Recent changes break existing auth0/login configuration

[bluehaoran]

SDK Version

8.3

PHP Version

PHP 8.1

What happened?

Recent changes to this library (#659) and to the Laravel library (auth0/login, auth0/laravel-auth0@e132b28) break backward compatibility.

SdkConfiguration::setScope() no longer handles a null empty value correctly. Although the recent change to auth0/login corrects this for anyone who installs and publishes the Laravel configuration after auth0/login:7.2.2, anyone with an existing configuration file (which would have code like this: Configuration::stringToArrayOrNull(env('AUTH0_SCOPE')),) will default their scope to null.

This library should be able to handle both empty states, empty array and null.

I suggest patching to replace if ([] === $scope) with if (empty($scope)) { in SdkConfiguration::setScope.

There may be additional test cases required here.

How can we reproduce this issue?

• Install Laravel.
• Composer-require auth0/auth0-php:8.3.0.
• Composer-require auth0/login:7.1.0.
• php artisan vendor:publish --tag=auth0-config
• set up the rest of the app per the instructions.
• Loosen Composer requirements to auth0/auth0-php:^8.3.0 and auth0/login:^7.1.0
• composer update
• confirm that Validation of "scope" was unsuccessful is reported.

Additional context

No response

[evansims]

Hi @bluehaoran 👋 Totally in agreement, that was an oversight on my part. The changes on the Laravel side aren't BC, but the change to this SDK could potentially break old configurations. Thanks for catching that. I'll get a fix going.

[bluehaoran]

Much appreciated for fixing so quickly! 🙏