CakePHP Authentication 2.9.0

What's Changed

• Support for JSON Web Key Sets by @swiffer in #505

New Contributors

• @swiffer made their first contribution in #505

Full Changelog: 2.8.0...2.9.0

CakePHP Authentication 2.8.0

What's Changed

• Allow skipping the challenge exception generation for Http Basic/Digest Auth. by @ADmad in #498
• Fixed translation errors in documents. by @karintou8710 in #503
• Added the default option to add the application salt to the cookie by @RobertoRoos in #467

⚠️ Important Upgrade Information for Cookie Authenticator Users

This release changes the default stored token for Cookie Authenticator. The token is now comprised of hash(username + password-hash + hmac(username + password, salt)). This helps prevent forged tokens from being created in case an application database is compromised. This change will invalidate all existing cookie tokens. If you do not desire that, be sure to set salt => false in your configuration for CookieAuthenticator

New Contributors

• @karintou8710 made their first contribution in #503
• @RobertoRoos made their first contribution in #467

Full Changelog: 2.7.0...2.8.0

CakePHP Authentication 2.7.0

What's Changed

• Bump firebase/php-jwt to v5.5, and deprecate algorithms in favour of only using a single algorithm in JwtAuthenticator. by @markstory, @ADmad, @pabloelcolombiano in #500

Full Changelog: 2.6.2...2.7.0

CakePHP Authentication 2.6.2

What's Changed

• Improve Documentation including translations to Spanish and French @zachee54, @davidyell, @opeadeyomoye, @enviniom, @Arhell, @LordSimal, @ADmad, @ndm2, @ravage84 in #452, #455, #456, #457, #461, #463, #466, #469, #474, #475, #477, #480, #478, #487, #490
• Improve CI tooling @othercorey, @CriztianiX in #483, #460, #489, #491
• Add php 8.1 to matrix by @othercorey in #484, #482, #492, #496
• Fix cakephp 4.3 deprecations by @othercorey in #486

Security Improvements

• Overwrite "algorithms" config of JWT authenticator instead of merging. by @ADmad in #501

New Contributors

• @zachee54 made their first contribution in #452
• @opeadeyomoye made their first contribution in #463
• @enviniom made their first contribution in #469
• @albertcansado made their first contribution in #472
• @Arhell made their first contribution in #477
• @LordSimal made their first contribution in #478
• @CriztianiX made their first contribution in #482

Full Changelog: 2.6.1...2.6.2

CakePHP Authentication 2.6.1

Fixes

• Improved documentation.
• Cleaned up extra parameters passed in tests.
• Improved the loginUrl mismatch error message.
• Fixed a regression where identity instances that already implement IdentityInterface were being wrapped in a decorator when it wasn't necessary.

CakePHP Authentication 2.6.0

Fixes

• Update AuthenticationRequiredException to extend HttpException so that proper status code is set. #437

Enhancements

• Allow customizing identity attribute in IdentityHelper. #436

CakePHP Authentication 2.5.0

Fixes

• Updated exception base classes to extend HttpException so that status codes continue to work.

CakePHP Authentication 2.4.0

Changes

• Use Cookie::create() to create cookies. This enables the usage of the samesite attribute.
• The httpOnly option of CookieAuthenticator is deprecated. Use httponly instead.
• The expire option of CookieAuthenticator is deprecated. Use expires instead.
• Added Japanese documentation.
• Removed unreachable code.

CakePHP Authentication 2.3.1

Fixes

• Improve documentation for CallbackIdentifier.
• Add example to docs with multiple authenticators.
• Added initial japanese translation to the docs.
• Moved CI to GitHub Actions.

CakePHP Authentication 2.3.0

Added

• Improved documentation for JwtAuthenticator.
• Added subjectKey option to JwtAuthenticator. This new option allows you to define the claim/subject key used in your JWT tokens. This option defaults to the previously hardcoded value of sub