oauth2 1.4.4 → 1.4.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b97977a64f018ee795bce70e2b670bac5d50c731c8f206f1ff9d074c29be1192
-  data.tar.gz: 3d11d9da6bd69267f571e01077e776f07deae6d0411e71493061faa22bbfd694
+  metadata.gz: a85bca5fd51e149c80b5403207615e23040773582d3e2ae0fc2c44b83d49e866
+  data.tar.gz: 8022e428b4e48a88bbc84ec5855bce39d3b7b37ffe8a987df161103402b08585
 SHA512:
-  metadata.gz: 2931c2d95bb544b4af8ad3415c4be029733042cb1e959c11427344e062bcd59fab97293371241843cca9b7ba92b1ef7ef148f687f91ba36df5d4c94cf6dd9c5d
-  data.tar.gz: 9db9d4e0bb93eff4c83e567abcf1c6c3b59023d1d8eaccb3f7e2762809e2ac6278288c56a3aafc3f812ceb946c6a84840d65172428e89dda9b608ee248676c55
+  metadata.gz: 810d0073495d3e5f05149b41257e02fbfd2ce09294f082dd69ddba67cc7c523d268f8163232ec6da783f05adf3f0e2876980699be3e6de58732cb1d8d988be20
+  data.tar.gz: d70c9a0303ae519eaa2b0db6af9e8dc56380263fbb30fce15a7ec9ff26ccc467de99a91265bc57d8bdce9bf2ade650312804e161b598e49c29ee81d2f2a3678f

data/.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "04:28"
+    open-pull-requests-limit: 10

data/.github/workflows/style.yml

@@ -0,0 +1,37 @@
+name: Code Style Checks
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'master'
+      - '*-maintenance'
+      - '*-dev'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  rubocop:
+    name: Rubocop
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.7
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Install dependencies
+        run: bundle install --jobs 3 --retry 3
+      - name: Run Rubocop
+        run: bundle exec rubocop -DESP

data/.github/workflows/test.yml

@@ -0,0 +1,58 @@
+name: Unit Tests
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'master'
+      - '*-maintenance'
+      - '*-dev'
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  test:
+    name: Specs - Ruby ${{ matrix.ruby }} ${{ matrix.name_extra || '' }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 3.0.0
+          - 2.7
+          - 2.6
+          - 2.5
+          - 2.4
+          - 2.3
+          - 2.2
+          - 2.1
+    runs-on: ubuntu-20.04
+    continue-on-error: ${{ matrix.allow_failure || endsWith(matrix.ruby, 'head') }}
+    steps:
+      - uses: amancevice/setup-code-climate@v0
+        name: CodeClimate Install
+        if: matrix.ruby == '2.7' && github.event_name != 'pull_request'
+        with:
+          cc_test_reporter_id: ${{ secrets.CC_TEST_REPORTER_ID }}
+      - uses: actions/checkout@v2
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler: ${{ matrix.bundler || 2 }}
+          bundler-cache: true
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install --jobs 3 --retry 3 --binstubs --standalone
+      - name: CodeClimate Pre-build Notification
+        run: cc-test-reporter before-build
+        if: matrix.ruby == '2.7' && github.event_name != 'pull_request'
+        continue-on-error: ${{ matrix.allow_failures != 'false' }}
+      - name: Run tests
+        run: bundle exec rake test
+      - name: CodeClimate Post-build Notification
+        run: cc-test-reporter after-build
+        if: matrix.ruby == '2.7' && github.event_name != 'pull_request' && always()
+        continue-on-error: ${{ matrix.allow_failures != 'false' }}

data/.rspec

@@ -1,2 +1,4 @@
 --color
 --order random
+--require helper
+--format=documentation

data/.rubocop.yml

@@ -1,30 +1,42 @@
-require: rubocop-rspec
 inherit_from:
   - .rubocop_todo.yml
   - .rubocop_rspec.yml
+
+require:
+  - 'rubocop-md'
+  - 'rubocop-packaging'
+  - 'rubocop-performance'
+  - 'rubocop-rake'
+  - 'rubocop-rspec'
+
 AllCops:
+  NewCops: enable
   DisplayCopNames: true # Display the name of the failing cops
-  TargetRubyVersion: 2.1
   Exclude:
     - 'gemfiles/vendor/**/*'
     - 'vendor/**/*'
     - '**/.irbrc'
 
-Gemspec/RequiredRubyVersion:
-  Enabled: false
-
 Metrics/BlockLength:
+  IgnoredMethods:
+    - context
+    - describe
+    - it
+    - shared_context
+    - shared_examples
+    - shared_examples_for
+    - namespace
+    - draw
+
+Gemspec/RequiredRubyVersion:
   Enabled: false
 
 Metrics/BlockNesting:
   Max: 2
 
-Metrics/LineLength:
+Layout/LineLength:
   Enabled: false
 
-Metrics/MethodLength:
-  Max: 15
-
 Metrics/ParameterLists:
   Max: 4
 
@@ -78,3 +90,23 @@ Style/TrailingCommaInArrayLiteral:
 
 Style/TrailingCommaInHashLiteral:
   EnforcedStyleForMultiline: comma
+
+Style/HashSyntax:
+  EnforcedStyle: hash_rockets
+
+Style/Lambda:
+  Enabled: false
+
+Style/SymbolArray:
+  Enabled: false
+
+Style/EachWithObject:
+  Enabled: false
+
+# Once we drop Rubies that lack support for __dir__ we can turn this on.
+Style/ExpandPathArguments:
+  Enabled: false
+
+# On Ruby 1.9 array.to_h isn't available, needs to be Hash[array]
+Style/HashConversion:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,15 +1,113 @@
-Style/HashSyntax:
-  EnforcedStyle: hash_rockets
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+# on 2021-03-18 18:59:52 UTC using RuboCop version 1.11.0.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
 
-Style/Lambda:
-  Enabled: false
+# Offense count: 1
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: enums
+Lint/ConstantDefinitionInBlock:
+  Exclude:
+    - 'spec/oauth2/client_spec.rb'
 
-Style/SymbolArray:
-  Enabled: false
+# Offense count: 1
+Lint/UselessAssignment:
+  Exclude:
+    - '**/*.md'
+    - '**/*.markdown'
+    - 'spec/oauth2/client_spec.rb'
 
-Style/EachWithObject:
-  Enabled: false
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
+# IgnoredMethods: refine
+Metrics/BlockLength:
+  Max: 27
+
+# Offense count: 4
+# Configuration parameters: IgnoredMethods.
+Metrics/CyclomaticComplexity:
+  Max: 11
+
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
+Metrics/MethodLength:
+  Max: 18
+
+# Offense count: 3
+# Configuration parameters: IgnoredMethods.
+Metrics/PerceivedComplexity:
+  Max: 11
+
+# Offense count: 14
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers.
+# SupportedStyles: snake_case, normalcase, non_integer
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339
+Naming/VariableNumber:
+  Exclude:
+    - 'Gemfile'
+
+# Offense count: 1
+Packaging/GemspecGit:
+  Exclude:
+    - 'oauth2.gemspec'
 
-# Once we drop Rubies that lack support for __dir__ we can turn this on.
-Style/ExpandPathArguments:
+# Offense count: 2
+# Configuration parameters: MinSize.
+Performance/CollectionLiteralInLoop:
+  Exclude:
+    - 'spec/oauth2/strategy/auth_code_spec.rb'
+    - 'spec/oauth2/strategy/client_credentials_spec.rb'
+
+# Offense count: 7
+# Configuration parameters: Prefixes.
+# Prefixes: when, with, without
+RSpec/ContextWording:
+  Exclude:
+    - 'spec/oauth2/access_token_spec.rb'
+    - 'spec/oauth2/authenticator_spec.rb'
+    - 'spec/oauth2/client_spec.rb'
+
+# Offense count: 1
+RSpec/LeakyConstantDeclaration:
+  Exclude:
+    - 'spec/oauth2/client_spec.rb'
+
+# Offense count: 8
+# Configuration parameters: AllowSubject.
+RSpec/MultipleMemoizedHelpers:
+  Max: 6
+
+# Offense count: 1
+Rake/Desc:
+  Exclude:
+    - 'Rakefile'
+
+# Offense count: 40
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: always, always_true, never
+Style/FrozenStringLiteralComment:
   Enabled: false
+
+# Offense count: 1
+Style/MixinUsage:
+  Exclude:
+    - 'spec/helper.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
+# AllowedMethods: present?, blank?, presence, try, try!
+Style/SafeNavigation:
+  Exclude:
+    - 'lib/oauth2/error.rb'
+
+# Offense count: 3
+# Cop supports --auto-correct.
+Style/StringConcatenation:
+  Exclude:
+    - 'lib/oauth2/authenticator.rb'
+    - 'spec/oauth2/authenticator_spec.rb'

data/.travis.yml

@@ -56,27 +56,15 @@ matrix:
       gemfile: gemfiles/ruby_2.0.gemfile
     - rvm: jruby-9.0 # targets MRI v2.0
       gemfile: gemfiles/jruby_9.0.gemfile
-    - rvm: 2.1
-      gemfile: gemfiles/ruby_2.1.gemfile
     # DEPRECATION WARNING
+    # NOTE: Specs for Ruby 2.1 are now running with Github Actions
     # oauth2 1.x series releases are the last to support Ruby versions above
     # oauth2 2.x series releases will support Ruby versions below, and not above
+    # NOTE: Specs for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7 & 3.0 are now running with Github Actions
     - rvm: jruby-9.1 # targets MRI v2.3
       gemfile: gemfiles/jruby_9.1.gemfile
-    - rvm: 2.2
-      gemfile: gemfiles/ruby_2.2.gemfile
-    - rvm: 2.3
-      gemfile: gemfiles/ruby_2.3.gemfile
-    - rvm: 2.4
-      gemfile: gemfiles/ruby_2.4.gemfile
     - rvm: jruby-9.2 # targets MRI v2.5
       gemfile: gemfiles/jruby_9.2.gemfile
-    - rvm: 2.5
-      gemfile: gemfiles/ruby_2.5.gemfile
-    - rvm: 2.6
-      gemfile: gemfiles/ruby_2.6.gemfile
-    - rvm: 2.7
-      gemfile: gemfiles/ruby_2.7.gemfile
     - rvm: jruby-head
       gemfile: gemfiles/jruby_head.gemfile
     - rvm: ruby-head

data/CHANGELOG.md

@@ -1,9 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## [unreleased]
+## unreleased
 
-- no changes yet
+## [1.4.5] - 2020-03-18
+
+- [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling)
+- [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
 
 ## [1.4.4] - 2020-02-12
 

data/CODE_OF_CONDUCT.md

@@ -1,74 +1,133 @@
+
 # Contributor Covenant Code of Conduct
 
 ## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
 
 ## Our Standards
 
-Examples of behavior that contributes to creating a positive environment
-include:
+Examples of behavior that contributes to a positive environment for our
+community include:
 
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
 
-Examples of unacceptable behavior by participants include:
+Examples of unacceptable behavior include:
 
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
 * Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
-## Our Responsibilities
+## Enforcement Responsibilities
 
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
 
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
 
 ## Scope
 
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
 
 ## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at peter.boling@gmail.com. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
+reported to the community leaders responsible for enforcement at
+[INSERT CONTACT METHOD].
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
 
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
 
 ## Attribution
 
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
 
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

data/Gemfile

@@ -1,29 +1,52 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
+gemspec
+
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 
 gem 'faraday', ['>= 0.8', '< 2.0'], :platforms => [:jruby_18, :ruby_18]
 gem 'jwt', '< 1.5.2', :platforms => [:jruby_18, :ruby_18]
 gem 'rake', '< 11.0'
-gem 'rdoc', '~> 4.2.2'
 
-group :test do
-  ruby_version = Gem::Version.new(RUBY_VERSION)
-  if ruby_version >= Gem::Version.new('2.1')
-    # TODO: Upgrade to >= 0.59 when we drop Rubies below 2.2
-    #     Error: Unsupported Ruby version 2.1 found in `TargetRubyVersion` parameter (in .rubocop.yml). 2.1-compatible analysis was dropped after version 0.58.
-    #     Supported versions: 2.2, 2.3, 2.4, 2.5
-    gem 'rubocop', '~> 0.57.0'
-    gem 'rubocop-rspec', '~> 1.27.0' # last version that can use rubocop < 0.58
+ruby_version = Gem::Version.new(RUBY_VERSION)
+
+### deps for documentation and rdoc.info
+group :documentation do
+  gem 'github-markup', :platform => :mri
+  gem 'rdoc'
+  gem 'redcarpet', :platform => :mri
+  gem 'yard', :require => false
+end
+
+group :development, :test do
+  if ruby_version >= Gem::Version.new('2.4')
+    # No need to run byebug / pry on earlier versions
+    gem 'byebug', :platform => :mri
+    gem 'pry', :platform => :mri
+    gem 'pry-byebug', :platform => :mri
   end
-  gem 'pry', '~> 0.11' if ruby_version >= Gem::Version.new('2.0')
 
+  if ruby_version >= Gem::Version.new('2.7')
+    # No need to run rubocop or simplecov on earlier versions
+    gem 'rubocop', '~> 1.9', :platform => :mri
+    gem 'rubocop-md', :platform => :mri
+    gem 'rubocop-packaging', :platform => :mri
+    gem 'rubocop-performance', :platform => :mri
+    gem 'rubocop-rake', :platform => :mri
+    gem 'rubocop-rspec', :platform => :mri
+
+    gem 'coveralls'
+    gem 'simplecov', :platform => :mri
+  end
+end
+
+group :test do
   gem 'addressable', '~> 2.3.8'
   gem 'backports'
-  gem 'coveralls'
   gem 'rack', '~> 1.2', :platforms => [:jruby_18, :jruby_19, :ruby_18, :ruby_19, :ruby_20, :ruby_21]
   gem 'rspec', '>= 3'
-  gem 'simplecov', '>= 0.9'
 
   platforms :jruby_18, :ruby_18 do
     gem 'mime-types', '~> 1.25'
@@ -36,5 +59,3 @@ group :test do
     gem 'tins', '< 1.7'
   end
 end
-
-gemspec

data/README.md

@@ -79,7 +79,7 @@ client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth2/ca
 # => "https://example.org/oauth/authorization?response_type=code&client_id=client_id&redirect_uri=http://localhost:8080/oauth2/callback"
 
 token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'})
-response = token.get('/api/resource', :params => { 'query_foo' => 'bar' })
+response = token.get('/api/resource', :params => {'query_foo' => 'bar'})
 response.class.name
 # => OAuth2::Response
 ```
@@ -166,7 +166,7 @@ implementations:
 
 * Ruby 2.2 - Support ends with version 2.x series
 * Ruby 2.3 - Support ends with version 3.x series
-  - [JRuby 9.1][jruby-9.1] (targets MRI v2.3) 
+  - [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
 * Ruby 2.4 - Support ends with version 4.x series
 * Ruby 2.5 - Support ends with version 5.x series
   - [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
@@ -230,7 +230,7 @@ spec.add_dependency 'oauth2', '~> 1.4'
 
 ## Development
 
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests.
 
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 

data/Rakefile

@@ -33,7 +33,7 @@ end
 
 namespace :doc do
   require 'rdoc/task'
-  require File.expand_path('../lib/oauth2/version', __FILE__)
+  require 'oauth2/version'
   RDoc::Task.new do |rdoc|
     rdoc.rdoc_dir = 'rdoc'
     rdoc.title = "oauth2 #{OAuth2::Version}"

data/gemfiles/jruby_1.7.gemfile

@@ -4,7 +4,7 @@ gem 'faraday', '~> 0.15.4'
 
 gem 'json', '< 2.0'
 gem 'rack', '~> 1.2'
-gem 'rake', [">= 10.0", "< 12"]
+gem 'rake', ['>= 10.0', '< 12']
 gem 'term-ansicolor', '< 1.4.0'
 gem 'tins', '< 1.7'
 

data/gemfiles/jruby_9.0.gemfile

@@ -2,6 +2,6 @@ source 'https://rubygems.org'
 
 gem 'faraday', '~> 0.15.4'
 
-gem 'rake', [">= 10.0", "< 12"]
+gem 'rake', ['>= 10.0', '< 12']
 
 gemspec :path => '../'

data/gemfiles/ruby_1.9.gemfile

@@ -4,7 +4,7 @@ gem 'faraday', '~> 0.15.4'
 
 gem 'json', '< 2.0'
 gem 'rack', '~> 1.2'
-gem 'rake', [">= 10.0", "< 12"]
+gem 'rake', ['>= 10.0', '< 12']
 gem 'term-ansicolor', '< 1.4.0'
 gem 'tins', '< 1.7'
 

data/gemfiles/ruby_head.gemfile

@@ -1,8 +1,8 @@
 source 'https://rubygems.org'
 
 group :development do
-  gem 'pry'
   gem 'byebug'
+  gem 'pry'
   gem 'pry-byebug'
 end
 

data/lib/oauth2/access_token.rb

@@ -3,6 +3,7 @@ module OAuth2
     attr_reader :client, :token, :expires_in, :expires_at, :params
     attr_accessor :options, :refresh_token
 
+    # Should these methods be deprecated?
     class << self
       # Initializes an AccessToken from a Hash
       #
@@ -48,9 +49,9 @@ module OAuth2
       @expires_in &&= @expires_in.to_i
       @expires_at &&= convert_expires_at(@expires_at)
       @expires_at ||= Time.now.to_i + @expires_in if @expires_in
-      @options = {:mode          => opts.delete(:mode) || :header,
+      @options = {:mode => opts.delete(:mode) || :header,
                   :header_format => opts.delete(:header_format) || 'Bearer %s',
-                  :param_name    => opts.delete(:param_name) || 'access_token'}
+                  :param_name => opts.delete(:param_name) || 'access_token'}
       @params = opts
     end
 
@@ -81,6 +82,7 @@ module OAuth2
     # @note options should be carried over to the new AccessToken
     def refresh!(params = {})
       raise('A refresh_token is not available') unless refresh_token
+
       params[:grant_type] = 'refresh_token'
       params[:refresh_token] = refresh_token
       new_token = @client.get_token(params)
@@ -149,7 +151,7 @@ module OAuth2
 
   private
 
-    def configure_authentication!(opts) # rubocop:disable MethodLength, Metrics/AbcSize
+    def configure_authentication!(opts) # rubocop:disable Metrics/AbcSize
       case options[:mode]
       when :header
         opts[:headers] ||= {}
@@ -174,6 +176,7 @@ module OAuth2
       expires_at_i = expires_at.to_i
       return expires_at_i if expires_at_i > Time.now.utc.to_i
       return Time.parse(expires_at).to_i if expires_at.is_a?(String)
+
       expires_at_i
     end
   end

data/lib/oauth2/authenticator.rb

@@ -49,7 +49,7 @@ module OAuth2
     # When using schemes that don't require the client_secret to be passed i.e TLS Client Auth,
     # we don't want to send the secret
     def apply_client_id(params)
-      { 'client_id' => id }.merge(params)
+      {'client_id' => id}.merge(params)
     end
 
     # Adds an `Authorization` header with Basic Auth credentials if and only if

data/lib/oauth2/client.rb

@@ -4,6 +4,8 @@ require 'logger'
 module OAuth2
   # The OAuth2::Client class
   class Client # rubocop:disable Metrics/ClassLength
+    RESERVED_PARAM_KEYS = %w[headers parse].freeze
+
     attr_reader :id, :secret, :site
     attr_accessor :options
     attr_writer :connection
@@ -23,8 +25,8 @@ module OAuth2
     # @option opts [Symbol] :auth_scheme (:basic_auth) HTTP method to use to authorize request (:basic_auth or :request_body)
     # @option opts [Hash] :connection_opts ({}) Hash of connection options to pass to initialize Faraday with
     # @option opts [FixNum] :max_redirects (5) maximum number of redirects to follow
-    # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error
-    #  on responses with 400+ status codes
+    # @option opts [Boolean] :raise_errors (true) whether or not to raise an OAuth2::Error on responses with 400+ status codes
+    # @option opts [Proc] :extract_access_token  proc that extracts the access token from the response
     # @yield [builder] The Faraday connection builder
     def initialize(client_id, client_secret, options = {}, &block)
       opts = options.dup
@@ -32,14 +34,18 @@ module OAuth2
       @secret = client_secret
       @site = opts.delete(:site)
       ssl = opts.delete(:ssl)
-      @options = {:authorize_url    => '/oauth/authorize',
-                  :token_url        => '/oauth/token',
-                  :token_method     => :post,
-                  :auth_scheme      => :request_body,
-                  :connection_opts  => {},
-                  :connection_build => block,
-                  :max_redirects    => 5,
-                  :raise_errors     => true}.merge(opts)
+
+      @options = {
+        :authorize_url => '/oauth/authorize',
+        :token_url => '/oauth/token',
+        :token_method => :post,
+        :auth_scheme => :request_body,
+        :connection_opts => {},
+        :connection_build => block,
+        :max_redirects => 5,
+        :raise_errors => true,
+        :extract_access_token => DEFAULT_EXTRACT_ACCESS_TOKEN,
+      }.merge(opts)
       @options[:connection_opts][:ssl] = ssl if ssl
     end
 
@@ -91,7 +97,7 @@ module OAuth2
     #   code response for this request.  Will default to client option
     # @option opts [Symbol] :parse @see Response::initialize
     # @yield [req] The Faraday request
-    def request(verb, url, opts = {}) # rubocop:disable CyclomaticComplexity, MethodLength, Metrics/AbcSize
+    def request(verb, url, opts = {}) # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       connection.response :logger, ::Logger.new($stdout) if ENV['OAUTH_DEBUG'] == 'true'
 
       url = connection.build_url(url).to_s
@@ -107,6 +113,7 @@ module OAuth2
         opts[:redirect_count] ||= 0
         opts[:redirect_count] += 1
         return response if opts[:redirect_count] > options[:max_redirects]
+
         if response.status == 303
           verb = :get
           opts.delete(:body)
@@ -118,6 +125,7 @@ module OAuth2
       when 400..599
         error = Error.new(response)
         raise(error) if opts.fetch(:raise_errors, options[:raise_errors])
+
         response.error = error
         response
       else
@@ -132,7 +140,16 @@ module OAuth2
     # @param [Hash] access token options, to pass to the AccessToken object
     # @param [Class] class of access token for easier subclassing OAuth2::AccessToken
     # @return [AccessToken] the initialized AccessToken
-    def get_token(params, access_token_opts = {}, access_token_class = AccessToken) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+      params = params.map do |key, value|
+        if RESERVED_PARAM_KEYS.include?(key)
+          [key.to_sym, value]
+        else
+          [key, value]
+        end
+      end
+      params = Hash[params]
+
       params = Authenticator.new(id, secret, options[:auth_scheme]).apply(params)
       opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
       headers = params.delete(:headers) || {}
@@ -145,11 +162,18 @@ module OAuth2
       end
       opts[:headers].merge!(headers)
       response = request(options[:token_method], token_url, opts)
-      if options[:raise_errors] && !(response.parsed.is_a?(Hash) && response.parsed['access_token'])
+
+      access_token = begin
+        build_access_token(response, access_token_opts, extract_access_token)
+      rescue StandardError
+        nil
+      end
+
+      if options[:raise_errors] && !access_token
         error = Error.new(response)
         raise(error)
       end
-      access_token_class.from_hash(self, response.parsed.merge(access_token_opts))
+      access_token
     end
 
     # The Authorization Code strategy
@@ -208,4 +232,26 @@ module OAuth2
       end
     end
   end
+
+  DEFAULT_EXTRACT_ACCESS_TOKEN = proc do |client, hash|
+    token = hash.delete('access_token') || hash.delete(:access_token)
+    token && AccessToken.new(client, token, hash)
+  end
+
+private
+
+  def build_access_token(response, access_token_opts, extract_access_token)
+    parsed_response = response.parsed.dup
+    return unless parsed_response.is_a?(Hash)
+
+    hash = parsed_response.merge(access_token_opts)
+
+    # Provide backwards compatibility for old AcessToken.form_hash pattern
+    # Should be deprecated in 2.x
+    if extract_access_token.is_a?(Class) && extract_access_token.respond_to?(:from_hash)
+      extract_access_token.from_hash(self, hash)
+    else
+      extract_access_token.call(self, hash)
+    end
+  end
 end

data/lib/oauth2/mac_token.rb

@@ -98,9 +98,17 @@ module OAuth2
       @algorithm = begin
         case alg.to_s
         when 'hmac-sha-1'
-          OpenSSL::Digest::SHA1.new
+          begin
+            OpenSSL::Digest('SHA1').new
+          rescue StandardError
+            OpenSSL::Digest.new('SHA1')
+          end
         when 'hmac-sha-256'
-          OpenSSL::Digest::SHA256.new
+          begin
+            OpenSSL::Digest('SHA256').new
+          rescue StandardError
+            OpenSSL::Digest.new('SHA256')
+          end
         else
           raise(ArgumentError, 'Unsupported algorithm')
         end

data/lib/oauth2/response.rb

@@ -11,9 +11,9 @@ module OAuth2
     # Procs that, when called, will parse a response body according
     # to the specified format.
     @@parsers = {
-      :json  => lambda { |body| MultiJson.load(body) rescue body }, # rubocop:disable RescueModifier
+      :json => lambda { |body| MultiJson.load(body) rescue body }, # rubocop:disable Style/RescueModifier
       :query => lambda { |body| Rack::Utils.parse_query(body) },
-      :text  => lambda { |body| body },
+      :text => lambda { |body| body },
     }
 
     # Content type assignments for various potential HTTP content types.
@@ -68,6 +68,7 @@ module OAuth2
     #   application/json Content-Type response bodies
     def parsed
       return nil unless @@parsers.key?(parser)
+
       @parsed ||= @@parsers[parser].call(body)
     end
 
@@ -79,11 +80,12 @@ module OAuth2
     # Determines the parser that will be used to supply the content of #parsed
     def parser
       return options[:parse].to_sym if @@parsers.key?(options[:parse])
+
       @@content_types[content_type]
     end
   end
 end
 
 OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml']) do |body|
-  MultiXml.parse(body) rescue body # rubocop:disable RescueModifier
+  MultiXml.parse(body) rescue body # rubocop:disable Style/RescueModifier
 end

data/lib/oauth2/strategy/assertion.rb

@@ -50,10 +50,10 @@ module OAuth2
       def build_request(params)
         assertion = build_assertion(params)
         {
-          :grant_type     => 'assertion',
+          :grant_type => 'assertion',
           :assertion_type => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
-          :assertion      => assertion,
-          :scope          => params[:scope],
+          :assertion => assertion,
+          :scope => params[:scope],
         }
       end
 

data/lib/oauth2/strategy/password.rb

@@ -18,8 +18,8 @@ module OAuth2
       # @param [Hash] params additional params
       def get_token(username, password, params = {}, opts = {})
         params = {'grant_type' => 'password',
-                  'username'   => username,
-                  'password'   => password}.merge(params)
+                  'username' => username,
+                  'password' => password}.merge(params)
         @client.get_token(params, opts)
       end
     end

data/lib/oauth2/version.rb

@@ -1,5 +1,6 @@
 module OAuth2
   module Version
+    VERSION = to_s
   module_function
 
     # The major version
@@ -20,7 +21,7 @@ module OAuth2
     #
     # @return [Integer]
     def patch
-      4
+      5
     end
 
     # The pre-release version, if any

data/maintenance-branch

@@ -0,0 +1 @@
+master

data/oauth2.gemspec

@@ -20,14 +20,14 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 1.9.0'
   spec.required_rubygems_version = '>= 1.3.5'
   spec.summary       = 'A Ruby wrapper for the OAuth 2.0 protocol.'
-  spec.version       = OAuth2::Version
+  spec.version       = OAuth2::Version.to_s
 
   spec.metadata = {
-    'bug_tracker_uri'   => 'https://github.com/oauth-xx/oauth2/issues',
-    'changelog_uri'     => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md",
+    'bug_tracker_uri' => 'https://github.com/oauth-xx/oauth2/issues',
+    'changelog_uri' => "https://github.com/oauth-xx/oauth2/blob/v#{spec.version}/CHANGELOG.md",
     'documentation_uri' => "https://www.rubydoc.info/gems/oauth2/#{spec.version}",
-    'source_code_uri'   => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}",
-    'wiki_uri'          => 'https://github.com/oauth-xx/oauth2/wiki'
+    'source_code_uri' => "https://github.com/oauth-xx/oauth2/tree/v#{spec.version}",
+    'wiki_uri' => 'https://github.com/oauth-xx/oauth2/wiki',
   }
 
   spec.require_paths = %w[lib]
@@ -44,9 +44,9 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rake', '~> 12.3'
   spec.add_development_dependency 'rdoc', ['>= 5.0', '< 7']
   spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rspec-stubbed_env'
-  spec.add_development_dependency 'rspec-pending_for'
   spec.add_development_dependency 'rspec-block_is_expected'
+  spec.add_development_dependency 'rspec-pending_for'
+  spec.add_development_dependency 'rspec-stubbed_env'
   spec.add_development_dependency 'silent_stream'
   spec.add_development_dependency 'wwtd'
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 1.4.4
+  version: 1.4.5
 platform: ruby
 authors:
 - Peter Boling
 - Michael Bleigh
 - Erik Michaels-Ober
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-02-13 00:00:00.000000000 Z
+date: 2021-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -205,7 +205,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: rspec-stubbed_env
+  name: rspec-block_is_expected
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -233,7 +233,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec-block_is_expected
+  name: rspec-stubbed_env
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -283,6 +283,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".document"
+- ".github/dependabot.yml"
+- ".github/workflows/style.yml"
+- ".github/workflows/test.yml"
 - ".gitignore"
 - ".jrubyrc"
 - ".rspec"
@@ -305,13 +308,6 @@ files:
 - gemfiles/jruby_head.gemfile
 - gemfiles/ruby_1.9.gemfile
 - gemfiles/ruby_2.0.gemfile
-- gemfiles/ruby_2.1.gemfile
-- gemfiles/ruby_2.2.gemfile
-- gemfiles/ruby_2.3.gemfile
-- gemfiles/ruby_2.4.gemfile
-- gemfiles/ruby_2.5.gemfile
-- gemfiles/ruby_2.6.gemfile
-- gemfiles/ruby_2.7.gemfile
 - gemfiles/ruby_head.gemfile
 - gemfiles/truffleruby.gemfile
 - lib/oauth2.rb
@@ -328,17 +324,18 @@ files:
 - lib/oauth2/strategy/implicit.rb
 - lib/oauth2/strategy/password.rb
 - lib/oauth2/version.rb
+- maintenance-branch
 - oauth2.gemspec
 homepage: https://github.com/oauth-xx/oauth2
 licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v1.4.4/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/1.4.4
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v1.4.4
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v1.4.5/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/1.4.5
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v1.4.5
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -353,8 +350,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.9
+signing_key:
 specification_version: 4
 summary: A Ruby wrapper for the OAuth 2.0 protocol.
 test_files: []

data/gemfiles/ruby_2.1.gemfile

@@ -1,6 +0,0 @@
-source 'https://rubygems.org'
-
-gem 'faraday', '~> 0.15.4'
-gem 'rack', '~> 1.2'
-
-gemspec :path => '../'

data/gemfiles/ruby_2.2.gemfile

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-
-gemspec :path => '../'

data/gemfiles/ruby_2.3.gemfile

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-
-gemspec :path => '../'

data/gemfiles/ruby_2.4.gemfile

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-
-gemspec :path => '../'

data/gemfiles/ruby_2.5.gemfile

@@ -1,3 +0,0 @@
-source 'https://rubygems.org'
-
-gemspec :path => '../'

data/gemfiles/ruby_2.6.gemfile

@@ -1,9 +0,0 @@
-source 'https://rubygems.org'
-
-group :development do
-  gem 'pry'
-  gem 'byebug'
-  gem 'pry-byebug'
-end
-
-gemspec :path => '../'

data/gemfiles/ruby_2.7.gemfile

@@ -1,9 +0,0 @@
-source 'https://rubygems.org'
-
-group :development do
-  gem 'pry'
-  gem 'byebug'
-  gem 'pry-byebug'
-end
-
-gemspec :path => '../'