3.5.0: Certificate-based OAuth2 flow

• Merged PR #24: Implement certificate-based OAuth2 flow - @thekid
• Merged PR #23: Migrate to new testing library - @thekid

3.4.1: Flow fix

• Merged PR #21: Reuse state when previous redirect was incomplete, see
  also #19 ("Flow error")
  (@thekid)

3.4.0: Automatic OAuth2 refresh

• Merged PR #18: Automatically refresh OAuth2 tokens - @thekid

3.3.0: Sessions library compatibilty

• Made compatible with xp-forge/sessions version 3.0 - @thekid

3.2.0: Manual OAuth2 refresh

• Merged PR #15: Add OAuth2Flow::refresh() - which uses refresh_token
  to create a new access token
  (@thekid)
• Fixed session potentially being transmitted twice when completing an
  authentication flow.
  (@thekid)

3.1.1: PHP 8.2 compatibility

• Fixed "Creation of dynamic property" warnings in PHP 8.2 - @thekid

3.1.0: ID token support

• Merged PR #14: Store "id_token" if returned from OAuth token endpoint
  (@thekid)

3.0.2: XP 11, libraries compatibility

• Made library compatible with XP 11, xp-framework/xml version 11.0.0
  and xp-forge/json version 5.0.0
  (@thekid)

3.0.1: XP web 3.0 compatibility

• Made compatible with XP web 3.0, see xp-forge/web#83 - @thekid

3.0.0: CSRF Tokens

• Merged PR #13: Create random token, store in session and pass to request.
  Heads up: Submitting forms without CSRF tokens will result in a 400
  error being displayed!
  (@thekid)