|
1 | 1 | # Upgrade Guide |
2 | 2 |
|
| 3 | +## Upgrading To 9.0 From 8.0 |
| 4 | + |
| 5 | +### Support For Multiple Guards |
| 6 | + |
| 7 | +PR: https://github.com/laravel/passport/pull/1220 |
| 8 | + |
| 9 | +Passport now has support for multiple guard user providers. Because of this change, you must add a `provider` column to the `oauth_clients` database table: |
| 10 | + |
| 11 | + Schema::table('oauth_clients', function (Blueprint $table) { |
| 12 | + $table->string('provider')->after('secret')->nullable(); |
| 13 | + }); |
| 14 | + |
| 15 | +### Client Credentials Secret Hashing |
| 16 | + |
| 17 | +PR: https://github.com/laravel/passport/pull/1145 |
| 18 | + |
| 19 | +Client secrets may now be stored using a SHA-256 hash. However, before enabling this functionality, please consider the following. First, there is no way to reverse the hashing process once you have migrated your existing tokens. Secondly, when hashing client secrets, you will only have one opportunity to display the plain-text value to the user before it is hashed and stored in the database. |
| 20 | + |
| 21 | +You may enable client secret hashing by calling the `Passport::hashClientSecrets()` method within the `boot` method of your `AppServiceProvider`. For convenience, we've included a new Artisan command which you can run to hash all existing client secrets: |
| 22 | + |
| 23 | + php artisan passport:hash |
| 24 | + |
| 25 | +**Again, please be aware that running this command cannot be undone. For extra precaution, you may wish to create a backup of your database before running the command.** |
| 26 | + |
| 27 | +### Client Credentials Middleware Changes |
| 28 | + |
| 29 | +PR: https://github.com/laravel/passport/pull/1132 |
| 30 | + |
| 31 | +[After a lengthy debate](https://github.com/laravel/passport/issues/1125), it was decided to revert the change made [in a previous PR](https://github.com/laravel/passport/pull/1040) that introduced an exception when the client credentials middleware was used to authenticate first party clients. |
| 32 | + |
| 33 | +### Switch From `getKey` To `getAuthIdentifier` |
| 34 | + |
| 35 | +PR: https://github.com/laravel/passport/pull/1134 |
| 36 | + |
| 37 | +Internally, Passport will now use the `getAuthIdentifier` method to determine a model's primary key. This is consistent with the framework and Laravel's first party libraries. |
| 38 | + |
| 39 | +### Remove Deprecated Functionality |
| 40 | + |
| 41 | +PR: https://github.com/laravel/passport/pull/1235 |
| 42 | + |
| 43 | +The deprecated `revokeOtherTokens` and `pruneRevokedTokens` methods and the `revokeOtherTokens` and `pruneRevokedTokens` properties were removed from the `Passport` object. |
| 44 | + |
| 45 | + |
3 | 46 | ## Upgrading To 8.0 From 7.0 |
4 | 47 |
|
5 | 48 | ### Minimum & Upgraded Versions |
|
0 commit comments