oauth2 1.3.1 → 1.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 1d24cc94d483fc7bde0d6a39d05efc7c5493b895
-  data.tar.gz: b26a8c77bcf7eee5e66972856d3c6c3e0150fade
+SHA256:
+  metadata.gz: 74ca15f9b1935885fe123c9b0801b9f0605c1bfa904bebe371d201a61b559f31
+  data.tar.gz: 3b719ec6748493cba5112dfca8ebff22b13c0c9690330d4422f9d81b1abf5185
 SHA512:
-  metadata.gz: 78e2e1761ee6e5284fbd8ab7778a37d6da78184129f1571987ac17ba3db629b5f9f956b49d873f1bbb65cfb5d6a15efdcc341916dca23f589a85b6709823c890
-  data.tar.gz: b46eda492f06d68430c14aebf2e5e6886fe32ccc40ac394db8d8c2ce77ffe75018e077ce30ae51acda5793ab730f4131952987feace9a7cd6904bcb4f5b2132b
+  metadata.gz: 7ec3c9c311effac7f8864c2dc3d7332761ee6a986f2924adec3b77620abe3dc63984d1c01e9ca0a1283907a5b2ba23ee31dfd4bd630fa7d803fba116ba1e652d
+  data.tar.gz: 1e1d37d5953bdd7e03e13f697648e56afdb63ea54bbdbaee7ee229302149c5047c533a15d6498a355ef78d17d991d79ce8f94fe8728229431e3fad5c3132a9ad

data/CHANGELOG.md

@@ -0,0 +1,170 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+## unreleased
+
+## [1.4.7] - 2021-03-18
+
+- [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon)
+
+## [1.4.6] - 2021-03-18
+
+- [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling)
+- [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
+- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling)
+
+## [1.4.5] - 2021-03-18
+
+- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling)
+- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
+
+## [1.4.4] - 2020-02-12
+
+- [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey)
+
+## [1.4.3] - 2020-01-29
+
+- [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien)
+- [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
+  - Adds support for private_key_jwt and tls_client_auth
+- [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256)
+
+## [1.4.2] - 2019-10-01
+
+- [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling)
+  - officially support Ruby 2.6 and truffleruby
+
+## [1.4.1] - 2018-10-13
+
+- [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman)
+- [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling)
+- [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling)
+- [#420](https://github.com/oauth-xx/oauth2/pull/420) - update [oauth2.gemspec](https://github.com/oauth-xx/oauth2/blob/1-4-stable/oauth2.gemspec) (@pboling)
+- [#421](https://github.com/oauth-xx/oauth2/pull/421) - fix [CHANGELOG.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
+- [#422](https://github.com/oauth-xx/oauth2/pull/422) - update [LICENSE](https://github.com/oauth-xx/oauth2/blob/1-4-stable/LICENSE) and [README.md](https://github.com/oauth-xx/oauth2/blob/1-4-stable/README.md) (@pboling)
+- [#423](https://github.com/oauth-xx/oauth2/pull/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://github.com/oauth-xx/oauth2/blob/1-4-stable/Rakefile) (@pboling)
+  - officially document supported Rubies
+    * Ruby 1.9.3
+    * Ruby 2.0.0
+    * Ruby 2.1
+    * Ruby 2.2
+    * [JRuby 1.7][jruby-1.7] (targets MRI v1.9)
+    * [JRuby 9.0][jruby-9.0] (targets MRI v2.0)
+    * Ruby 2.3
+    * Ruby 2.4
+    * Ruby 2.5
+    * [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
+    * [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
+
+[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html
+[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html
+[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html
+[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
+
+## [1.4.0] - 2017-06-09
+
+- Drop Ruby 1.8.7 support (@sferik)
+- Fix some RuboCop offenses (@sferik)
+- _Dependency_: Remove Yardstick (@sferik)
+- _Dependency_: Upgrade Faraday to 0.12 (@sferik)
+
+## [1.3.1] - 2017-03-03
+
+- Add support for Ruby 2.4.0 (@pschambacher)
+- _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
+
+## [1.3.0] - 2016-12-28
+
+- Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
+- Default to header-based authentication when getting a token from an authorisation code (@maletor)
+- **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes)
+- Handle `redirect_uri` according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
+- Refactor handling of encoding of error responses (@urkle)
+- Avoid instantiating an `Error` if there is no error to raise (@urkle)
+- Add support for Faraday 0.10 (@rhymes)
+
+## [1.2.0] - 2016-07-01
+
+- Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
+- Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
+- Use `raise` rather than `fail` to throw exceptions (@sferik)
+
+## [1.1.0] - 2016-01-30
+
+- Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
+- Add support for Rack 2, and bump various other dependencies (@sferik)
+
+## [1.0.0] - 2014-07-09
+
+### Added
+- Add an implementation of the MAC token spec.
+
+### Fixed
+- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
+
+## [0.5.0] - 2011-07-29
+
+### Changed
+- [breaking] `oauth_token` renamed to `oauth_bearer`.
+- [breaking] `authorize_path` Client option renamed to `authorize_url`.
+- [breaking] `access_token_path` Client option renamed to `token_url`.
+- [breaking] `access_token_method` Client option renamed to `token_method`.
+- [breaking] `web_server` renamed to `auth_code`.
+
+## [0.4.1] - 2011-04-20
+
+## [0.4.0] - 2011-04-20
+
+## [0.3.0] - 2011-04-08
+
+## [0.2.0] - 2011-04-01
+
+## [0.1.1] - 2011-01-12
+
+## [0.1.0] - 2010-10-13
+
+## [0.0.13] + [0.0.12] + [0.0.11] - 2010-08-17
+
+## [0.0.10] - 2010-06-19
+
+## [0.0.9] - 2010-06-18
+
+## [0.0.8] + [0.0.7] - 2010-04-27
+
+## [0.0.6] - 2010-04-25
+
+## [0.0.5] - 2010-04-23
+
+## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
+
+
+[0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
+[0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
+[0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
+[0.0.4]: https://github.com/oauth-xx/oauth2/compare/v0.0.3...v0.0.4
+[0.0.5]: https://github.com/oauth-xx/oauth2/compare/v0.0.4...v0.0.5
+[0.0.6]: https://github.com/oauth-xx/oauth2/compare/v0.0.5...v0.0.6
+[0.0.7]: https://github.com/oauth-xx/oauth2/compare/v0.0.6...v0.0.7
+[0.0.8]: https://github.com/oauth-xx/oauth2/compare/v0.0.7...v0.0.8
+[0.0.9]: https://github.com/oauth-xx/oauth2/compare/v0.0.8...v0.0.9
+[0.0.10]: https://github.com/oauth-xx/oauth2/compare/v0.0.9...v0.0.10
+[0.0.11]: https://github.com/oauth-xx/oauth2/compare/v0.0.10...v0.0.11
+[0.0.12]: https://github.com/oauth-xx/oauth2/compare/v0.0.11...v0.0.12
+[0.0.13]: https://github.com/oauth-xx/oauth2/compare/v0.0.12...v0.0.13
+[0.1.0]: https://github.com/oauth-xx/oauth2/compare/v0.0.13...v0.1.0
+[0.1.1]: https://github.com/oauth-xx/oauth2/compare/v0.1.0...v0.1.1
+[0.2.0]: https://github.com/oauth-xx/oauth2/compare/v0.1.1...v0.2.0
+[0.3.0]: https://github.com/oauth-xx/oauth2/compare/v0.2.0...v0.3.0
+[0.4.0]: https://github.com/oauth-xx/oauth2/compare/v0.3.0...v0.4.0
+[0.4.1]: https://github.com/oauth-xx/oauth2/compare/v0.4.0...v0.4.1
+[0.5.0]: https://github.com/oauth-xx/oauth2/compare/v0.4.1...v0.5.0
+[1.0.0]: https://github.com/oauth-xx/oauth2/compare/v0.9.4...v1.0.0
+[1.1.0]: https://github.com/oauth-xx/oauth2/compare/v1.0.0...v1.1.0
+[1.2.0]: https://github.com/oauth-xx/oauth2/compare/v1.1.0...v1.2.0
+[1.3.0]: https://github.com/oauth-xx/oauth2/compare/v1.2.0...v1.3.0
+[1.3.1]: https://github.com/oauth-xx/oauth2/compare/v1.3.0...v1.3.1
+[1.4.0]: https://github.com/oauth-xx/oauth2/compare/v1.3.1...v1.4.0
+[1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1
+[1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2
+[1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3
+[unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,133 @@
+
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
+Copyright (c) 2017 - 2018 oauth-xx organization, https://github.com/oauth-xx
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,30 +1,78 @@
 # OAuth2
 
+If you need the readme for a released version of the gem please find it below:
+
+| Version  | Release Date | Readme                                                   |
+|----------|--------------|----------------------------------------------------------|
+| 1.4.7    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
+| 1.4.6    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
+| 1.4.5    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md |
+| 1.4.4    | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md |
+| 1.4.3    | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md |
+| 1.4.2    | Oct 1, 2019  | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md |
+| 1.4.1    | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md |
+| 1.4.0    | Jun 9, 2017  | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
+| 1.3.1    | Mar 3, 2017  | https://github.com/oauth-xx/oauth2/blob/v1.3.1/README.md |
+| 1.3.0    | Dec 27, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.3.0/README.md |
+| 1.2.0    | Jun 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.2.0/README.md |
+| 1.1.0    | Jan 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.1.0/README.md |
+| 1.0.0    | May 23, 2014 | https://github.com/oauth-xx/oauth2/blob/v1.0.0/README.md |
+| < 1.0.0  | Find here    | https://github.com/oauth-xx/oauth2/tags                  |
+
 [![Gem Version](http://img.shields.io/gem/v/oauth2.svg)][gem]
-[![Build Status](http://img.shields.io/travis/intridea/oauth2.svg)][travis]
-[![Dependency Status](http://img.shields.io/gemnasium/intridea/oauth2.svg)][gemnasium]
-[![Code Climate](http://img.shields.io/codeclimate/github/intridea/oauth2.svg)][codeclimate]
-[![Coverage Status](http://img.shields.io/coveralls/intridea/oauth2.svg)][coveralls]
+[![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem]
+[![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem]
+[![Build Status](https://travis-ci.org/oauth-xx/oauth2.svg?branch=1-4-stable)][travis]
+[![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat)][github-actions]
+[![Test Coverage](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage)][codeclimate-coverage]
+[![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability]
+[![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu]
+[![Open Source Helpers](https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg)][code-triage]
+[![Chat](https://img.shields.io/gitter/room/oauth-xx/oauth2.svg)](https://gitter.im/oauth-xx/oauth2)
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license]
+[![Documentation](http://inch-ci.org/github/oauth-xx/oauth2.png)][inch-ci]
 
 [gem]: https://rubygems.org/gems/oauth2
-[travis]: http://travis-ci.org/intridea/oauth2
-[gemnasium]: https://gemnasium.com/intridea/oauth2
-[codeclimate]: https://codeclimate.com/github/intridea/oauth2
-[coveralls]: https://coveralls.io/r/intridea/oauth2
+[travis]: http://travis-ci.org/oauth-xx/oauth2
+[github-actions]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto
+[coveralls]: https://coveralls.io/r/oauth-xx/oauth2
+[codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
+[codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage
+[depfu]: https://depfu.com/github/oauth-xx/oauth2
+[source-license]: https://opensource.org/licenses/MIT
+[inch-ci]: http://inch-ci.org/github/oauth-xx/oauth2
+[code-triage]: https://www.codetriage.com/oauth-xx/oauth2
+[fossa1]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield
+
+A Ruby wrapper for the [OAuth 2.0 specification][oauth2-spec].
 
-A Ruby wrapper for the OAuth 2.0 specification.
+[oauth2-spec]: https://oauth.net/2/
 
 ## Installation
-    gem install oauth2
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'oauth2'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install oauth2
 
 ## Resources
+
 * [View Source on GitHub][code]
 * [Report Issues on GitHub][issues]
 * [Read More at the Wiki][wiki]
 
-[code]: https://github.com/intridea/oauth2
-[issues]: https://github.com/intridea/oauth2/issues
-[wiki]: https://wiki.github.com/intridea/oauth2
+[code]: https://github.com/oauth-xx/oauth2
+[issues]: https://github.com/oauth-xx/oauth2/issues
+[wiki]: https://wiki.github.com/oauth-xx/oauth2
 
 ## Usage Examples
 
@@ -36,11 +84,12 @@ client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth2/ca
 # => "https://example.org/oauth/authorization?response_type=code&client_id=client_id&redirect_uri=http://localhost:8080/oauth2/callback"
 
 token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'})
-response = token.get('/api/resource', :params => { 'query_foo' => 'bar' })
+response = token.get('/api/resource', :params => {'query_foo' => 'bar'})
 response.class.name
 # => OAuth2::Response
 ```
 ## OAuth2::Response
+
 The AccessToken methods #get, #post, #put and #delete and the generic #request
 will return an instance of the #OAuth2::Response class.
 
@@ -53,12 +102,14 @@ The original response body, headers, and status can be accessed via their
 respective methods.
 
 ## OAuth2::AccessToken
+
 If you have an existing Access Token for a user, you can initialize an instance
 using various class methods including the standard new, from_hash (if you have
 a hash of the values), or from_kvform (if you have an
 application/x-www-form-urlencoded encoded string of the values).
 
 ## OAuth2::Error
+
 On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
 standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
 error_description parameters.  The #response property of OAuth2::Error will
@@ -70,6 +121,7 @@ instance will be returned as usual and on 400+ status code responses, the
 Response instance will contain the OAuth2::Error instance.
 
 ## Authorization Grants
+
 Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
 use.  They are available via the #auth_code, #implicit, #password, #client_credentials, and #assertion methods respectively.
@@ -100,19 +152,38 @@ You can always use the #request method on the OAuth2::Client instance to make
 requests for tokens for any Authentication grant type.
 
 ## Supported Ruby Versions
+
 This library aims to support and is [tested against][travis] the following Ruby
 implementations:
 
-* Ruby 1.8.7
+### Rubies with support ending at Oauth2 1.x
+
 * Ruby 1.9.3
+  - [JRuby 1.7][jruby-1.7] (targets MRI v1.9)
+
 * Ruby 2.0.0
+  - [JRuby 9.0][jruby-9.0] (targets MRI v2.0)
 * Ruby 2.1
-* Ruby 2.2
-* Ruby 2.3
-* Ruby 2.4
-* [JRuby 9K][jruby]
 
-[jruby]: http://jruby.org/
+---
+
+### Rubies with continued support past Oauth2 2.x
+
+* Ruby 2.2 - Support ends with version 2.x series
+* Ruby 2.3 - Support ends with version 3.x series
+  - [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
+* Ruby 2.4 - Support ends with version 4.x series
+* Ruby 2.5 - Support ends with version 5.x series
+  - [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
+  - [truffleruby][truffleruby] (targets MRI 2.5)
+* Ruby 2.6 - Support ends with version 6.x series
+* Ruby 2.7 - Support ends with version 7.x series
+
+[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html
+[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html
+[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html
+[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
+[truffleruby]: https://github.com/oracle/truffleruby
 
 If something doesn't work on one of these interpreters, it's a bug.
 
@@ -127,8 +198,51 @@ implementation, you will be responsible for providing patches in a timely
 fashion. If critical issues for a particular implementation exist at the time
 of a major release, support for that Ruby version may be dropped.
 
+## Versioning
+
+This library aims to adhere to [Semantic Versioning 2.0.0][semver].
+Violations of this scheme should be reported as bugs. Specifically,
+if a minor or patch version is released that breaks backward
+compatibility, a new version should be immediately released that
+restores compatibility. Breaking changes to the public API will
+only be introduced with new major versions.
+
+As a result of this policy, you can (and should) specify a
+dependency on this gem using the [Pessimistic Version Constraint][pvc] with two digits of precision.
+
+For example:
+
+```ruby
+spec.add_dependency 'oauth2', '~> 1.4'
+```
+
+[semver]: http://semver.org/
+[pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
+
 ## License
-Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc. See [LICENSE][] for
-details.
 
-[license]: LICENSE.md
+[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license]
+
+- Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
+- Copyright (c) 2017-2018 [oauth-xx organization][oauth-xx]
+- See [LICENSE][license] for details.
+
+[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2]
+
+[license]: LICENSE
+[oauth-xx]: https://github.com/oauth-xx
+[fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/oauth-xx/oauth2. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## Code of Conduct
+
+Everyone interacting in the OAuth2 project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/oauth-xx/oauth2/blob/master/CODE_OF_CONDUCT.md).

data/lib/oauth2/access_token.rb

@@ -3,6 +3,7 @@ module OAuth2
     attr_reader :client, :token, :expires_in, :expires_at, :params
     attr_accessor :options, :refresh_token
 
+    # Should these methods be deprecated?
     class << self
       # Initializes an AccessToken from a Hash
       #
@@ -46,11 +47,11 @@ module OAuth2
       end
       @expires_in ||= opts.delete('expires')
       @expires_in &&= @expires_in.to_i
-      @expires_at &&= @expires_at.to_i
+      @expires_at &&= convert_expires_at(@expires_at)
       @expires_at ||= Time.now.to_i + @expires_in if @expires_in
-      @options = {:mode          => opts.delete(:mode) || :header,
+      @options = {:mode => opts.delete(:mode) || :header,
                   :header_format => opts.delete(:header_format) || 'Bearer %s',
-                  :param_name    => opts.delete(:param_name) || 'access_token'}
+                  :param_name => opts.delete(:param_name) || 'access_token'}
       @params = opts
     end
 
@@ -81,6 +82,7 @@ module OAuth2
     # @note options should be carried over to the new AccessToken
     def refresh!(params = {})
       raise('A refresh_token is not available') unless refresh_token
+
       params[:grant_type] = 'refresh_token'
       params[:refresh_token] = refresh_token
       new_token = @client.get_token(params)
@@ -149,7 +151,7 @@ module OAuth2
 
   private
 
-    def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcSize
+    def configure_authentication!(opts) # rubocop:disable Metrics/AbcSize
       case options[:mode]
       when :header
         opts[:headers] ||= {}
@@ -169,5 +171,11 @@ module OAuth2
         raise("invalid :mode option of #{options[:mode]}")
       end
     end
+
+    def convert_expires_at(expires_at)
+      Time.iso8601(expires_at.to_s).to_i
+    rescue ArgumentError
+      expires_at.to_i
+    end
   end
 end

data/lib/oauth2/authenticator.rb

@@ -25,6 +25,10 @@ module OAuth2
         apply_basic_auth(params)
       when :request_body
         apply_params_auth(params)
+      when :tls_client_auth
+        apply_client_id(params)
+      when :private_key_jwt
+        params
       else
         raise NotImplementedError
       end
@@ -42,6 +46,12 @@ module OAuth2
       {'client_id' => id, 'client_secret' => secret}.merge(params)
     end
 
+    # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth,
+    # we don't want to send the secret
+    def apply_client_id(params)
+      {'client_id' => id}.merge(params)
+    end
+
     # Adds an `Authorization` header with Basic Auth credentials if and only if
     # it is not already set in the params.
     def apply_basic_auth(params)