From 73c69a3bdb84eb69f61abfcf7e704131f4b10af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Ivan=C4=8Di=C4=87?= <marko.ivancic@srce.hr>
Date: Thu, 25 Jul 2024 12:08:09 +0200
Subject: [PATCH 1/2] Add note about SSP version compatibility in readme

---
 README.md | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index a2156181..8fef2f37 100644
--- a/README.md
+++ b/README.md
@@ -19,12 +19,17 @@ Currently supported flows are:
 
 ## Version compatibility
 
-| OIDC module | SimpleSAMLphp |  PHP   | Note                        |
-|:------------|:--------------|:------:|-----------------------------|
-| v5.\*       | v2.1.\*       | \>=8.1 | Recommended                 |
-| v4.\*       | v2.0.\*       | \>=8.0 |                             |
-| v3.\*       | v2.0.\*       | \>=7.4 | Abandoned from August 2023. |
-| v2.\*       | v1.19.\*      | \>=7.4 |                             |
+Minor versions of SimpleSAMLphp noted below means that the module has been tested with that version of SimpleSAMLphp
+during module development. SimpleSAMLphp started following semantic versioning for its API from version 2.0. This means,
+for example, that v5.* of the oidc module should work on any v2.* of SimpleSAMLphp. However, do mind that there were
+PHP version requirement changes in minor releases for SimpleSAMLphp.
+
+| OIDC module | Tested SimpleSAMLphp |  PHP   | Note                        |
+|:------------|:---------------------|:------:|-----------------------------|
+| v5.\*       | v2.1.\*              | \>=8.1 | Recommended                 |
+| v4.\*       | v2.0.\*              | \>=8.0 |                             |
+| v3.\*       | v2.0.\*              | \>=7.4 | Abandoned from August 2023. |
+| v2.\*       | v1.19.\*             | \>=7.4 |                             |
 
 ### Upgrading?
 

From 8f2816af358676ccccb036a8d735d12e365b3e0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Ivan=C4=8Di=C4=87?= <mivanci@srce.hr>
Date: Thu, 8 Jan 2026 15:23:43 +0100
Subject: [PATCH 2/2] Use dedicated param name in SQL stmt

---
 src/Repositories/AccessTokenRepository.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Repositories/AccessTokenRepository.php b/src/Repositories/AccessTokenRepository.php
index 7070d585..e46d327e 100644
--- a/src/Repositories/AccessTokenRepository.php
+++ b/src/Repositories/AccessTokenRepository.php
@@ -148,16 +148,18 @@ public function removeExpired(): void
     {
         $accessTokenTableName = $this->getTableName();
         $refreshTokenTableName = $this->database->applyPrefix(RefreshTokenRepository::TABLE_NAME);
+        $now = TimestampGenerator::utc()->format('Y-m-d H:i:s');
 
         // Delete expired access tokens, but only if the corresponding refresh token is also expired.
         $this->database->write(
             "DELETE FROM $accessTokenTableName WHERE expires_at < :now AND
                 NOT EXISTS (
                     SELECT 1 FROM {$refreshTokenTableName}
-                    WHERE $accessTokenTableName.id = $refreshTokenTableName.access_token_id AND expires_at > :now
+                    WHERE $accessTokenTableName.id = $refreshTokenTableName.access_token_id AND expires_at > :now2
                 )",
             [
-                'now' => TimestampGenerator::utc()->format('Y-m-d H:i:s'),
+                'now' => $now,
+                'now2' => $now,
             ],
         );
     }