diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml
new file mode 100644
index 0000000..d2183bc
--- /dev/null
+++ b/.github/workflows/claude-code-review.yml
@@ -0,0 +1,18 @@
+name: Claude Code PR Review
+
+on:
+ issue_comment:
+ types: [ created ]
+ pull_request_review_comment:
+ types: [ created ]
+ pull_request_review:
+ types: [ submitted ]
+
+jobs:
+ claude-review:
+ permissions:
+ contents: write
+ issues: write
+ pull-requests: write
+ id-token: write
+ uses: auth0/auth0-ai-pr-analyzer-gh-action/.github/workflows/claude-code-review.yml@main
\ No newline at end of file
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
deleted file mode 100644
index 514ae7d..0000000
--- a/.github/workflows/semgrep.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: Semgrep
-
-on:
- merge_group:
- pull_request:
- types:
- - opened
- - synchronize
- push:
- branches:
- - main
- schedule:
- - cron: "30 0 1,15 * *"
-
-permissions:
- contents: read
-
-concurrency:
- group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
- cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
-
-jobs:
- check:
- name: Check for Vulnerabilities
- runs-on: ubuntu-latest
-
- container:
- image: returntocorp/semgrep
-
- steps:
- - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
- run: exit 0
-
- - uses: actions/checkout@v4
- with:
- ref: ${{ github.event.pull_request.merge_commit_sha || github.ref }}
-
- - run: semgrep ci
- env:
- SEMGREP_APP_TOKEN: ${{ secrets.DX_SDKS_SEMGREP_TOKEN }}
diff --git a/.version b/.version
index 368fd8f..3821090 100644
--- a/.version
+++ b/.version
@@ -1 +1 @@
-7.15.0
+7.19.0
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 56ad8c7..c11b797 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,39 @@
# Change Log
+## [7.19.0](https://github.com/auth0/laravel-auth0/tree/7.19.0) (2025-10-01)
+
+[Full Changelog](https://github.com/auth0/laravel-auth0/compare/7.18.0...7.19.0)
+
+**Fixed**
+
+- Security fix: Resolve CVE-2025-58769
+
+## [7.18.0](https://github.com/auth0/laravel-auth0/tree/7.18.0) (2025-09-02)
+[Full Changelog](https://github.com/auth0/laravel-auth0/compare/7.17.0...7.18.0)
+
+**Added**
+- Mixed changes: feature, fixes, and docs from community [\#477](https://github.com/auth0/laravel-auth0/pull/477) ([kishore7snehil](https://github.com/kishore7snehil))
+
+## [7.17.0](https://github.com/auth0/laravel-auth0/tree/7.17.0) (2025-05-16)
+
+[Full Changelog](https://github.com/auth0/laravel-auth0/compare/7.16.0...7.17.0)
+
+**Fixed**
+
+- Security fix: Resolve CVE-2025-47275
+
+## [7.16.0](https://github.com/auth0/laravel-auth0/tree/7.16.0) (2025-04-06)
+
+[Full Changelog](https://github.com/auth0/laravel-auth0/compare/7.15.0...7.16.0)
+
+**Added**
+
+- Laravel 12 Support [\#470](https://github.com/auth0/laravel-auth0/pull/470) ([lee-to](https://github.com/lee-to))
+
+**Fixed**
+
+- refactor: fix failing tests [\#471](https://github.com/auth0/laravel-auth0/pull/471) ([noevidenz](https://github.com/noevidenz))
+
## [7.15.0](https://github.com/auth0/laravel-auth0/tree/7.15.0) (2024-06-03)
[Full Changelog](https://github.com/auth0/laravel-auth0/compare/7.14.0...7.15.0)
@@ -229,7 +263,7 @@ A new property has been added to the `config/auth0.php` configuration file: `beh
#### Changes to Guard and Provider driver aliases
-We identified an issue with using identical alias naming for both the Guard and Provider singletons under Laravel 10, which has required us to rename these aliases. As previous guidance had been to instantiate these using their class names, this should not be a breaking change in most cases. However, if you had used `auth0` as the name for either the Guard or the Provider drivers, kindly note that these have changed. Please use `auth0.guard` for the Guard driver and `auth0.provider`` for the Provider driver. This is a regrettable change but was necessary for adequate Laravel 10 support.
+We identified an issue with using identical alias naming for both the Guard and Provider singletons under Laravel 10, which has required us to rename these aliases. As previous guidance had been to instantiate these using their class names, this should not be a breaking change in most cases. However, if you had used `auth0` as the name for either the Guard or the Provider drivers, kindly note that these have changed. Please use `auth0.guard` for the Guard driver and `auth0.provider` for the Provider driver. This is a regrettable change but was necessary for adequate Laravel 10 support.
## [7.4.0](https://github.com/auth0/laravel-auth0/tree/7.4.0) (2022-12-12)
diff --git a/README.md b/README.md
index c25f3bc..a39eb30 100644
--- a/README.md
+++ b/README.md
@@ -36,8 +36,8 @@ The next major release of Laravel is forecasted for Q1 2025. We anticipate suppo
| Laravel | SDK | PHP | Supported Until |
| ---------------------------------------------- | ----- | ---------------------------------------------- | ------------------------------------------------------------------------------------------------ |
-| [11.x](https://laravel.com/docs/11.x/releases) | 7.13+ | [8.3](https://www.php.net/releases/8.3/en.php) | Approx. [March 2026](https://laravel.com/docs/11.x/releases#support-policy) (EOL for Laravel 11) |
-| | | [8.2](https://www.php.net/releases/8.2/en.php) | Approx. [Dec 2025](https://www.php.net/supported-versions.php) (EOL for PHP 8.2) |
+| [12.x](https://laravel.com/docs/11.x/releases) | 7.15+ | [8.4](https://www.php.net/releases/8.4/en.php) | Approx. [Feb 2027](https://laravel.com/docs/12.x/releases#support-policy) (EOL for Laravel 12) |
+| | | [8.2](https://www.php.net/releases/8.3/en.php) | Approx. [Dec 2025](https://www.php.net/supported-versions.php) (EOL for PHP 8.3) |
We strive to support all actively maintained Laravel releases, prioritizing support for the latest major version with our SDK. If a new Laravel major introduces breaking changes, we may have to end support for past Laravel versions earlier than planned.
@@ -49,22 +49,23 @@ The following releases are no longer being updated with new features by Auth0, b
| Laravel | SDK | PHP | Security Fixes Until |
| ---------------------------------------------- | ---------- | ---------------------------------------------- | -------------------------------------------------------------------------------------- |
-| [10.x](https://laravel.com/docs/10.x/releases) | 7.5 - 7.12 | [8.3](https://www.php.net/releases/8.3/en.php) | [Feb 2025](https://laravel.com/docs/10.x/releases#support-policy) (EOL for Laravel 10) |
-| | | [8.2](https://www.php.net/releases/8.2/en.php) | [Feb 2025](https://laravel.com/docs/10.x/releases#support-policy) (EOL for Laravel 10) |
-| | | [8.1](https://www.php.net/releases/8.2/en.php) | [Nov 2024](https://www.php.net/supported-versions.php) (EOL for PHP 8.1) |
+| [11.x](https://laravel.com/docs/10.x/releases) | 7.13+ | [8.4](https://www.php.net/releases/8.4/en.php) | [March 2026](https://laravel.com/docs/11.x/releases#support-policy) (EOL for Laravel 11) |
+| | | [8.3](https://www.php.net/releases/8.3/en.php) | [March 2026](https://laravel.com/docs/11.x/releases#support-policy) (EOL for Laravel 11) |
+| | | [8.2](https://www.php.net/releases/8.2/en.php) | [Dec 2026](https://www.php.net/supported-versions.php) (EOL for PHP 8.2) |
### Unsupported Releases
The following releases are unsupported by Auth0. While they may be suitable for some legacy applications, your mileage may vary. We recommend upgrading to a supported version as soon as possible.
-| Laravel | SDK |
-| -------------------------------------------- | ---------- |
-| [9.x](https://laravel.com/docs/9.x/releases) | 7.0 - 7.12 |
-| [8.x](https://laravel.com/docs/8.x/releases) | 7.0 - 7.4 |
-| [7.x](https://laravel.com/docs/7.x/releases) | 5.4 - 6.5 |
-| [6.x](https://laravel.com/docs/6.x/releases) | 5.3 - 6.5 |
-| [5.x](https://laravel.com/docs/5.x/releases) | 2.0 - 6.1 |
-| [4.x](https://laravel.com/docs/4.x/releases) | 1.x |
+| Laravel | SDK |
+| -------------------------------------------- | ---------- |
+| [10.x](https://laravel.com/docs/10.x/releases)| 7.5 - 7.12 |
+| [9.x](https://laravel.com/docs/9.x/releases) | 7.0 - 7.12 |
+| [8.x](https://laravel.com/docs/8.x/releases) | 7.0 - 7.4 |
+| [7.x](https://laravel.com/docs/7.x/releases) | 5.4 - 6.5 |
+| [6.x](https://laravel.com/docs/6.x/releases) | 5.3 - 6.5 |
+| [5.x](https://laravel.com/docs/5.x/releases) | 2.0 - 6.1 |
+| [4.x](https://laravel.com/docs/4.x/releases) | 1.x |
## Getting Started
diff --git a/composer.json b/composer.json
index 5b30ff0..987874f 100644
--- a/composer.json
+++ b/composer.json
@@ -37,7 +37,7 @@
"require": {
"php": "^8.2",
"ext-json": "*",
- "auth0/auth0-php": "^8.10",
+ "auth0/auth0-php": "^8.17",
"illuminate/contracts": "^11 || ^12",
"illuminate/http": "^11 || ^12",
"illuminate/support": "^11 || ^12",
@@ -54,7 +54,7 @@
"pestphp/pest-plugin-laravel": "^2",
"phpstan/phpstan": "^1",
"phpstan/phpstan-strict-rules": "^1",
- "psalm/plugin-laravel": "^2.10",
+ "psalm/plugin-laravel": "^2.12",
"psr-mock/http": "^1",
"rector/rector": "^1",
"spatie/laravel-ray": "^1.40",
diff --git a/psalm.xml.dist b/psalm.xml.dist
index 6e8412c..5256e8b 100644
--- a/psalm.xml.dist
+++ b/psalm.xml.dist
@@ -12,6 +12,9 @@
+
+
+
diff --git a/src/Auth0.php b/src/Auth0.php
index c6db0b3..25b9616 100644
--- a/src/Auth0.php
+++ b/src/Auth0.php
@@ -9,6 +9,21 @@
/**
* Auth0 Laravel SDK service provider. Provides access to the SDK's methods.
*
+ * @method static \Auth0\SDK\Configuration\SdkConfiguration getConfiguration()
+ * @method static null|object getCredentials()
+ * @method static null|string getGuardConfigurationKey()
+ * @method static \Auth0\SDK\Contract\Auth0Interface getSdk()
+ * @method static \Auth0\SDK\Contract\API\ManagementInterface management()
+ * @method static self setGuardConfigurationKey(null|string $guardConfigurationKey = null)
+ * @method static \Auth0\SDK\Contract\Auth0Interface setSdk(\Auth0\SDK\Contract\Auth0Interface $sdk)
+ * @method static self reset()
+ * @method static self setConfiguration(\Auth0\SDK\Configuration\SdkConfiguration|array|null $configuration = null)
+ *
+ * @see Service
+ * @see ServiceAbstract
+ * @see Entities\InstanceEntityAbstract
+ * @see InstanceEntityTrait
+ *
* @codeCoverageIgnore
*
* @deprecated 7.8.0 Use Auth0\Laravel\Service instead.
diff --git a/src/Controllers/CallbackControllerAbstract.php b/src/Controllers/CallbackControllerAbstract.php
index 82a4340..7ab3868 100644
--- a/src/Controllers/CallbackControllerAbstract.php
+++ b/src/Controllers/CallbackControllerAbstract.php
@@ -5,12 +5,12 @@
namespace Auth0\Laravel\Controllers;
use Auth0\Laravel\Auth\Guard;
+use Auth0\Laravel\{Configuration, Events};
use Auth0\Laravel\Entities\CredentialEntityContract;
use Auth0\Laravel\Events\{AuthenticationFailed, AuthenticationSucceeded};
use Auth0\Laravel\Exceptions\ControllerException;
use Auth0\Laravel\Exceptions\Controllers\CallbackControllerException;
use Auth0\Laravel\Guards\GuardAbstract;
-use Auth0\Laravel\{Configuration, Events};
use Illuminate\Auth\Events\{Attempting, Authenticated, Failed, Validated};
use Illuminate\Contracts\Auth\Authenticatable;
use Illuminate\Http\Request;
diff --git a/src/Controllers/LoginControllerAbstract.php b/src/Controllers/LoginControllerAbstract.php
index 83343e2..6e4ff38 100644
--- a/src/Controllers/LoginControllerAbstract.php
+++ b/src/Controllers/LoginControllerAbstract.php
@@ -5,11 +5,11 @@
namespace Auth0\Laravel\Controllers;
use Auth0\Laravel\Auth\Guard;
+use Auth0\Laravel\{Configuration, Events};
use Auth0\Laravel\Entities\CredentialEntityContract;
use Auth0\Laravel\Events\LoginAttempting;
use Auth0\Laravel\Exceptions\ControllerException;
use Auth0\Laravel\Guards\GuardAbstract;
-use Auth0\Laravel\{Configuration, Events};
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
diff --git a/src/Entities/InstanceEntityAbstract.php b/src/Entities/InstanceEntityAbstract.php
index 36d2929..2e23024 100644
--- a/src/Entities/InstanceEntityAbstract.php
+++ b/src/Entities/InstanceEntityAbstract.php
@@ -5,8 +5,8 @@
namespace Auth0\Laravel\Entities;
use Auth0\Laravel\Bridges\{CacheBridge, SessionBridge};
-use Auth0\Laravel\Events\Configuration\{BuildingConfigurationEvent, BuiltConfigurationEvent};
use Auth0\Laravel\{Configuration, Events, Service};
+use Auth0\Laravel\Events\Configuration\{BuildingConfigurationEvent, BuiltConfigurationEvent};
use Auth0\SDK\Auth0;
use Auth0\SDK\Configuration\SdkConfiguration;
use Auth0\SDK\Contract\API\ManagementInterface;
diff --git a/src/Events.php b/src/Events.php
index e558c5d..04003c2 100644
--- a/src/Events.php
+++ b/src/Events.php
@@ -4,16 +4,6 @@
namespace Auth0\Laravel;
-use Auth0\Laravel\Events\Configuration\{
- BuildingConfigurationEvent,
- BuiltConfigurationEvent,
-};
-
-use Auth0\Laravel\Events\Middleware\{
- StatefulMiddlewareRequest,
- StatelessMiddlewareRequest,
-};
-
use Auth0\Laravel\Events\{
AuthenticationFailed,
AuthenticationSucceeded,
@@ -27,6 +17,16 @@
TokenVerificationSucceeded,
};
+use Auth0\Laravel\Events\Configuration\{
+ BuildingConfigurationEvent,
+ BuiltConfigurationEvent,
+};
+
+use Auth0\Laravel\Events\Middleware\{
+ StatefulMiddlewareRequest,
+ StatelessMiddlewareRequest,
+};
+
/**
* @api
*
diff --git a/src/EventsContract.php b/src/EventsContract.php
index 8cc0c1d..1e64d22 100644
--- a/src/EventsContract.php
+++ b/src/EventsContract.php
@@ -4,18 +4,6 @@
namespace Auth0\Laravel;
-use Auth0\Laravel\Events\Configuration\{
- BuildingConfigurationEvent,
- BuiltConfigurationEvent,
-};
-
-use Auth0\Laravel\Events\EventContract;
-
-use Auth0\Laravel\Events\Middleware\{
- StatefulMiddlewareRequest,
- StatelessMiddlewareRequest,
-};
-
use Auth0\Laravel\Events\{
AuthenticationFailed,
AuthenticationSucceeded,
@@ -28,6 +16,18 @@
TokenVerificationSucceeded,
};
+use Auth0\Laravel\Events\Configuration\{
+ BuildingConfigurationEvent,
+ BuiltConfigurationEvent,
+};
+
+use Auth0\Laravel\Events\EventContract;
+
+use Auth0\Laravel\Events\Middleware\{
+ StatefulMiddlewareRequest,
+ StatelessMiddlewareRequest,
+};
+
/**
* @api
*/
diff --git a/src/Guards/AuthenticationGuard.php b/src/Guards/AuthenticationGuard.php
index e3cc4ff..03ca2dd 100644
--- a/src/Guards/AuthenticationGuard.php
+++ b/src/Guards/AuthenticationGuard.php
@@ -13,6 +13,7 @@
use Auth0\SDK\Utility\HttpResponse;
use Illuminate\Auth\Events\{Login, Logout};
use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Traits\Macroable;
use Throwable;
@@ -27,6 +28,8 @@
*/
final class AuthenticationGuard extends GuardAbstract implements AuthenticationGuardContract
{
+ use Macroable;
+
/**
* @var string
*/
diff --git a/src/Guards/AuthorizationGuard.php b/src/Guards/AuthorizationGuard.php
index 73bb1f1..77f5e25 100644
--- a/src/Guards/AuthorizationGuard.php
+++ b/src/Guards/AuthorizationGuard.php
@@ -8,6 +8,7 @@
use Auth0\Laravel\UserProviderContract;
use Auth0\SDK\Utility\HttpResponse;
use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Support\Traits\Macroable;
use function is_array;
use function is_string;
@@ -19,6 +20,8 @@
*/
final class AuthorizationGuard extends GuardAbstract implements AuthorizationGuardContract
{
+ use Macroable;
+
public function find(): ?CredentialEntityContract
{
if ($this->isImpersonating()) {
diff --git a/src/ServiceAbstract.php b/src/ServiceAbstract.php
index dae4a90..3c46e4e 100644
--- a/src/ServiceAbstract.php
+++ b/src/ServiceAbstract.php
@@ -22,7 +22,7 @@ abstract class ServiceAbstract extends InstanceEntityAbstract
*
* @var string
*/
- public const VERSION = '7.15.0';
+ public const VERSION = '7.19.0';
/**
* Decode a PSR-7 HTTP Response Message containing a JSON content body to a PHP array. Returns null if the response was not successful, or the response body was not JSON.