oauth 1.1.3 → 1.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4d9cbc0395ced08584b17f1b6463567d585f3d762388af8afe825c90ca8fe530
-  data.tar.gz: 56b7bb9bc6b6d3a4a3c605079e4e26051170e2ecb0082945ffbb54fd280ba168
+  metadata.gz: 970e94a923c444e964d51c9a0545b8118ad8bc7223bc2a630fa54d138ebc3a0f
+  data.tar.gz: ae599ec3b3d5c24d6b5ea1ac9d39c51699e47e1ef0cbfe5eb656888ef0e990a5
 SHA512:
-  metadata.gz: f4857125480d5d1fb8f070b97df0b7d5e8685aca2ef5d6e108e3bdfb62942b273dfc0488898a02f68ebb774907607e6e30ebc226b78262adb8ef788f79cd26de
-  data.tar.gz: 33593fbecfd9c7bbe83a7c694955e15123c0df401594d46ea781db0a45b2c291cd264df8cb3b9cb501689ceb1e5edcd449e9dd3e5f0e0ff8b66f836ed9b5a783
+  metadata.gz: 1a1c566f7179e6e2cdc2febc0b75622ca72b1c1a13b8ae951f91296687f2d4f98b4effbc7e366d3081b663dec8c0a582c5593d0f9a9e33d06ceacbb708cd97c2
+  data.tar.gz: 742b924b4c21702aefd77c70d40e5b7f30ddc4ea1363c41fef4dcd29c0316433859c304062d1bde91e1377e6dd3a21cf605deed694272b2f2b8ec0e5d91e51d4

data/CHANGELOG.md

@@ -30,6 +30,22 @@ Please file a bug if you notice a violation of semantic versioning.
 
 ### Security
 
+## [1.1.4] - 2026-05-16
+
+- TAG: [v1.1.4][1.1.4t]
+- COVERAGE: 84.64% -- 854/1009 lines in 36 files
+- BRANCH COVERAGE: 54.91% -- 151/275 branches in 36 files
+- 40.78% documented
+
+### Added
+
+- Add `auth-sanitizer` integration for inspect-time secret redaction in core OAuth objects.
+- Traditional OAuth::VERSION constant
+
+### Changed
+
+- Redact sensitive values from `#inspect` in `OAuth::Consumer`, `OAuth::Token`, and `OAuth::Signature::Base`.
+
 ## [1.1.3] - 2025-11-06
 
 - TAG: [v1.1.3][1.1.3t]
@@ -733,7 +749,9 @@ All together now release
 - Moved all non-Rails functionality from the Rails plugin:
   http://code.google.com/p/oauth-plugin/
 
-[Unreleased]: https://github.com/ruby-oauth/oauth/compare/v1.1.3...HEAD
+[Unreleased]: https://github.com/ruby-oauth/oauth/compare/v1.1.4...HEAD
+[1.1.4]: https://github.com/ruby-oauth/oauth/compare/v1.1.3...v1.1.4
+[1.1.4t]: https://github.com/ruby-oauth/oauth/releases/tag/v1.1.4
 [1.1.3]: https://github.com/ruby-oauth/oauth/compare/v1.1.2...v1.1.3
 [1.1.3t]: https://github.com/ruby-oauth/oauth/releases/tag/v1.1.3
 [1.1.2]: https://github.com/ruby-oauth/oauth/compare/v1.1.1...v1.1.2

data/README.md

@@ -1,32 +1,3 @@
-| 📍 NOTE                                                                                                                                                           |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| RubyGems (the [GitHub org][rubygems-org], not the website) [suffered][draper-security] a [hostile takeover][ellen-takeover] in September 2025.                    |
-| Ultimately [4 maintainers][simi-removed] were [hard removed][martin-removed] and a reason has been given for only 1 of those, while 2 others resigned in protest. |
-| It is a [complicated story][draper-takeover] which is difficult to [parse quickly][draper-lies].                                                                  |
-| I'm adding notes like this to gems because I [don't condone theft][draper-theft] of repositories or gems from their rightful owners.                              |
-| If a similar theft happened with my repos/gems, I'd hope some would stand up for me.                                                                              |
-| Disenfranchised former-maintainers have started [gem.coop][gem-coop].                                                                                             |
-| Once available I will publish there exclusively; unless RubyCentral makes amends with the community.                                                              |
-| The ["Technology for Humans: Joel Draper"][reinteractive-podcast] podcast episode by [reinteractive][reinteractive] is the most cogent summary I'm aware of.      |
-| See [here][gem-naming], [here][gem-coop] and [here][martin-ann] for more info on what comes next.                                                                 |
-| What I'm doing: A (WIP) proposal for [bundler/gem scopes][gem-scopes], and a (WIP) proposal for a federated [gem server][gem-server].                             |
-
-[rubygems-org]: https://github.com/rubygems/
-[draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/
-[draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/
-[ellen-takeover]: https://pup-e.com/blog/goodbye-rubygems/
-[simi-removed]: https://www.reddit.com/r/ruby/s/gOk42POCaV
-[martin-removed]: https://bsky.app/profile/martinemde.com/post/3m3occezxxs2q
-[draper-lies]: https://joel.drapper.me/p/ruby-central-fact-check/
-[draper-theft]: https://joel.drapper.me/p/ruby-central/
-[reinteractive]: https://reinteractive.com/ruby-on-rails
-[gem-coop]: https://gem.coop
-[gem-naming]: https://github.com/gem-coop/gem.coop/issues/12
-[martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html
-[gem-scopes]: https://github.com/galtzo-floss/bundle-namespace
-[gem-server]: https://github.com/galtzo-floss/gem-server
-[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6
-
 [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth-i]][🖼️oauth]
 
 [🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg
@@ -38,7 +9,7 @@
 
 # 🔑 Ruby OAuth 1.0 / 1.0a
 
-[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
+[![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![CodeCov Test Coverage][🏀codecovi]][🏀codecov] [![Coveralls Test Coverage][🏀coveralls-img]][🏀coveralls] [![QLTY Test Coverage][🏀qlty-covi]][🏀qlty-cov] [![QLTY Maintainability][🏀qlty-mnti]][🏀qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Apache SkyWalking Eyes License Compatibility Check][🚎15-🪪-wfi]][🚎15-🪪-wf]
 
 `if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord].
 
@@ -48,6 +19,13 @@
 
 [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi]
 
+<details>
+    <summary>👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️</summary>
+
+I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo).
+
+</details>
+
 ## 🌻 Synopsis
 
 OAuth 1.0a is an industry-standard protocol for authorization.
@@ -92,7 +70,7 @@ References: [RFC 5849 (OAuth 1.0)](https://datatracker.ietf.org/doc/html/rfc5849
 
 Ruby OAuth has been maintained by a large number of talented
 individuals over the years.
-The primary maintainer since 2020 is Peter Boling (@pboling).
+The primary maintainer since 2020 is Peter Boling ([@pboling](https://github.com/pboling)).
 
 ## 💡 Info you can shake a stick at
 
@@ -131,6 +109,8 @@ Compatible with MRI Ruby 2.3+, and concordant releases of JRuby, and TruffleRuby
 | 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                              | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
 | 🎮️ [Discord Server][✉️discord-invite]          | [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
+[⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
+[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
 </details>
 
 [gh-discussions]: https://github.com/ruby-oauth/oauth/discussions
@@ -280,10 +260,10 @@ hydra.run
 
 ### More Information
 
-* RubyDoc Documentation: [![RubyDoc.info][🚎yard-img]][🚎yard]
-* Mailing List/Google Group: [![Mailing List][⛳mail-list-img]][⛳mail-list]
-* Live Chat on Gitter: [![Join the chat at https://gitter.im/ruby-oauth/oauth-ruby][🏘chat-img]][🏘chat]
-* Maintainer's Blog: [![Blog][🚎blog-img]][🚎blog]
+* RubyDoc Documentation: [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head]
+* Mailing List/Google Group: [![OAuth Ruby Google Group][⛳gg-discussions-img]][⛳gg-discussions]
+* Maintainer Blog: [![Maintainer Blog][🚂maint-blog-img]][🚂maint-blog]
+* Live ruby-oauth Chat: [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite]
 
 ## 🦷 FLOSS Funding
 
@@ -570,8 +550,6 @@ Thanks for RTFM. ☺️
 [📜gh-wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=github&logoColor=white
 [👽dl-rank]: https://bestgems.org/gems/oauth
 [👽dl-ranki]: https://img.shields.io/gem/rd/oauth.svg
-[👽oss-help]: https://www.codetriage.com/ruby-oauth/oauth
-[👽oss-helpi]: https://www.codetriage.com/ruby-oauth/oauth/badges/users.svg
 [👽version]: https://bestgems.org/gems/oauth
 [👽versioni]: https://img.shields.io/gem/v/oauth.svg
 [🏀qlty-mnt]: https://qlty.sh/gh/ruby-oauth/projects/oauth
@@ -662,7 +640,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]: https://gitmoji.dev
 [📌gitmoji-img]: https://img.shields.io/badge/gitmoji_commits-%20%F0%9F%98%9C%20%F0%9F%98%8D-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-1.000-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-1.009-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/REEK

@@ -0,0 +1,2 @@
+Error: No such file - is
+Error: No such file - empty

data/SECURITY.md

@@ -12,6 +12,8 @@ To report a security vulnerability, please use the
 [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
+More detailed explanation of the process is in [IRP.md][IRP].
+
 ## Additional Support
 
 If you are interested in support for versions older than the latest release,
@@ -19,3 +21,4 @@ please consider sponsoring the project / maintainer @ https://liberapay.com/pbol
 or find other sponsorship links in the [README].
 
 [README]: README.md
+[IRP]: IRP.md

data/lib/oauth/client/action_controller_request.rb

@@ -26,12 +26,16 @@ module ActionController
   end
 
   class TestRequest
+    OAUTH_ENABLED_KEY = :oauth_action_controller_test_request_use_oauth
+
     class << self
-      attr_writer :use_oauth
-    end
+      def use_oauth=(value)
+        Thread.current[OAUTH_ENABLED_KEY] = value
+      end
 
-    def self.use_oauth?
-      @use_oauth
+      def use_oauth?
+        Thread.current[OAUTH_ENABLED_KEY]
+      end
     end
 
     def configure_oauth(consumer = nil, token = nil, options = {})

data/lib/oauth/consumer.rb

@@ -8,7 +8,22 @@ require "oauth/errors"
 require "cgi"
 
 module OAuth
+  # Consumer credentials and request configuration for OAuth 1.0 / 1.0a flows.
+  #
+  # Includes {Auth::Sanitizer::FilteredAttributes} so inspect output redacts the
+  # consumer secret while leaving non-sensitive configuration visible.
   class Consumer
+    include Auth::Sanitizer::FilteredAttributes
+
+    # Instance attributes exposed by the consumer.
+    #
+    # @!attribute [rw] options
+    #   @return [Hash] Consumer configuration options
+    # @!attribute [rw] key
+    #   @return [String] OAuth consumer key
+    # @!attribute [rw] secret
+    #   @return [String] OAuth consumer secret (redacted in `#inspect`)
+
     # determine the certificate authority path to verify SSL certs
     if ENV["SSL_CERT_FILE"]
       if File.exist?(ENV["SSL_CERT_FILE"])
@@ -78,6 +93,7 @@ module OAuth
     )
 
     attr_accessor :options, :key, :secret
+    filtered_attributes :secret
     attr_writer :site, :http
 
     # Create a new consumer instance by passing it a configuration hash:
@@ -238,8 +254,8 @@ module OAuth
     def request(http_method, path, token = nil, request_options = {}, *arguments)
       unless %r{^/} =~ path
         @http = create_http(path)
-        _uri = URI.parse(path)
-        path = "#{_uri.path}#{"?#{_uri.query}" if _uri.query}"
+        uri = URI.parse(path)
+        path = "#{uri.path}#{"?#{uri.query}" if uri.query}"
       end
 
       # override the request with your own, this is useful for file uploads which Net::HTTP does not do
@@ -396,13 +412,13 @@ module OAuth
     protected
 
     # Instantiates the http object
-    def create_http(_url = nil)
-      _url = request_endpoint unless request_endpoint.nil?
+    def create_http(url = nil)
+      url = request_endpoint unless request_endpoint.nil?
 
-      our_uri = if _url.nil? || _url[0] =~ %r{^/}
+      our_uri = if url.nil? || url[0] =~ %r{^/}
         URI.parse(site)
       else
-        your_uri = URI.parse(_url)
+        your_uri = URI.parse(url)
         if your_uri.host.nil?
           # If the _url is a path, missing the leading slash, then it won't have a host,
           # and our_uri *must* have a host, so we parse site instead.

data/lib/oauth/request_proxy/base.rb

@@ -8,8 +8,10 @@ module OAuth
     class Base
       include OAuth::Helper
 
-      def self.proxies(klass)
-        OAuth::RequestProxy.available_proxies[klass] = self
+      class << self
+        def proxies(klass)
+          OAuth::RequestProxy.available_proxies[klass] = self
+        end
       end
 
       attr_accessor :request, :options, :unsigned_parameters
@@ -23,15 +25,15 @@ module OAuth
       ## OAuth parameters
 
       def oauth_callback
-        parameters["oauth_callback"]
+        [parameters["oauth_callback"]].flatten.first
       end
 
       def oauth_consumer_key
-        parameters["oauth_consumer_key"]
+        [parameters["oauth_consumer_key"]].flatten.first
       end
 
       def oauth_nonce
-        parameters["oauth_nonce"]
+        [parameters["oauth_nonce"]].flatten.first
       end
 
       def oauth_signature
@@ -40,31 +42,26 @@ module OAuth
       end
 
       def oauth_signature_method
-        case parameters["oauth_signature_method"]
-        when Array
-          parameters["oauth_signature_method"].first
-        else
-          parameters["oauth_signature_method"]
-        end
+        [parameters["oauth_signature_method"]].flatten.first
       end
 
       def oauth_timestamp
-        parameters["oauth_timestamp"]
+        [parameters["oauth_timestamp"]].flatten.first
       end
 
       def oauth_token
-        parameters["oauth_token"]
+        [parameters["oauth_token"]].flatten.first
       end
 
       # OAuth 1.0a only: value returned to the Consumer after user authorization
       # and required when exchanging a Request Token for an Access Token.
       # Not present in OAuth 1.0 flows.
       def oauth_verifier
-        parameters["oauth_verifier"]
+        [parameters["oauth_verifier"]].flatten.first
       end
 
       def oauth_version
-        parameters["oauth_version"]
+        [parameters["oauth_version"]].flatten.first
       end
 
       # TODO: deprecate these

data/lib/oauth/request_proxy/rack_request.rb

@@ -26,10 +26,6 @@ module OAuth
         end
       end
 
-      def signature
-        parameters["oauth_signature"]
-      end
-
       protected
 
       def query_params

data/lib/oauth/request_proxy.rb

@@ -2,24 +2,28 @@
 
 module OAuth
   module RequestProxy
-    def self.available_proxies # :nodoc:
-      @available_proxies ||= {}
-    end
+    AVAILABLE_PROXIES = {}
 
-    def self.proxy(request, options = {})
-      return request if request.is_a?(OAuth::RequestProxy::Base)
+    class << self
+      def available_proxies # :nodoc:
+        AVAILABLE_PROXIES
+      end
 
-      klass = available_proxies[request.class]
+      def proxy(request, options = {})
+        return request if request.is_a?(OAuth::RequestProxy::Base)
 
-      # Search for possible superclass matches.
-      if klass.nil?
-        request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
-        klass = available_proxies[request_parent]
-      end
+        klass = available_proxies[request.class]
 
-      raise UnknownRequestType, request.class.to_s unless klass
+        # Search for possible superclass matches.
+        if klass.nil?
+          request_parent = available_proxies.keys.find { |rc| request.is_a?(rc) }
+          klass = available_proxies[request_parent]
+        end
 
-      klass.new(request, options)
+        raise UnknownRequestType, request.class.to_s unless klass
+
+        klass.new(request, options)
+      end
     end
 
     class UnknownRequestType < RuntimeError; end

data/lib/oauth/signature/base.rb

@@ -7,17 +7,27 @@ require "base64"
 
 module OAuth
   module Signature
+    # Base class for OAuth signature implementations.
+    #
+    # Includes {Auth::Sanitizer::FilteredAttributes} so inspect output redacts
+    # secret-bearing fields captured during signature construction.
     class Base
       include OAuth::Helper
+      include Auth::Sanitizer::FilteredAttributes
 
+      # Signature construction options.
+      #
+      # @return [Hash]
       attr_accessor :options
       attr_reader :token_secret, :consumer_secret, :request
+      filtered_attributes :options, :consumer_secret, :token_secret
 
-      def self.implements(signature_method = nil)
-        return @implements if signature_method.nil?
+      class << self
+        def implements(signature_method = nil)
+          return OAuth::Signature.available_methods.key(self) if signature_method.nil?
 
-        @implements = signature_method
-        OAuth::Signature.available_methods[@implements] = self
+          OAuth::Signature.available_methods[signature_method] = self
+        end
       end
 
       def initialize(request, options = {}, &block)

data/lib/oauth/signature.rb

@@ -2,45 +2,49 @@
 
 module OAuth
   module Signature
-    # Returns a list of available signature methods
-    def self.available_methods
-      @available_methods ||= {}
-    end
-
-    # Build a signature from a +request+.
-    #
-    # Raises UnknownSignatureMethod exception if the signature method is unknown.
-    def self.build(request, options = {}, &block)
-      request = OAuth::RequestProxy.proxy(request, options)
-      klass = available_methods[
-        (request.signature_method ||
-        ((c = request.options[:consumer]) && c.options[:signature_method]) ||
-        "").downcase]
-      raise UnknownSignatureMethod, request.signature_method unless klass
-
-      klass.new(request, options, &block)
-    end
-
-    # Sign a +request+
-    def self.sign(request, options = {}, &block)
-      build(request, options, &block).signature
-    end
-
-    # Verify the signature of +request+
-    def self.verify(request, options = {}, &block)
-      build(request, options, &block).verify
-    end
-
-    # Create the signature base string for +request+. This string is the normalized parameter information.
-    #
-    # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
-    def self.signature_base_string(request, options = {}, &block)
-      build(request, options, &block).signature_base_string
-    end
-
-    # Create the body hash for a request
-    def self.body_hash(request, options = {}, &block)
-      build(request, options, &block).body_hash
+    AVAILABLE_METHODS = {}
+
+    class << self
+      # Returns a list of available signature methods
+      def available_methods
+        AVAILABLE_METHODS
+      end
+
+      # Build a signature from a +request+.
+      #
+      # Raises UnknownSignatureMethod exception if the signature method is unknown.
+      def build(request, options = {}, &block)
+        request = OAuth::RequestProxy.proxy(request, options)
+        klass = available_methods[
+          (request.signature_method ||
+          ((c = request.options[:consumer]) && c.options[:signature_method]) ||
+          "").downcase]
+        raise UnknownSignatureMethod, request.signature_method unless klass
+
+        klass.new(request, options, &block)
+      end
+
+      # Sign a +request+
+      def sign(request, options = {}, &block)
+        build(request, options, &block).signature
+      end
+
+      # Verify the signature of +request+
+      def verify(request, options = {}, &block)
+        build(request, options, &block).verify
+      end
+
+      # Create the signature base string for +request+. This string is the normalized parameter information.
+      #
+      # See Also: {OAuth core spec version 1.0, section 9.1.1}[http://oauth.net/core/1.0#rfc.section.9.1.1]
+      def signature_base_string(request, options = {}, &block)
+        build(request, options, &block).signature_base_string
+      end
+
+      # Create the body hash for a request
+      def body_hash(request, options = {}, &block)
+        build(request, options, &block).body_hash
+      end
     end
 
     class UnknownSignatureMethod < RuntimeError; end

data/lib/oauth/tokens/consumer_token.rb

@@ -6,10 +6,12 @@ module OAuth
     attr_accessor :consumer, :params
     attr_reader :response
 
-    def self.from_hash(consumer, hash)
-      token = new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
-      token.params = hash
-      token
+    class << self
+      def from_hash(consumer, hash)
+        token = new(consumer, hash[:oauth_token], hash[:oauth_token_secret])
+        token.params = hash
+        token
+      end
     end
 
     def initialize(consumer, token = "", secret = "")

data/lib/oauth/tokens/token.rb

@@ -1,11 +1,23 @@
 # frozen_string_literal: true
 
 module OAuth
-  # Superclass for the various tokens used by OAuth
+  # Superclass for the various tokens used by OAuth.
+  #
+  # Includes {Auth::Sanitizer::FilteredAttributes} so inspect output redacts the
+  # token value and token secret while leaving object identity and non-sensitive
+  # fields visible.
   class Token
     include OAuth::Helper
+    include Auth::Sanitizer::FilteredAttributes
 
+    # Token attributes.
+    #
+    # @!attribute [rw] token
+    #   @return [String] OAuth token value (redacted in `#inspect`)
+    # @!attribute [rw] secret
+    #   @return [String] OAuth token secret (redacted in `#inspect`)
     attr_accessor :token, :secret
+    filtered_attributes :token, :secret
 
     def initialize(token, secret)
       @token = token

data/lib/oauth/version.rb

@@ -2,6 +2,7 @@
 
 module OAuth
   module Version
-    VERSION = "1.1.3"
+    VERSION = "1.1.4"
   end
+  VERSION = Version::VERSION # Traditional Constant Location
 end

data/lib/oauth.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 # third party gems
+require "auth/sanitizer"
 require "snaky_hash"
 require "version_gem"
 

data/sig/oauth/consumer.rbs

@@ -0,0 +1,9 @@
+module OAuth
+  class Consumer
+    include Auth::Sanitizer::FilteredAttributes
+
+    attr_accessor options: untyped
+    attr_accessor key: untyped
+    attr_accessor secret: untyped
+  end
+end

data/sig/oauth/signature/base.rbs

@@ -0,0 +1,12 @@
+module OAuth
+  module Signature
+    class Base
+      include Auth::Sanitizer::FilteredAttributes
+
+      attr_accessor options: untyped
+      attr_reader token_secret: untyped
+      attr_reader consumer_secret: untyped
+      attr_reader request: untyped
+    end
+  end
+end

data/sig/oauth/tokens/token.rbs

@@ -0,0 +1,8 @@
+module OAuth
+  class Token
+    include Auth::Sanitizer::FilteredAttributes
+
+    attr_accessor token: untyped
+    attr_accessor secret: untyped
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth
 version: !ruby/object:Gem::Version
-  version: 1.1.3
+  version: 1.1.4
 platform: ruby
 authors:
 - Pelle Braendgaard
@@ -45,6 +45,26 @@ cert_chain:
   -----END CERTIFICATE-----
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: auth-sanitizer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.1.2
 - !ruby/object:Gem::Dependency
   name: oauth-tty
   requirement: !ruby/object:Gem::Requirement
@@ -54,7 +74,7 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -64,7 +84,7 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.7
 - !ruby/object:Gem::Dependency
   name: snaky_hash
   requirement: !ruby/object:Gem::Requirement
@@ -72,6 +92,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -79,6 +102,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.4
 - !ruby/object:Gem::Dependency
   name: base64
   requirement: !ruby/object:Gem::Requirement
@@ -93,6 +119,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: cgi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: version_gem
   requirement: !ruby/object:Gem::Requirement
@@ -189,28 +229,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -450,15 +490,18 @@ files:
 - lib/oauth/tokens/server_token.rb
 - lib/oauth/tokens/token.rb
 - lib/oauth/version.rb
+- sig/oauth/consumer.rbs
+- sig/oauth/signature/base.rbs
+- sig/oauth/tokens/token.rbs
 homepage: https://github.com/ruby-oauth/oauth
 licenses:
 - MIT
 metadata:
   homepage_uri: https://oauth.galtzo.com/
-  source_code_uri: https://github.com/ruby-oauth/oauth/tree/v1.1.3
-  changelog_uri: https://github.com/ruby-oauth/oauth/blob/v1.1.3/CHANGELOG.md
+  source_code_uri: https://github.com/ruby-oauth/oauth/tree/v1.1.4
+  changelog_uri: https://github.com/ruby-oauth/oauth/blob/v1.1.4/CHANGELOG.md
   bug_tracker_uri: https://github.com/ruby-oauth/oauth/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth/1.1.3
+  documentation_uri: https://www.rubydoc.info/gems/oauth/1.1.4
   mailing_list_uri: https://groups.google.com/g/oauth-ruby
   funding_uri: https://github.com/sponsors/pboling
   wiki_uri: https://gitlab.com/ruby-oauth/oauth/-/wiki
@@ -488,7 +531,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.11
 specification_version: 4
 summary: "\U0001F511 OAuth 1.0 / 1.0a Core Ruby implementation"
 test_files: []