What's Changed

• ci: add composer install step before running Docker tests by @kidunot89 in #190
• fix: autoloader fix applied by @kidunot89 in #191

Full Changelog: v0.7.1...v0.7.2

What's Changed

• chore: Auth class functions return type fix. by @kidunot89 in #176
• Allowing the token from validation function to be filtered by @davidvexel in #184
• [FIX] #173 - PHP 8.1 deprecation warning by @gregrickaby in #180
• Fixes inconsistent error messages by @creative-andrew in #174
• Expose auth token in response headers by @kellenmace in #97
• Upgrade firebase/php-jwt to v7, modernize CI by @kidunot89 in #188

New Contributors

• @davidvexel made their first contribution in #184
• @gregrickaby made their first contribution in #180
• @creative-andrew made their first contribution in #174

Full Changelog: v0.7.0...v0.7.1

What's Changed

• Fix Auth Expiration time filter and add it to documentation by @henrikwirth in #83
• Update php-jwt to latest version by @efoken in #84
• #87 - Force Auth Secret to be set, else throw Exception by @jasonbahl in #88
• Set a 400+ status when throwing WP_Errors by @pcraciunoiu in #137
• Allow multiple iss domains by @fjobeir in #141
• Added the action graphql_jwt_auth_before_authenticate and the filter … by @spiralni in #135
• Fix incorrect error message on invalid secret by @markspolakovs in #126
• Build with composer --no-dev by @markkelnar in #155
• Remove codecept_debug which causes internal server error by @paolospag in #159
• fix(response headers): replace single header instead of overwriting them all by @tsmith-rv in #118
• Adds Option to define if a cookie should be set on login. by @henrikwirth in #85
• fix: php-jwt version fixed. by @kidunot89 in #172

New Contributors

• @efoken made their first contribution in #84
• @pcraciunoiu made their first contribution in #137
• @fjobeir made their first contribution in #141
• @spiralni made their first contribution in #135
• @markspolakovs made their first contribution in #126
• @markkelnar made their first contribution in #155
• @paolospag made their first contribution in #159
• @tsmith-rv made their first contribution in #118

Full Changelog: v0.4.0...v0.7.0

Release Notes

fix: fixes a bug where all headers were being replaced instead of adding headers. Thanks, and happy anniversary @tsmith-rv.
feat: When the GRAPHQL_JWT_AUTH_SET_COOKIES constant is set to true, WordPress will set the cookies upon successful authentication with JWT Auth. Thanks @henrikwirth!

New Contributors

• @tsmith-rv made their first contribution in #118

Full Changelog: v0.5.2...v0.6.0

What's Changed

• Remove codecept_debug which causes internal server error by @paolospag in #159
• Release/v0.5.2 by @jasonbahl in #161

New Contributors

• @paolospag made their first contribution in #159

Full Changelog: v0.5.1...v0.5.2

What's Changed

• Build with composer --no-dev by @markkelnar in #155
• Release/v0.5.1 by @jasonbahl in #156

New Contributors

• @markkelnar made their first contribution in #155

Full Changelog: v0.5.0...v0.5.1

What's Changed

• Set a 400+ status when throwing WP_Errors by @pcraciunoiu in #137
• Allow multiple iss domains by @fjobeir in #141
• Added the action graphql_jwt_auth_before_authenticate and the filter … by @spiralni in #135
• Fix incorrect error message on invalid secret by @markspolakovs in #126
• Release v0.5.0 by @jasonbahl in #153

New Contributors

• @pcraciunoiu made their first contribution in #137
• @fjobeir made their first contribution in #141
• @spiralni made their first contribution in #135
• @markspolakovs made their first contribution in #126

Full Changelog: v0.4.1...v0.5.0

Release Notes

Breaking changes

• Potential breaking change. The filter graphql_jwt_auth_expire has been fixed to take the filtered value and add it to the issue date. So, you can use the filter, return a value of 600 and that will add 600 seconds to the issue date, and your token will expire 10 minutes after issue. If you were using this filter already, and were doing this math yourself, you should update to just return the number of seconds after issue you would like the token to expire.

Bugfixes

• Fixes (and adds documentation for) graphql_jwt_auth_expire filter. Thanks @henrikwirth!

New Features

• Updates underlying Firebase\JWT dependency. Thanks @efoken!
• Ensures users cannot use the plugin without first defining the GRAPHQL_JWT_AUTH_SECRET_KEY

Release Notes

Breaking Changes

From a GraphQL Consumer perspective there shouldn't be any breaking changes. The shape of queries and mutations remain the same in this release.

Some internal functions were modified, so for plugins that extend this (i.e. WPGraphQL for WooCommerce) it's best to check your use of internal functions for how changes may affect your code.

If anything, this should fix things that previously broke when updating to WPGraphQL v0.5.0/v0.6.0 support.

New Features

• Removed /tests/_output directory from being versioned and added it to .gitignore
• Updates to README.md to show more mutations. Thanks @henrikwirth!

Bugfixes

• Prevent execution of GraphQL Queries when an invalid token is passed through Authorization headers. If a Token is bad, the entire request should halt execution and let the requestor have a chance to try again with a proper token. Fixes #38 and #21
• Fixes some regression issues with WPGraphQL v0.6.0 (fixes #69)

Release Notes

Bugfix

• This fixes a regression from the v0.3.4 release where the ManageTokens.php file was attempting to execute a method from WPGraphQL that has been deprecated and removed.