All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- NEW: Export mode in
csas-access-token.phptool via--export/-xoption - Export application data in Developer Portal compatible JSON format
- Support for exporting by application ID or UUID
- File output or stdout output for piping to other tools
- Complete bidirectional data flow: import + export capabilities
- Comprehensive documentation in
docs/EXPORT_FUNCTIONALITY.md
- Graceful handling of expired refresh tokens in
Token::refreshToken() - New methods:
isRefreshTokenExpired(),needsRefresh(),getTokenStatus() - Automatic redirect to re-authorization when refresh token expires
- Proper exception handling for
IdentityProviderException
- Web interface for importing Developer Portal data (
src/import.php) - Command-line import tool (
import-from-portalcommand) DeveloperPortalImporterclass with validation and field mapping- Support for hierarchical and flat JSON formats
- Integration into main UI with "Import from Developer Portal" link
- Comprehensive documentation in
DEVELOPER_PORTAL_IMPORT.md
- NEW: Complete PHPUnit test coverage for all SpojeNet classes
- Unit tests:
ApplicationTest,AuthTest,NotificatorTest,TokenInfoTest,WebPageTest - Integration test:
ApplicationAuthFlowTestfor complete OAuth2 workflow - Mock-based testing for external API dependencies
- Test documentation in
TEST_SUITE_DOCUMENTATION.md
- Updated
README.mdwith export functionality and bidirectional workflow - Enhanced command-line usage examples with export options
- Updated man page (
debian/csas-access-token.1) with new export option - Expanded
DEVELOPER_PORTAL_IMPORT.mdwith export information - Added comprehensive export documentation
- Extended
csas-access-token.phpwith new command-line options - Updated help text and usage information
- Better error messages and exit codes
- Support for both numeric IDs and UUIDs in export mode
No changes to existing database schema. All new functionality works with existing tables:
applicationtable: stores application data with sandbox/production environmentstokentable: stores OAuth2 tokens with refresh capabilities
- Maintains backward compatibility with existing OAuth2 flows
- All existing functionality preserved
- New features are additive and optional
- Export functionality includes sensitive client secrets and API keys
- Proper validation and sanitization of import data
- Clear security warnings in documentation
- No exposure of sensitive data in logs or error messages
- Export operations are lightweight database queries
- Import operations include validation overhead but process quickly
- Test suite runs efficiently with mock objects
- No impact on existing token refresh performance
This project has been in development since June 2024. This changelog documents major enhancements added during development iterations in September 2024, focusing on:
- OAuth2 Robustness: Handling refresh token expiration gracefully
- Data Portability: Bidirectional import/export with Developer Portal format
- Test Coverage: Comprehensive automated testing infrastructure
- Documentation: Complete usage and implementation documentation
- PHP 8.4+ with OAuth2 and database support
- League OAuth2 Client for CSAS API integration
- PHPUnit for testing infrastructure
- Bootstrap 5 via Ease framework for UI components
- MySQL/MariaDB or SQLite for data storage
- No database migrations required for new functionality
- Existing applications and tokens continue working without changes
- New export feature requires existing application data to be present
- Import feature can be used immediately without any setup