From 6679418436027ac21feb34e91f889b7f0d498b8a Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 14:20:37 +0000
Subject: [PATCH 1/6] Update readme and changelog

---
 CHANGELOG.md | 33 +++++++++++++++++++++++++++++++--
 README.md    | 43 ++++++++++++++++++++++++++++++-------------
 2 files changed, 61 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 958a941ef..bbb98a828 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,34 @@
 # Changelog
 
+## 7.0.0 (released 2018-02-17)
+
+* Drop support for PHP 5.6
+* Drop support for version 5.x and 6.x of the library
+* Accept RSA key with CRLF line endings (PR #805)
+* Fix S256 code challenege method (PR #842)
+* Skip key file creation if the file already exists (PR #845)
+* Set correct redirect URI when validating scopes (PR #840)
+* Use PHPStan for static analysis of code (PR #848)
+* Do not issue an error if key file permissions are 400 or 440 (PR #839)
+* Add get and set methods for OAuth Server Exception payloads. Allow implementer to specify the JSON encode options (PR #719)
+* ClientRepository interface will now accept null for the Grant type to improve extensibility options (PR #607)
+* Update PHPUnit version and provide PHPStan coverage for tests (PR #849)
+* Upgrade library dependencies and enforce stricter static analysis checks (PR #852)
+* Fix PKCE implementation (PR #744)
+
+## 6.1.1 (released 2017-12-23)
+
+* Removed check on empty scopes
+
+## 6.1.0 (released 2017-12-23)
+
+* Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
+* Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
+* Allow specification of query delimiter character in the Password Grant (PR #801)
+* Add Zend Diactoros library dependency to examples (PR #678)
+* Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
+* Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)
+
 ## 6.0.2 (released 2017-08-03)
 
 * An invalid refresh token that can't be decrypted now returns a HTTP 401 error instead of HTTP 400 (Issue #759)
@@ -9,7 +38,7 @@
 ## 6.0.1 (released 2017-07-19)
 
 To address feedback from the security release the following change has been made:
-  
+
 * If an RSA key cannot be chmod'ed to 600 then it will now throw a E_USER_NOTICE instead of an exception.
 
 ## 6.0.0 (released 2017-07-01)
@@ -349,4 +378,4 @@ Version 5 is a complete code rewrite.
 
 ## 1.0.0 (released 2013-02-15)
 
-* First major release
\ No newline at end of file
+* First major release
diff --git a/README.md b/README.md
index 28047d6ba..f6b6d12f7 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,12 @@
 # PHP OAuth 2.0 Server
 
-### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:
-### Security Notice 
-
-### Please upgrade to version `>=5.1.6` (backwards compatible) or `6.x` (one tiny breaking change) to fix some potential security vulnerabilities - [visit this page for more information](https://oauth2.thephpleague.com/v5-security-improvements/)
-### :warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning::warning:
-
 [![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
 [![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
 [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
 [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
 [![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
+[![PHPStan](https://img.shields.io/badge/PHPStan-enabled-brightgreen.svg?style=flat-square)](https://github.com/phpstan/phpstan)
 
 `league/oauth2-server` is a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
@@ -36,25 +31,48 @@ This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](ht
 
 The following versions of PHP are supported:
 
-* PHP 5.6
 * PHP 7.0
 * PHP 7.1
 * PHP 7.2
 
 The `openssl` extension is also required.
 
+## Installation
+
+```
+composer require league/oauth2-server
+```
+
 ## Documentation
 
-The library documentation can be found at [https://oauth2.thephpleague.com](https://oauth2.thephpleague.com). 
+The library documentation can be found at [https://oauth2.thephpleague.com](https://oauth2.thephpleague.com).
 You can contribute to the documentation in the [gh-pages branch](https://github.com/thephpleague/oauth2-server/tree/gh-pages/).
 
+## Testing
+
+The library uses [PHPUnit](https://phpunit.de/) for unit tests and [PHPStan](https://github.com/phpstan/phpstan) for static analysis of the code.
+
+```
+vendor/bin/phpunit
+vendor/bin/phpstan analyse -l 6 -c phpstan.neon src tests
+```
+
+## Continous Integration
+
+We use [Travis CI](https://travis-ci.org/), [Scrutinizer](https://scrutinizer-ci.com/), and [StyleCI](https://styleci.io/) for continuous integration. Check out [our](https://github.com/thephpleague/oauth2-server/blob/master/.travis.yml) [configuration](https://github.com/thephpleague/oauth2-server/blob/master/.scrutinizer.yml) [files](https://github.com/thephpleague/oauth2-server/blob/master/.styleci.yml) if you'd like to know more.
+
+## Community Integrations
+
+* [Laravel Passport](https://github.com/laravel/passport)
+* [OAuth 2 Server for CakePHP 3](https://github.com/uafrica/oauth-server)
+
 ## Changelog
 
 [See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
 
 ## Contributing
 
-Please see [CONTRIBUTING.md](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) and [CONDUCT.md](https://github.com/thephpleague/oauth2-server/blob/master/CONDUCT.md) for details.
+Contributions are always welcome. Please see [CONTRIBUTING.md](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) and [CONDUCT.md](https://github.com/thephpleague/oauth2-server/blob/master/CONDUCT.md) for details.
 
 ## Support
 
@@ -62,8 +80,6 @@ Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague
 
 If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below.
 
-
-
 ## Commercial Support
 
 If you would like help implementing this library into your existing platform, or would be interested in OAuth advice or training for you and your team please get in touch with [Glynde Labs](https://glyndelabs.com).
@@ -78,11 +94,12 @@ This package is released under the MIT License. See the bundled [LICENSE](https:
 
 ## Credits
 
-This code is principally developed and maintained by [Andy Millington](https://twitter.com/Sephster), [Brian 
-Retterer](https://twitter.com/bretterer), and [Simon Hamp](https://twitter.com/simonhamp).
+This code is principally developed and maintained by [Andy Millington](https://twitter.com/Sephster) and [Simon Hamp](https://twitter.com/simonhamp).
 
 Between 2012 and 2017 this library was developed and maintained by [Alex Bilbie](https://alexbilbie.com/).
 
+PHP OAuth 2.0 Server is one of many packages provided by The PHP League. To find out more, please visit [our website](https://thephpleague.com).
+
 Special thanks to [all of these awesome contributors](https://github.com/thephpleague/oauth2-server/contributors).
 
 Additional thanks go to the [Mozilla Secure Open Source Fund](https://wiki.mozilla.org/MOSS/Secure_Open_Source) for funding a security audit of this library.

From 70396bec67f7dcf298fec2ea5ada830199e3fb5d Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 15:28:28 +0000
Subject: [PATCH 2/6] Chang Changelog format

---
 CHANGELOG.md | 618 +++++++++++++++++++++++++++------------------------
 README.md    |   2 +-
 2 files changed, 330 insertions(+), 290 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index bbb98a828..a0067a5b0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,381 +1,421 @@
 # Changelog
+All notable changes to this project will be documented in this file.
 
-## 7.0.0 (released 2018-02-17)
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
-* Drop support for PHP 5.6
-* Drop support for version 5.x and 6.x of the library
-* Accept RSA key with CRLF line endings (PR #805)
-* Fix S256 code challenege method (PR #842)
-* Skip key file creation if the file already exists (PR #845)
-* Set correct redirect URI when validating scopes (PR #840)
-* Use PHPStan for static analysis of code (PR #848)
-* Do not issue an error if key file permissions are 400 or 440 (PR #839)
-* Add get and set methods for OAuth Server Exception payloads. Allow implementer to specify the JSON encode options (PR #719)
-* ClientRepository interface will now accept null for the Grant type to improve extensibility options (PR #607)
-* Update PHPUnit version and provide PHPStan coverage for tests (PR #849)
-* Upgrade library dependencies and enforce stricter static analysis checks (PR #852)
-* Fix PKCE implementation (PR #744)
+## [Unreleased]
 
-## 6.1.1 (released 2017-12-23)
+## [7.0.0] - released 2018-02-17
 
-* Removed check on empty scopes
+### Added
+- Use PHPStan for static analysis of code (PR #848)
+- Enforce stricter static analysis checks and upgrade library dependencies (PR #852)
+- Provide PHPStan coverage for tests and update PHPUnit (PR #849)
+- Get and set methods for OAuth Server Exception payloads. Allow implementer to specify the JSON encode options (PR #719)
 
-## 6.1.0 (released 2017-12-23)
+### Changed
+- ClientRepository interface will now accept null for the Grant type to improve extensibility options (PR #607)
+- Do not issue an error if key file permissions are 400 or 440 (PR #839)
+- Skip key file creation if the file already exists (PR #845)
+- Change changelog format and update readme
 
-* Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
-* Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
-* Allow specification of query delimiter character in the Password Grant (PR #801)
-* Add Zend Diactoros library dependency to examples (PR #678)
-* Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
-* Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)
+### Removed
+- Support for PHP 5.6
+- Support for version 5.x and 6.x of the library
 
-## 6.0.2 (released 2017-08-03)
+### Fixed
+- PKCE implementation (PR #744)
+- Set correct redirect URI when validating scopes (PR #840)
+- S256 code challenege method (PR #842)
+- Accept RSA key with CRLF line endings (PR #805)
 
-* An invalid refresh token that can't be decrypted now returns a HTTP 401 error instead of HTTP 400 (Issue #759)
-* Removed chmod from CryptKey and add toggle to disable checking (Issue #776)
-* Fixes invalid code challenge method payload key name (Issue #777)
+## [6.1.1] - 2017-12-23
 
-## 6.0.1 (released 2017-07-19)
+- Removed check on empty scopes
 
-To address feedback from the security release the following change has been made:
-
-* If an RSA key cannot be chmod'ed to 600 then it will now throw a E_USER_NOTICE instead of an exception.
-
-## 6.0.0 (released 2017-07-01)
-
-* Breaking change: The `AuthorizationServer` constructor now expects an encryption key string instead of a public key
-* Remove support for HHVM
-* Remove support for PHP 5.5
-
-## 5.1.4 (released 2017-07-01)
-
-* Fixed multiple security vulnerabilities as a result of a security audit paid for by the [Mozilla Secure Open Source Fund](https://wiki.mozilla.org/MOSS/Secure_Open_Source). All users of this library are encouraged to update as soon as possible to this version or version 6.0 or greater.
-	* It is recommended on each `AuthorizationServer` instance you set the `setEncryptionKey()`. This will result in stronger encryption being used. If this method is not set messages will be sent to the defined error handling routines (using `error_log`). Please see the examples and documentation for examples.
-* TravisCI now tests PHP 7.1 (Issue #671)
-* Fix middleware example fatal error (Issue #682)
-* Fix typo in the first README sentence (Issue #690)
-* Corrected DateInterval from 1 min to 1 month (Issue #709)
-
-## 5.1.3 (released 2016-10-12)
-
-* Fixed WWW-Authenticate header (Issue #669)
-* Increase the recommended RSA key length from 1024 to 2048 bits (Issue #668)
-
-## 5.1.2 (released 2016-09-19)
+## [6.1.0] - 2017-12-23
 
-* Fixed `finalizeScopes` call (Issue #650)
+- Changed the token type issued by the Implicit Grant to be Bearer instead of bearer. (PR #724)
+- Replaced call to array_key_exists() with the faster isset() on the Implicit Grant. (PR #749)
+- Allow specification of query delimiter character in the Password Grant (PR #801)
+- Add Zend Diactoros library dependency to examples (PR #678)
+- Can set default scope for the authorization endpoint. If no scope is passed during an authorization request, the default scope will be used if set. If not, the server will issue an invalid scope exception (PR #811)
+- Added validation for redirect URIs on the authorization end point to ensure exactly one redirection URI has been passed (PR #573)
 
-## 5.1.1 (released 2016-07-26)
+## [6.0.2] - 2017-08-03
 
-* Improved test suite (Issue #614)
-* Updated docblocks (Issue #616)
-* Replace `array_shift` with `foreach` loop (Issue #621)
-* Allow easy addition of custom fields to Bearer token response (Issue #624)
-* Key file auto-generation from string (Issue #625)
+- An invalid refresh token that can't be decrypted now returns a HTTP 401 error instead of HTTP 400 (Issue #759)
+- Removed chmod from CryptKey and add toggle to disable checking (Issue #776)
+- Fixes invalid code challenge method payload key name (Issue #777)
 
-## 5.1.0 (released 2016-06-28)
+## [6.0.1] - 2017-07-19
 
-* Implemented RFC7636 (Issue #574)
-* Unify middleware exception responses (Issue #578)
-* Updated examples (Issue #589)
-* Ensure state is in access denied redirect (Issue #597)
-* Remove redundant `isExpired()` method from entity interfaces and traits (Issue #600)
-* Added a check for unique access token constraint violation (Issue #601)
-* Look at Authorization header directly for HTTP Basic auth checks (Issue #604)
-* Added catch Runtime exception when parsing JWT string (Issue #605)
-* Allow `paragonie/random_compat` 2.x (Issue #606)
-* Added `indigophp/hash-compat` to Composer suggestions and `require-dev` for PHP 5.5 support
-
-## 5.0.3 (released 2016-05-04)
+To address feedback from the security release the following change has been made:
 
-* Fix hints in PasswordGrant (Issue #560)
-* Add meaning of `Resource owner` to terminology.md (Issue #561)
-* Use constant for event name instead of explicit string (Issue #563)
-* Remove unused request property (Issue #564)
-* Correct wrong phpdoc (Issue #569)
-* Fixed typo in exception string (Issue #570)
+- If an RSA key cannot be chmod'ed to 600 then it will now throw a E_USER_NOTICE instead of an exception.
 
-## 5.0.2 (released 2016-04-18)
+## [6.0.0] - 2017-07-01
 
-* `state` parameter is now correctly returned after implicit grant authorization
-* Small code and docblock improvements
+- Breaking change: The `AuthorizationServer` constructor now expects an encryption key string instead of a public key
+- Remove support for HHVM
+- Remove support for PHP 5.5
 
-## 5.0.1 (released 2016-04-18)
+## [5.1.4] - 2017-07-01
 
-* Fixes an issue (#550) whereby it was unclear whether or not to validate a client's secret during a request.
+- Fixed multiple security vulnerabilities as a result of a security audit paid for by the [Mozilla Secure Open Source Fund](https://wiki.mozilla.org/MOSS/Secure_Open_Source). All users of this library are encouraged to update as soon as possible to this version or version 6.0 or greater.
+	- It is recommended on each `AuthorizationServer` instance you set the `setEncryptionKey()`. This will result in stronger encryption being used. If this method is not set messages will be sent to the defined error handling routines (using `error_log`). Please see the examples and documentation for examples.
+- TravisCI now tests PHP 7.1 (Issue #671)
+- Fix middleware example fatal error (Issue #682)
+- Fix typo in the first README sentence (Issue #690)
+- Corrected DateInterval from 1 min to 1 month (Issue #709)
 
-## 5.0.0 (released 2016-04-17)
+## [5.1.3] - 2016-10-12
 
-Version 5 is a complete code rewrite.
+- Fixed WWW-Authenticate header (Issue #669)
+- Increase the recommended RSA key length from 1024 to 2048 bits (Issue #668)
 
-* JWT support
-* PSR-7 support
-* Improved exception errors
-* Replace all occurrences of the term "Storage" with "Repository"
-* Simplify repositories
-* Entities conform to interfaces and use traits
-* Auth code grant updated
-    * Allow support for public clients
-    * Add support for #439
-* Client credentials grant updated
-* Password grant updated
-    * Allow support for public clients
-* Refresh token grant updated
-* Implement Implicit grant
-* Bearer token output type
-* Remove MAC token output type
-* Authorization server rewrite
-* Resource server class moved to PSR-7 middleware
-* Tests
-* Much much better documentation
-
-Changes since RC2:
-
-* Renamed Server class to AuthorizationServer
-* Added ResourceServer class
-* Run unit tests again PHP 5.5.9 as it's the minimum supported version
-* Enable PHPUnit 5.0 support
-* Improved examples and documentation
-* Make it clearer that the implicit grant doesn't support refresh tokens
-* Improved refresh token validation errors
-* Fixed refresh token expiry date
-
-## 5.0.0-RC2 (released 2016-04-10)
-
-Changes since RC1:
-
-* Allow multiple client redirect URIs (Issue #511)
-* Remove unused mac token interface (Issue #503)
-* Handle RSA key passphrase (Issue #502)
-* Remove access token repository from response types (Issue #501)
-* Remove unnecessary methods from entity interfaces (Issue #490)
-* Ensure incoming JWT hasn't expired (Issue #509)
-* Fix client identifier passed where user identifier is expected (Issue #498)
-* Removed built-in entities; added traits to for quick re-use (Issue #504)
-* Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
-* Removed templating for auth code and implicit grants (Issue #499)
-
-## 5.0.0-RC1 (release 2016-03-24)
-
-Version 5 is a complete code rewrite.
+## [5.1.2] - 2016-09-19
 
-* JWT support
-* PSR-7 support
-* Improved exception errors
-* Replace all occurrences of the term "Storage" with "Repository"
-* Simplify repositories
-* Entities conform to interfaces and use traits
-* Auth code grant updated
-    * Allow support for public clients
-    * Add support for #439
-* Client credentials grant updated
-* Password grant updated
-    * Allow support for public clients
-* Refresh token grant updated
-* Implement Implicit grant
-* Bearer token output type
-* Remove MAC token output type
-* Authorization server rewrite
-* Resource server class moved to PSR-7 middleware
-* Tests
-* Much much better documentation
+- Fixed `finalizeScopes` call (Issue #650)
 
-## 4.1.5 (released 2016-01-04)
+## [5.1.1] - 2016-07-26
 
-* Enable Symfony 3.0 support (#412)
+- Improved test suite (Issue #614)
+- Updated docblocks (Issue #616)
+- Replace `array_shift` with `foreach` loop (Issue #621)
+- Allow easy addition of custom fields to Bearer token response (Issue #624)
+- Key file auto-generation from string (Issue #625)
 
-## 4.1.4 (released 2015-11-13)
+## [5.1.0] - 2016-06-28
 
-* Fix for determining access token in header (Issue #328)
-* Refresh tokens are now returned for MAC responses (Issue #356)
-* Added integration list to readme (Issue #341)
-* Expose parameter passed to exceptions (Issue #345)
-* Removed duplicate routing setup code (Issue #346)
-* Docs fix (Issues #347, #360, #380)
-* Examples fix (Issues #348, #358)
-* Fix typo in docblock (Issue #352)
-* Improved timeouts for MAC tokens (Issue #364)
-* `hash_hmac()` should output raw binary data, not hexits (Issue #370)
-* Improved regex for matching all Base64 characters (Issue #371)
-* Fix incorrect signature parameter (Issue #372)
-* AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
-* Added priority argument to event listener (Issue #388)
+- Implemented RFC7636 (Issue #574)
+- Unify middleware exception responses (Issue #578)
+- Updated examples (Issue #589)
+- Ensure state is in access denied redirect (Issue #597)
+- Remove redundant `isExpired()` method from entity interfaces and traits (Issue #600)
+- Added a check for unique access token constraint violation (Issue #601)
+- Look at Authorization header directly for HTTP Basic auth checks (Issue #604)
+- Added catch Runtime exception when parsing JWT string (Issue #605)
+- Allow `paragonie/random_compat` 2.x (Issue #606)
+- Added `indigophp/hash-compat` to Composer suggestions and `require-dev` for PHP 5.5 support
 
-## 4.1.3 (released 2015-03-22)
+## [5.0.3] - 2016-05-04
 
-* Docblock, namespace and inconsistency fixes (Issue #303)
-* Docblock type fix (Issue #310)
-* Example bug fix (Issue #300)
-* Updated league/event to ~2.1 (Issue #311)
-* Fixed missing session scope (Issue #319)
-* Updated interface docs (Issue #323)
-* `.travis.yml` updates
+- Fix hints in PasswordGrant (Issue #560)
+- Add meaning of `Resource owner` to terminology.md (Issue #561)
+- Use constant for event name instead of explicit string (Issue #563)
+- Remove unused request property (Issue #564)
+- Correct wrong phpdoc (Issue #569)
+- Fixed typo in exception string (Issue #570)
 
-## 4.1.2 (released 2015-01-01)
+## [5.0.2] - 2016-04-18
 
-* Remove side-effects in hash_equals() implementation (Issue #290)
+- `state` parameter is now correctly returned after implicit grant authorization
+- Small code and docblock improvements
 
-## 4.1.1 (released 2014-12-31)
+## [5.0.1] - 2016-04-18
 
-* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
+- Fixes an issue (#550) whereby it was unclear whether or not to validate a client's secret during a request.
 
-## 4.1.0 (released 2014-12-27)
+## [5.0.0] - 2016-04-17
 
-* Added MAC token support (Issue #158)
-* Fixed example init code (Issue #280)
-* Toggle refresh token rotation (Issue #286)
-* Docblock fixes
+Version 5 is a complete code rewrite.
 
-## 4.0.5 (released 2014-12-15)
+- Renamed Server class to AuthorizationServer
+- Added ResourceServer class
+- Run unit tests again PHP 5.5.9 as it's the minimum supported version
+- Enable PHPUnit 5.0 support
+- Improved examples and documentation
+- Make it clearer that the implicit grant doesn't support refresh tokens
+- Improved refresh token validation errors
+- Fixed refresh token expiry date
+
+## [5.0.0-RC2] - 2016-04-10
+
+- Allow multiple client redirect URIs (Issue #511)
+- Remove unused mac token interface (Issue #503)
+- Handle RSA key passphrase (Issue #502)
+- Remove access token repository from response types (Issue #501)
+- Remove unnecessary methods from entity interfaces (Issue #490)
+- Ensure incoming JWT hasn't expired (Issue #509)
+- Fix client identifier passed where user identifier is expected (Issue #498)
+- Removed built-in entities; added traits to for quick re-use (Issue #504)
+- Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
+- Removed templating for auth code and implicit grants (Issue #499)
+
+## [5.0.0-RC1] - 2016-03-24
 
-* Prevent duplicate session in auth code grant (Issue #282)
+Version 5 is a complete code rewrite.
 
-## 4.0.4 (released 2014-12-03)
+- JWT support
+- PSR-7 support
+- Improved exception errors
+- Replace all occurrences of the term "Storage" with "Repository"
+- Simplify repositories
+- Entities conform to interfaces and use traits
+- Auth code grant updated
+  - Allow support for public clients
+  - Add support for #439
+- Client credentials grant updated
+- Password grant updated
+  - Allow support for public clients
+- Refresh token grant updated
+- Implement Implicit grant
+- Bearer token output type
+- Remove MAC token output type
+- Authorization server rewrite
+- Resource server class moved to PSR-7 middleware
+- Tests
+- Much much better documentation
 
-* Ensure refresh token hasn't expired (Issue #270)
+## [4.1.5] - 2016-01-04
 
-## 4.0.3 (released 2014-12-02)
+- Enable Symfony 3.0 support (#412)
 
-* Fix bad type hintings (Issue #267)
-* Do not forget to set the expire time (Issue #268)
+## [4.1.4] - 2015-11-13
 
-## 4.0.2 (released 2014-11-21)
+- Fix for determining access token in header (Issue #328)
+- Refresh tokens are now returned for MAC responses (Issue #356)
+- Added integration list to readme (Issue #341)
+- Expose parameter passed to exceptions (Issue #345)
+- Removed duplicate routing setup code (Issue #346)
+- Docs fix (Issues #347, #360, #380)
+- Examples fix (Issues #348, #358)
+- Fix typo in docblock (Issue #352)
+- Improved timeouts for MAC tokens (Issue #364)
+- `hash_hmac()` should output raw binary data, not hexits (Issue #370)
+- Improved regex for matching all Base64 characters (Issue #371)
+- Fix incorrect signature parameter (Issue #372)
+- AuthCodeGrant and RefreshTokenGrant don't require client_secret (Issue #377)
+- Added priority argument to event listener (Issue #388)
 
-* Improved interfaces (Issue #255)
-* Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
-* Docblock improvements (Issue #254)
+## [4.1.3] - 2015-03-22
 
-## 4.0.1 (released 2014-11-09)
+- Docblock, namespace and inconsistency fixes (Issue #303)
+- Docblock type fix (Issue #310)
+- Example bug fix (Issue #300)
+- Updated league/event to ~2.1 (Issue #311)
+- Fixed missing session scope (Issue #319)
+- Updated interface docs (Issue #323)
+- `.travis.yml` updates
 
-* Alias the master branch in composer.json (Issue #243)
-* Numerous PHP CodeSniffer fixes (Issue #244)
-* .travis.yml update (Issue #245)
-* The getAccessToken method should return an AccessTokenEntity object instead of a string in ResourceServer.php (#246)
+## [4.1.2] - 2015-01-01
 
-## 4.0.0 (released 2014-11-08)
+- Remove side-effects in hash_equals() implementation (Issue #290)
 
-* Complete rewrite
-* Check out the documentation - [http://oauth2.thephpleague.com](http://oauth2.thephpleague.com)
+## [4.1.1] - 2014-12-31
 
-## 3.2.0 (released 2014-04-16)
+- Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
 
-* Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
+## [4.1.0] - 2014-12-27
 
-## 3.1.2 (released 2014-02-26)
+- Added MAC token support (Issue #158)
+- Fixed example init code (Issue #280)
+- Toggle refresh token rotation (Issue #286)
+- Docblock fixes
 
-* Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header)
+## [4.0.5] - 2014-12-15
 
-## 3.1.1 (released 2013-12-05)
+- Prevent duplicate session in auth code grant (Issue #282)
 
-* Normalize headers when `getallheaders()` is available (Issues #108 and #114)
+## [4.0.4] - 2014-12-03
 
-## 3.1.0 (released 2013-12-05)
+- Ensure refresh token hasn't expired (Issue #270)
 
-* No longer necessary to inject the authorisation server into a grant, the server will inject itself
-* Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
+## [4.0.3] - 2014-12-02
 
-## 3.0.1 (released 2013-12-02)
+- Fix bad type hintings (Issue #267)
+- Do not forget to set the expire time (Issue #268)
 
-* Forgot to tell TravisCI from testing PHP 5.3
+## [4.0.2] - 2014-11-21
 
-## 3.0.0 (released 2013-12-02)
+- Improved interfaces (Issue #255)
+- Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
+- Docblock improvements (Issue #254)
 
-* Fixed spelling of Implicit grant class (Issue #84)
-* Travis CI now tests for PHP 5.5
-* Fixes for checking headers for resource server (Issues #79 and #)
-* The word "bearer" now has a capital "B" in JSON output to match OAuth 2.0 spec
-* All grants no longer remove old sessions by default
-* All grants now support custom access token TTL (Issue #92)
-* All methods which didn't before return a value now return `$this` to support method chaining
-* Removed the build in DB providers - these will be put in their own repos to remove baggage in the main repository
-* Removed support for PHP 5.3 because this library now uses traits and will use other modern PHP features going forward
-* Moved some grant related functions into a trait to reduce duplicate code
+## [4.0.1] - 2014-11-09
 
-## 2.1.1 (released 2013-06-02)
+- Alias the master branch in composer.json (Issue #243)
+- Numerous PHP CodeSniffer fixes (Issue #244)
+- .travis.yml update (Issue #245)
+- The getAccessToken method should return an AccessTokenEntity object instead of a string in ResourceServer.php (#246)
 
-* Added conditional `isValid()` flag to check for Authorization header only (thanks @alexmcroberts)
-* Fixed semantic meaning of `requireScopeParam()` and `requireStateParam()` by changing their default value to true
-* Updated some duff docblocks
-* Corrected array key call in Resource.php (Issue #63)
+## [4.0.0] - 2014-11-08
 
-## 2.1 (released 2013-05-10)
+- Complete rewrite
+- Check out the documentation - [http://oauth2.thephpleague.com](http://oauth2.thephpleague.com)
 
-* Moved zetacomponents/database to "suggest" in composer.json. If you rely on this feature you now need to include " zetacomponents/database" into "require" key in your own composer.json. (Issue #51)
-* New method in Refresh grant called `rotateRefreshTokens()`. Pass in `true` to issue a new refresh token each time an access token is refreshed. This parameter needs to be set to true in order to request reduced scopes with the new access token. (Issue #47)
-* Rename `key` column in oauth_scopes table to `scope` as `key` is a reserved SQL word. (Issue #45)
-* The `scope` parameter is no longer required by default as per the RFC. (Issue #43)
-* You can now set multiple default scopes by passing an array into `setDefaultScope()`. (Issue #42)
-* The password and client credentials grants now allow for multiple sessions per user. (Issue #32)
-* Scopes associated to authorization codes are not held in their own table (Issue #44)
-* Database schema updates.
+## [3.2.0] - 2014-04-16
 
-## 2.0.5 (released 2013-05-09)
+- Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
 
-* Fixed `oauth_session_token_scopes` table primary key
-* Removed `DEFAULT ''` that has slipped into some tables
-* Fixed docblock for `SessionInterface::associateRefreshToken()`
+## [3.1.2] - 2014-02-26
 
-## 2.0.4 (released 2013-05-09)
+- Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header)
 
-* Renamed primary key in oauth_client_endpoints table
-* Adding missing column to oauth_session_authcodes
-* SECURITY FIX: A refresh token should be bound to a client ID
+## [3.1.1] - 2013-12-05
 
-## 2.0.3 (released 2013-05-08)
+- Normalize headers when `getallheaders()` is available (Issues #108 and #114)
 
-* Fixed a link to code in composer.json
+## [3.1.0] - 2013-12-05
 
-## 2.0.2 (released 2013-05-08)
+- No longer necessary to inject the authorisation server into a grant, the server will inject itself
+- Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
 
-* Updated README with wiki guides
-* Removed `null` as default parameters in some methods in the storage interfaces
-* Fixed license copyright
+## [3.0.1] - 2013-12-02
 
-## 2.0.0 (released 2013-05-08)
+- Forgot to tell TravisCI from testing PHP 5.3
 
-**If you're upgrading from v1.0.8 there are lots of breaking changes**
+## [3.0.0] - 2013-12-02
 
-* Rewrote the session storage interface from scratch so methods are more obvious
-* Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
-* Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
-* A session can have multiple associated access tokens
-* Individual grants can have custom expire times for access tokens
-* Authorization codes now have a TTL of 10 minutes by default (can be manually set)
-* Refresh tokens now have a TTL of one week by default (can be manually set)
-* The client credentials grant will no longer gives out refresh tokens as per the specification
+- Fixed spelling of Implicit grant class (Issue #84)
+- Travis CI now tests for PHP 5.5
+- Fixes for checking headers for resource server (Issues #79 and #)
+- The word "bearer" now has a capital "B" in JSON output to match OAuth 2.0 spec
+- All grants no longer remove old sessions by default
+- All grants now support custom access token TTL (Issue #92)
+- All methods which didn't before return a value now return `$this` to support method chaining
+- Removed the build in DB providers - these will be put in their own repos to remove baggage in the main repository
+- Removed support for PHP 5.3 because this library now uses traits and will use other modern PHP features going forward
+- Moved some grant related functions into a trait to reduce duplicate code
 
-## 1.0.8 (released 2013-03-18)
+## [2.1.1] - 2013-06-02
 
-* Fixed check for required state parameter
-* Fixed check that user's credentials are correct in Password grant
+- Added conditional `isValid()` flag to check for Authorization header only (thanks @alexmcroberts)
+- Fixed semantic meaning of `requireScopeParam()` and `requireStateParam()` by changing their default value to true
+- Updated some duff docblocks
+- Corrected array key call in Resource.php (Issue #63)
 
-## 1.0.7 (released 2013-03-04)
+## [2.1.0] - 2013-05-10
 
-* Added method `requireStateParam()`
-* Added method `requireScopeParam()`
+- Moved zetacomponents/database to "suggest" in composer.json. If you rely on this feature you now need to include " zetacomponents/database" into "require" key in your own composer.json. (Issue #51)
+- New method in Refresh grant called `rotateRefreshTokens()`. Pass in `true` to issue a new refresh token each time an access token is refreshed. This parameter needs to be set to true in order to request reduced scopes with the new access token. (Issue #47)
+- Rename `key` column in oauth_scopes table to `scope` as `key` is a reserved SQL word. (Issue #45)
+- The `scope` parameter is no longer required by default as per the RFC. (Issue #43)
+- You can now set multiple default scopes by passing an array into `setDefaultScope()`. (Issue #42)
+- The password and client credentials grants now allow for multiple sessions per user. (Issue #32)
+- Scopes associated to authorization codes are not held in their own table (Issue #44)
+- Database schema updates.
 
-## 1.0.6 (released 2013-02-22)
+## [2.0.5] - 2013-05-09
 
-* Added links to tutorials in the README
-* Added missing `state` parameter request to the `checkAuthoriseParams()` method.
+- Fixed `oauth_session_token_scopes` table primary key
+- Removed `DEFAULT ''` that has slipped into some tables
+- Fixed docblock for `SessionInterface::associateRefreshToken()`
 
-## 1.0.5 (released 2013-02-21)
+## [2.0.4] - 2013-05-09
 
-* Fixed the SQL example for SessionInterface::getScopes()
+- Renamed primary key in oauth_client_endpoints table
+- Adding missing column to oauth_session_authcodes
 
-## 1.0.3 (released 2013-02-20)
+### Security
+- A refresh token should be bound to a client ID
 
-* Changed all instances of the "authentication server" to "authorization server"
+## [2.0.3] - 2013-05-08
 
-## 1.0.2 (released 2013-02-20)
+- Fixed a link to code in composer.json
 
-* Fixed MySQL create table order
-* Fixed version number in composer.json
+## [2.0.2] - 2013-05-08
 
-## 1.0.1 (released 2013-02-19)
+- Updated README with wiki guides
+- Removed `null` as default parameters in some methods in the storage interfaces
+- Fixed license copyright
 
-* Updated AuthServer.php to use `self::getParam()`
+## [2.0.0] - 2013-05-08
 
-## 1.0.0 (released 2013-02-15)
+**If you're upgrading from v1.0.8 there are lots of breaking changes**
 
-* First major release
+- Rewrote the session storage interface from scratch so methods are more obvious
+- Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
+- Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
+- A session can have multiple associated access tokens
+- Individual grants can have custom expire times for access tokens
+- Authorization codes now have a TTL of 10 minutes by default (can be manually set)
+- Refresh tokens now have a TTL of one week by default (can be manually set)
+- The client credentials grant will no longer gives out refresh tokens as per the specification
+
+## [1.0.8] - 2013-03-18
+
+- Fixed check for required state parameter
+- Fixed check that user's credentials are correct in Password grant
+
+## [1.0.7] - 2013-03-04
+
+- Added method `requireStateParam()`
+- Added method `requireScopeParam()`
+
+## [1.0.6] - 2013-02-22
+
+- Added links to tutorials in the README
+- Added missing `state` parameter request to the `checkAuthoriseParams()` method.
+
+## [1.0.5] - 2013-02-21
+
+- Fixed the SQL example for SessionInterface::getScopes()
+
+## [1.0.3] - 2013-02-20
+
+- Changed all instances of the "authentication server" to "authorization server"
+
+## [1.0.2] - 2013-02-20
+
+- Fixed MySQL create table order
+- Fixed version number in composer.json
+
+## [1.0.1] - 2013-02-19
+
+- Updated AuthServer.php to use `self::getParam()`
+
+## 1.0.0 - 2013-02-15
+
+- First major release
+
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/v7.0.0...HEAD
+[7.0.0]: https://github.com/thephpleague/oauth2-server/compare/v6.1.1...v7.0.0
+[6.1.1]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.1.1
+[6.1.0]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.1.0
+[6.0.0]: https://github.com/thephpleague/oauth2-server/compare/v5.1.4...v6.0.0
+[5.1.4]: https://github.com/thephpleague/oauth2-server/compare/v5.1.3...v5.1.4
+[5.1.3]: https://github.com/thephpleague/oauth2-server/compare/v5.1.2...v5.1.3
+[5.1.2]: https://github.com/thephpleague/oauth2-server/compare/v5.1.1...v5.1.2
+[5.1.1]: https://github.com/thephpleague/oauth2-server/compare/v5.1.0...v5.1.1
+[5.1.0]: https://github.com/thephpleague/oauth2-server/compare/v5.0.2...v5.1.0
+[5.0.3]: https://github.com/thephpleague/oauth2-server/compare/v5.0.3...v5.0.2
+[5.0.2]: https://github.com/thephpleague/oauth2-server/compare/v5.0.1...v5.0.2
+[5.0.1]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0...v5.0.1
+[5.0.0]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0-RC2...v5.0.0
+[5.0.0-RC2]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0-RC1...v5.0.0-RC2
+[5.0.0-RC1]: https://github.com/thephpleague/oauth2-server/compare/v4.1.5...v5.0.0-RC1
+[4.1.5]: https://github.com/thephpleague/oauth2-server/compare/v4.1.4...v4.1.5
+[4.1.4]: https://github.com/thephpleague/oauth2-server/compare/v4.1.3...v4.1.4
+[4.1.3]: https://github.com/thephpleague/oauth2-server/compare/v4.1.2...v4.1.3
+[4.1.2]: https://github.com/thephpleague/oauth2-server/compare/v4.1.1...v4.1.2
+[4.1.1]: https://github.com/thephpleague/oauth2-server/compare/v4.0.0...v4.1.1
+[4.1.0]: https://github.com/thephpleague/oauth2-server/compare/v4.0.5...v4.1.0
+[4.0.5]: https://github.com/thephpleague/oauth2-server/compare/v4.0.4...v4.0.5
+[4.0.4]: https://github.com/thephpleague/oauth2-server/compare/v4.0.3...v4.0.4
+[4.0.3]: https://github.com/thephpleague/oauth2-server/compare/v4.0.2...v4.0.3
+[4.0.2]: https://github.com/thephpleague/oauth2-server/compare/v4.0.1...v4.0.2
+[4.0.1]: https://github.com/thephpleague/oauth2-server/compare/v4.0.0...v4.0.1
+[4.0.0]: https://github.com/thephpleague/oauth2-server/compare/v3.2.0...v4.0.0
+[3.2.0]: https://github.com/thephpleague/oauth2-server/compare/v3.1.2...v3.2.0
+[3.1.2]: https://github.com/thephpleague/oauth2-server/compare/v3.1.1...v3.1.2
+[3.1.1]: https://github.com/thephpleague/oauth2-server/compare/v3.1.0...v3.1.1
+[3.1.0]: https://github.com/thephpleague/oauth2-server/compare/v3.0.1...v3.1.0
+[3.0.1]: https://github.com/thephpleague/oauth2-server/compare/v3.0.0...v3.0.1
+[3.0.0]: https://github.com/thephpleague/oauth2-server/compare/v2.1.1...v3.0.0
+[2.1.1]: https://github.com/thephpleague/oauth2-server/compare/v2.1.0...v2.1.1
+[2.1.0]: https://github.com/thephpleague/oauth2-server/compare/v2.0.5...v2.1.0
+[2.0.5]: https://github.com/thephpleague/oauth2-server/compare/v2.0.4...v2.0.5
+[2.0.4]: https://github.com/thephpleague/oauth2-server/compare/v2.0.3...v2.0.4
+[2.0.3]: https://github.com/thephpleague/oauth2-server/compare/v2.0.2...v2.0.3
+[2.0.2]: https://github.com/thephpleague/oauth2-server/compare/v2.0.0...v2.0.2
+[2.0.0]: https://github.com/thephpleague/oauth2-server/compare/v1.0.8...v2.0.0
+[1.0.8]: https://github.com/thephpleague/oauth2-server/compare/v1.0.7...v1.0.8
+[1.0.7]: https://github.com/thephpleague/oauth2-server/compare/v1.0.6...v1.0.7
+[1.0.6]: https://github.com/thephpleague/oauth2-server/compare/v1.0.5...v1.0.6
+[1.0.5]: https://github.com/thephpleague/oauth2-server/compare/v1.0.3...v1.0.5
+[1.0.3]: https://github.com/thephpleague/oauth2-server/compare/v1.0.2...v1.0.3
+[1.0.2]: https://github.com/thephpleague/oauth2-server/compare/v1.0.1...v1.0.2
+[1.0.1]: https://github.com/thephpleague/oauth2-server/compare/v1.0.0...v1.0.1
diff --git a/README.md b/README.md
index f6b6d12f7..7e9af882d 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@
 
 `league/oauth2-server` is a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
-It supports out of the box the following grants:
+Out of the box it supports the following grants:
 
 * Authorization code grant
 * Implicit grant

From 9287f587fc55a41f345b869f28e07249591a24e0 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 15:29:59 +0000
Subject: [PATCH 3/6] Update changelog link

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7e9af882d..b53267421 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,7 @@ We use [Travis CI](https://travis-ci.org/), [Scrutinizer](https://scrutinizer-ci
 
 ## Changelog
 
-[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
+See the [project changelog](https://github.com/thephpleague/oauth2-server/blob/master/CHANGELOG.md)
 
 ## Contributing
 

From 028d91f670379b341c4e0f22106cb30d770dc15d Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 15:33:41 +0000
Subject: [PATCH 4/6] Add code coverage for scrutinizer

---
 .travis.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 2684cac35..be2759a8f 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -20,9 +20,13 @@ install:
   - composer update --no-interaction --prefer-dist $DEPENDENCIES
 
 script:
-  - vendor/bin/phpunit
+  - vendor/bin/phpunit --coverage-clover=coverage.clover
   - vendor/bin/phpstan analyse -l 6 -c phpstan.neon src tests
 
+after_script:
+    - wget https://scrutinizer-ci.com/ocular.phar
+    - php ocular.phar code-coverage:upload --format=php-clover coverage.clover
+
 branches:
   only:
     - master

From 49f66866f78cae75f104fcca57c3222d843acbd5 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 15:38:28 +0000
Subject: [PATCH 5/6] Fix links for versions 6.0.1 - 6.0.2

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0067a5b0..078586c03 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -374,7 +374,9 @@ Version 5 is a complete code rewrite.
 [Unreleased]: https://github.com/thephpleague/oauth2-server/compare/v7.0.0...HEAD
 [7.0.0]: https://github.com/thephpleague/oauth2-server/compare/v6.1.1...v7.0.0
 [6.1.1]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.1.1
-[6.1.0]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.1.0
+[6.1.0]: https://github.com/thephpleague/oauth2-server/compare/v6.0.2...v6.1.0
+[6.0.2]: https://github.com/thephpleague/oauth2-server/compare/v6.0.1...v6.0.2
+[6.0.1]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.0.1
 [6.0.0]: https://github.com/thephpleague/oauth2-server/compare/v5.1.4...v6.0.0
 [5.1.4]: https://github.com/thephpleague/oauth2-server/compare/v5.1.3...v5.1.4
 [5.1.3]: https://github.com/thephpleague/oauth2-server/compare/v5.1.2...v5.1.3

From 4f68d2a5f2c2012ab68f7294d02420752bc4542f Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Sun, 18 Feb 2018 15:51:41 +0000
Subject: [PATCH 6/6] Fix release tags in changelog

---
 CHANGELOG.md | 100 +++++++++++++++++++++++++--------------------------
 1 file changed, 50 insertions(+), 50 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 078586c03..08c409828 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -371,53 +371,53 @@ Version 5 is a complete code rewrite.
 
 - First major release
 
-[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/v7.0.0...HEAD
-[7.0.0]: https://github.com/thephpleague/oauth2-server/compare/v6.1.1...v7.0.0
-[6.1.1]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.1.1
-[6.1.0]: https://github.com/thephpleague/oauth2-server/compare/v6.0.2...v6.1.0
-[6.0.2]: https://github.com/thephpleague/oauth2-server/compare/v6.0.1...v6.0.2
-[6.0.1]: https://github.com/thephpleague/oauth2-server/compare/v6.0.0...v6.0.1
-[6.0.0]: https://github.com/thephpleague/oauth2-server/compare/v5.1.4...v6.0.0
-[5.1.4]: https://github.com/thephpleague/oauth2-server/compare/v5.1.3...v5.1.4
-[5.1.3]: https://github.com/thephpleague/oauth2-server/compare/v5.1.2...v5.1.3
-[5.1.2]: https://github.com/thephpleague/oauth2-server/compare/v5.1.1...v5.1.2
-[5.1.1]: https://github.com/thephpleague/oauth2-server/compare/v5.1.0...v5.1.1
-[5.1.0]: https://github.com/thephpleague/oauth2-server/compare/v5.0.2...v5.1.0
-[5.0.3]: https://github.com/thephpleague/oauth2-server/compare/v5.0.3...v5.0.2
-[5.0.2]: https://github.com/thephpleague/oauth2-server/compare/v5.0.1...v5.0.2
-[5.0.1]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0...v5.0.1
-[5.0.0]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0-RC2...v5.0.0
-[5.0.0-RC2]: https://github.com/thephpleague/oauth2-server/compare/v5.0.0-RC1...v5.0.0-RC2
-[5.0.0-RC1]: https://github.com/thephpleague/oauth2-server/compare/v4.1.5...v5.0.0-RC1
-[4.1.5]: https://github.com/thephpleague/oauth2-server/compare/v4.1.4...v4.1.5
-[4.1.4]: https://github.com/thephpleague/oauth2-server/compare/v4.1.3...v4.1.4
-[4.1.3]: https://github.com/thephpleague/oauth2-server/compare/v4.1.2...v4.1.3
-[4.1.2]: https://github.com/thephpleague/oauth2-server/compare/v4.1.1...v4.1.2
-[4.1.1]: https://github.com/thephpleague/oauth2-server/compare/v4.0.0...v4.1.1
-[4.1.0]: https://github.com/thephpleague/oauth2-server/compare/v4.0.5...v4.1.0
-[4.0.5]: https://github.com/thephpleague/oauth2-server/compare/v4.0.4...v4.0.5
-[4.0.4]: https://github.com/thephpleague/oauth2-server/compare/v4.0.3...v4.0.4
-[4.0.3]: https://github.com/thephpleague/oauth2-server/compare/v4.0.2...v4.0.3
-[4.0.2]: https://github.com/thephpleague/oauth2-server/compare/v4.0.1...v4.0.2
-[4.0.1]: https://github.com/thephpleague/oauth2-server/compare/v4.0.0...v4.0.1
-[4.0.0]: https://github.com/thephpleague/oauth2-server/compare/v3.2.0...v4.0.0
-[3.2.0]: https://github.com/thephpleague/oauth2-server/compare/v3.1.2...v3.2.0
-[3.1.2]: https://github.com/thephpleague/oauth2-server/compare/v3.1.1...v3.1.2
-[3.1.1]: https://github.com/thephpleague/oauth2-server/compare/v3.1.0...v3.1.1
-[3.1.0]: https://github.com/thephpleague/oauth2-server/compare/v3.0.1...v3.1.0
-[3.0.1]: https://github.com/thephpleague/oauth2-server/compare/v3.0.0...v3.0.1
-[3.0.0]: https://github.com/thephpleague/oauth2-server/compare/v2.1.1...v3.0.0
-[2.1.1]: https://github.com/thephpleague/oauth2-server/compare/v2.1.0...v2.1.1
-[2.1.0]: https://github.com/thephpleague/oauth2-server/compare/v2.0.5...v2.1.0
-[2.0.5]: https://github.com/thephpleague/oauth2-server/compare/v2.0.4...v2.0.5
-[2.0.4]: https://github.com/thephpleague/oauth2-server/compare/v2.0.3...v2.0.4
-[2.0.3]: https://github.com/thephpleague/oauth2-server/compare/v2.0.2...v2.0.3
-[2.0.2]: https://github.com/thephpleague/oauth2-server/compare/v2.0.0...v2.0.2
-[2.0.0]: https://github.com/thephpleague/oauth2-server/compare/v1.0.8...v2.0.0
-[1.0.8]: https://github.com/thephpleague/oauth2-server/compare/v1.0.7...v1.0.8
-[1.0.7]: https://github.com/thephpleague/oauth2-server/compare/v1.0.6...v1.0.7
-[1.0.6]: https://github.com/thephpleague/oauth2-server/compare/v1.0.5...v1.0.6
-[1.0.5]: https://github.com/thephpleague/oauth2-server/compare/v1.0.3...v1.0.5
-[1.0.3]: https://github.com/thephpleague/oauth2-server/compare/v1.0.2...v1.0.3
-[1.0.2]: https://github.com/thephpleague/oauth2-server/compare/v1.0.1...v1.0.2
-[1.0.1]: https://github.com/thephpleague/oauth2-server/compare/v1.0.0...v1.0.1
+[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.0.0...HEAD
+[7.0.0]: https://github.com/thephpleague/oauth2-server/compare/6.1.1...7.0.0
+[6.1.1]: https://github.com/thephpleague/oauth2-server/compare/6.0.0...6.1.1
+[6.1.0]: https://github.com/thephpleague/oauth2-server/compare/6.0.2...6.1.0
+[6.0.2]: https://github.com/thephpleague/oauth2-server/compare/6.0.1...6.0.2
+[6.0.1]: https://github.com/thephpleague/oauth2-server/compare/6.0.0...6.0.1
+[6.0.0]: https://github.com/thephpleague/oauth2-server/compare/5.1.4...6.0.0
+[5.1.4]: https://github.com/thephpleague/oauth2-server/compare/5.1.3...5.1.4
+[5.1.3]: https://github.com/thephpleague/oauth2-server/compare/5.1.2...5.1.3
+[5.1.2]: https://github.com/thephpleague/oauth2-server/compare/5.1.1...5.1.2
+[5.1.1]: https://github.com/thephpleague/oauth2-server/compare/5.1.0...5.1.1
+[5.1.0]: https://github.com/thephpleague/oauth2-server/compare/5.0.2...5.1.0
+[5.0.3]: https://github.com/thephpleague/oauth2-server/compare/5.0.3...5.0.2
+[5.0.2]: https://github.com/thephpleague/oauth2-server/compare/5.0.1...5.0.2
+[5.0.1]: https://github.com/thephpleague/oauth2-server/compare/5.0.0...5.0.1
+[5.0.0]: https://github.com/thephpleague/oauth2-server/compare/5.0.0-RC2...5.0.0
+[5.0.0-RC2]: https://github.com/thephpleague/oauth2-server/compare/5.0.0-RC1...5.0.0-RC2
+[5.0.0-RC1]: https://github.com/thephpleague/oauth2-server/compare/4.1.5...5.0.0-RC1
+[4.1.5]: https://github.com/thephpleague/oauth2-server/compare/4.1.4...4.1.5
+[4.1.4]: https://github.com/thephpleague/oauth2-server/compare/4.1.3...4.1.4
+[4.1.3]: https://github.com/thephpleague/oauth2-server/compare/4.1.2...4.1.3
+[4.1.2]: https://github.com/thephpleague/oauth2-server/compare/4.1.1...4.1.2
+[4.1.1]: https://github.com/thephpleague/oauth2-server/compare/4.0.0...4.1.1
+[4.1.0]: https://github.com/thephpleague/oauth2-server/compare/4.0.5...4.1.0
+[4.0.5]: https://github.com/thephpleague/oauth2-server/compare/4.0.4...4.0.5
+[4.0.4]: https://github.com/thephpleague/oauth2-server/compare/4.0.3...4.0.4
+[4.0.3]: https://github.com/thephpleague/oauth2-server/compare/4.0.2...4.0.3
+[4.0.2]: https://github.com/thephpleague/oauth2-server/compare/4.0.1...4.0.2
+[4.0.1]: https://github.com/thephpleague/oauth2-server/compare/4.0.0...4.0.1
+[4.0.0]: https://github.com/thephpleague/oauth2-server/compare/3.2.0...4.0.0
+[3.2.0]: https://github.com/thephpleague/oauth2-server/compare/3.1.2...3.2.0
+[3.1.2]: https://github.com/thephpleague/oauth2-server/compare/3.1.1...3.1.2
+[3.1.1]: https://github.com/thephpleague/oauth2-server/compare/3.1.0...3.1.1
+[3.1.0]: https://github.com/thephpleague/oauth2-server/compare/3.0.1...3.1.0
+[3.0.1]: https://github.com/thephpleague/oauth2-server/compare/3.0.0...3.0.1
+[3.0.0]: https://github.com/thephpleague/oauth2-server/compare/2.1.1...3.0.0
+[2.1.1]: https://github.com/thephpleague/oauth2-server/compare/2.1.0...2.1.1
+[2.1.0]: https://github.com/thephpleague/oauth2-server/compare/2.0.5...2.1.0
+[2.0.5]: https://github.com/thephpleague/oauth2-server/compare/2.0.4...2.0.5
+[2.0.4]: https://github.com/thephpleague/oauth2-server/compare/2.0.3...2.0.4
+[2.0.3]: https://github.com/thephpleague/oauth2-server/compare/2.0.2...2.0.3
+[2.0.2]: https://github.com/thephpleague/oauth2-server/compare/2.0.0...2.0.2
+[2.0.0]: https://github.com/thephpleague/oauth2-server/compare/1.0.8...2.0.0
+[1.0.8]: https://github.com/thephpleague/oauth2-server/compare/1.0.7...1.0.8
+[1.0.7]: https://github.com/thephpleague/oauth2-server/compare/1.0.6...1.0.7
+[1.0.6]: https://github.com/thephpleague/oauth2-server/compare/1.0.5...1.0.6
+[1.0.5]: https://github.com/thephpleague/oauth2-server/compare/1.0.3...1.0.5
+[1.0.3]: https://github.com/thephpleague/oauth2-server/compare/1.0.2...1.0.3
+[1.0.2]: https://github.com/thephpleague/oauth2-server/compare/1.0.1...1.0.2
+[1.0.1]: https://github.com/thephpleague/oauth2-server/compare/1.0.0...1.0.1