From 2e649d7e357035f782a34e4c74c510dcdb2077ad Mon Sep 17 00:00:00 2001
From: Evan Sims <evan.sims@auth0.com>
Date: Wed, 24 Mar 2021 08:08:06 -0400
Subject: [PATCH] Release 4.0.0 (#113)

---
 CHANGELOG.md          | 61 ++++++++++++++++++++++++++++++++++++++++---
 UPGRADING.md          | 25 ++++++++++++++++++
 src/JWTAuthBundle.php |  2 +-
 3 files changed, 83 insertions(+), 5 deletions(-)
 create mode 100644 UPGRADING.md

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e56efb..4913a38 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,59 +1,101 @@
 # Change Log
 
+## [4.0.0](https://github.com/auth0/jwt-auth-bundle/tree/4.0.0) (2021-03-23)
+
+[Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.4.0...4.0.0)
+
+This release introduces PHP 8.0 support and upgrades the bundle to use Auth0's PHP SDK 7.x branch. It also includes expanded JWT validation options, upgraded caching support, a simplified configuration format, and other improvements.
+
+This release includes potential breaking changes that may require minor changes to host applications to support. Please review [UPGRADING.md](UPGRADING.md) for guidance on updating your application.
+
+**Added**
+
+- Introduce PHP 8.0 support [\#108](https://github.com/auth0/jwt-auth-bundle/pull/108) ([olix21](https://github.com/olix21))
+- Update to latest Auth0 PHP SDK version [\#108](https://github.com/auth0/jwt-auth-bundle/pull/108) ([evansims](https://github.com/evansims))
+  - Configuration format updated. See README for example.
+  - Cache support updated to support PSR-6 or PSR-16 caches. This cache is handed off to the Auth0 PHP SDK for use in JWK fetching.
+  - Added opt-in JWT validation checks around nonce, azp, org_id, and aud claims, and support for max_age and leeway checks.
+  - Enforces strict typing and expands type hinting.
+  - Upgrades to PHPUnit 9, and updates unit tests to support syntax changes.
+  - Adds unit tests for new helper classes.
+  - Adds phpcs and phpstan checks.
+- Adds support for Auth0 Organizations, currently in closed beta testing
+
+**Changed**
+
+- Use Symfony PSR-6 > PSR-16 cache adapter [\#110](https://github.com/auth0/jwt-auth-bundle/pull/110) ([darthf1](https://github.com/darthf1))
+
 ## [3.4.0](https://github.com/auth0/jwt-auth-bundle/tree/3.4.0) (2020-06-22)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.3.1...3.4.0)
 
 **Added**
+
 - Add support for autowiring [\#94](https://github.com/auth0/jwt-auth-bundle/pull/94) ([dunglas](https://github.com/dunglas))
 - Give access to the raw JWT in the user provider [\#97](https://github.com/auth0/jwt-auth-bundle/pull/97) ([dunglas](https://github.com/dunglas))
 
 **Changed**
+
 - Remove unused argument, and unused property [\#95](https://github.com/auth0/jwt-auth-bundle/pull/95) ([dunglas](https://github.com/dunglas))
 
 ## [3.3.1](https://github.com/auth0/jwt-auth-bundle/tree/3.3.1) (2019-12-10)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.3.0...3.3.1)
 
 **Fixed**
+
 - Configuration authorized_issuer string or array compatibility [\#89](https://github.com/auth0/jwt-auth-bundle/pull/89) ([antzo](https://github.com/antzo))
 
 ## [3.3.0](https://github.com/auth0/jwt-auth-bundle/tree/3.3.0) (2019-12-05)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.2.0...3.3.0)
 
 **Closed issues**
+
 - new release [\#86](https://github.com/auth0/jwt-auth-bundle/issues/86)
 - Remove SimplePreAuthenticatorInterface? [\#80](https://github.com/auth0/jwt-auth-bundle/issues/80)
 
 **Added**
+
 - Symfony 5 support [\#87](https://github.com/auth0/jwt-auth-bundle/pull/87) ([darthf1](https://github.com/darthf1))
 - Multiple authorized issuer [\#85](https://github.com/auth0/jwt-auth-bundle/pull/85) ([antzo](https://github.com/antzo))
 
 **Fixed**
+
 - Fix deprecation Treebuilder::root [\#79](https://github.com/auth0/jwt-auth-bundle/pull/79) ([darthf1](https://github.com/darthf1))
 
 ## [3.2.0](https://github.com/auth0/jwt-auth-bundle/tree/3.2.0) (2019-09-26)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.1.0...3.2.0)
 
 **Added**
+
 - GuardAuthenticator implementation for Symfony 2.8 and later [\#75](https://github.com/auth0/jwt-auth-bundle/pull/75) ([niels-nijens](https://github.com/niels-nijens))
 
 ## [3.1.0](https://github.com/auth0/jwt-auth-bundle/tree/3.1.0) (2018-07-12)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/3.0.2...3.1.0)
 
 **Closed issues**
+
 - Support Symfony4 [\#55](https://github.com/auth0/jwt-auth-bundle/issues/55)
 - Allow multiple audiences in config [\#54](https://github.com/auth0/jwt-auth-bundle/issues/54)
 
 **Added**
+
 - Add multiple audiences capability to JWT verification [\#57](https://github.com/auth0/jwt-auth-bundle/pull/57) ([joshcanhelp](https://github.com/joshcanhelp))
 - Allow symfony/framework-bundle 4.x [\#56](https://github.com/auth0/jwt-auth-bundle/pull/56) ([ricbra](https://github.com/ricbra))
 
 ## [3.0.2](https://github.com/auth0/jwt-auth-bundle/tree/3.0.2) (2017-07-19)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/2.0.0...3.0.2)
 
 **Added**
+
 - Added support for cache [\#51](https://github.com/auth0/jwt-auth-bundle/pull/51) ([Nyholm](https://github.com/Nyholm))
 
 ## [2.0.0](https://github.com/auth0/jwt-auth-bundle/tree/2.0.0) (2016-01-29)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.8...2.0.0)
 
 **Closed issues:**
@@ -67,6 +109,7 @@
 - Symfony 3.0 Changes [\#25](https://github.com/auth0/jwt-auth-bundle/pull/25) ([frodosghost](https://github.com/frodosghost))
 
 ## [1.2.8](https://github.com/auth0/jwt-auth-bundle/tree/1.2.8) (2016-01-29)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.7...1.2.8)
 
 **Merged pull requests:**
@@ -75,6 +118,7 @@
 - YAML files that use double quotes need to escape backslashes [\#22](https://github.com/auth0/jwt-auth-bundle/pull/22) ([frodosghost](https://github.com/frodosghost))
 
 ## [1.2.7](https://github.com/auth0/jwt-auth-bundle/tree/1.2.7) (2016-01-18)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.6...1.2.7)
 
 **Merged pull requests:**
@@ -82,19 +126,21 @@
 - updated auth0-php dependency [\#21](https://github.com/auth0/jwt-auth-bundle/pull/21) ([glena](https://github.com/glena))
 
 ## [1.2.6](https://github.com/auth0/jwt-auth-bundle/tree/1.2.6) (2015-11-17)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.5...1.2.6)
 
 **Closed issues:**
 
-- Setting secret\_base64\_encoded as false causes an exception [\#18](https://github.com/auth0/jwt-auth-bundle/issues/18)
+- Setting secret_base64_encoded as false causes an exception [\#18](https://github.com/auth0/jwt-auth-bundle/issues/18)
 - Installation method is incorrect [\#15](https://github.com/auth0/jwt-auth-bundle/issues/15)
 
 **Merged pull requests:**
 
-- \[\#18\] Remove "cannotBeEmpty" property of secret\_base64\_encoded [\#19](https://github.com/auth0/jwt-auth-bundle/pull/19) ([mickadoo](https://github.com/mickadoo))
+- \[\#18\] Remove "cannotBeEmpty" property of secret_base64_encoded [\#19](https://github.com/auth0/jwt-auth-bundle/pull/19) ([mickadoo](https://github.com/mickadoo))
 - Replaces scope: 'openid profile' [\#17](https://github.com/auth0/jwt-auth-bundle/pull/17) ([aguerere](https://github.com/aguerere))
 
 ## [1.2.5](https://github.com/auth0/jwt-auth-bundle/tree/1.2.5) (2015-10-29)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.4...1.2.5)
 
 **Closed issues:**
@@ -108,6 +154,7 @@
 - Fixed typo on Symfony word [\#12](https://github.com/auth0/jwt-auth-bundle/pull/12) ([tristanbes](https://github.com/tristanbes))
 
 ## [1.2.4](https://github.com/auth0/jwt-auth-bundle/tree/1.2.4) (2015-07-17)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.3...1.2.4)
 
 **Merged pull requests:**
@@ -115,6 +162,7 @@
 - Updated JWT dependency [\#10](https://github.com/auth0/jwt-auth-bundle/pull/10) ([glena](https://github.com/glena))
 
 ## [1.2.3](https://github.com/auth0/jwt-auth-bundle/tree/1.2.3) (2015-05-15)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.2...1.2.3)
 
 **Merged pull requests:**
@@ -122,6 +170,7 @@
 - New info headers scheme [\#9](https://github.com/auth0/jwt-auth-bundle/pull/9) ([glena](https://github.com/glena))
 
 ## [1.2.2](https://github.com/auth0/jwt-auth-bundle/tree/1.2.2) (2015-05-13)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.1...1.2.2)
 
 **Merged pull requests:**
@@ -129,6 +178,7 @@
 - Added optional domain config + support for auth0-php 1.0.2 [\#8](https://github.com/auth0/jwt-auth-bundle/pull/8) ([glena](https://github.com/glena))
 
 ## [1.2.1](https://github.com/auth0/jwt-auth-bundle/tree/1.2.1) (2015-05-12)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.2.0...1.2.1)
 
 **Closed issues:**
@@ -140,6 +190,7 @@
 - SDK Client headers spec compliant \#6 [\#7](https://github.com/auth0/jwt-auth-bundle/pull/7) ([glena](https://github.com/glena))
 
 ## [1.2.0](https://github.com/auth0/jwt-auth-bundle/tree/1.2.0) (2015-05-08)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/1.0.0...1.2.0)
 
 **Implemented enhancements:**
@@ -157,15 +208,17 @@
 - Api v2 + SDK 1.0 support [\#5](https://github.com/auth0/jwt-auth-bundle/pull/5) ([glena](https://github.com/glena))
 
 ## [1.0.0](https://github.com/auth0/jwt-auth-bundle/tree/1.0.0) (2015-01-30)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/0.0.3...1.0.0)
 
 ## [0.0.3](https://github.com/auth0/jwt-auth-bundle/tree/0.0.3) (2015-01-28)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/0.0.2...0.0.3)
 
 ## [0.0.2](https://github.com/auth0/jwt-auth-bundle/tree/0.0.2) (2015-01-27)
+
 [Full Changelog](https://github.com/auth0/jwt-auth-bundle/compare/0.0.1...0.0.2)
 
 ## [0.0.1](https://github.com/auth0/jwt-auth-bundle/tree/0.0.1) (2015-01-27)
 
-
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
+\* _This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)_
diff --git a/UPGRADING.md b/UPGRADING.md
new file mode 100644
index 0000000..eb0fcde
--- /dev/null
+++ b/UPGRADING.md
@@ -0,0 +1,25 @@
+# How to upgrade
+
+## 3.x to 4.x
+
+Check that your environment is compatible with 4.0's requirements before upgrading:
+
+- Please ensure you are using PHP 7.3 or newer.
+- Ensure you are using Symfony 4.4 or newer.
+
+Update your application, if necessary:
+
+- If you wish to use JWK caching (recommended), please ensure the caching component you are passing to jwt-auth-bundle's configuration is either [PSR-6](https://www.php-fig.org/psr/psr-6/) or [PSR-16](https://www.php-fig.org/psr/psr-16/) compatible, such as [Symfony's cache component](https://symfony.com/doc/current/components/cache.html).
+- Update your application's jwt-auth-bundle configuration to follow the updated format outlined in the [README](README.md). Changes of note;
+  - `api_identifier` is now `audience`.
+  - `api_secret` is now `client_secret`.
+  - `cache` requires a PSR-6/PSR-16 compatible component.
+  - `api_identifier_array` and `secret_base64_encoded` are no longer used.
+  - `validations` are now supported:
+    - `azp` for validating a Client ID; defaults to `client_id`.
+    - `aud` for validating an API identifier.
+    - `org_id` for validating an Auth0 Organization ID.
+    - `leeway` for the maximum age (in seconds) since the auth_time of the token.
+    - `max_age` for clock tolerance (in seconds) for token expiration checks.
+- Control over validations in 4.0 is new, so guidance is not required. However, it is worth noting, you must opt-in to using these validations by assigning them values, or they will be skipped.
+  - The only exception is `azp`, which by default will be checked against the value of `client_id`. You can override this by simply assigning it a different value.
diff --git a/src/JWTAuthBundle.php b/src/JWTAuthBundle.php
index 950f86f..28cc8a1 100644
--- a/src/JWTAuthBundle.php
+++ b/src/JWTAuthBundle.php
@@ -15,7 +15,7 @@
  */
 class JWTAuthBundle extends Bundle
 {
-    const SDK_VERSION = '3.4.0';
+    const SDK_VERSION = '4.0.0';
 
     /**
      * JWTAuthBundle constructor.