oauth2 2.0.3 → 2.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +202 -139
- data/CONTRIBUTING.md +5 -5
- data/LICENSE +1 -1
- data/README.md +95 -73
- data/SECURITY.md +12 -6
- data/lib/oauth2/access_token.rb +38 -8
- data/lib/oauth2/client.rb +49 -24
- data/lib/oauth2/error.rb +17 -9
- data/lib/oauth2/response.rb +6 -2
- data/lib/oauth2/strategy/assertion.rb +1 -1
- data/lib/oauth2/strategy/auth_code.rb +1 -1
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/version.rb +1 -1
- data/lib/oauth2.rb +10 -2
- metadata +40 -29
- data/lib/oauth2/snaky_hash.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca10cc72ec9bc6e594334ea57a44fee4cbde470ce93da4148acce84fedcf8cf9
|
|
4
|
+
data.tar.gz: 6fc164a6f1ed3eaabe6e2d9287929be122b1cb2ae0e20a00411abc24158db495
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cec417d5b26211bc6eda04bdc7595667937a6d1f35f0ca294c7c95487884e428ab9ce0bbedda16d9529367c9e9dbe563c80f858dc69851bf1950b53570eda9a1
|
|
7
|
+
data.tar.gz: 1a9e4f0dd3e2ec837fa8ffb6d5cdeef8b3b58c1ff16f1e5c368f9b41a0e403cd0c467523d58917d739e15cf41d24155005ca40df3df8c82ca7ab45de1bb3cce3
|
data/CHANGELOG.md
CHANGED
|
@@ -4,19 +4,64 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [Unreleased]
|
|
8
|
+
### Added
|
|
9
|
+
### Changed
|
|
10
|
+
### Fixed
|
|
11
|
+
### Removed
|
|
12
|
+
|
|
13
|
+
## [2.0.9] - 2022-09-16
|
|
14
|
+
### Added
|
|
15
|
+
- More specs (@pboling)
|
|
16
|
+
### Changed
|
|
17
|
+
- Complete migration to main branch as default (@pboling)
|
|
18
|
+
- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
|
|
19
|
+
|
|
20
|
+
## [2.0.8] - 2022-09-01
|
|
21
|
+
### Changed
|
|
22
|
+
- [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
|
|
23
|
+
### Added
|
|
24
|
+
- [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628)
|
|
25
|
+
|
|
26
|
+
## [2.0.7] - 2022-08-22
|
|
27
|
+
### Added
|
|
28
|
+
- [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
|
29
|
+
### Fixed
|
|
30
|
+
- [#626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
|
|
31
|
+
- Note: This fixes compatibility with `omniauth-oauth2` and AWS
|
|
32
|
+
- [#625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
|
|
33
|
+
|
|
34
|
+
## [2.0.6] - 2022-07-13
|
|
35
|
+
### Fixed
|
|
36
|
+
- [#624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
|
|
37
|
+
|
|
38
|
+
## [2.0.5] - 2022-07-07
|
|
39
|
+
### Fixed
|
|
40
|
+
- [#620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
|
|
41
|
+
- [#621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling)
|
|
42
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
|
43
|
+
- `refresh_token` is no longer dropped
|
|
44
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
|
45
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
|
46
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
|
47
|
+
|
|
48
|
+
## [2.0.4] - 2022-07-01
|
|
49
|
+
### Fixed
|
|
50
|
+
- [#618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
|
51
|
+
|
|
7
52
|
## [2.0.3] - 2022-06-28
|
|
8
53
|
### Added
|
|
9
|
-
- [#611](https://
|
|
10
|
-
- [#612](https://
|
|
54
|
+
- [#611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
|
|
55
|
+
- [#612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
|
|
11
56
|
### Fixed
|
|
12
|
-
- [#608](https://
|
|
13
|
-
- [#615](https://
|
|
57
|
+
- [#608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
|
|
58
|
+
- [#615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
|
|
14
59
|
|
|
15
60
|
## [2.0.2] - 2022-06-24
|
|
16
61
|
### Fixed
|
|
17
|
-
- [#604](https://
|
|
18
|
-
- [#606](https://
|
|
19
|
-
- [#607](https://
|
|
62
|
+
- [#604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
|
|
63
|
+
- [#606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
|
|
64
|
+
- [#607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
|
|
20
65
|
|
|
21
66
|
## [2.0.1] - 2022-06-22
|
|
22
67
|
### Added
|
|
@@ -25,73 +70,84 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
25
70
|
|
|
26
71
|
## [2.0.0] - 2022-06-21
|
|
27
72
|
### Added
|
|
28
|
-
- [#158](https://
|
|
29
|
-
- [#190](https://
|
|
30
|
-
- [#220](https://
|
|
31
|
-
- [#298](https://
|
|
32
|
-
- [#305](https://
|
|
33
|
-
- [#346](https://
|
|
34
|
-
- [#351](https://
|
|
35
|
-
- [#362](https://
|
|
36
|
-
- [#363](https://
|
|
37
|
-
- [#364](https://
|
|
38
|
-
- [#365](https://
|
|
39
|
-
- [#376](https://
|
|
40
|
-
- [#381](https://
|
|
41
|
-
- [#394](https://
|
|
42
|
-
- [#412](https://
|
|
43
|
-
- [#413](https://
|
|
44
|
-
- [#442](https://
|
|
45
|
-
- [#494](https://
|
|
46
|
-
- [#549](https://
|
|
47
|
-
- [#550](https://
|
|
48
|
-
- [#552](https://
|
|
49
|
-
- [#553](https://
|
|
50
|
-
- [#560](https://
|
|
51
|
-
- [#571](https://
|
|
52
|
-
- [#575](https://
|
|
53
|
-
- [#581](https://
|
|
73
|
+
- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
|
|
74
|
+
- [#190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [#332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [#334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [#335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [#360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [#426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [#427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [#461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
|
|
75
|
+
- [#220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
|
|
76
|
+
- [#298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
|
|
77
|
+
- [#305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
|
|
78
|
+
- [#346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling)
|
|
79
|
+
- [#351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling)
|
|
80
|
+
- [#362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling)
|
|
81
|
+
- [#363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
|
|
82
|
+
- [#364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling)
|
|
83
|
+
- [#365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling)
|
|
84
|
+
- [#376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
|
|
85
|
+
- [#381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz)
|
|
86
|
+
- [#394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
|
|
87
|
+
- [#412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
|
|
88
|
+
- [#413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura)
|
|
89
|
+
- [#442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
|
|
90
|
+
- [#494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
|
|
91
|
+
- [#549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
|
|
92
|
+
- [#550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu)
|
|
93
|
+
- [#552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek)
|
|
94
|
+
- [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93)
|
|
95
|
+
- [#560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
|
|
96
|
+
- [#571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
|
|
97
|
+
- [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
|
|
98
|
+
- [#581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
|
|
54
99
|
### Changed
|
|
55
|
-
- [#191](https://
|
|
56
|
-
- [#312](https://
|
|
57
|
-
- [#317](https://
|
|
58
|
-
- [#338](https://
|
|
59
|
-
- [#339](https://
|
|
60
|
-
- [#410](https://
|
|
61
|
-
- [#414](https://
|
|
62
|
-
- [#489](https://
|
|
63
|
-
- [#489](https://
|
|
64
|
-
- [#
|
|
65
|
-
-
|
|
100
|
+
- [#191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
|
|
101
|
+
- [#312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
|
|
102
|
+
- [#317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
|
|
103
|
+
- [#338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
|
|
104
|
+
- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [#424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [#493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [#542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
|
|
105
|
+
- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
|
|
106
|
+
- [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
|
107
|
+
- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
|
108
|
+
- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
|
109
|
+
- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
|
110
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
|
111
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
|
112
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
|
113
|
+
- [#576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
|
114
|
+
- [#591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
|
66
115
|
### Fixed
|
|
67
|
-
- [#158](https://
|
|
68
|
-
- [#294](https://
|
|
69
|
-
- [#300](https://
|
|
70
|
-
- [#318](https://
|
|
71
|
-
- [#322](https://
|
|
72
|
-
- [#328](https://
|
|
73
|
-
- [#339](https://
|
|
74
|
-
- [#366](https://
|
|
75
|
-
- [#380](https://
|
|
76
|
-
- [#399](https://
|
|
77
|
-
- [#410](https://
|
|
78
|
-
- [#460](https://
|
|
79
|
-
- [#472](https://
|
|
80
|
-
- [#482](https://
|
|
81
|
-
- [#536](https://
|
|
82
|
-
- [#595](https://
|
|
83
|
-
- [#596](https://
|
|
84
|
-
- [#598](https://
|
|
116
|
+
- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
|
|
117
|
+
- [#294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
|
|
118
|
+
- [#300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
|
|
119
|
+
- [#318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [#326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [#343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [#347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [#397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [#464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [#565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
|
|
120
|
+
- [#322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [#331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [#337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [#361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [#371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [#377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [#383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [#392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [#395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [#400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [#401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [#403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [#415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [#567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
|
|
121
|
+
- [#328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
|
|
122
|
+
- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
|
|
123
|
+
- [#366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
|
|
124
|
+
- [#380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
|
|
125
|
+
- [#399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
|
|
126
|
+
- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
|
|
127
|
+
- [#460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo)
|
|
128
|
+
- [#472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
|
|
129
|
+
- [#482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
|
|
130
|
+
- [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling)
|
|
131
|
+
- [#595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
|
132
|
+
- [#596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
|
|
133
|
+
- [#598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
|
85
134
|
### Removed
|
|
86
|
-
- [#341](https://
|
|
87
|
-
- [#342](https://
|
|
88
|
-
- [#539](https://
|
|
89
|
-
- [#566](https://
|
|
90
|
-
- [#589](https://
|
|
91
|
-
- [#590](https://
|
|
135
|
+
- [#341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
|
|
136
|
+
- [#342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
|
|
137
|
+
- [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
|
|
138
|
+
- [#566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning)
|
|
139
|
+
- [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu)
|
|
140
|
+
- [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
|
|
141
|
+
|
|
142
|
+
## [1.4.11] - 2022-09-16
|
|
143
|
+
- Complete migration to main branch as default (@pboling)
|
|
144
|
+
- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
|
|
145
|
+
|
|
146
|
+
## [1.4.10] - 2022-07-01
|
|
147
|
+
- FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov)
|
|
92
148
|
|
|
93
149
|
## [1.4.9] - 2022-02-20
|
|
94
|
-
- Fixes compatibility with Faraday v2 [572](https://
|
|
150
|
+
- Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572)
|
|
95
151
|
- Includes supported versions of Faraday in test matrix:
|
|
96
152
|
- Faraday ~> 2.2.0 with Ruby >= 2.6
|
|
97
153
|
- Faraday ~> 1.10 with Ruby >= 2.4
|
|
@@ -100,48 +156,48 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
100
156
|
|
|
101
157
|
## [1.4.8] - 2022-02-18
|
|
102
158
|
- MFA is now required to push new gem versions (@pboling)
|
|
103
|
-
- README overhaul w/ new Ruby
|
|
104
|
-
- [#569](https://
|
|
159
|
+
- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
|
|
160
|
+
- [#569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
|
|
105
161
|
- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
|
|
106
162
|
- Add CodeQL, Security Policy, Funding info (@pboling)
|
|
107
163
|
- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
|
|
108
|
-
- [#543](https://
|
|
164
|
+
- [#543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
|
|
109
165
|
|
|
110
166
|
## [1.4.7] - 2021-03-19
|
|
111
|
-
- [#541](https://
|
|
167
|
+
- [#541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [#533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
|
|
112
168
|
|
|
113
169
|
## [1.4.6] - 2021-03-19
|
|
114
|
-
- [#540](https://
|
|
115
|
-
- [#537](https://
|
|
116
|
-
- [#538](https://
|
|
170
|
+
- [#540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
|
|
171
|
+
- [#537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
|
|
172
|
+
- [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling)
|
|
117
173
|
|
|
118
174
|
## [1.4.5] - 2021-03-18
|
|
119
|
-
- [#535](https://
|
|
120
|
-
- [#518](https://
|
|
121
|
-
- [#507](https://
|
|
122
|
-
- [#500](https://
|
|
175
|
+
- [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling)
|
|
176
|
+
- [#518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
|
|
177
|
+
- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
|
|
178
|
+
- [#500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
|
|
123
179
|
|
|
124
180
|
## [1.4.4] - 2020-02-12
|
|
125
|
-
- [#408](https://
|
|
181
|
+
- [#408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
|
|
126
182
|
|
|
127
183
|
## [1.4.3] - 2020-01-29
|
|
128
|
-
- [#483](https://
|
|
129
|
-
- [#495](https://
|
|
184
|
+
- [#483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
|
|
185
|
+
- [#495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
|
|
130
186
|
- Adds support for private_key_jwt and tls_client_auth
|
|
131
|
-
- [#433](https://
|
|
187
|
+
- [#433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
|
|
132
188
|
|
|
133
189
|
## [1.4.2] - 2019-10-01
|
|
134
|
-
- [#478](https://
|
|
190
|
+
- [#478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
|
|
135
191
|
- Officially support Ruby 2.6 and truffleruby
|
|
136
192
|
|
|
137
193
|
## [1.4.1] - 2018-10-13
|
|
138
|
-
- [#417](https://
|
|
139
|
-
- [#419](https://
|
|
140
|
-
- [#418](https://
|
|
141
|
-
- [#420](https://
|
|
142
|
-
- [#421](https://
|
|
143
|
-
- [#422](https://
|
|
144
|
-
- [#423](https://
|
|
194
|
+
- [#417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
|
|
195
|
+
- [#419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling)
|
|
196
|
+
- [#418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)
|
|
197
|
+
- [#420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling)
|
|
198
|
+
- [#421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
|
|
199
|
+
- [#422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling)
|
|
200
|
+
- [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling)
|
|
145
201
|
- officially document supported Rubies
|
|
146
202
|
* Ruby 1.9.3
|
|
147
203
|
* Ruby 2.0.0
|
|
@@ -191,17 +247,16 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
191
247
|
## [1.0.0] - 2014-07-09
|
|
192
248
|
### Added
|
|
193
249
|
- Add an implementation of the MAC token spec.
|
|
194
|
-
|
|
195
250
|
### Fixed
|
|
196
251
|
- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
|
|
197
|
-
## [0.5.0] - 2011-07-29
|
|
198
252
|
|
|
253
|
+
## [0.5.0] - 2011-07-29
|
|
199
254
|
### Changed
|
|
200
|
-
-
|
|
201
|
-
-
|
|
202
|
-
-
|
|
203
|
-
-
|
|
204
|
-
-
|
|
255
|
+
- *breaking* `oauth_token` renamed to `oauth_bearer`.
|
|
256
|
+
- *breaking* `authorize_path` Client option renamed to `authorize_url`.
|
|
257
|
+
- *breaking* `access_token_path` Client option renamed to `token_url`.
|
|
258
|
+
- *breaking* `access_token_method` Client option renamed to `token_method`.
|
|
259
|
+
- *breaking* `web_server` renamed to `auth_code`.
|
|
205
260
|
|
|
206
261
|
## [0.4.1] - 2011-04-20
|
|
207
262
|
|
|
@@ -229,44 +284,52 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
229
284
|
|
|
230
285
|
## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
|
|
231
286
|
|
|
232
|
-
[
|
|
233
|
-
[0.0.
|
|
234
|
-
[0.0.
|
|
235
|
-
[0.0.
|
|
236
|
-
[0.0.
|
|
237
|
-
[0.0.
|
|
238
|
-
[0.0.
|
|
239
|
-
[0.0.
|
|
240
|
-
[0.0.
|
|
241
|
-
[0.0.
|
|
242
|
-
[0.0.
|
|
243
|
-
[0.0.
|
|
244
|
-
[0.0.
|
|
245
|
-
[0.0
|
|
246
|
-
[0.1.
|
|
247
|
-
[0.
|
|
248
|
-
[0.
|
|
249
|
-
[0.
|
|
250
|
-
[0.4.
|
|
251
|
-
[0.
|
|
252
|
-
[0.
|
|
253
|
-
[1.
|
|
254
|
-
[1.
|
|
255
|
-
[1.
|
|
256
|
-
[1.3.
|
|
257
|
-
[1.
|
|
258
|
-
[1.4.
|
|
259
|
-
[1.4.
|
|
260
|
-
[1.4.
|
|
261
|
-
[1.4.
|
|
262
|
-
[1.4.
|
|
263
|
-
[1.4.
|
|
264
|
-
[1.4.
|
|
265
|
-
[1.4.
|
|
266
|
-
[1.4.
|
|
267
|
-
[1.4.
|
|
268
|
-
[
|
|
269
|
-
[2.0.
|
|
270
|
-
[2.0.
|
|
271
|
-
[2.0.
|
|
287
|
+
[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1
|
|
288
|
+
[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2
|
|
289
|
+
[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3
|
|
290
|
+
[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4
|
|
291
|
+
[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5
|
|
292
|
+
[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6
|
|
293
|
+
[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7
|
|
294
|
+
[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8
|
|
295
|
+
[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9
|
|
296
|
+
[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10
|
|
297
|
+
[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11
|
|
298
|
+
[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12
|
|
299
|
+
[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13
|
|
300
|
+
[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0
|
|
301
|
+
[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1
|
|
302
|
+
[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0
|
|
303
|
+
[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0
|
|
304
|
+
[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0
|
|
305
|
+
[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1
|
|
306
|
+
[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0
|
|
307
|
+
[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0
|
|
308
|
+
[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0
|
|
309
|
+
[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0
|
|
310
|
+
[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0
|
|
311
|
+
[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1
|
|
312
|
+
[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0
|
|
313
|
+
[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1
|
|
314
|
+
[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2
|
|
315
|
+
[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3
|
|
316
|
+
[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4
|
|
317
|
+
[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5
|
|
318
|
+
[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6
|
|
319
|
+
[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7
|
|
320
|
+
[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8
|
|
321
|
+
[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9
|
|
322
|
+
[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10
|
|
323
|
+
[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11
|
|
324
|
+
[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0
|
|
325
|
+
[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1
|
|
326
|
+
[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2
|
|
327
|
+
[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3
|
|
328
|
+
[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4
|
|
329
|
+
[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5
|
|
330
|
+
[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6
|
|
331
|
+
[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7
|
|
332
|
+
[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8
|
|
333
|
+
[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9
|
|
334
|
+
[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD
|
|
272
335
|
[gemfiles/readme]: gemfiles/README.md
|
data/CONTRIBUTING.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
## Contributing
|
|
2
2
|
|
|
3
|
-
Bug reports and pull requests are welcome on
|
|
3
|
+
Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][source]
|
|
4
4
|
. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
|
|
5
5
|
the [code of conduct][conduct].
|
|
6
6
|
|
|
@@ -27,18 +27,18 @@ To submit a patch, please fork the project and create a patch with tests. Once y
|
|
|
27
27
|
|
|
28
28
|
## Contributors
|
|
29
29
|
|
|
30
|
-
[][contributors]
|
|
30
|
+
[][🚎contributors]
|
|
31
31
|
|
|
32
32
|
Made with [contributors-img][contrib-rocks].
|
|
33
33
|
|
|
34
34
|
[comment]: <> (Following links are used by README, CONTRIBUTING)
|
|
35
35
|
|
|
36
|
-
[conduct]: https://
|
|
36
|
+
[conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md
|
|
37
37
|
|
|
38
38
|
[contrib-rocks]: https://contrib.rocks
|
|
39
39
|
|
|
40
|
-
[contributors]: https://
|
|
40
|
+
[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main
|
|
41
41
|
|
|
42
42
|
[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
|
|
43
43
|
|
|
44
|
-
[source]: https://
|
|
44
|
+
[source]: https://gitlab.com/oauth-xx/oauth2/
|
data/LICENSE
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
MIT License
|
|
2
2
|
|
|
3
3
|
Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
|
|
4
|
-
Copyright (c) 2017 - 2022 oauth-xx organization, https://
|
|
4
|
+
Copyright (c) 2017 - 2022 oauth-xx organization, https://gitlab.com/oauth-xx
|
|
5
5
|
|
|
6
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
7
7
|
of this software and associated documentation files (the "Software"), to deal
|