2.9.0

• Add support for PHP 8.5 #1081

2.8.1

• Only provide scopes in access token when set in options #1053
• Add missing @throws annotations for Guzzle exceptions #1055

2.8.0

• This version is certified for PHP 8.3 and PHP 8.4! 🎉
• Fix cases where expires is not a number #929
• Add SettableRefreshTokenInterface to support setting the refresh token #994
• Set minimum version of Guzzle to 6.5.8 and 7.4.5, due to security vulnerabilities reported in earlier versions #1022
• Fix parameter docblock type hint for AbstractProvider::prepareAccessTokenResponse() #1025
  • Take note, this might affect static analysis reports for downstream providers
• Send scopes with access token request #1029 #1030
• Explicitly mark nullable parameter #1034 #1039
  • This change requires PHP 7.1 as the minimum version for this library
• Plus a number of test and documentation improvements; see the commit log for more details

2.7.0

• Add support for PKCE (Proof Key for Code Exchange, RFC 7636) #901
• Various type improvements for static analysis #939 #959 #972 #997

2.6.1

• Fix deprecation notices, providing full support for PHP 8.1 #919 #920

2.6.0

• Indicate support for PHP 8
• Allow time to be set for testing purposes #852

2.5.0

• Allow Guzzle 7.x to be used #847

2.4.1

• Revert to use of AccessToken in type hints to preserve backwards compatibility; this fixes the issue reported in #752 and #753

2.4.0

• Add HttpBasicAuthOptionProvider to ease implementation for providers requiring HTTP basic auth
• Add GuardedPropertyTrait to allow providers the ability to specify properties that may not be overridden by user-defined values passed to the provider constructor
• Add AccessTokenInterface and ResourceOwnerAccessTokenInterface to allow providers the ability to override the default AccessToken

2.3.1

• Allow paragonie/random_compat's empty 9.99.99 placeholder
• Throw an UnexpectedValueException on non-JSON responses from access token
  request (when calling AbstractProvider::getAccessToken())