Releases: googleapis/google-auth-library-php
Releases · googleapis/google-auth-library-php
v1.21.0
Features
- Support for Firebase v6.0 (#391)
IMPORTANT This release will break backwards compatibility in some cases. If you are using OAuth2::verifyIdToken and passing multiple algorithms as the second argument, this will now throw an exception:
// No problem here, only 1 algorithm is being used
$oauth->verifyIdToken($publicKeys, ['RS256']);
// This was accepted before, but it will now throw an InvalidArgumentException
$oauth->verifyIdToken($publicKeys, ['RS256', 'HS256']);
This is because we are closing a security vulnerability (see CVE-2021-46743 and GHSA-8xf4-w7qw-pjjw), and there is no way to close it without throwing an exception in this case. The recommended way to do this is now to pass an array of Firebase\JWT\Key as $publicKeys:
// create an array of Firebase\JWT\Key. For example:
use Firebase\JWT\Key;
$keys = [
new Key($publicKeys[0], 'RS256'),
new Key($publicKeys[1], 'HS256'),
];
$oauth->verifyIdToken($keys);
v1.20.1
Miscellaneous
- many fixes and improvements to phpdoc, thanks to
phpstan (#392)
v1.20.0
Dropping Support
- PHP 5.6 and 7.0 are no longer supported
Features
- add support for psr/cache:3 (#364)
- add
Google\Auth\Cache\TypedItem (for psr/cache:3) (#364)
Bug Fixes
- throw audience mismatch when audience doesn't exist (#370)
v1.19.0
Dropping Support
- PHP 5.4 and 5.5
- Guzzle 5
- Firebase JWT 2.0, 3.0, and 4.0
v1.18.0
1.18.0 (08/24/2021)
- [feat]: Add support for guzzlehttp/psr7 v2 (#357)
v1.17.0
1.17.0 (08/18/2021)
- [fix]: consistently use useSelfSignedJwt method in ServiceAccountJwtAccessCredentials (#351)
- [feat]: add loading and executing of default client cert source (#353)
- [feat]: add support for proxy-authorization header (#347)
v1.16.0
1.16.0 (06/22/2021)
- [feat]: allow ServiceAccountJwtAccessCredentials to sign scopes (#341)
- [feat]: allow psr/cache:2.0 (#344)
v1.15.2
1.15.2 (06/21/2021)
- [fix]: ensure cached tokens are used for GCECredentials::signBlob (#340)
- [fix]: adds check for getClientName (#336)
v1.15.1
1.15.1 (04/21/2021)
- [fix]: update minimum phpseclib for vulnerability fix (#331)
v1.15.0
1.15.0 (02/05/2021)
- [feat] add support for PHP 8.0 by updating dependencies and tests (#318, #319)
