CHANGELOG.md

Changelog

2.5.0 (2026-02-19)

• Added: PHP 8.5 test coverage,
• Added: Support for Symfony 8.0,
• Added: Handles absolute URL's in Amazon Cognito,
• Bugfix: Wrong HTTP status code in RegisterController,
• BC Break: Increased firebase/php-jwt support to 7.0,
• BC Break: Dropped support for Symfony < 6.4,
• BC Break: Dropped support for PHP < 8.3,

2.4.0 (2025-05-29)

• Added: PHP 8.4 test coverage,
• Added: LinkedIn OpenID resource owner,
• Added: show_dialog option to Spotify resource owner,
• Use CSPRNG for generating nonce,

2.3.0 (2025-01-01)

• BC Break: Dropped support for Symfony: 6.3 and 7.0,
• Added: Amazon Cognito resource owner,
• Bugfix: Prevent overwriting failure_path in AuthenticationFailureHandler when connect functionality is not enabled,
• Bugfix: Prevent overwriting failure_handler in security configuration if set,
• Bugfix: Type hint AuthenticatorInterface instead of OAuthAuthenticator in RefreshAccessTokenListener,
• Bugfix: Add missing parameters to OdnoklassnikiResourceOwner,

2.2.0 (2024-02-28)

• BC Break: Dropped support for PHP 7.4 & 8.0,
• Added: Telegram resource owner,
• Bugfix: Allow use_authorization_to_get_token to be configured to false for generic OAuth2,
• Bugfix: Update API version for Facebook to latest available
• Bugfix: Replace custom authenticator passport with custom badge usage,
• Bugfix: Fix registration of failure handler,
• Bugfix: Don't miss refresh token in registration controller,
• Bugfix: Allow null as $registrationForm in RegisterController,
• Bugfix: Fix connect functionality with authentication managers,

2.1.0 (2023-11-30)

• BC Break: Dropped support for Symfony: >6.0, <6.3,
• Added: New Passage resource owner,
• Bugfix: Remove deprecations reported by Symfony 6.4,
• Chore: Added support for Symfony 7,

2.0.0 (2023-10-01)

• Bugfix: Prevent refreshing non-expired tokens
• Bugfix: Remove deprecations reported by Symfony 6.x
• Bugfix: Prevent fatal error when token doesn't have resource owner name set

2.0.0-BETA3 (2023-08-20)

• BC Break: Dropped support for Symfony: 6.0.*,
• BC Break: Class Templating\Helper\OAuthHelper was merged into Twig\Extension\OAuthRuntime,
• BC Break: When resource owner class doesn't define TYPE constant or is null, then key will be calculated by converting its class name without ResourceOwner suffix to snake_case, if neither is felt, then \LogicException will be thrown,
• Deprecated: method UserResponseInterface::getUsername() was deprecated in favour of UserResponseInterface::getUserIdentifier() to match changes in Symfony Security component,
• Enhancement: @internal resourceOwner oauth types in Configuration are calculated automatically by scandir. All classes extended from GenericOAuth[X]ResourceOwner get oauth[X] type. If class only implements ResourceOwnerInterface then its oauth type is unknown. ResourceOwner key (parameter type in configs) should have defined ResourceOwner::TYPE constant. Each user defined custom ResourceOwner class that implemented ResourceOwnerInterface will be registered automatically. If autoconfigure option is disabled user have to add the tag hwi_oauth.resource_owner to the service definition,
• Enhancement: Class ConnectController was split into two smaller ones, Connect\ConnectController & Connect\RegisterController,
• Bugfix: Added OAuth1ResourceOwner & OAuth2ResourceOwner to cover case of implementing custom oauth resource owners,
• Bugfix: Fixed Authorization Header in CleverResourceOwner::doGetRequest,
• Bugfix: Catch also the TransportExceptionInterface in AbstractResourceOwner::getResponseContent() method,
• Bugfix: Current matched Firewall is respected during generation of resource owner check path links,
• Bugfix: Prevent fatal error in OAuthUserProvider::loadUserByOAuthUserResponse() when nickname is not available in OAuth response,
• Bugfix: Use newer version of firebase/php-jwt library,
• Chore: Removed not used Symfony Templating component

2.0.0-BETA2 (2022-01-16)

• Deprecated: configuration parameter firewall_names, firewalls are now computed automatically - all firewalls that have defined oauth authenticator/provider will be collected,
• Added: Ability to automatically refresh expired access tokens (only for derived from GenericOAuth2ResourceOwner resource owners), if option refresh_on_expire set to true,
• Enhancement: Refresh token listener is disabled by default and will only be enabled if at least one resource owner has option refresh_on_expure set to true,
• Enhancement: (@internal) Removed/replaced redundant argument $firewallNames from controllers. If controller class was copied and replaced, adapt list of arguments: In controller use $resourceOwnerMapLocator->getFirewallNames(),
• Bugfix: RefreshTokenListener cannot be lazy. If current firewall is lazy (or anonymous: lazy) then current auth token is often initializing on kernel.response. In this case new access token will not be stored in session. Therefore, the expired token will be refreshed on each request,
• Bugfix: InteractiveLoginEvent will be triggered also for OAuthAuthenticator,
• Maintain: Changed config files from *.xml to *.php (services and routes). Xml routing configs connect.xml, login.xml and redirect.xml are steel present but deprecated. Please use *.php variants in your includes instead.

2.0.0-BETA1 (2021-12-10)

• BC Break: Dropped PHP 7.3 support,
• BC Break: Dropped support for Symfony: >=5.1 & <5.4,
• BC Break: OAuthExtension is now a lazy Twig extension using a Runtime,
• BC Break: removed support for FOSUserBundle,
• BC Break: changed process() argument for Form/RegistrationFormHandlerInterface, from Form $form to FormInterface $form,
• BC Break: changed form class name in template Resources/views/Connect/connect_confirm.html.twig from fos_user_registration_register to registration_register,
• BC Break: removed configuration option fosub from oauth_user_provider,
• BC Break: removed configuration options hwi_oauth.fosub, & all related DI parameters,
• BC Break: removed DI parameter hwi_oauth.registration.form.factory in favour of declaring form class name as DI parameter: hwi_oauth.connect.registration_form,
• BC Break: changed ResourceOwnerMapInterface::hasResourceOwnerByName signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByName signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerByRequest signature, update if you use a custom resource owner,
• BC Break: changed ResourceOwnerMapInterface::getResourceOwnerCheckPath signature, update if you use a custom resource owner,
• BC Break: ResourceOwnerMap uses service locator instead of DI container,
• BC Break: Removed abstract services: hwi_oauth.abstract_resource_owner.generic, hwi_oauth.abstract_resource_owner.oauth1 & hwi_oauth.abstract_resource_owner.oauth2,
• BC Break: Removed setName() method from OAuth/ResourceOwnerInterface,
• BC Break: changed __construct() argument for OAuth/ResourceOwner/AbstractResourceOwner, from HttpMethodsClient $httpClient to HttpClientInterface $httpClient,
• BC Break: replaced php-http/httplug-bundle with symfony/http-client
• BC Break: removed hwi_oauth.http configuration,
• BC Break: reworked bundles structure to match Symfony best practices:
  • bundle code moved to: src/,
  • tests moved to: tests/,
  • docs moved from Resources/doc into: docs/,
• BC Break: routes provided by bundle now have methods requirements:
  • hwi_oauth_connect_service: GET & POST,
  • hwi_oauth_connect_registration: GET & POST,
  • hwi_oauth_connect: GET,
  • hwi_oauth_service_redirect: GET,
• Added support for PHP 8.1,
• Added support for Symfony 5.6,

1.4.5 (2021-12-08)

• Bugfix: Fixed: BC break by restoring wrongly moved AbstractOAuthToken::getCredentials() method,

1.4.3 (2021-12-07)

• Bugfix: Fixed support for PHP 8.1,
• Bugfix: Fixed support for Symfony 5.4,
• Bugfix: Fixed VkontakteResourceOwner option: api_version to not point to deprecated one,
• Bugfix: RequestStack::getMasterRequest() is deprecated since Symfony 5.3, use RequestStack::getMainRequest() if exists,
• Maintain: Added GenericOAuth1ResourceOwnerTestCase, GenericOAuth2ResourceOwnerTestCase & ResourceOwnerTestCase test case classes for easier unit testing custom resource owners

1.4.2 (2021-08-09)

• Bugfix: remove @final declaration from OAuthFactory & FOSUBUserProvider,
• Maintain: added .gitattributes to reduce amount of code in archives,

1.4.1 (2021-07-28)

• Bugfix: Define missing hwi_oauth.connect.confirmation parameter,
• Bugfix: Added missing success/failure handlers,

1.4.0 (2021-07-26)

• BC Break: dropped Symfony 5.0 support as it is EOL,
• BC Break: dropped PHP 7.2 support as it is EOL,
• BC Break: changed __construct() argument for OAuth/RequestDataStorage/SessionStorage, from SessionInterface $session to RequestStack $requestStack,
• BC Break: all internal classes are "softly" marked as final,
• Added: Symfony 5.1 Security system support,
• Added: Forward compatibility layer for session service deprecation,
• Added: state support for service authentication URL's,
• Added: ability to change the response after HWIOAuthEvents::CONNECT_COMPLETED is fired,
• Added: PHPStan static analyse into CI,
• Fixed: OAuthProvide to properly refresh data inside tokens,
• Fixed: PHP notice in AppleResourceOwner,
• Fixed: use new GitHub API in GitHubResourceOwner,
• Fixed: functional tests with & without FOSUserBundle,
• Fixed: controller don't depend on service container if possible,
• Maintain: removed Wunderlist resource owner,
• Maintain: removed several Symfony BC layers,
• Maintain: removed Prophecy in favour of PHPUnit mocking,

1.3.0 (2021-01-03)

• BC Break: dropped support for Symfony <4.4,
• BC Break: dropped support for Doctrine Bundle <2.0,
• Added PHP 8 support,
• Upgraded Facebook API to v8.0,
• Upgraded Twitch resource owner to incorporate latest Twitch API,
• Fixed: undefined id_token exception in Azure resource owner,
• Docs: changed firewall name to match flex receipt,
• Maintain: moved from Travis CI to Github Actions,

1.2.0 (2020-10-19)

• BC Break: dropped Symfony 4.3 support,
• Added first_name & last_name in AzureResourceOwner,
• Added: support for multiple OAuth2 state parameters,
• Added: Apple resource owner,
• Fixed: updated Azure authorization & access_token urls,
• Fixed: Doctrine persistence deprecation errors,
• Allow modification of the response in FilterUserResponseEvent,

1.1.0 (2020-04-06)

• Added Symfony 5 support,
• Added domain whitelist service to avoid open redirect on target_path,
• Fixed: session service was not injected in LoginController,
• Fixed: missing setContainer call to service configuration for LoginController,
• Fixed: client id and client secret must be set in Auth0ResourceOwner::doGetTokenRequest,
• Fixed: missing client id and client secret in Auth0ResourceOwner,
• Twig dependency on LoginController is now optional,

1.0.0 (2020-01-17)

• Dropped support for PHP 5.6, 7.0 and 7.1,
• Dropped support for FOSUserBundle 1.3,
• Dropped support for Symfony 2.8,
• Minimum Symfony 3 requirement is 3.4,
• Minimum Symfony 4 requirement is 4.3,
• Fixed: WindowsLive Resource Owner token request,
• Fixed: Update Facebook API to v3.1,
• Fixed: Update Linkedin API to v2,
• Fixed: YahooResourceOwner::doGetUserInformationRequest uses wrong arguments,
• Fixed: Symfony deprecation warning in symfony/config,
• Fixed: SensioConnect now uses new API URLs,
• Fixed: Do not add Authorization header if no client_secret is present,
• Fixed: LoginController::connectAction should not fail if no token is available,
• Added: Genius.com resource owner,
• Added: HTTPlug 2.0 support,
• Added: Keycloak resource owner,
• Added: The controller is now available as a service,
• Added: Allow to use HTTP Basic auth for token request,
• [BC break] Class Configuration has been marked final,
• [BC break] Class ConnectController has been marked final,
• [BC break] Class HWIOAuthExtension has been marked final,
• [BC break] Class OAuthExtension has been marked final,
• [BC break] Class SetResourceOwnerServiceNameCompilerPass has been marked final,
• [BC break] Class ConnectController extends AbstractController instead of Controller,
• [BC break] Service hwi_oauth.http_client has been marked private,
• [BC break] Service hwi_oauth.security.oauth_utils has been marked private,
• [BC break] Several service class parameters have been removed,

0.6.3 (2018-07-31)

• Fixed: Vkontakte profile picture & nickname path,
• Fixed: Content-Length header must be a string,
• Fixed: Upgraded GitLab end point to v4,
• Fixed: Resource owner map parameters must be public,
• Fixed: Azure resource owner infos_url should not be empty,
• Fixed: Don't start sessions twice & don't start sessions if already started,
• Fixed: Updated BitBucket docs,
• Added: Further compatibility changes for Symfony 4.1,
• Added: LinkedIn first- & last- names,
• Added: Facebook profile picture

0.6.2 (2018-03-28)

• Fixed: VK requires API version now,
• Fixed: Updated Slack resource owner to use new Slack API methods,
• Fixed: Changing authorization and access token to v2 for LinkedIn,
• Fixed: Fix double call of getUserInformation() in ConnectController,
• Fixed: Fix serialization of AccountNotLinkedException,
• Fixed: Check for grant_rule value IS_AUTHENTICATED_FULLY in DI configuration,
• Fixed: Don't execute OAuthProvider::refreshAccessToken() when there is no refresh token

0.6.1 (2018-01-23)

• BC BREAK: Replaced PHPUnit_Framework_TestCase with PHPUnit\Framework\TestCase in tests,
• Added: Implemented getUserInformation() for Dropbox v2,
• Fixed: Headers passed to httpRequest() method in various resource owners,
• Fixed: Marked some services as public to make code compatible with Symfony 4

0.6.0 (2017-12-01)

• BC BREAK: Fully replaced Buzz library with usage of HTTPlug & Guzzle 6,
• BC BREAK: hwi.http_client config options are remove. HTTP configuration must rely on the HTTPlug client,
• BC BREAK: Template engine other than Twig are no longer supported,
• BC BREAK: Option hwi_oauth.templating_engine was removed,
• Added: Symfony 4 support,
• Added: php-http/httplug-bundle support, to auto-provide needed HTTPlug services and get full Symfony integration,
• Added: hwi.http.client and hwi.http.message_factory config keys to provide your own HTTPlug services,
• Added: HWIOAuthEvents,
• Added: ResourceOwnerInterface::addPaths() method for easier managing paths in resource owners,
• Fixed: Update Facebook API to v2.8,

0.5.3 (2017-01-08)

• Fixed: Bitbucket2 resource owner,
• Fixed: GitHub resource owner documentation,
• Fixed: Don't require any form for the connect feature,
• Fixed: Uncaught exception with custom error page,
• Fixed: php-cs-fixer updated to latest version & run on base code

0.5.2 (2016-12-12)

• Fixed: Prevent uncaught exception when redirecting to invalid route,
• Fixed: Add more details too exception when account was not linked,
• Fixed: Odnoklassinki resource owner,
• Fixed: Office365 resource owner,
• Fixed: StackExchange resource owner,
• Fixed: WeChat resource owner,
• Fixed: WindowsLive resource owner

0.5.1 (2016-10-03)

• Fixed error that could occur with message "302 Header already sent",
• Exclude tests from Composer autoloader

0.5.0 (2016-09-11)

• Fixed: OAuthHelper should fallback to new Request in case of receiving null,
• Fixed: Better FOSUserBundle integration,
• Fixed: Serialization issue in WechatResourceOwner,
• Fixed: Incorrect refresh token in WechatResourceOwner,
• Fixed: Broken TrelloResourceOwner,
• Fixed: Removed dead code in OAuthProvider,
• Fixed: Update Facebook API to v2.7,
• Added: Symfony 3 support,
• Added: Redirect to target_path after successful registration/connection,
• Added: Asana resource owner,
• Added: Bitbucket resource owner,
• Added: Clever resource owner,
• Added: Itembase resource owner,
• Added: Jawbon resource owner,
• Added: Office365 resource owner,
• Added: Wunderlist resource owner,
• Added: Hungarian translation

0.4.3 (2016-09-11)

• Fixed: Request parameters are not copied into new Request on forward,
• Fixed: Fixed scope deprecating message,
• Fixed: Resolved deprecated message in ConnectController,
• Fixed: Removed usage of deprecated code in tests

0.4.2 (2016-07-27)

• Fixed: Change Discogs URL from http to https,
• Fixed: Update Facebook API URLs to not use outdated ones

0.4.1 (2016-03-08)

• Fixed: Remove usage of deprecated Twig function form_enctype & replace with usage of form_start/form_end,
• Fixed: Mark as not fully compatible with Symfony ~3.0,
• Fixed: Multiple firewalls can now have different resource owners,
• Fixed: Wrong URL generated for Safesforce resource owner,
• Added: include_email option into Twitter resource owner,
• Added: Hungarian translation,
• Added: Documentation about FOSUser integration

0.4.0 (2015-12-04)

• [BC break] Added UserResponseInterface#getFirstName() method, also a new default path firstname was added, this path holds the first name of user,
• [BC break] Added UserResponseInterface#getLastName() method, also a new default path lastname was added, this path holds the last name of user,
• [BC break] Added UserResponseInterface::getOAuthToken() & basic implementation in AbstractUserResponse,
• [BC break] GenericOAuth1ResourceOwner::getRequestToken() is now public method (was protected),
• Added: configuration parameter firewall_name (will be removed in next major version) renamed to firewall_names to support multiple firewalls,
• Added: configuration parameter: failed_auth_path which contains route name, on which user will be redirected after failure when connecting accounts (i.e. user denies connection),
• Added: appsecret_proof functionality support to the Facebook resource owner,
• Added: sandbox functionality support to the Salesforce resource owner,
• Added Auth0 resource owner,
• Added Azure resource owner,
• Added BufferApp resource owner,
• Added Deezer resource owner,
• Added Discogs resource owner,
• Added EveOnline resource owner,
• Added Fiware resource owner,
• Added Hubic resource owner,
• Added Paypal resource owner,
• Added Reddit resource owner,
• Added Runkeeper resource owner,
• Added Slack resource owner,
• Added Spotify resource owner,
• Added Soundcloud resource owner,
• Added Strava resource owner,
• Added Toshl resource owner,
• Added Trakt resource owner,
• Added Wechat resource owner,
• Added Wordpress resource owner,
• Added Xing resource owner,
• Added Youtube resource owner,
• Fixed: Revoking tokens for Facebook & Google resource owners,
• Fixed: Instagram allows only GET calls to fetch user details,
• Fixed: ResourceOwnerMap no longer depends on deprecated ContainerAware class,
• Fixed: Wrong usage of json_decode in Mail.ru resource owner,
• Fixed: Transform storage exceptions in OAuth1 resource owners into AuthenticationException
• Fixed: Default scopes & fields for VKontakte resource owner

0.3.9 (2015-08-28)

• Fix: Remove deprecated Twig features
• Fix: Undefined variable in FOSUBUserProvider::refreshUser
• Fix: Restore property accessor for Symfony 2.3

0.3.8 (2015-05-04)

• Fix: Remove BC break for Symfony < 2.5,
• Fix: Compatibility issues with Symfony 2.6+,
• Fix: Deprecated graph URLs for FacebookResourceOwner

0.3.7 (2014-11-15)

• Fix: SessionStorage::save() could throw php error,
• Fix: OAuthToken::isExpired() always returned false,
• Fix: FoursquareResourceOwner, TwitchResourceOwner, SensioConnectResourceOwner not working with bearer header,
• Fix: Don't use deprecated fields in FacebookResourceOwner,
• Fix: FOSUBUserProvider::refreshUser() always returning old user,

0.3.6 (2014-06-02)

• Fix: InstagramResourceOwner regression while getting user details,
• Fix: Add smooth migration for session (de)serialization

0.3.5 (2014-05-30)

• Fix: LinkedinResourceOwner regression while getting user details,
• Fix: OAuth revoke functionality to be available wider,
• Fix: Removed undocumented functionality from SinaWeiboResourceOwner,
• Fix: Always remove default ports from URLs to match OAuth 1.0a, Spec: 9.1.2

0.3.4 (2014-05-12)

• Fix: Instagram OAuth redirect to one url,
• Fix: FOSUBUserProvider should also implement UserProviderInterface,
• Fix: YahooResourceOwner infos_url to use new format,
• Fix: Send authorization via headers instead of URL parameter,
• Fix: GithubResourceOwner revoke method,
• Fix: Add login routing documentation note

0.3.3 (2014-02-17)

• Fix: Incorrect redirect URL when no parameters are set,
• Fix: Add missing parameter prompt for GoogleResourceOwner,
• Fix: WordpressResourceOwner user details API call,
• Fix: PHP Notice when oauth_callback_confirmed was set too false,
• Fix: PHP Fatal when session returns boolean instead of object,
• Fix: Add missing query parameters for FacebookResourceOwner

0.3.2 (2014-02-07)

• Fix: Prevent SessionUnavailableException when returns back from service,
• Fix: EntityUserProvider should implement UserProviderInterface,
• Fix: createdAt property was missing when serializing the OAuthToken,
• Added Italian translations

0.3.1 (2014-01-17)

• Fix: Change Twitter API call to use SSL URL,
• Fix: Problems with options in VkontakteResourceOwner,
• Fix: Problems with OAuth 1.0a token & YahooResourceOwner,
• Fix: Throw exception in FOSUBUserProvider when username is missing
• Added SalesForce resource owner

0.3.0 (2013-09-28)

• [BC break] AccountConnectorInterface::connect() method now requires the first parameter to be instance of Symfony\Component\Security\Core\User\UserInterface
• [BC break] ConnectController::authenticateUser() method now requires the first parameter to be instance of Symfony\Component\HttpFoundation\Request
• [BC break] Removed AbstractResourceOwner::addOptions() method
• [BC break] OAuthUtils::getAuthorizationUrl() & OAuthUtils::getLoginUrl() methods now expect first parameter to be instance of Symfony\Component\HttpFoundation\Request
• [BC break] LinkedIn resource owner now uses OAuth2 approach, visit official web page for details how to migrate: https://developer.linkedin.com/documents/authentication#migration
• [BC break] Dropbox resource owner now uses OAuth2 approach
• Added ability to merge response parts into single path
• Added Bitly resource owner
• Added Box resource owner
• Added Dailymotion resource owner
• Added DeviantArt resource owner
• Added Eventbrite resource owner
• Added Mail.ru resource owner
• Added Sina Weibo resource owner
• Added QQ.com resource owner
• Added Trello resource owner
• Added Wordpress resource owner

0.3.0-alpha2 (2013-07-29)

• [BC break] Added ResourceOwnerInterface::isCsrfTokenValid() method
• [BC break] Removed OAuth1RequestTokenStorageInterface along with the implementations
• [BC break] AbstractResourceOwner::__construct() now requires RequestDataStorageInterface instance as last argument
• Fix: Yandex resource owner using invalid parameter when requesting user data
• Fix: To prevent unusual content headers response from resource owners should be first threaten as json and only in case of failure threaten as query text
• Fix: Instagram resource owner is not able to receive user data more than once
• Added ability to disable confirmation page when connecting accounts
• Added CSRF protection for OAuth2 providers (turned off by default)
• Added RequestDataStorageInterface along with implementation
• Added Stereomood resource owner

0.3.0-alpha1 (2013-07-03)

• [BC break] GenericOAuth2ResourceOwner::getAccessToken() now returns an array instead of a string. This array contains the access token and its 'expires_in' value, along with any other parameters returned from the authentication provider
• [BC break] Added OAuthAwareExceptionInterface#setToken(), OAuthAwareExceptionInterface#getRefreshToken(), OAuthAwareExceptionInterface#getRawToken(), OAuthAwareExceptionInterface#getExpiresIn() methods
• [BC break] Renamed AbstractResourceOwner::doGetAccessTokenRequest to doGetTokenRequest
• [BC break] Removed AdvancedPathUserResponse & AdvancedUserResponseInterface
• [BC break] Added UserResponseInterface#getEmail(), UserResponseInterface#getProfilePicture(), UserResponseInterface#getRefreshToken(), UserResponseInterface#getExpiresIn(), UserResponseInterface#setOAuthToken() methods
• [BC break] Removed UserResponseInterface::setAccessToken() method
• [BC break] Removed AbstractUserResponse::getOAuthToken() method because it was ambiguous
• [BC break] PathUserResponse#setPaths() method no longer overwrite default paths
• [BC break] PathUserResponse#getPath() method no longer throws an exception if path not exists
• [BC break] PathUserResponse#getValueForPath() removed second argument from this method, it will not throw exception anymore if response or value is missing, but now will return null instead
• [BC break] Added ResourceOwnerInterface#getOption($name) method
• [BC break] ResourceOwnerInterface#getUserInformation() now must receive array ($accessToken) as first parameter, also added second parameter ($extraParameters) to be consistent along all implementations
• Added OAuthToken::getRefreshToken(), OAuthToken::setRefreshToken(), OAuthToken::getExpiresIn(), OAuthToken::setExpiresIn(), OAuthToken::getRawToken(), OAuthToken::setRawToken()
• Added AbstractResourceOwner#addOptions() & ResourceOwnerInterface#setOption($name, $value) methods which allows easy overwriting resource specific options
• Added support for options: access_type, request_visible_actions, approval_prompt & hd in Google resource owner
• Added 37signals resource owner
• Added Amazon resource owner
• Added Bitbucket resource owner
• Added Disqus resource owner
• Added Dropbox resource owner
• Added Flickr resource owner
• Added Instagram resource owner
• Added Odnoklassniki resource owner
• Added Yandex resource owner

0.2.10 (2013-12-09)

• Fix: use Symfony\Component\Security\Core\User\UserInterface in EntityUserProvider::refreshUser
• Fix: made SessionStorage compatible with Symfony 2.0

0.2.9 (2013-09-25)

• Fix: Regression done in version 0.2.8 blocking usage without FOSUserBundle
• Fix: OAuthUtils::getAuthorizationUrl() ignoring given redirect URL

0.2.8 (2013-09-19)

• Fix: Added missing parts in user providers like: loadUserByUsername() or refreshUser() methods
• Fix: Registering of user provider services
• Fix: Make OAuthUtils::signRequest() compatible with OAuth1.0a specification

0.2.7 (2013-08-03)

• Fix: Polish oauth error detection to cover cases from i.e. Facebook resource owner
• Fix: Changed authorization url for Vkontakte resource owner

0.2.6 (2013-06-24)

• Fix: Use same check for FOSUserBundle compatibility to prevent strange errors with calls of undefined services
• Fix: User-land aliased (resource owner) services have the appropriate name

0.2.5 (2013-05-29)

• Fix: Use user identifier represented as string for Twitter to prevent issues with losing accuracy for large numbers (i.e. Javascript) or type comparison (i.e. MongoDB)
• Fix: Don't depend on arg_separator.output data for URL generation to prevent issues

0.2.4 (2013-05-15)

• Fix: Throw Symfony\Component\Security\Core\Exception\AccessDeniedException & Symfony\Component\HttpKernel\Exception\NotFoundHttpException instead of \Exception to make cases more clear
• Fix: Detect oauth_problem as authorization error and inform user instead logging error in background
• Fix: Request extra parameters should have higher priority than default
• Fix: How urls are build in resource owners
• Fix: Missing parameter in YahooResourceOwner

0.2.3 (2013-05-06)

• Added AbstractUserResponse::getOAuthToken() method to allow fetching only OAuth token details
• Added french translation
• Fix: FB incompatibility with 'error' field in response

0.2.2 (2013-04-15)

• Fix: FOSUB registration form handler
• Fix: Use API 1.1 for Twitter, not the deprecated 1.0

0.2.1 (2013-03-27)

• Fixed issue with FOSUserBundle 2.x integration

0.2.0 (2013-03-26)

• Added support for a target_path_parameter in order to control the redirect path after login
• Added hwi_oauth_authorization_url() twig helper function
• Added Jira resource owner
• Added Yahoo resource owner
• Added setting realm in configuration
• Added support for FOSUserBundle 2.x integration
• Added Stack Exchange resource owner
• Fix: configuration parameter firewall_name is required
• Fix: prevent throwing AlreadyBoundException when using FOSUserBundle 1.x integration
• Fix: check for availability of profilePicture in views before calling it
• Fix: InMemoryProvider now shows user nickname as name instead of unique identifier
• Fix: don't set realm option if is empty in request headers
• Fix: for infinity loop blockade and error token response handling

0.1-alpha (2012-08-27)

• [BC break] Renamed path username to identifier to make it more clear that this path should hold the unique user identifier (previously username)
• [BC break] Method UserResponseInterface#getUsername() now always returns a real unique user identifier, and uses path identifier
• [BC break] OAuth1RequestTokenStorageInterface#save() second param $token must now be an array
• [BC break] Configuration type 'generic' is renamed to 'oauth2'
• [BC break] redirect.xml routing has to be imported. See the setup docs
• Added UserResponseInterface#getRealName() method, also a new default path realname was added, this path holds the real name of user
• Added UserResponseInterface#getNickName() method, also a new default path nickname was added, this path holds the nickname of user
• Added UserResponseInterface#getAccessToken() and UserResponseInterface#setAccessToken
• Added OAuthToken#getCredentials() returns an empty string to be consistent with the security component. The access token can still be retrieved from the getAccessToken() method
• Added change that forces all authentication requests are now redirected to the login path
• Added change that makes firewall_name option required setting
• Added OAuth 1.0a support (linkedin/twitter/generic)