v1.7.0

Note: This version contains security fixes for JWTBearer Grant Type and JWT Access Tokens. Upgrading is strongly recommended.

• bug #500 - PDO fetch mode changed from FETCH_BOTH to FETCH_ASSOC
• bug #508 - Case insensitive for Bearer token header name ba716d4
• bug #512 - validateRedirectUri is now public
• bug #530 - Add PublicKeyInterface, UserClaimsInterface to Cassandra Storage
• bug #505 - DynamoDB storage fixes
• bug #556 - adds "code id_token" return type to openid connect
• bug #563 - Include "issuer" config key for JwtAccessToken
• bug #564 - Fixes JWT vulnerability
• bug #571 - Added unset_refresh_token_after_use option

v1.6

• #437 - renames CryptoToken to JwtAccessToken / use_crypto_tokens to use_jwt_access_tokens
• #447 - Adds a Couchbase storage implementation
• #460 - Rename JWT claims to match spec
• #470 - order does not matter for multi-valued response types
• #471 - Make validateAuthorizeRequest available for POST in addition to GET
• #475 - Adds JTI table definitiion
• #481 - better randomness for generating access tokens
• #480 - Use hash_equals() for signature verification (prevents remote timing attacks)
• #489, #491, #498 - misc other fixes