in https://github.com/laravel/passport/pull/1727
• [12.x] Fixes used version of L9 by [@nunomaduro](https://github.com/nunomaduro) in https://github.com/laravel/passport/pull/1730

Fixes

• Fix cookie handling for security release (#1322, 75f1ad2)

Fixed

• Use custom models in purge command if set (#1316)
• Apply table responsive on table class (#1318)

Added

• Guzzle 7 support (#1311)

Fixed

• Fix maxlength for token names (#1300)
• Improve passport:install command (#1294)

Fixed

• Fix actingAsClient token relation (#1268)
• Fix HashCommand (bedf02c)

Added

• Allow to change Models database connection (#1255, 7ab3bdb)

Fixed

• Nonstandard ID in the token's relationship with the user (#1267)

Added

• Implement secret modal (#1258)
• Warn about one-time-hashed-secret (#1259)
• Add force option to hash command (#1251)

Fixed

• Implement personal access client config (#1260)

Fixed

• Fix displaying secret in Vue component (#1244)
• Moved provider check to bearer token only (#1246)
• Fix create client call (aff9d09)

Added

• Allow client credentials secret to be hashed (#1145, ccbcfeb, 1c40ae0)
• Implement passport:hash command (#1238)
• Initial support for multiple providers (#1220)

Changed

• Client credentials middleware should allow any valid client (#1132)
• Switch from getKey() to getAuthIdentifier() to match Laravel core (#1134)
• Use Hasher interface instead of HashManager (#1157)
• Bump league server dependency (#1237)

Removed

• Remove deprecated functionality (#1235)
• Drop support for old JWT versions (#1236)

Added

• Automatic configuration of client UUIDs (#1231)

Fixed

• Fix 500 Internal Server Error response (#1222)

Fixed

• Fix resolveInheritedScopes (#1207)

Fixed

• mergeConfigFrom already checked if app is running with config cached (#1205)

Fixed

• Forget session keys on invalid match (#1192)
• Update dependencies for PSR request (#1201)

Changed

• Implement auth token for access requests (#1188)

Fixed

• Revoke refresh tokens when auth tokens get revoked (#1186)

Fixed

• Remove foreign keys (20e9b66)

Added

• Add a Passport Client factory to Passport publishing (#1171)

Changed

• Use bigIncrements and indexes on relationships (#1169, 140a693)

Added

• Update ClientCommand to support public clients (#1151)
• Purge Command for revoked and/or expired tokens and auth codes (#1159, 6c1ea42)

Changed

• Replace deprecated package and namespaces (#1158)

Added

• Allow access to HTTP response status code on OAuthServerException (#1148)
• Modify UserRepository to check for 'findAndValidateForPassport' method (#1144)

Changed

• Add abstract CheckCredentials middleware and allows to create (#1127)

Fixed

• Fix actingAsClient testing method (#1119)

Added

• Add ability to customize the RefreshToken (#966)
• Add support for "public" clients (#1065)

Changed

• Rework HandlesOAuthErrors trait to middleware (#937)
• Use a renderable exception for OAuth errors (#1066)
• Use diactoros 2.0 and psr-http-factory (aadf603)
• Replaced helpers with Blade directives (#939)
• Use caret for constraints (d906804)
• Dropped support for Laravel 5.8 (654cc09)
• Dropped support for PHP 7.1 (3c830ac)
• Upgrade to league/oauth2-server 8.0 (97e3026)

Fixed

• Fix exception will thrown if token belongs to first party clients (#1040)
• Fix auth codes table customization (#1044)
• Add key type to refresh token model (e400c2b)

Fixed

• Cast returned client identifier value to string (#1091)

Added

• Add actingAsClient method for tests (#1083)

Fixed

• Fixed key types for models (#1078, a9a885d3)

Added

• Let Passport support inherited parent scopes (#1068)
• Accept requests with the encrypted X-XSRF-TOKEN HTTP header (#1069)

Fixed

• Use bigInteger column type for user_id columns (#1057)

Changed

• Remove old 5.9 constraints (58eb99c)

Changed

• Update version constraints for Laravel 6.0 (609b5e8)

Fixed

• Merge default Passport configuration (#1039, e260c86)

Changed

• Change server property type in CheckClientCredentialForAnyScope (#1034)

Added

• Allow first party clients to skip the authorization prompt (#1022)

Fixed

• Fix AccessToken docblock (#996)

Fixed

• Allow installs of zend-diactoros 2 (c0c3fca)

Fixed

• Change wasRecentlyCreated to false (#979)

Changed

• Changed the way to get action path from url() to route() (#950)
• Allow '*' scope to be used with Client Credentials (#949)

Fixed

• Replace fire() with dispatch() (#952)

Added

• Added redirect_uri and user_id options to cli (#921, 8b8570c)
• Add ext-json dependency (#940)

Changed

• Make name an optional question (#926)

Fixed

• Do not auto increment AuthCode ID (#929)
• Allow multiple redirects when creating clients (#928)
• Add responses for destroy methods (#942)

Fixed

• Rename property (#920)

Added

• Add middleware CheckClientCredentialsForAnyScope (#855)
• Support a default scope when no scope was requested by the client (#879)
• Allow setting expiration of personal access tokens (#919)

Changed

• Change auth code table to the model's table (#865)
• Made whereRevoked consistent (#868)
• Use unsignedInteger column type for client_id columns (47f0021)

Fixed

• Prevent passing empty string variable to retrieveById method (#861)

Added

• Add names to routes for re-usability (#846)
• Add user relationship to client model (#851, 3213be8)
• Add the ability to retrieve current client (#854)

Fixed

• Fix migrations tag publish (#832)

Changed

• Authcode model is now used for persisting new authcodes (#808)
• resources/assets directory was flattened (#813)

Fixed

• Personal client exception (#831, 7bb53d1)

Added

• Add option to enable cookie serialization (9012496)

Changed

• Don't serialize by default (29e9d53)

• [12.x] Adds Laravel 11 support by [@nunomaduro](https://github.com/nunomaduro) in https://github.com/laravel/passport/pull/1702
• [12.x] Disable password grant by default by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1715
• [12.x] Make Client::$plainSecret public by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1719
• [12.x] Use more secure key permissions by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1721
• [12.x] Enhance console commands by [@hafezdivandari](https://github.com/hafezdivandari) in https://github.com/laravel/passport/pull/1724

• Add return to revokeRefreshTokensByAccessTokenId method by [@aminkhoshzahmat](https://github.com/aminkhoshzahmat) in https://github.com/laravel/passport/pull/1693

• [11.x] Allow scope repository to be constructed without parameters by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1686

• [11.x] Add the ability to limit scopes by client by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1682
• [11.x] Add support for inherited scopes when limiting scopes on clients by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1683

• Add generics to client factory by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1669
• Update composer.json by [@Smoggert](https://github.com/Smoggert) in https://github.com/laravel/passport/pull/1674
• Update composer.json by [@drhoussem](https://github.com/drhoussem) in https://github.com/laravel/passport/pull/1677

• Revert "[11.x] Add Provider Guard to ClientRepository for Personal Access Clients" by @driesvints in https://github.com/laravel/passport/pull/1658

• Add Provider Guard to ClientRepository for Personal Access Clients by @michaelnabil230 in https://github.com/laravel/passport/pull/1655

• Allow lcobucci/jwt v5 and cleaned up version constraints by @GrahamCampbell in https://github.com/laravel/passport/pull/1649
• Pass user identifier through to finalize scopes in personal access grant by @GrahamCampbell in https://github.com/laravel/passport/pull/1650

• Removed deprecated dates property from RefreshToken model by @siarheipashkevich in https://github.com/laravel/passport/pull/1645
• Removed deprecated dates property from AuthCode model by @siarheipashkevich in https://github.com/laravel/passport/pull/1644
• Fix doc block types by @hafezdivandari in https://github.com/laravel/passport/pull/1647

• Allow overriding the AccessToken class by @hafezdivandari in https://github.com/laravel/passport/pull/1638
• Make $userId nullable in ClientRepository->createPersonalAccessClient by @bram-pkg in https://github.com/laravel/passport/pull/1642

• Re-apply "Added AuthenticationException to extend the behaviour of Laravel's default exception handler" by @driesvints in https://github.com/laravel/passport/commit/67c3e336af163f6eba5dbca8e5db46275ff0e433

• Revert "Move AuthenticationException into the scope of Laravel Passport" by @driesvints in https://github.com/laravel/passport/commit/db543b0cc13ed3f56f1bffda04707fbe2a8c7ab5

• Move AuthenticationException into the scope of Laravel Passport by @chrispage1 in https://github.com/laravel/passport/pull/1633
• Custom authorization view response by @JonErickson in https://github.com/laravel/passport/pull/1629
• Fix deprecated $dates property by @TonyWong9527 in https://github.com/laravel/passport/pull/1636

Added

• Add support for EncryptCookies middleware by @axlon in https://github.com/laravel/passport/pull/1628

Changed

• Indicate current token can be TransientToken by @axlon in https://github.com/laravel/passport/pull/1627

Changed

• Update ClientCommand.php's user_id description by @Smoggert in https://github.com/laravel/passport/pull/1619
• Get model PK instead of forcibly id column by @lucaspanik in https://github.com/laravel/passport/pull/1626

Fixed

• Fix doc block for withAccessToken() by @axlon in https://github.com/laravel/passport/pull/1620

Fixed

• Get authenticated user from the guard by @hafezdivandari in https://github.com/laravel/passport/pull/1617

Added

• Laravel v10 Support by @driesvints in https://github.com/laravel/passport/pull/1615

Changed

• Uses PHP Native Type Declarations 🐘 by @nunomaduro in https://github.com/laravel/passport/pull/1594

Changed

• Add auth guard to routes by @hafezdivandari in https://github.com/laravel/passport/pull/1603

Added

• Support prompting login when redirecting for authorization by @hafezdivandari in https://github.com/laravel/passport/pull/1577

Changed

• Update PurgeCommand.php by @fatoskurtishi in https://github.com/laravel/passport/pull/1586
• Fix ClientRepository doc blocks by @axlon in https://github.com/laravel/passport/pull/1587
• Update docblock by @mnabialek in https://github.com/laravel/passport/pull/1588

Fixed

• Improve token guard return type by @axlon in https://github.com/laravel/passport/pull/1579

Changed

• Let OAuth2 server handle the denying response by @hafezdivandari in https://github.com/laravel/passport/pull/1572

• Check that properties grant_types and scopes exist by [@uintaam](https://github.com/uintaam) in https://github.com/laravel/passport/pull/1722

• [11.x] Fix getting/setting client scopes and grant types by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1717

• Consistently retrieve client uuids value from Passport by [@rojtjo](https://github.com/rojtjo) in https://github.com/laravel/passport/pull/1711
• [11.x] Allow developers to disable the password grant type by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1712

• Add getScopesAttribute and getScopesAttribute methods by [@uintaam](https://github.com/uintaam) in https://github.com/laravel/passport/pull/1709

• [11.x] Allow unsetting a user's access token by [@axlon](https://github.com/axlon) in https://github.com/laravel/passport/pull/1698
• [11.x] Add getGrantTypesAttribute method to fix Eloquent strict mode error by [@gdebrauwer](https://github.com/gdebrauwer) in https://github.com/laravel/passport/pull/1705

• [11.x] Named static methods for middleware by [@michaelnabil230](https://github.com/michaelnabil230) in https://github.com/laravel/passport/pull/1695
• Simplify Conditional Statement by [@michaelnabil230](https://github.com/michaelnabil230) in https://github.com/laravel/passport/pull/1696

Added

• Support prompting re-consent when redirecting for authorization by @hafezdivandari in https://github.com/laravel/passport/pull/1567
• Support disabling prompt when redirecting for authorization by @hafezdivandari in https://github.com/laravel/passport/pull/1569

Changed

• Custom days and hours to passport purge command by @rubengg86 in https://github.com/laravel/passport/pull/1563
• Allow for bootstrapping without loading routes by @axlon in https://github.com/laravel/passport/pull/1564

Added

• Allow authenticated client to be retrieved from the guard by @axlon in https://github.com/laravel/passport/pull/1508

Changed

• Revert model DB connection customization by @driesvints in https://github.com/laravel/passport/pull/1412
• Allow timestamps on Token model by @driesvints in https://github.com/laravel/passport/pull/1425
• Improve authenticateViaBearerToken() performance by @alecpl in https://github.com/laravel/passport/pull/1447
• Refactor routes to dedicated file by @driesvints in https://github.com/laravel/passport/pull/1464

Fixed

• Stub client on guard when calling Passport::actingAsClient() by @axlon in https://github.com/laravel/passport/pull/1519
• Fix scope inheritance when using Passport::actingAs() by @axlon in https://github.com/laravel/passport/pull/1551

Removed

• Drop PHP 7.x and Laravel v8 by @driesvints in https://github.com/laravel/passport/pull/1558
• Remove deprecated properties by @driesvints in https://github.com/laravel/passport/pull/1560
• Remove deprecated functionality and simplify some feature tests by @driesvints in https://github.com/laravel/passport/pull/1559

Changed

• Add new URI Rule to validate URI and use it to RedirectRule. by @victorbalssa in https://github.com/laravel/passport/pull/1544

Changed

• Upgrade firebase/php-jwt to ^6.0 by @prufrock in https://github.com/laravel/passport/pull/1538

Changed

• Use anonymous migrations by @mmachatschek in https://github.com/laravel/passport/pull/1531

Fixed

• Fix Faker deprecations by @X-Coder264 in https://github.com/laravel/passport/pull/1530

Changed

• Allow to use custom authorization server response (#1521)

Changed

• Laravel 9 Support (#1516)

Fixed

• Fix jsonSerialize PHP 8.1 issue (#1512)

Fixed

• Fix str_replace error when third parameter ($subject) is null (#1511)

Added

• Add custom encryption key for JWT tokens (#1501)

Changed

• Refactor expiry dates to intervals (#1500)

Fixed

• Ensure client model factory always creates models with a primary key (#1492

Changed

• Use app helper (3d1e6bb)

Fixed

• Fix binding (e3478de)

Fixed

• Backport phpseclib v2 (#1418)

Changed

• Update to phpseclib v3 (#1410)

Added

• PHP 8 Support (#1373)

Removed

• Remove Vue components (#1352)

Fixed

• Use newFactory to properly reference factory (#1349)

Added

• Support Laravel 8 & drop PHP 7.2 support (#1336)

Changed

• forceFill new auth code attributes (#1266)
• Use only one PSR 7 implementation (#1330)

Removed

• Remove old static personal client methods (#1325)
• Remove Guzzle dependency (#1327)