CakePHP Authentication 4.0.0

Breaking Changes

• Identifier configuration format changed - Moved from nested array to flatter structure:

  // Before
  'identifier' => ['Authentication.Token' => ['tokenField' => 'id', ...]]
  
  // After
  'identifier' => ['className' => 'Authentication.Token', 'tokenField' => 'id', ...]

• Class renames:

  • CakeRouterUrlChecker → DefaultUrlChecker
  • DefaultUrlChecker (framework-agnostic) → GenericUrlChecker

• SessionAuthenticator identify option removed - This deprecated option has been removed. Use PrimaryKeySessionAuthenticator if you need session-based authentication without password re-verification.

• Identifier parameter now optional in AbstractAuthenticator constructor

• Removed deprecated code including loadIdentifier() method

• Updated dependency: firebase/php-jwt now requires ^7.0

Improvements

• Lazy identifier initialization via getIdentifier() method
• Cleaner authenticator/identifier relationship
• Redirect validation feature (backported from 3.x)
• Plugin now properly declares cakephp/cakephp as dependency
• Identity::get() now supports dot-separated field names for nested data access
• New IdentityHelper::getIdentity() method for easier identity access in templates
• PrimaryKeySessionAuthenticator now has a default TokenIdentifier configured

Migration

Rector rules available at cakephp/upgrade#370 for automated migration assistance.

Full Changelog: 3.3.5...4.0.0

CakePHP Authentication 3.3.5

Deprecations

• SessionAuthenticator identify option deprecated - This option was ineffective for detecting password changes or remotely invalidating sessions. Use PrimaryKeySessionAuthenticator instead if you need to fetch fresh user data from the database on each request. (#763)

Fixes

• Fixed PHP deprecation errors (#759)
• Improved deprecation notice wording for authenticators without identifiers

Full Changelog: 3.3.4...3.3.5

CakePHP Authentication 3.3.4

What's Changed

• Rename Plugin to AuthenticationPlugin by @ADmad in #750
• Add optional redirect loop protection to AuthenticationService by @dereuromark in #752
• Fix loadIdentifier called after loadAuthenticator losing resolver config by @dereuromark in #755 (Fix regression)

Full Changelog: 3.3.3...3.3.4

CakePHP Authentication 3.3.3

What's Changed

• Bump actions/checkout from 4 to 5 by @dependabot[bot] in #736
• Update password-hashers.rst by @txj in #738
• Don't populate IdentifierCollection errors with empty nested arrays by @ADmad in #739
• Bump actions/stale from 9 to 10 by @dependabot[bot] in #740
• Return added on getAuthenticationService() Update authenticators.rst by @RiteshParyali in #741
• Fix up identifier defaulting. by @dereuromark in #737
• Fix CI by @ADmad in #745
• Set the redirect query param only for GET requests. by @ADmad in #744

New Contributors

• @txj made their first contribution in #738

Full Changelog: 3.3.2...3.3.3

CakePHP Authentication 3.3.2

What's Changed

• Remove deprecation warning for creating an Authenticator without Identifier by @umer936 in #734

Full Changelog: 3.3.1...3.3.2

CakePHP Authentication 3.3.1

What's Changed

• Fix argument type for AuthenticationComponent::setIdentity(). by @ADmad in #730
• Fix error message generation when using multiple array login URLs. by @ADmad in #731

Full Changelog: 3.3.0...3.3.1

CakePHP Authentication 3.3.0

What's Changed

• Allow unauthenticated all by @dereuromark in #708
• Deprecate identifier collection approach. by @dereuromark in #712
• Expand token authenticator docs by @markstory in #724
• Fix deprecation warnings in tests. by @ADmad in #725
• Add default URL to AuthenticationComponent::getLoginRedirect() by @ADmad in #726
• Add PrimaryKeySessionAuthenticator by @dereuromark in #710
• Added PHPUnit 12 support by @LordSimal

Full Changelog: 3.2.5...3.3.0

CakePHP Authentication 3.2.5

What's Changed

• Fix token auth prefix removal. by @dereuromark in #721
• Fixed public key docs by @joaopatrocinio in #722

New Contributors

• @joaopatrocinio made their first contribution in #722

Full Changelog: 3.2.4...3.2.5

CakePHP Authentication 3.2.4

What's Changed

• Allow unauthenticatedRedirect as array cake style. by @dereuromark in #714
• Link to impersonation cookbook article by @ravage84 in #719
• Alert about wrong configuration. by @dereuromark in #718

Full Changelog: 3.2.3...3.2.4

CakePHP Authentication 3.2.3

What's Changed

• Fix type in annotation by @ADmad in #698
• Fix exception message by @dereuromark in #699
• Cleanup deprecated stuff. by @dereuromark in #702
• Improve support for custom token prefixes. by @ADmad in #704
• Stan cleanup by @ADmad in #705
• Cleanup tests. by @dereuromark in #709
• Add PHP min version for user and IDE. by @dereuromark in #713

Full Changelog: 3.2.2...3.2.3