Releases for Simple OAuth (OAuth2) & OpenID Connect

Contributors (2)

bojan_dev, kingdutch

This release addresses a known gap: prior 6.0.x versions lacked proper cache context and access‑policy support. With 6.1.0, simple_oauth now honours cache contexts and integrates with Drupal’s access‑policy mechanisms.

Changelog

Issues: 1 issues resolved.

Contributors (2)

tylermc, bojan_dev

Changelog

Issues: 1 issues resolved.

Changes since 6.0.7 (compare):

Contributors (6)

e0ipso, paul121, bojan_dev, claudiu.cristea, dimilias , huzooka

Changelog

Issues: 2 issues resolved.

Changelog

Issues: 1 issues resolved.

Changes since 6.0.3 (compare):

Bug

• Reverted: #3518947: Don't apply oauth when URL is not valid

• #3547975: REST routes crashing, claiming unsupported format

Drupal 11 compatibility 🚀
Drops explicit support for Drupal 9 👋
Decoupled scope (including static) definition 💪
Implemented OAuth 2.0 Security Best Current Practice 👍
For more info: #3263423: [Plan] 6.0.x Roadmap

• #3495678: The "" plugin does not exist. Valid plugin IDs for Drupal\simple_oauth\Plugin\ScopeProviderManager are: dynamic
• #3277256: Move to thephpleague/oauth2-server 9.0

#3095332: Default OAuth2 token config does not match imported state
#3444193: Upgrade JWT 4 => 5

#3402191: SimpleOauthCommands using "file.system" instead of "file_system"
#3399091: Fallback to anonymous user if no default user is set

Introduced new feature: #3374084: Drush command to generate keys fails under Drush 12
Updated GitLab CI configuration

Drupal 10 compatibility 🚀
Drops explicit support for Drupal 8 👋
Updated GitLab CI configuration and module now passes linting 🔎

Simple OAuth 6.0 is coming soon! Check it out and provide feedback. There is no EOL date yet for 5.2.x, so no rush to upgrade.

• #3167287: Always load clients through the ClientRepository service
• #3319134: Translated consumers don't migrate redirect uri from 5.2 to 6.0

Changelog

Issues: 9 issues resolved.

Changes since 5.2.0:

Bug

• #3132865: License "GPL-2.0+" is a deprecated SPDX license identifier
• #3095250: Public and private key generation should add .htaccess to provided folder where keys are generated

• #3263590: Decouple the scope definition and provide static/dynamic scope providers
• #3283821: Support individual permission and role reference in the new scope data model

Issue #3263423: [Plan] 6.0.x Roadmap.

This is a security release for the 5.0.x branch. This is the last planned release for the 5.0.x minor version of Simple OAuth.

This release corresponds with the announcement of EOL dates for the 8.x-4.x and 5.0.x branches, and the tagging of 5.1.0. The upgrade path from prior versions is well tested and supported, and all site owners are encouraged to update to 5.1.x as soon as possible. See the project page for details on EOL dates.

THIS RELEASE WAS TAGGED TO THE WRONG COMMIT. DO NOT USE. SEE 5.2.0.

5.1.1 was correctly tagged but I do not want to confuse this any further on this minor.

• Issue #3021054 by bradjones1, eojthebrave, e0ipso, kmonty, KelvinWong, jedgar1mx, Taran2L, CeraRose, briangonzalezmia, jmarcou, tarasich, areebmoin
• Issue #3163965 by Berdir, segi, ayalon

This is a limited-scope release to address BC-breaking behaviour in upstream libraries, specifically as they relate to RFC compliance. See #3185673: Dependency drift in jwt library breaks 5.x, which includes background and links to related issues.

Fix tests for D9

Issue #2999521: Add support for Open Id connect .