Auth0 SDKs team is excited to announce the stable release of the major new version of our PHP SDK, Version 8.0! With this release, we re-evaluated every aspect of the PHP SDK and rebuilt it from the ground up to support modern PHP language features, embrace new standards, deliver and cleaner API, and really push the developer experience forward for developers building modern PHP web applications and APIs.
The new release is available from the GitHub repo here: https://github.com/auth0/auth0-PHP
- Greatly expanded reliability testing — code coverage now at 100%! 3x static code analysis and mutation testing have been introduced.
- API built for modern PHP features at its core, such as strict typing, typed properties, defined return types, embracing PHP 8.0’s named arguments, and a new fluent interface throughout.
- A new configuration interface allowing dynamic changes to be made at run-time.
- Less setup is required for developers to get up and running.
- New PHP-FIG standards support added, making our SDK API less proprietary and more “pluggable”:
- Caching control is now dramatically more powerful with PSR-6, and offers greater interoperability with the PHP ecosystem.
- Every method that initiates a network request now returns a PSR-7 HTTP Message, a standard for communicating HTTP requests, making it easier for developers to handle our Authentication and Management API responses.
- Developers can now use their HTTP libraries of choice, rather than us forcing them to use what we decide for them. We plug into our developer’s infrastructure of choice, without requiring them to adapt to us.
- Likewise, we now support PSR-17 for handling the creation of network requests, allowing developers to customize how these requests are shaped, such as adding headers for their infrastructure needs.
- With PSR-14, developers can now hook into “events” as they happen in real-time within the SDK, offering greater control and customization. Developers can now engage deeply with the logic of the SDK in a safe, reliable manner, without having to fork or hack on the SDK and potentially break things. This is a safe route for offering a plugin or extension-like interface for developers directly into the SDK.
- Encrypted session cookies, with chunking support, will solve some headaches for developers with users on older versions of Mobile Safari, and instances where PHP sessions can be problematic. Sessions are no longer the default session handling method.
- A new auto-pagination helper for iterating through Management API requests.
- Automatic rate-limit handling so customers, saving customers time in writing code to deal with that scenarios. We implement a retry with an exponential backoff strategy to give the customer the best chance and success in completing their call.
- PKCE is now enabled by default.
- An entirely new JWT parser, validator, and verifier process.
The updated API means developers will need to update their application to support the changes, but we have a convenient migration guide available that should make it easy. Although there are lots of changes under the hood in this release, the API is cleaner and more straightforward than ever and should be intuitively adapted for developers. That said, we’re standing by for questions on GitHub and the Auth0 Community to help everyone transition.
New API means rebuilt Quickstarts! We’ve rebuilt our QS sample applications and documents to match the new, modern SDK. Give them a read and/or download and see what you think! Feedback is much appreciated: