Changelog ========= ## 2.2.0 (2024-02-28) * BC Break: Dropped support for PHP 7.4 & 8.0, * Added: Telegram resource owner, * Bugfix: Allow `use_authorization_to_get_token` to be configured to `false` for generic OAuth2, * Bugfix: Update API version for Facebook to latest available * Bugfix: Replace custom authenticator passport with custom badge usage, * Bugfix: Fix registration of failure handler, * Bugfix: Don't miss refresh token in registration controller, * Bugfix: Allow `null` as `$registrationForm` in `RegisterController`, * Bugfix: Fix connect functionality with authentication managers, ## 2.1.0 (2023-11-30) * BC Break: Dropped support for Symfony: `>6.0, <6.3`, * Added: New Passage resource owner, * Bugfix: Remove deprecations reported by Symfony 6.4, * Chore: Added support for Symfony 7, ## 2.0.0 (2023-10-01) * Bugfix: Prevent refreshing non-expired tokens * Bugfix: Remove deprecations reported by Symfony 6.x * Bugfix: Prevent fatal error when token doesn't have resource owner name set ## 2.0.0-BETA3 (2023-08-20) * BC Break: Dropped support for Symfony: 6.0.*, * BC Break: Class `Templating\Helper\OAuthHelper` was merged into `Twig\Extension\OAuthRuntime`, * BC Break: When resource owner class doesn't define `TYPE` constant or is `null`, then key will be calculated by converting its class name without `ResourceOwner` suffix to `snake_case`, if neither is felt, then `\LogicException` will be thrown, * Deprecated: method `UserResponseInterface::getUsername()` was deprecated in favour of `UserResponseInterface::getUserIdentifier()` to match changes in Symfony Security component, * Enhancement: `@internal` resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from `GenericOAuth[X]ResourceOwner` get `oauth[X]` type. If class only implements ResourceOwnerInterface then its oauth type is `unknown`. ResourceOwner key (parameter `type` in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented `ResourceOwnerInterface` will be registered automatically. If `autoconfigure` option is disabled user have to add the tag `hwi_oauth.resource_owner` to the service definition, * Enhancement: Class `ConnectController` was split into two smaller ones, `Connect\ConnectController` & `Connect\RegisterController`, * Bugfix: Added `OAuth1ResourceOwner` & `OAuth2ResourceOwner` to cover case of implementing custom oauth resource owners, * Bugfix: Fixed Authorization Header in `CleverResourceOwner::doGetRequest`, * Bugfix: Catch also the `TransportExceptionInterface` in `AbstractResourceOwner::getResponseContent()` method, * Bugfix: Current matched Firewall is respected during generation of resource owner check path links, * Bugfix: Prevent fatal error in `OAuthUserProvider::loadUserByOAuthUserResponse()` when `nickname` is not available in OAuth response, * Bugfix: Use newer version of `firebase/php-jwt` library, * Chore: Removed not used Symfony Templating component ## 2.0.0-BETA2 (2022-01-16) * Deprecated: configuration parameter `firewall_names`, firewalls are now computed automatically - all firewalls that have defined `oauth` authenticator/provider will be collected, * Added: Ability to automatically refresh expired access tokens (only for derived from `GenericOAuth2ResourceOwner` resource owners), if option `refresh_on_expire` set to `true`, * Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option `refresh_on_expure` set to `true`, * Enhancement: (`@internal`) Removed/replaced redundant argument `$firewallNames` from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use `$resourceOwnerMapLocator->getFirewallNames()`, * Bugfix: `RefreshTokenListener` cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on `kernel.response`. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request, * Bugfix: `InteractiveLoginEvent` will be triggered also for `OAuthAuthenticator`, * Maintain: Changed config files from `*.xml` to `*.php` (services and routes). Xml routing configs `connect.xml`, `login.xml` and `redirect.xml` are steel present but deprecated. Please use `*.php` variants in your includes instead. ## 2.0.0-BETA1 (2021-12-10) * BC Break: Dropped PHP 7.3 support, * BC Break: Dropped support for Symfony: >=5.1 & <5.4, * BC Break: `OAuthExtension` is now a lazy Twig extension using a Runtime, * BC Break: removed support for `FOSUserBundle`, * BC Break: changed `process()` argument for `Form/RegistrationFormHandlerInterface`, from `Form $form` to `FormInterface $form`, * BC Break: changed form class name in template `Resources/views/Connect/connect_confirm.html.twig` from `fos_user_registration_register` to `registration_register`, * BC Break: removed configuration option `fosub` from `oauth_user_provider`, * BC Break: removed configuration options `hwi_oauth.fosub`, & all related DI parameters, * BC Break: removed DI parameter `hwi_oauth.registration.form.factory` in favour of declaring form class name as DI parameter: `hwi_oauth.connect.registration_form`, * BC Break: changed `ResourceOwnerMapInterface::hasResourceOwnerByName` signature, update if you use a custom resource owner, * BC Break: changed `ResourceOwnerMapInterface::getResourceOwnerByName` signature, update if you use a custom resource owner, * BC Break: changed `ResourceOwnerMapInterface::getResourceOwnerByRequest` signature, update if you use a custom resource owner, * BC Break: changed `ResourceOwnerMapInterface::getResourceOwnerCheckPath` signature, update if you use a custom resource owner, * BC Break: `ResourceOwnerMap` uses service locator instead of DI container, * BC Break: Removed abstract services: `hwi_oauth.abstract_resource_owner.generic`, `hwi_oauth.abstract_resource_owner.oauth1` & `hwi_oauth.abstract_resource_owner.oauth2`, * BC Break: Removed `setName()` method from `OAuth/ResourceOwnerInterface`, * BC Break: changed `__construct()` argument for `OAuth/ResourceOwner/AbstractResourceOwner`, from `HttpMethodsClient $httpClient` to `HttpClientInterface $httpClient`, * BC Break: replaced `php-http/httplug-bundle` with `symfony/http-client` * BC Break: removed `hwi_oauth.http` configuration, * BC Break: reworked bundles structure to match Symfony best practices: - bundle code moved to: `src/`, - tests moved to: `tests/`, - docs moved from `Resources/doc` into: `docs/`, * BC Break: routes provided by bundle now have `methods` requirements: - `hwi_oauth_connect_service`: `GET` & `POST`, - `hwi_oauth_connect_registration`: `GET` & `POST`, - `hwi_oauth_connect`: `GET`, - `hwi_oauth_service_redirect`: `GET`, * Added support for PHP 8.1, * Added support for Symfony 5.6, ## 1.4.5 (2021-12-08) * Bugfix: Fixed: BC break by restoring wrongly moved `AbstractOAuthToken::getCredentials()` method, ## 1.4.3 (2021-12-07) * Bugfix: Fixed support for PHP 8.1, * Bugfix: Fixed support for Symfony 5.4, * Bugfix: Fixed `VkontakteResourceOwner` option: `api_version` to not point to deprecated one, * Bugfix: `RequestStack::getMasterRequest()` is deprecated since Symfony 5.3, use `RequestStack::getMainRequest()` if exists, * Maintain: Added `GenericOAuth1ResourceOwnerTestCase`, `GenericOAuth2ResourceOwnerTestCase` & `ResourceOwnerTestCase` test case classes for easier unit testing custom resource owners ## 1.4.2 (2021-08-09) * Bugfix: remove `@final` declaration from `OAuthFactory` & `FOSUBUserProvider`, * Maintain: added `.gitattributes` to reduce amount of code in archives, ## 1.4.1 (2021-07-28) * Bugfix: Define missing `hwi_oauth.connect.confirmation` parameter, * Bugfix: Added missing success/failure handlers, ## 1.4.0 (2021-07-26) * BC Break: dropped Symfony 5.0 support as it is EOL, * BC Break: dropped PHP 7.2 support as it is EOL, * BC Break: changed `__construct()` argument for `OAuth/RequestDataStorage/SessionStorage`, from `SessionInterface $session` to `RequestStack $requestStack`, * BC Break: all internal classes are "softly" marked as `final`, * Added: Symfony 5.1 Security system support, * Added: Forward compatibility layer for session service deprecation, * Added: state support for service authentication URL's, * Added: ability to change the response after `HWIOAuthEvents::CONNECT_COMPLETED` is fired, * Added: PHPStan static analyse into CI, * Fixed: `OAuthProvide` to properly refresh data inside tokens, * Fixed: PHP notice in `AppleResourceOwner`, * Fixed: use new GitHub API in `GitHubResourceOwner`, * Fixed: functional tests with & without FOSUserBundle, * Fixed: controller don't depend on service container if possible, * Maintain: removed `Wunderlist` resource owner, * Maintain: removed several Symfony BC layers, * Maintain: removed Prophecy in favour of PHPUnit mocking, ## 1.3.0 (2021-01-03) * BC Break: dropped support for Symfony `<4.4`, * BC Break: dropped support for Doctrine Bundle `<2.0`, * Added PHP 8 support, * Upgraded Facebook API to v8.0, * Upgraded Twitch resource owner to incorporate latest Twitch API, * Fixed: undefined `id_token` exception in Azure resource owner, * Docs: changed firewall name to match flex receipt, * Maintain: moved from Travis CI to Github Actions, ## 1.2.0 (2020-10-19) * BC Break: dropped Symfony 4.3 support, * Added `first_name` & `last_name` in AzureResourceOwner, * Added: support for multiple OAuth2 state parameters, * Added: Apple resource owner, * Fixed: updated Azure `authorization` & `access_token` urls, * Fixed: Doctrine persistence deprecation errors, * Allow modification of the response in `FilterUserResponseEvent`, ## 1.1.0 (2020-04-06) * Added Symfony 5 support, * Added domain whitelist service to avoid open redirect on `target_path`, * Fixed: session service was not injected in `LoginController`, * Fixed: missing `setContainer` call to service configuration for `LoginController`, * Fixed: client id and client secret must be set in `Auth0ResourceOwner::doGetTokenRequest`, * Fixed: missing client id and client secret in `Auth0ResourceOwner`, * Twig dependency on `LoginController` is now optional, ## 1.0.0 (2020-01-17) * Dropped support for PHP 5.6, 7.0 and 7.1, * Dropped support for FOSUserBundle 1.3, * Dropped support for Symfony 2.8, * Minimum Symfony 3 requirement is 3.4, * Minimum Symfony 4 requirement is 4.3, * Fixed: WindowsLive Resource Owner token request, * Fixed: Update Facebook API to v3.1, * Fixed: Update Linkedin API to v2, * Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments, * Fixed: Symfony deprecation warning in `symfony/config`, * Fixed: SensioConnect now uses new API URLs, * Fixed: Do not add Authorization header if no client_secret is present, * Fixed: `LoginController::connectAction` should not fail if no token is available, * Added: Genius.com resource owner, * Added: HTTPlug 2.0 support, * Added: Keycloak resource owner, * Added: The controller is now available as a service, * Added: Allow to use HTTP Basic auth for token request, * [BC break] Class `Configuration` has been marked final, * [BC break] Class `ConnectController` has been marked final, * [BC break] Class `HWIOAuthExtension` has been marked final, * [BC break] Class `OAuthExtension` has been marked final, * [BC break] Class `SetResourceOwnerServiceNameCompilerPass` has been marked final, * [BC break] Class `ConnectController` extends `AbstractController` instead of `Controller`, * [BC break] Service `hwi_oauth.http_client` has been marked private, * [BC break] Service `hwi_oauth.security.oauth_utils` has been marked private, * [BC break] Several service class parameters have been removed, ## 0.6.3 (2018-07-31) * Fixed: Vkontakte profile picture & nickname path, * Fixed: `Content-Length` header must be a string, * Fixed: Upgraded GitLab end point to v4, * Fixed: Resource owner map parameters must be public, * Fixed: Azure resource owner `infos_url` should not be empty, * Fixed: Don't start sessions twice & don't start sessions if already started, * Fixed: Updated BitBucket docs, * Added: Further compatibility changes for Symfony 4.1, * Added: LinkedIn `first-` & `last-` names, * Added: Facebook profile picture ## 0.6.2 (2018-03-28) * Fixed: VK requires API version now, * Fixed: Updated Slack resource owner to use new Slack API methods, * Fixed: Changing authorization and access token to v2 for LinkedIn, * Fixed: Fix double call of `getUserInformation()` in `ConnectController`, * Fixed: Fix serialization of `AccountNotLinkedException`, * Fixed: Check for grant_rule value `IS_AUTHENTICATED_FULLY` in DI configuration, * Fixed: Don't execute `OAuthProvider::refreshAccessToken()` when there is no refresh token ## 0.6.1 (2018-01-23) * BC BREAK: Replaced `PHPUnit_Framework_TestCase` with `PHPUnit\Framework\TestCase` in tests, * Added: Implemented `getUserInformation()` for Dropbox v2, * Fixed: Headers passed to `httpRequest()` method in various resource owners, * Fixed: Marked some services as `public` to make code compatible with Symfony 4 ## 0.6.0 (2017-12-01) * BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6, * BC BREAK: `hwi.http_client` config options are remove. HTTP configuration must rely on the HTTPlug client, * BC BREAK: Template engine other than Twig are no longer supported, * BC BREAK: Option `hwi_oauth.templating_engine` was removed, * Added: Symfony 4 support, * Added: `php-http/httplug-bundle` support, to auto-provide needed HTTPlug services and get full Symfony integration, * Added: `hwi.http.client` and `hwi.http.message_factory` config keys to provide your own HTTPlug services, * Added: `HWIOAuthEvents`, * Added: `ResourceOwnerInterface::addPaths()` method for easier managing paths in resource owners, * Fixed: Update Facebook API to v2.8, ## 0.5.3 (2017-01-08) * Fixed: Bitbucket2 resource owner, * Fixed: GitHub resource owner documentation, * Fixed: Don't require any form for the connect feature, * Fixed: Uncaught exception with custom error page, * Fixed: `php-cs-fixer` updated to latest version & run on base code ## 0.5.2 (2016-12-12) * Fixed: Prevent uncaught exception when redirecting to invalid route, * Fixed: Add more details too exception when account was not linked, * Fixed: Odnoklassinki resource owner, * Fixed: Office365 resource owner, * Fixed: StackExchange resource owner, * Fixed: WeChat resource owner, * Fixed: WindowsLive resource owner ## 0.5.1 (2016-10-03) * Fixed error that could occur with message "302 Header already sent", * Exclude tests from Composer autoloader ## 0.5.0 (2016-09-11) * Fixed: `OAuthHelper` should fallback to new `Request` in case of receiving `null`, * Fixed: Better `FOSUserBundle` integration, * Fixed: Serialization issue in `WechatResourceOwner`, * Fixed: Incorrect refresh token in `WechatResourceOwner`, * Fixed: Broken `TrelloResourceOwner`, * Fixed: Removed dead code in `OAuthProvider`, * Fixed: Update Facebook API to v2.7, * Added: Symfony 3 support, * Added: Redirect to `target_path` after successful registration/connection, * Added: Asana resource owner, * Added: Bitbucket resource owner, * Added: Clever resource owner, * Added: Itembase resource owner, * Added: Jawbon resource owner, * Added: Office365 resource owner, * Added: Wunderlist resource owner, * Added: Hungarian translation ## 0.4.3 (2016-09-11) * Fixed: Request parameters are not copied into new Request on forward, * Fixed: Fixed scope deprecating message, * Fixed: Resolved deprecated message in ConnectController, * Fixed: Removed usage of deprecated code in tests ## 0.4.2 (2016-07-27) * Fixed: Change Discogs URL from http to https, * Fixed: Update Facebook API URLs to not use outdated ones ## 0.4.1 (2016-03-08) * Fixed: Remove usage of deprecated Twig function `form_enctype` & replace with usage of `form_start`/`form_end`, * Fixed: Mark as not fully compatible with Symfony `~3.0`, * Fixed: Multiple firewalls can now have different resource owners, * Fixed: Wrong URL generated for Safesforce resource owner, * Added: `include_email` option into Twitter resource owner, * Added: Hungarian translation, * Added: Documentation about FOSUser integration ## 0.4.0 (2015-12-04) * [BC break] Added `UserResponseInterface#getFirstName()` method, also a new default path `firstname` was added, this path holds the first name of user, * [BC break] Added `UserResponseInterface#getLastName()` method, also a new default path `lastname` was added, this path holds the last name of user, * [BC break] Added `UserResponseInterface::getOAuthToken()` & basic implementation in `AbstractUserResponse`, * [BC break] `GenericOAuth1ResourceOwner::getRequestToken()` is now public method (was protected), * Added: configuration parameter `firewall_name` (will be removed in next major version) renamed to `firewall_names` to support multiple firewalls, * Added: configuration parameter: `failed_auth_path` which contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection), * Added: `appsecret_proof` functionality support to the Facebook resource owner, * Added: `sandbox` functionality support to the Salesforce resource owner, * Added Auth0 resource owner, * Added Azure resource owner, * Added BufferApp resource owner, * Added Deezer resource owner, * Added Discogs resource owner, * Added EveOnline resource owner, * Added Fiware resource owner, * Added Hubic resource owner, * Added Paypal resource owner, * Added Reddit resource owner, * Added Runkeeper resource owner, * Added Slack resource owner, * Added Spotify resource owner, * Added Soundcloud resource owner, * Added Strava resource owner, * Added Toshl resource owner, * Added Trakt resource owner, * Added Wechat resource owner, * Added Wordpress resource owner, * Added Xing resource owner, * Added Youtube resource owner, * Fixed: Revoking tokens for Facebook & Google resource owners, * Fixed: Instagram allows only GET calls to fetch user details, * Fixed: `ResourceOwnerMap` no longer depends on deprecated `ContainerAware` class, * Fixed: Wrong usage of `json_decode` in Mail.ru resource owner, * Fixed: Transform storage exceptions in OAuth1 resource owners into `AuthenticationException` * Fixed: Default scopes & fields for VKontakte resource owner ## 0.3.9 (2015-08-28) * Fix: Remove deprecated Twig features * Fix: Undefined variable in `FOSUBUserProvider::refreshUser` * Fix: Restore property accessor for Symfony 2.3 ## 0.3.8 (2015-05-04) * Fix: Remove BC break for Symfony < 2.5, * Fix: Compatibility issues with Symfony 2.6+, * Fix: Deprecated graph URLs for `FacebookResourceOwner` ## 0.3.7 (2014-11-15) * Fix: `SessionStorage::save()` could throw php error, * Fix: `OAuthToken::isExpired()` always returned `false`, * Fix: `FoursquareResourceOwner`, `TwitchResourceOwner`, `SensioConnectResourceOwner` not working with bearer header, * Fix: Don't use deprecated fields in `FacebookResourceOwner`, * Fix: `FOSUBUserProvider::refreshUser()` always returning old user, ## 0.3.6 (2014-06-02) * Fix: `InstagramResourceOwner` regression while getting user details, * Fix: Add smooth migration for session (de)serialization ## 0.3.5 (2014-05-30) * Fix: `LinkedinResourceOwner` regression while getting user details, * Fix: OAuth `revoke` functionality to be available wider, * Fix: Removed undocumented functionality from `SinaWeiboResourceOwner`, * Fix: Always remove default ports from URLs to match OAuth 1.0a, Spec: 9.1.2 ## 0.3.4 (2014-05-12) * Fix: Instagram OAuth redirect to one url, * Fix: `FOSUBUserProvider` should also implement `UserProviderInterface`, * Fix: `YahooResourceOwner` `infos_url` to use new format, * Fix: Send authorization via headers instead of URL parameter, * Fix: `GithubResourceOwner` revoke method, * Fix: Add login routing documentation note ## 0.3.3 (2014-02-17) * Fix: Incorrect redirect URL when no parameters are set, * Fix: Add missing parameter `prompt` for `GoogleResourceOwner`, * Fix: `WordpressResourceOwner` user details API call, * Fix: PHP Notice when `oauth_callback_confirmed` was set too `false`, * Fix: PHP Fatal when session returns boolean instead of object, * Fix: Add missing query parameters for `FacebookResourceOwner` ## 0.3.2 (2014-02-07) * Fix: Prevent `SessionUnavailableException` when returns back from service, * Fix: `EntityUserProvider` should implement `UserProviderInterface`, * Fix: `createdAt` property was missing when serializing the `OAuthToken`, * Added Italian translations ## 0.3.1 (2014-01-17) * Fix: Change Twitter API call to use SSL URL, * Fix: Problems with options in `VkontakteResourceOwner`, * Fix: Problems with OAuth 1.0a token & `YahooResourceOwner`, * Fix: Throw exception in `FOSUBUserProvider` when username is missing * Added SalesForce resource owner ## 0.3.0 (2013-09-28) * [BC break] `AccountConnectorInterface::connect()` method now requires the first parameter to be instance of `Symfony\Component\Security\Core\User\UserInterface` * [BC break] `ConnectController::authenticateUser()` method now requires the first parameter to be instance of `Symfony\Component\HttpFoundation\Request` * [BC break] Removed `AbstractResourceOwner::addOptions()` method * [BC break] `OAuthUtils::getAuthorizationUrl()` & `OAuthUtils::getLoginUrl()` methods now expect first parameter to be instance of `Symfony\Component\HttpFoundation\Request` * [BC break] LinkedIn resource owner now uses OAuth2 approach, visit official web page for details how to migrate: https://developer.linkedin.com/documents/authentication#migration * [BC break] Dropbox resource owner now uses OAuth2 approach * Added ability to merge response parts into single path * Added Bitly resource owner * Added Box resource owner * Added Dailymotion resource owner * Added DeviantArt resource owner * Added Eventbrite resource owner * Added Mail.ru resource owner * Added Sina Weibo resource owner * Added QQ.com resource owner * Added Trello resource owner * Added Wordpress resource owner ## 0.3.0-alpha2 (2013-07-29) * [BC break] Added `ResourceOwnerInterface::isCsrfTokenValid()` method * [BC break] Removed `OAuth1RequestTokenStorageInterface` along with the implementations * [BC break] `AbstractResourceOwner::__construct()` now requires `RequestDataStorageInterface` instance as last argument * Fix: Yandex resource owner using invalid parameter when requesting user data * Fix: To prevent unusual content headers response from resource owners should be first threaten as json and only in case of failure threaten as query text * Fix: Instagram resource owner is not able to receive user data more than once * Added ability to disable confirmation page when connecting accounts * Added CSRF protection for OAuth2 providers (turned off by default) * Added `RequestDataStorageInterface` along with implementation * Added Stereomood resource owner ## 0.3.0-alpha1 (2013-07-03) * [BC break] `GenericOAuth2ResourceOwner::getAccessToken()` now returns an array instead of a string. This array contains the access token and its 'expires_in' value, along with any other parameters returned from the authentication provider * [BC break] Added `OAuthAwareExceptionInterface#setToken()`, `OAuthAwareExceptionInterface#getRefreshToken()`, `OAuthAwareExceptionInterface#getRawToken()`, `OAuthAwareExceptionInterface#getExpiresIn()` methods * [BC break] Renamed `AbstractResourceOwner::doGetAccessTokenRequest` to `doGetTokenRequest` * [BC break] Removed `AdvancedPathUserResponse` & `AdvancedUserResponseInterface` * [BC break] Added `UserResponseInterface#getEmail()`, `UserResponseInterface#getProfilePicture()`, `UserResponseInterface#getRefreshToken()`, `UserResponseInterface#getExpiresIn()`, `UserResponseInterface#setOAuthToken()` methods * [BC break] Removed `UserResponseInterface::setAccessToken()` method * [BC break] Removed `AbstractUserResponse::getOAuthToken()` method because it was ambiguous * [BC break] `PathUserResponse#setPaths()` method no longer overwrite default paths * [BC break] `PathUserResponse#getPath()` method no longer throws an exception if path not exists * [BC break] `PathUserResponse#getValueForPath()` removed second argument from this method, it will not throw exception anymore if response or value is missing, but now will return `null` instead * [BC break] Added `ResourceOwnerInterface#getOption($name)` method * [BC break] `ResourceOwnerInterface#getUserInformation()` now must receive array (`$accessToken`) as first parameter, also added second parameter (`$extraParameters`) to be consistent along all implementations * Added `OAuthToken::getRefreshToken()`, `OAuthToken::setRefreshToken()`, `OAuthToken::getExpiresIn()`, `OAuthToken::setExpiresIn()`, `OAuthToken::getRawToken()`, `OAuthToken::setRawToken()` * Added `AbstractResourceOwner#addOptions()` & `ResourceOwnerInterface#setOption($name, $value)` methods which allows easy overwriting resource specific options * Added support for options: `access_type`, `request_visible_actions`, `approval_prompt` & `hd` in Google resource owner * Added 37signals resource owner * Added Amazon resource owner * Added Bitbucket resource owner * Added Disqus resource owner * Added Dropbox resource owner * Added Flickr resource owner * Added Instagram resource owner * Added Odnoklassniki resource owner * Added Yandex resource owner ## 0.2.10 (2013-12-09) * Fix: use `Symfony\Component\Security\Core\User\UserInterface` in `EntityUserProvider::refreshUser` * Fix: made `SessionStorage` compatible with Symfony 2.0 ## 0.2.9 (2013-09-25) * Fix: Regression done in version `0.2.8` blocking usage without `FOSUserBundle` * Fix: `OAuthUtils::getAuthorizationUrl()` ignoring given redirect URL ## 0.2.8 (2013-09-19) * Fix: Added missing parts in user providers like: `loadUserByUsername()` or `refreshUser()` methods * Fix: Registering of user provider services * Fix: Make `OAuthUtils::signRequest()` compatible with OAuth1.0a specification ## 0.2.7 (2013-08-03) * Fix: Polish oauth error detection to cover cases from i.e. Facebook resource owner * Fix: Changed authorization url for Vkontakte resource owner ## 0.2.6 (2013-06-24) * Fix: Use same check for FOSUserBundle compatibility to prevent strange errors with calls of undefined services * Fix: User-land aliased (resource owner) services have the appropriate name ## 0.2.5 (2013-05-29) * Fix: Use user identifier represented as string for Twitter to prevent issues with losing accuracy for large numbers (i.e. Javascript) or type comparison (i.e. MongoDB) * Fix: Don't depend on `arg_separator.output` data for URL generation to prevent issues ## 0.2.4 (2013-05-15) * Fix: Throw `Symfony\Component\Security\Core\Exception\AccessDeniedException` & `Symfony\Component\HttpKernel\Exception\NotFoundHttpException` instead of `\Exception` to make cases more clear * Fix: Detect `oauth_problem` as authorization error and inform user instead logging error in background * Fix: Request extra parameters should have higher priority than default * Fix: How urls are build in resource owners * Fix: Missing parameter in `YahooResourceOwner` ## 0.2.3 (2013-05-06) * Added `AbstractUserResponse::getOAuthToken()` method to allow fetching only OAuth token details * Added french translation * Fix: FB incompatibility with 'error' field in response ## 0.2.2 (2013-04-15) * Fix: FOSUB registration form handler * Fix: Use API 1.1 for Twitter, not the deprecated 1.0 ## 0.2.1 (2013-03-27) * Fixed issue with FOSUserBundle 2.x integration ## 0.2.0 (2013-03-26) * Added support for a `target_path_parameter` in order to control the redirect path after login * Added `hwi_oauth_authorization_url()` twig helper function * Added Jira resource owner * Added Yahoo resource owner * Added setting `realm` in configuration * Added support for FOSUserBundle 2.x integration * Added Stack Exchange resource owner * Fix: configuration parameter `firewall_name` is required * Fix: prevent throwing `AlreadyBoundException` when using FOSUserBundle 1.x integration * Fix: check for availability of `profilePicture` in views before calling it * Fix: `InMemoryProvider` now shows user nickname as name instead of unique identifier * Fix: don't set `realm` option if is empty in request headers * Fix: for infinity loop blockade and error token response handling ## 0.1-alpha (2012-08-27) * [BC break] Renamed path `username` to `identifier` to make it more clear that this path should hold the unique user identifier (previously `username`) * [BC break] Method `UserResponseInterface#getUsername()` now always returns a real unique user identifier, and uses path `identifier` * [BC break] `OAuth1RequestTokenStorageInterface#save()` second param `$token` must now be an array * [BC break] Configuration type 'generic' is renamed to 'oauth2' * [BC break] `redirect.xml` routing has to be imported. See the setup docs * Added `UserResponseInterface#getRealName()` method, also a new default path `realname` was added, this path holds the real name of user * Added `UserResponseInterface#getNickName()` method, also a new default path `nickname` was added, this path holds the nickname of user * Added `UserResponseInterface#getAccessToken()` and `UserResponseInterface#setAccessToken` * Added `OAuthToken#getCredentials()` returns an empty string to be consistent with the security component. The access token can still be retrieved from the `getAccessToken()` method * Added change that forces all authentication requests are now redirected to the login path * Added change that makes `firewall_name` option required setting * Added OAuth 1.0a support (linkedin/twitter/generic)