oauth2 1.4.3 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +174 -16
- data/CODE_OF_CONDUCT.md +105 -46
- data/CONTRIBUTING.md +27 -1
- data/LICENSE +1 -1
- data/README.md +427 -131
- data/SECURITY.md +20 -0
- data/lib/oauth2/access_token.rb +64 -25
- data/lib/oauth2/authenticator.rb +12 -5
- data/lib/oauth2/client.rb +208 -65
- data/lib/oauth2/error.rb +43 -24
- data/lib/oauth2/response.rb +81 -22
- data/lib/oauth2/snaky_hash.rb +8 -0
- data/lib/oauth2/strategy/assertion.rb +66 -39
- data/lib/oauth2/strategy/auth_code.rb +16 -3
- data/lib/oauth2/strategy/base.rb +2 -0
- data/lib/oauth2/strategy/client_credentials.rb +4 -2
- data/lib/oauth2/strategy/implicit.rb +10 -1
- data/lib/oauth2/strategy/password.rb +5 -3
- data/lib/oauth2/version.rb +3 -55
- data/lib/oauth2.rb +21 -1
- metadata +84 -98
- data/.document +0 -5
- data/.gitignore +0 -19
- data/.jrubyrc +0 -1
- data/.rspec +0 -2
- data/.rubocop.yml +0 -80
- data/.rubocop_rspec.yml +0 -26
- data/.rubocop_todo.yml +0 -15
- data/.ruby-version +0 -1
- data/.travis.yml +0 -87
- data/Gemfile +0 -40
- data/Rakefile +0 -45
- data/gemfiles/jruby_1.7.gemfile +0 -11
- data/gemfiles/jruby_9.0.gemfile +0 -7
- data/gemfiles/jruby_9.1.gemfile +0 -3
- data/gemfiles/jruby_9.2.gemfile +0 -3
- data/gemfiles/jruby_head.gemfile +0 -3
- data/gemfiles/ruby_1.9.gemfile +0 -11
- data/gemfiles/ruby_2.0.gemfile +0 -6
- data/gemfiles/ruby_2.1.gemfile +0 -6
- data/gemfiles/ruby_2.2.gemfile +0 -3
- data/gemfiles/ruby_2.3.gemfile +0 -3
- data/gemfiles/ruby_2.4.gemfile +0 -3
- data/gemfiles/ruby_2.5.gemfile +0 -3
- data/gemfiles/ruby_2.6.gemfile +0 -9
- data/gemfiles/ruby_2.7.gemfile +0 -9
- data/gemfiles/ruby_head.gemfile +0 -9
- data/gemfiles/truffleruby.gemfile +0 -3
- data/lib/oauth2/mac_token.rb +0 -122
- data/oauth2.gemspec +0 -52
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb9943fbd1a1592461b1397edb9ac16faf301da6ac1c8a2f9e441218c1a51924
|
4
|
+
data.tar.gz: 4435312a9b4cc0392dc49a15f9f71e8a1ed3ff3ca71ba6a7fbaf480aeede052a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 82997d8c41529574701ef25565735fe46d7e343689e5cc07f93cd9bcb074aaa78370aa50062aa59adcfa078f432fb9d2b7ada58d17fae4ac3874a51843e881d6
|
7
|
+
data.tar.gz: c3ce8c8fec91b43a570392791bcab65ccf0b4e4051e3ad6c726c0d23575ae7caf600adbf2a07c27eb1363be6aa9d5019c3adb34d7c166cd5e2c9ae411af9aac9
|
data/CHANGELOG.md
CHANGED
@@ -1,23 +1,174 @@
|
|
1
|
-
#
|
1
|
+
# Changelog
|
2
2
|
All notable changes to this project will be documented in this file.
|
3
3
|
|
4
|
-
|
4
|
+
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
5
|
+
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
5
6
|
|
6
|
-
|
7
|
+
## [2.0.7] - 2022-08-22
|
8
|
+
### Added
|
9
|
+
- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
7
10
|
|
8
|
-
|
11
|
+
### Fixed
|
12
|
+
- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
|
13
|
+
- Note: This fixes compatibility with `omniauth-oauth2` and AWS
|
14
|
+
- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari)
|
15
|
+
|
16
|
+
## [2.0.6] - 2022-07-13
|
17
|
+
### Fixed
|
18
|
+
- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
|
19
|
+
|
20
|
+
## [2.0.5] - 2022-07-07
|
21
|
+
### Fixed
|
22
|
+
- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
|
23
|
+
- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling)
|
24
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
25
|
+
- `refresh_token` is no longer dropped
|
26
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
27
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
28
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
29
|
+
|
30
|
+
## [2.0.4] - 2022-07-01
|
31
|
+
### Fixed
|
32
|
+
- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
33
|
+
|
34
|
+
## [2.0.3] - 2022-06-28
|
35
|
+
### Added
|
36
|
+
- [#611](https://github.com/oauth-xx/oauth2/pull/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
|
37
|
+
- [#612](https://github.com/oauth-xx/oauth2/pull/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
|
38
|
+
### Fixed
|
39
|
+
- [#608](https://github.com/oauth-xx/oauth2/pull/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
|
40
|
+
- [#615](https://github.com/oauth-xx/oauth2/pull/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
|
41
|
+
|
42
|
+
## [2.0.2] - 2022-06-24
|
43
|
+
### Fixed
|
44
|
+
- [#604](https://github.com/oauth-xx/oauth2/pull/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
|
45
|
+
- [#606](https://github.com/oauth-xx/oauth2/pull/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
|
46
|
+
- [#607](https://github.com/oauth-xx/oauth2/pull/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
|
47
|
+
|
48
|
+
## [2.0.1] - 2022-06-22
|
49
|
+
### Added
|
50
|
+
- Documentation improvements (@pboling)
|
51
|
+
- Increased test coverage to 99% (@pboling)
|
9
52
|
|
53
|
+
## [2.0.0] - 2022-06-21
|
54
|
+
### Added
|
55
|
+
- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels)
|
56
|
+
- [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
|
57
|
+
- [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
|
58
|
+
- [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
|
59
|
+
- [#305](https://github.com/oauth-xx/oauth2/pull/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
|
60
|
+
- [#346](https://github.com/oauth-xx/oauth2/pull/571) - Modern gem structure (@pboling)
|
61
|
+
- [#351](https://github.com/oauth-xx/oauth2/pull/351) - Support Jruby 9k (@pboling)
|
62
|
+
- [#362](https://github.com/oauth-xx/oauth2/pull/362) - Support SemVer release version scheme (@pboling)
|
63
|
+
- [#363](https://github.com/oauth-xx/oauth2/pull/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
|
64
|
+
- [#364](https://github.com/oauth-xx/oauth2/pull/364) - Support `application/hal+json` format (@pboling)
|
65
|
+
- [#365](https://github.com/oauth-xx/oauth2/pull/365) - Support `application/vnd.collection+json` format (@pboling)
|
66
|
+
- [#376](https://github.com/oauth-xx/oauth2/pull/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
|
67
|
+
- [#381](https://github.com/oauth-xx/oauth2/pull/381) - Spec for extra header params on client credentials (@nikz)
|
68
|
+
- [#394](https://github.com/oauth-xx/oauth2/pull/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
|
69
|
+
- [#412](https://github.com/oauth-xx/oauth2/pull/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
|
70
|
+
- [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura)
|
71
|
+
- [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
|
72
|
+
- [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
|
73
|
+
- [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
|
74
|
+
- [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu)
|
75
|
+
- [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek)
|
76
|
+
- [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93)
|
77
|
+
- [#560](https://github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
|
78
|
+
- [#571](https://github.com/oauth-xx/oauth2/pull/571) - Support Ruby 3.1 (@pboling)
|
79
|
+
- [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
|
80
|
+
- [#581](https://github.com/oauth-xx/oauth2/pull/581) - _Documentation_: of breaking changes (@pboling)
|
81
|
+
### Changed
|
82
|
+
- [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
|
83
|
+
- [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
|
84
|
+
- [#317](https://github.com/oauth-xx/oauth2/pull/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
|
85
|
+
- [#338](https://github.com/oauth-xx/oauth2/pull/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
|
86
|
+
- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#368](https://github.com/oauth-xx/oauth2/pull/368), [#424](https://github.com/oauth-xx/oauth2/pull/424), [#479](https://github.com/oauth-xx/oauth2/pull/479), [#493](https://github.com/oauth-xx/oauth2/pull/493), [#539](https://github.com/oauth-xx/oauth2/pull/539), [#542](https://github.com/oauth-xx/oauth2/pull/542), [#553](https://github.com/oauth-xx/oauth2/pull/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
|
87
|
+
- [#410](https://github.com/oauth-xx/oauth2/pull/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
|
88
|
+
- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
89
|
+
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
90
|
+
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
91
|
+
- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
92
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
93
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
94
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
95
|
+
- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
96
|
+
- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
97
|
+
### Fixed
|
98
|
+
- [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels)
|
99
|
+
- [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
|
100
|
+
- [#300](https://github.com/oauth-xx/oauth2/pull/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
|
101
|
+
- [#318](https://github.com/oauth-xx/oauth2/pull/318), [#326](https://github.com/oauth-xx/oauth2/pull/326), [#343](https://github.com/oauth-xx/oauth2/pull/343), [#347](https://github.com/oauth-xx/oauth2/pull/347), [#397](https://github.com/oauth-xx/oauth2/pull/397), [#464](https://github.com/oauth-xx/oauth2/pull/464), [#561](https://github.com/oauth-xx/oauth2/pull/561), [#565](https://github.com/oauth-xx/oauth2/pull/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
|
102
|
+
- [#322](https://github.com/oauth-xx/oauth2/pull/322), [#331](https://github.com/oauth-xx/oauth2/pull/331), [#337](https://github.com/oauth-xx/oauth2/pull/337), [#361](https://github.com/oauth-xx/oauth2/pull/361), [#371](https://github.com/oauth-xx/oauth2/pull/371), [#377](https://github.com/oauth-xx/oauth2/pull/377), [#383](https://github.com/oauth-xx/oauth2/pull/383), [#392](https://github.com/oauth-xx/oauth2/pull/392), [#395](https://github.com/oauth-xx/oauth2/pull/395), [#400](https://github.com/oauth-xx/oauth2/pull/400), [#401](https://github.com/oauth-xx/oauth2/pull/401), [#403](https://github.com/oauth-xx/oauth2/pull/403), [#415](https://github.com/oauth-xx/oauth2/pull/415), [#567](https://github.com/oauth-xx/oauth2/pull/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
|
103
|
+
- [#328](https://github.com/oauth-xx/oauth2/pull/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
|
104
|
+
- [#339](https://github.com/oauth-xx/oauth2/pull/339), [#479](https://github.com/oauth-xx/oauth2/pull/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
|
105
|
+
- [#366](https://github.com/oauth-xx/oauth2/pull/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
|
106
|
+
- [#380](https://github.com/oauth-xx/oauth2/pull/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
|
107
|
+
- [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
|
108
|
+
- [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
|
109
|
+
- [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo)
|
110
|
+
- [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
|
111
|
+
- [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
|
112
|
+
- [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling)
|
113
|
+
- [#595](https://github.com/oauth-xx/oauth2/pull/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
114
|
+
- [#596](https://github.com/oauth-xx/oauth2/pull/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
|
115
|
+
- [#598](https://github.com/oauth-xx/oauth2/pull/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
116
|
+
### Removed
|
117
|
+
- [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage)
|
118
|
+
- [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
|
119
|
+
- [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling)
|
120
|
+
- [#566](https://github.com/oauth-xx/oauth2/pull/566) - _Dependency_: Removed `wwtd` (@bquorning)
|
121
|
+
- [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu)
|
122
|
+
- [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu)
|
123
|
+
|
124
|
+
## [1.4.10] - 2022-07-01
|
125
|
+
- FIPS Compatibility [#587](https://github.com/oauth-xx/oauth2/pull/587) (@akostadinov)
|
126
|
+
|
127
|
+
## [1.4.9] - 2022-02-20
|
128
|
+
- Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572)
|
129
|
+
- Includes supported versions of Faraday in test matrix:
|
130
|
+
- Faraday ~> 2.2.0 with Ruby >= 2.6
|
131
|
+
- Faraday ~> 1.10 with Ruby >= 2.4
|
132
|
+
- Faraday ~> 0.17.3 with Ruby >= 1.9
|
133
|
+
- Add Windows and MacOS to test matrix
|
134
|
+
|
135
|
+
## [1.4.8] - 2022-02-18
|
136
|
+
- MFA is now required to push new gem versions (@pboling)
|
137
|
+
- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
|
138
|
+
- [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
|
139
|
+
- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
|
140
|
+
- Add CodeQL, Security Policy, Funding info (@pboling)
|
141
|
+
- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
|
142
|
+
- [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling)
|
143
|
+
|
144
|
+
## [1.4.7] - 2021-03-19
|
145
|
+
- [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon)
|
146
|
+
|
147
|
+
## [1.4.6] - 2021-03-19
|
148
|
+
- [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling)
|
149
|
+
- [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
|
150
|
+
- [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on master branch (@anderscarling)
|
151
|
+
|
152
|
+
## [1.4.5] - 2021-03-18
|
153
|
+
- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling)
|
154
|
+
- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
|
155
|
+
- [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox)
|
156
|
+
- [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle)
|
157
|
+
|
158
|
+
## [1.4.4] - 2020-02-12
|
159
|
+
- [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey)
|
160
|
+
|
161
|
+
## [1.4.3] - 2020-01-29
|
10
162
|
- [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien)
|
11
163
|
- [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
|
12
164
|
- Adds support for private_key_jwt and tls_client_auth
|
165
|
+
- [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256)
|
13
166
|
|
14
167
|
## [1.4.2] - 2019-10-01
|
15
|
-
|
16
168
|
- [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling)
|
17
|
-
-
|
169
|
+
- Officially support Ruby 2.6 and truffleruby
|
18
170
|
|
19
171
|
## [1.4.1] - 2018-10-13
|
20
|
-
|
21
172
|
- [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman)
|
22
173
|
- [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling)
|
23
174
|
- [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling)
|
@@ -44,19 +195,16 @@ All notable changes to this project will be documented in this file.
|
|
44
195
|
[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
|
45
196
|
|
46
197
|
## [1.4.0] - 2017-06-09
|
47
|
-
|
48
198
|
- Drop Ruby 1.8.7 support (@sferik)
|
49
199
|
- Fix some RuboCop offenses (@sferik)
|
50
200
|
- _Dependency_: Remove Yardstick (@sferik)
|
51
201
|
- _Dependency_: Upgrade Faraday to 0.12 (@sferik)
|
52
202
|
|
53
203
|
## [1.3.1] - 2017-03-03
|
54
|
-
|
55
204
|
- Add support for Ruby 2.4.0 (@pschambacher)
|
56
205
|
- _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
|
57
206
|
|
58
207
|
## [1.3.0] - 2016-12-28
|
59
|
-
|
60
208
|
- Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
|
61
209
|
- Default to header-based authentication when getting a token from an authorisation code (@maletor)
|
62
210
|
- **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes)
|
@@ -66,24 +214,20 @@ All notable changes to this project will be documented in this file.
|
|
66
214
|
- Add support for Faraday 0.10 (@rhymes)
|
67
215
|
|
68
216
|
## [1.2.0] - 2016-07-01
|
69
|
-
|
70
217
|
- Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
|
71
218
|
- Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
|
72
219
|
- Use `raise` rather than `fail` to throw exceptions (@sferik)
|
73
220
|
|
74
221
|
## [1.1.0] - 2016-01-30
|
75
|
-
|
76
222
|
- Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
|
77
223
|
- Add support for Rack 2, and bump various other dependencies (@sferik)
|
78
224
|
|
79
225
|
## [1.0.0] - 2014-07-09
|
80
|
-
|
81
226
|
### Added
|
82
227
|
- Add an implementation of the MAC token spec.
|
83
228
|
|
84
229
|
### Fixed
|
85
230
|
- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
|
86
|
-
|
87
231
|
## [0.5.0] - 2011-07-29
|
88
232
|
|
89
233
|
### Changed
|
@@ -119,7 +263,6 @@ All notable changes to this project will be documented in this file.
|
|
119
263
|
|
120
264
|
## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
|
121
265
|
|
122
|
-
|
123
266
|
[0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
|
124
267
|
[0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
|
125
268
|
[0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
|
@@ -149,4 +292,19 @@ All notable changes to this project will be documented in this file.
|
|
149
292
|
[1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1
|
150
293
|
[1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2
|
151
294
|
[1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3
|
152
|
-
[
|
295
|
+
[1.4.4]: https://github.com/oauth-xx/oauth2/compare/v1.4.3...v1.4.4
|
296
|
+
[1.4.5]: https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.5
|
297
|
+
[1.4.6]: https://github.com/oauth-xx/oauth2/compare/v1.4.5...v1.4.6
|
298
|
+
[1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
|
299
|
+
[1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
|
300
|
+
[1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
|
301
|
+
[1.4.10]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v1.4.10
|
302
|
+
[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.10...v2.0.0
|
303
|
+
[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1
|
304
|
+
[2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2
|
305
|
+
[2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
|
306
|
+
[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
|
307
|
+
[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
|
308
|
+
[2.0.6]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...v2.0.6
|
309
|
+
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.6...HEAD
|
310
|
+
[gemfiles/readme]: gemfiles/README.md
|
data/CODE_OF_CONDUCT.md
CHANGED
@@ -1,74 +1,133 @@
|
|
1
|
+
|
1
2
|
# Contributor Covenant Code of Conduct
|
2
3
|
|
3
4
|
## Our Pledge
|
4
5
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
nationality, personal appearance, race, religion, or sexual identity
|
10
|
-
orientation.
|
6
|
+
We as members, contributors, and leaders pledge to make participation in our
|
7
|
+
community a harassment-free experience for everyone, regardless of age, body
|
8
|
+
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
9
|
+
identity and expression, level of experience, education, socio-economic status,
|
10
|
+
nationality, personal appearance, race, religion, or sexual identity
|
11
|
+
and orientation.
|
12
|
+
|
13
|
+
We pledge to act and interact in ways that contribute to an open, welcoming,
|
14
|
+
diverse, inclusive, and healthy community.
|
11
15
|
|
12
16
|
## Our Standards
|
13
17
|
|
14
|
-
Examples of behavior that contributes to
|
15
|
-
include:
|
18
|
+
Examples of behavior that contributes to a positive environment for our
|
19
|
+
community include:
|
16
20
|
|
17
|
-
*
|
18
|
-
* Being respectful of differing viewpoints and experiences
|
19
|
-
*
|
20
|
-
*
|
21
|
-
|
21
|
+
* Demonstrating empathy and kindness toward other people
|
22
|
+
* Being respectful of differing opinions, viewpoints, and experiences
|
23
|
+
* Giving and gracefully accepting constructive feedback
|
24
|
+
* Accepting responsibility and apologizing to those affected by our mistakes,
|
25
|
+
and learning from the experience
|
26
|
+
* Focusing on what is best not just for us as individuals, but for the
|
27
|
+
overall community
|
22
28
|
|
23
|
-
Examples of unacceptable behavior
|
29
|
+
Examples of unacceptable behavior include:
|
24
30
|
|
25
|
-
* The use of sexualized language or imagery and
|
26
|
-
advances
|
27
|
-
* Trolling, insulting
|
31
|
+
* The use of sexualized language or imagery, and sexual attention or
|
32
|
+
advances of any kind
|
33
|
+
* Trolling, insulting or derogatory comments, and personal or political attacks
|
28
34
|
* Public or private harassment
|
29
|
-
* Publishing others' private information, such as a physical or
|
30
|
-
address, without explicit permission
|
35
|
+
* Publishing others' private information, such as a physical or email
|
36
|
+
address, without their explicit permission
|
31
37
|
* Other conduct which could reasonably be considered inappropriate in a
|
32
38
|
professional setting
|
33
39
|
|
34
|
-
##
|
40
|
+
## Enforcement Responsibilities
|
35
41
|
|
36
|
-
|
37
|
-
behavior and
|
38
|
-
response to any
|
42
|
+
Community leaders are responsible for clarifying and enforcing our standards of
|
43
|
+
acceptable behavior and will take appropriate and fair corrective action in
|
44
|
+
response to any behavior that they deem inappropriate, threatening, offensive,
|
45
|
+
or harmful.
|
39
46
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
threatening, offensive, or harmful.
|
47
|
+
Community leaders have the right and responsibility to remove, edit, or reject
|
48
|
+
comments, commits, code, wiki edits, issues, and other contributions that are
|
49
|
+
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
50
|
+
decisions when appropriate.
|
45
51
|
|
46
52
|
## Scope
|
47
53
|
|
48
|
-
This Code of Conduct applies
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
representative at an online or offline event.
|
53
|
-
further defined and clarified by project maintainers.
|
54
|
+
This Code of Conduct applies within all community spaces, and also applies when
|
55
|
+
an individual is officially representing the community in public spaces.
|
56
|
+
Examples of representing our community include using an official e-mail address,
|
57
|
+
posting via an official social media account, or acting as an appointed
|
58
|
+
representative at an online or offline event.
|
54
59
|
|
55
60
|
## Enforcement
|
56
61
|
|
57
62
|
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
58
|
-
reported
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
+
reported to the community leaders responsible for enforcement at
|
64
|
+
[INSERT CONTACT METHOD].
|
65
|
+
All complaints will be reviewed and investigated promptly and fairly.
|
66
|
+
|
67
|
+
All community leaders are obligated to respect the privacy and security of the
|
68
|
+
reporter of any incident.
|
69
|
+
|
70
|
+
## Enforcement Guidelines
|
71
|
+
|
72
|
+
Community leaders will follow these Community Impact Guidelines in determining
|
73
|
+
the consequences for any action they deem in violation of this Code of Conduct:
|
74
|
+
|
75
|
+
### 1. Correction
|
76
|
+
|
77
|
+
**Community Impact**: Use of inappropriate language or other behavior deemed
|
78
|
+
unprofessional or unwelcome in the community.
|
79
|
+
|
80
|
+
**Consequence**: A private, written warning from community leaders, providing
|
81
|
+
clarity around the nature of the violation and an explanation of why the
|
82
|
+
behavior was inappropriate. A public apology may be requested.
|
83
|
+
|
84
|
+
### 2. Warning
|
63
85
|
|
64
|
-
|
65
|
-
|
66
|
-
|
86
|
+
**Community Impact**: A violation through a single incident or series
|
87
|
+
of actions.
|
88
|
+
|
89
|
+
**Consequence**: A warning with consequences for continued behavior. No
|
90
|
+
interaction with the people involved, including unsolicited interaction with
|
91
|
+
those enforcing the Code of Conduct, for a specified period of time. This
|
92
|
+
includes avoiding interactions in community spaces as well as external channels
|
93
|
+
like social media. Violating these terms may lead to a temporary or
|
94
|
+
permanent ban.
|
95
|
+
|
96
|
+
### 3. Temporary Ban
|
97
|
+
|
98
|
+
**Community Impact**: A serious violation of community standards, including
|
99
|
+
sustained inappropriate behavior.
|
100
|
+
|
101
|
+
**Consequence**: A temporary ban from any sort of interaction or public
|
102
|
+
communication with the community for a specified period of time. No public or
|
103
|
+
private interaction with the people involved, including unsolicited interaction
|
104
|
+
with those enforcing the Code of Conduct, is allowed during this period.
|
105
|
+
Violating these terms may lead to a permanent ban.
|
106
|
+
|
107
|
+
### 4. Permanent Ban
|
108
|
+
|
109
|
+
**Community Impact**: Demonstrating a pattern of violation of community
|
110
|
+
standards, including sustained inappropriate behavior, harassment of an
|
111
|
+
individual, or aggression toward or disparagement of classes of individuals.
|
112
|
+
|
113
|
+
**Consequence**: A permanent ban from any sort of public interaction within
|
114
|
+
the community.
|
67
115
|
|
68
116
|
## Attribution
|
69
117
|
|
70
|
-
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
71
|
-
available at
|
118
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
119
|
+
version 2.0, available at
|
120
|
+
[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
|
121
|
+
|
122
|
+
Community Impact Guidelines were inspired by
|
123
|
+
[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
|
124
|
+
|
125
|
+
For answers to common questions about this code of conduct, see the FAQ at
|
126
|
+
[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
|
127
|
+
at [https://www.contributor-covenant.org/translations][translations].
|
72
128
|
|
73
|
-
[homepage]:
|
74
|
-
[
|
129
|
+
[homepage]: https://www.contributor-covenant.org
|
130
|
+
[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
|
131
|
+
[Mozilla CoC]: https://github.com/mozilla/diversity
|
132
|
+
[FAQ]: https://www.contributor-covenant.org/faq
|
133
|
+
[translations]: https://www.contributor-covenant.org/translations
|
data/CONTRIBUTING.md
CHANGED
@@ -1,4 +1,12 @@
|
|
1
|
-
##
|
1
|
+
## Contributing
|
2
|
+
|
3
|
+
Bug reports and pull requests are welcome on GitHub at [https://github.com/oauth-xx/oauth2][source]
|
4
|
+
. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
|
5
|
+
the [code of conduct][conduct].
|
6
|
+
|
7
|
+
To submit a patch, please fork the project and create a patch with tests. Once you're happy with it send a pull request!
|
8
|
+
|
9
|
+
## Detailed instructions on Submitting a Pull Request
|
2
10
|
1. [Fork the repository.][fork]
|
3
11
|
2. [Create a topic branch.][branch]
|
4
12
|
3. Add specs for your unimplemented feature or bug fix.
|
@@ -16,3 +24,21 @@
|
|
16
24
|
[fork]: http://help.github.com/fork-a-repo/
|
17
25
|
[branch]: http://learn.github.com/p/branching.html
|
18
26
|
[pr]: http://help.github.com/send-pull-requests/
|
27
|
+
|
28
|
+
## Contributors
|
29
|
+
|
30
|
+
[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)][contributors]
|
31
|
+
|
32
|
+
Made with [contributors-img][contrib-rocks].
|
33
|
+
|
34
|
+
[comment]: <> (Following links are used by README, CONTRIBUTING)
|
35
|
+
|
36
|
+
[conduct]: https://github.com/oauth-xx/oauth2/blob/master/CODE_OF_CONDUCT.md
|
37
|
+
|
38
|
+
[contrib-rocks]: https://contrib.rocks
|
39
|
+
|
40
|
+
[contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors
|
41
|
+
|
42
|
+
[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
|
43
|
+
|
44
|
+
[source]: https://github.com/oauth-xx/oauth2/
|
data/LICENSE
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
MIT License
|
2
2
|
|
3
3
|
Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
|
4
|
-
Copyright (c) 2017 -
|
4
|
+
Copyright (c) 2017 - 2022 oauth-xx organization, https://github.com/oauth-xx
|
5
5
|
|
6
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
7
7
|
of this software and associated documentation files (the "Software"), to deal
|