For a diff between two versions https://github.com/lexik/LexikJWTAuthenticationBundle/compare/v1.0.0...v3.1.1
3.1.1 (2025-01-06)
- bug #1267 Fix wrongly silenced signing failure (@BackEndTea)
- bug #1259 fix issue #1258 JWTCookieProvider does set flags cookie flags when value is false (@mustapayev)
- bug #1225 Fix default values in WebToken services when encryption disabled (@NeuralClone)
- bug #1238 chore: add testrun for PHP 8.4. Fix implicit nullable parameter (@Chris8934, @chalasr)
3.1.0 (2024-07-03)
- bug #1226 feature: fix deprecation of Extension (@Chris8934)
3.0.0 (2024-05-05)
- feature #1202 Remove support for Symfony <6.4 and PHP <8.2 (@maxhelias)
- feature \5b5400b Remove namshi/jose on 3.x (@maxhelias)
- feature #1056 Drop PHP <7.1 and Symfony <5.3 support (@wouter-toppy)
2.21.0 (2024-04-27)
- feature #1218 Invalidate a JWT token (@ldaspt)
- feature #1170 Invalidate a JWT token (@ldaspt)
- feature #1207 Web-Token Framework simplified (@Spomky)
- bug \60770f1 Fix CI & web-token encryption support (@Spomky)
2.20.3 (2023-12-14)
- bug #1184 Wrong type exception for AccessTokenLoader with certain configuration (@athanasius-kircher)
- bug #1183 Fix for PHP <7.4 compatibility (@fracsi)
2.20.2 (2023-12-05)
2.20.1 (2023-12-02)
2.20.0 (2023-12-01)
- feature #1041 WebToken support integration (@Spomky)
- feature #1159 Added: JWT security scheme to openapi (@Ninos)
- feature #1167 add support for partitioned cookies (@EmilePerron)
- feature #1165 Support Symfony 7 (@endroid, @chalasr)
2.19.1 (2023-07-03)
- bug #1149 add description to authentication path (@Altherius)
- bug #1144 Fix missing array claims BC break in 2.9.0 (@ostrolucky)
2.19.0 (2023-06-05)
- bug #1119 Fix API Platform integration (@maxhelias)
- bug #1120 Remove deprecation symfony 6.3 (@maxhelias)
- bug #1133 Fixed issue with option user_id_claim (@koftikes)
- bug #1134 Fix ForwardCompatAuthenticatorTrait with OPCache preload (@elavrom)
- feature #1125 Allow lcobucci/jwt v5 (@maxhelias)
2.18.1 (2023-13-02)
2.18.0 (2023-08-02)
- bug #1109 Replaced deprecated ValidAt() with LooseValidAt() (carcabot)
- feature #1112 Better API Platform and json_login compatibility (alanpoulain)
2.17.0 (2023-03-02)
- bug #1110 Use the Security domain for translated messages (jderusse)
- bug #1105 Fix creation of dynamic property (SpartakusMd)
- feature #1098 Add API Platform compatibility (vincentchalamon)
- bug #1096 Test under Symfony 6.2 / PHP 8.2 (chalasr)
- feature #1092 allow environment variables for
remove_token_from_body_when_cookies_used
(usu) - bug #1067 Fixes TypeError in JWTManager (magikid)
- feature #1072 Inject Clock in LcobucciJWSProvider (dbrumann)
- bug #1069 Improve user_identity_field deprecation message (lobodol)
- feature #1046 try to invalidate realpath cache if keypair loading failed (lobodol)
2.16.0 (2022-06-12)
- feature #1037 Deprecate user_identity_field config option (chalasr)
- feature #1020 Add
allow_no_expiration
option to allow validating tokens without ttl (pluk77) - bug #1019 Fix #944: Separate CompatFailureResponse from FailureResponse (GErpeldinger)
- bug #1015 Fix ECDSA algo names in LcobucciJWSProvider (lovenunu)
- feature #1007 Allow for creation of tokens without exp (pluk77)
- bug #1001 Fix deprecations on Symfony 6.1 (chalasr)
## 2.15.1 (2022-04-06)
- bug #999 Unify audience claim (aerrasti)
- feature #995 Add Request object into AuthenticationFailureEvent (dmytro-shulyakov)
2.15.0 (2022-04-04)
- feature #995 Add Request object into AuthenticationFailureEvent (dmytro-shulyakov)
- bug #982 Fix a type related depreciation with php 8.1 (RiffFred)
- feature #973 Translate message errors (flohw)
- bug #976 Fix authentication with integer as useridentifier (Floruzus)
2.14.4 (2022-01-05)
- bug #972 Typo-Fix in the ChainUserProvider (KhorneHoly)
2.14.3 (2021-12-15)
- feature #940 Add
remove_token_from_body_when_cookies_used
config option (TjorvenB) - feature #928 Add support of multiple public keys to verify tokens with a set of keys (alexandre-daubois)
- feature #958 Allowing session cookie (split cookie) (JeremyPasco)
- bug #969 Fix PHP 8.1 deprecation - avoid passing null to is_file() (chalasr)
- bug #966 fix getIterator compatible with php 8.1 (eerison)
2.14.2 (2021-12-05)
- bug #961 Allow symfony/deprecations-contract v3.0 (bravik)
- bug #951 Test instanceof Passport instead of more restrictive SelfValidatingPassport (TristanPouliquen)
2.14.1 (2021-11-02)
2.14.0 (2021-11-01)
- feature #923 Add 3 new getter method to JWTTokenAuthenticator (fd6130)
- bug #931 Only attempt split_cookie extraction if all of the cookies are present (carlobeltrame)
- feature #925 Allow to set provider in jwt authenticator (fd6130)
- feature #937 Symfony 6 Compatibility (mbabker)
- bug #922 Fix error when trying to decode token using new authenticator system (fd6130)
2.13.0 (2021-09-15)
- feature #916 Allow to use custom authenticator by extending JWTAuthenticator (fd6130)
- bug #914 Bundle breaks application if Symfony Console not installed (yivi)
- feature #912 Added argument to AuthenticationSuccessHandler to stop token from being removed from response (naitsirch)
- bug #905 Changed
JWTAuthenticator::start
method return type to more genericResponse
type (aurimasniekis) - feature #903 Implement
AuthenticatorInterface::createToken()
(Symfony 5.4) (chalasr)
2.12.6 (2021-07-30)
- bug 66ec1e0 Fix missing import (chalasr)
2.12.5 (2021-07-29)
2.12.4 (2021-07-28)
2.12.3 (2021-07-7)
2.12.2 (2021-07-3)
2.12.1 (2021-06-28)
2.12.0 (2021-06-23)
- feature #872 Add new
jwt
authenticator for Symfony 5.3+ Security system (TristanPouliquen, chalasr) - bug #878 Handle misc. Symfony 5.3 deprecations, update CI config (mbabker)
- bug #864 Remove development files from releases (phansys)
2.11.3 (2021-05-12)
- bug a175d6dab9 Prevent user enumeration via response content (chalasr)
2.11.2 (2021-02-17)
- bug #840 [Security] On Authentication failure, replace MessageData (mpiot)
- bug #838 Fix wiring GenerateKeyPairCommand when key paths are null (chalasr)
2.11.1 (2021-02-10)
2.11.0 (2021-02-9)
- bug #833 KeyLoaderInterface::getPassphrase() might return null and we need a string (drupol)
- feature #832 Make AbstractKeyLoader::getSigningKey() and AbstractKeyLoader::getPublicKey public (drupol)
- feature #817 Feat: add keypair generation command (bpolaszek)
- feature #816 Remove support for lcobucci/jwt <3.4 & symfony/* <4.4 (chalasr)
2.10.7 (2021-05-12)
- bug a175d6dab9 Prevent user enumeration via response content (chalasr)
2.10.6 (2021-01-20)
- bug #827 Use named constructor for lcobucci/jwt Ecdsa signers (chalasr)
- bug #826 Fix creating tokens when iat is already set in the payload (chalasr)
2.10.5 (2020-12-19)
2.10.4 (2020-12-18)
2.10.3 (2020-11-30)
- bug #804 Fix ability to set extra standard claims in the input payload (bis) (chalasr)
- bug #807 Fix compatibility with locbucci/jwt 3.2 (chalasr)
2.10.2 (2020-11-30)
- bug #801 Fix ability to set extra standard claims in the input payload (chalasr)
- bug #796 Set Token on ExpiredTokenException (AdrienBr)
2.10.1 (2020-11-28)
2.10.0 (2020-11-23)
- feature #790 Fix Symfony 5.2 getProviderKey deprecation (ogizanagi)
- feature #792 PHP 8 Support (chalasr)
2.9.0 (2020-10-27)
- feature #769 Added support for composed cookies (lukacovicadam)
- bug #787 fix day saving transition php (flaugere)
- bug #780 Add deprecation message argument to JWTFactory.php (chrBrd)
- feature #786 Allow token creation from an existing payload (RicoLannez)
- feature #677 chore/implement-against-key-loader-interface (TiMESPLiNTER)
- feature #767 Added the possibility to choose if the cookie is "secure" or not (Mael-91)
2.8.0 (2020-06-14)
- feature #761 Expose payload in encode/decode exceptions (chalasr)
- bug #755 Drop php 5.5 compat, Test against php 7.4 + symfony 5.1 and fix deprecations (acrobat)
- bug #683 Handle ChainUserProvider (Gemorroj)
2.7.0 (2020-05-29)
- feature #753 Add
set_cookies
option to store JWT in secure cookies (chalasr) - feature #737 Enable to keep the modified payload after decode (cedriclombardot)
2.6.5 (2019-11-22)
- bug #689 Symfony 4.4/5.0 compatibility (Deuchnord)
- bug #687 Authentication Exception Message from its key (arslan)
- bug #675 Use late static binding on JWTUser (kaznovac)
2.6.4 (2019-07-27)
- bug #669 Fix dispatch signature on SF > 4.3 (Webonaute)
- bug #650 Fixed AuthenticaionFailureHandler to utilize messages from custom exceptions (EresDev)
2.6.3 (2018-04-17)
- bug #644 Fix FC/BC layer for EventDispatcher (nicolas-grekas)
2.6.2 (2018-04-1)
- bug #637 Fix deprecations on symfony/event-dispatcher:4.3 (chalasr)
- bug #620 Fix missing $config variable (Oliboy50)
- bug #618 Use the JWTTokenManagerInterface (trsteel88)
- bug #593 Make JWTManager::$userIdClaim nullable (chalasr)
2.6.1 (2018-11-18)
2.6.0 (2018-11-1)
- bug #574 fix clockSkew not taken into account in some case (mu4ddi3)
- bug #554 Fix deprecations on Symfony 4.2 (chalasr)
- feature #537 Customizable User ID Claim (Spomky)
- feature #503 Allow setting the "exp" claim from event listeners (MaximeMaillet)
2.5.4 (2018-08-2)
2.5.3 (2018-07-6)
2.5.2 (2018-07-3)
2.5.1 (2018-06-30)
2.5.0 (2018-06-29)
- feature #508 Replace namshi/jose by lcobucci/jwt (chalasr)
- feature #485 Add a
lexik:jwt:generate-token
command (sroze) - feature #369 Fix HMAC support (chalasr)
- feature #492 Clock skew (patrickjDE)
- feature #433 Added setPayload to JWTDecodedEvent analogous to JWTCreatedEvent. (vgeyer)
- feature #412 Make the token type case insensitive (greg0ire)
- feature #404 CheckConfigCommand should not be container aware (chalasr)
- feature #352 JWT header alteration (Spomky)
- feature #344 Add an extension point on the PayloadAwareUserProviderInterface (sroze)
2.4.3 (2017-11-6)
- bug #408 Response classes shouldn't have the @internal PhpDoc tag (lashae)
- bug #403 Switch to PSR-4 namespaces for PHPUnit (chalasr)
- bug #399 Fix sf3.4 command autoregistration deprecation (ogizanagi)
2.4.2 (2017-10-19)
- bug #398 Fix Symfony 4 compatibility (benji07)
- bug #383 Don't register lcobucci encoder if lcobucci/jwt is not installed (chalasr)
2.4.1 (2017-08-29)
2.4.0 (2017-05-10)
- feature #330 Allow empty ttl for testing purpose (chalasr)
- bug #328 Fix autowiring for upcoming Symfony 3.3 (chalasr)
2.3.0 (2017-04-14)
- bug #325 Move ttl
is_numeric
check from build time to runtime to allow use of %env()% (DrBenton) - feature #320 Allow for Response Body without JWT Token (Batch1211)
- feature #317 Use symfony/phpunit-bridge for testing (chalasr)
2.2.0 (2017-03-09)
- feature #312 Ease sharing keys between parties (chalasr)
- bug #311 Handle empty or null authorization header prefix (chteuchteu)
- feature #303 Throw less missleading exception if SSL keys could not be loaded (phansys)
2.1.1 (2017-01-23)
- bug #302 Return user object from User Provider refresh (MisterGlass)
2.1.0 (2016-12-30)
- feature #278 Add JWTUserProvider for loading users from the JWT itself (chalasr)
- bug #287 Avoid override existing properties in failure response (kevin-lot)
2.0.3 (2016-12-05)
- bug #285 Avoid validating key paths before container compilation (chalasr)
- feature #283 Ease creating tokens programatically (chalasr)
- bug #282 Catch exception from lcobucci parser on invalid but correctly formatted token (chalasr)
- feature #276 Added
getProviderKey()
to JWTUserToken (eXtreme) - #280 Travis: build on sf 3.2 + highest/lowest deps, fix build on hhvm (chalasr)
- #269 Improve the structure of the documentation (chalasr)
2.0.2 (2016-10-27)
- feature #262 Add composer test script (chalasr)
- bug #261 The security token must be authenticated no matter of the user's roles (chalasr)
2.0.1 (2016-10-20)
- feature #257 Set autowiring types on services with many alternatives
2.0.0 (2016-10-16)
-
feature #249 Avoid setting exp claim from JWTManager (chalasr)
-
feature #246 Add a simple built-in encoder based on lcobucci/jwt (chalasr)
-
feature #184 [Security] Deprecate current system in favor of a JWTTokenAuthenticator (Guard) (chalasr)
-
feature #218 Add more flexibility in token extractors configuration (chalasr)
-
feature #217 Refactor TokenExtractors loading for easy overriding (chalasr)
-
feature #196 Make *_key_path config options not mandatory (chalasr)
-
feature #162 [Encoder] Handle OpenSSL/phpseclib engines and algorithms (chalasr)
-
#175 Stop ensuring support for PHP versions smaller than 5.0 (chalasr)
-
#167 and #169 Stop ensuring support Symfony versions smaller than 2.8 (chalasr)
1.7.0 (2016-08-06)
v1.6.0 (2016-07-07)
v1.5.1 (2016-04-11)
v1.5.0 (2016-04-07)
- feature #157 Allow to set a custom response in case of authentication failure or invalid/not found token (chalasr)
- feature #154 Add OpenSSLKeyLoader (chalasr)
- feature #147 Made the public and private key paths not required… (ovidiumght)
- bug #142 Add response message in case of invalid token (chalasr)
v1.4.3 (2016-01-30)
v1.4.1 (2016-01-21)
v1.4.0 (2016-01-20)
- feature #117 Allow empty ttl (soyuka)
- feature #113 Add symfony 3.0 support (Ener-Getick)
- feature #110 Updated to newest namshi/jose. Dropped support for PHP 5.3 (TiS)
- feature #103 added functional boot test (slashfan)
- feature #96 Add custom authorization header name (pdoreau)
v1.3.1 (2015-10-21)
v1.3.0 (2015-10-21)
- feature #100 Add authentication_listener option (yelmontaser)
v1.2.0 (2015-09-28)
- bug #92 Fix authentication event propagation (mRoca)
- feature #88 Add WWW-Authenticate response header on 401 (teohhanhui)
- feature #76 Add cookie token extractor (tnucera)
v1.1.0 (2015-07-08)
- feature #73 add JWTEncodedEvent so JWT string is available after its creation (9orky)
- feature #69 Added new event when token is authenticated (gamringer)
v1.0.10 (2015-06-05)
v1.0.9 (2015-06-05)
- bug #70 fixed deprecated errors for symfony 2.6 plus (slashfan)
- feature #67 Move security details to parameters.yml.dist (Maltronic)
v1.0.8 (2015-04-20)
v1.0.6 (2015-02-17)
- feature #45 Adding AuthenticationException to the AuthenticationFailureEvent (ghost)
- feature #43 Added identity field funcionality and its unit test. (victuxbb)
- feature #40 Add flexibilty to the provider and manager (slashfan)
v1.0.5 (2014-09-16)
- feature #28 Improve response and dispatch event in AuthenticationFailureHandler (EmmanuelVella)
v1.0.4 (2014-08-13)
- feature #27 Added encoder / decoder service customization (#24) (slashfan)
- feature #19 Add response in success event (EmmanuelVella)
- feature #18 Improve json 401 exception (EmmanuelVella)
v1.0.2 (2014-07-11)
v1.0.0 (2014-05-16)
- feature #10 Added ability to throw exceptions for handling later and to disable the catch-all entry point (gfreeau)
- feature #9 Changed entry point to contain a message and return json (gfreeau)
- bug #7 Jwt entry point fix #6 (jaugustin)
- feature #5 Firewall config (slashfan)
- feature #2 Symfony2.3+ compatibility (slashfan)