RubyGems - oauth2 - Versions diffs - 1.4.7 → 1.4.8 - Mend

oauth2 1.4.7 → 1.4.8

Files changed (15) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +19 -2
data/LICENSE +1 -1
data/README.md +276 -116
data/lib/oauth2/client.rb +4 -7
data/lib/oauth2/error.rb +1 -1
data/lib/oauth2/mac_token.rb +16 -18
data/lib/oauth2/version.rb +1 -1
data/spec/helper.rb +6 -13
data/spec/oauth2/client_spec.rb +27 -3
data/spec/oauth2/mac_token_spec.rb +3 -0
data/spec/oauth2/strategy/assertion_spec.rb +2 -1
data/spec/oauth2/strategy/client_credentials_spec.rb +1 -1
data/spec/oauth2/strategy/password_spec.rb +2 -1
metadata +15 -28

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74ca15f9b1935885fe123c9b0801b9f0605c1bfa904bebe371d201a61b559f31
-  data.tar.gz: 3b719ec6748493cba5112dfca8ebff22b13c0c9690330d4422f9d81b1abf5185
+  metadata.gz: f9cd34855e4a7388c32053dbf97a38dafc04685818b1de1244a5782944ba742d
+  data.tar.gz: e763de5d77201cfb9661458882d4a52a87268804a7455207b72f997815abba74
 SHA512:
-  metadata.gz: 7ec3c9c311effac7f8864c2dc3d7332761ee6a986f2924adec3b77620abe3dc63984d1c01e9ca0a1283907a5b2ba23ee31dfd4bd630fa7d803fba116ba1e652d
-  data.tar.gz: 1e1d37d5953bdd7e03e13f697648e56afdb63ea54bbdbaee7ee229302149c5047c533a15d6498a355ef78d17d991d79ce8f94fe8728229431e3fad5c3132a9ad
+  metadata.gz: 5b0ee6b53136ba7ef8cb6614eba4bd8af80dfc274dfc0cc857e07edfcfe8a3e6f6f59e38144581c4509c3a674e7f8a6ce7389e7f2f27dae02536b07e63815bb6
+  data.tar.gz: 0ad35386515cdca17ef71ad5a7e6c98851532ea6549de173b6131289147f0745f8ae992b5d0ff49fb300125873495c81eb81f4fd48b1d0898e88f94e57bb33f1

data/CHANGELOG.md CHANGED Viewed

@@ -3,11 +3,21 @@ All notable changes to this project will be documented in this file.
 ## unreleased
-## [1.4.7] - 2021-03-18
+## [1.4.8] - 2022-02-18
+- MFA is now required to push new gem versions (@pboling)
+- README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling)
+- [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
+- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
+- Add CodeQL, Security Policy, Funding info (@pboling)
+- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
+- [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling)
+## [1.4.7] - 2021-03-19
 - [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon)
-## [1.4.6] - 2021-03-18
+## [1.4.6] - 2021-03-19
 - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling)
 - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
@@ -17,6 +27,8 @@ All notable changes to this project will be documented in this file.
 - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling)
 - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
+- [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox)
+- [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle)
 ## [1.4.4] - 2020-02-12
@@ -167,4 +179,9 @@ All notable changes to this project will be documented in this file.
 [1.4.1]: https://github.com/oauth-xx/oauth2/compare/v1.4.0...v1.4.1
 [1.4.2]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...v1.4.2
 [1.4.3]: https://github.com/oauth-xx/oauth2/compare/v1.4.2...v1.4.3
+[1.4.4]: https://github.com/oauth-xx/oauth2/compare/v1.4.3...v1.4.4
+[1.4.5]: https://github.com/oauth-xx/oauth2/compare/v1.4.4...v1.4.5
+[1.4.6]: https://github.com/oauth-xx/oauth2/compare/v1.4.5...v1.4.6
+[1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
+[1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
 [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD

data/LICENSE CHANGED Viewed

@@ -1,7 +1,7 @@
 MIT License
 Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
-Copyright (c) 2017 - 2018 oauth-xx organization, https://github.com/oauth-xx
+Copyright (c) 2017 - 2022 oauth-xx organization, https://github.com/oauth-xx
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md CHANGED Viewed

@@ -1,78 +1,260 @@
-# OAuth2
+<p align="center">
+    <a href="http://oauth.net/2/" target="_blank" rel="noopener noreferrer">
+      <img src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/oauth2-logo-124px.png?raw=true" alt="OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0">
+    </a>
+    <a href="https://www.ruby-lang.org/" target="_blank" rel="noopener noreferrer">
+      <img width="124px" src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/ruby-logo-198px.svg?raw=true" alt="Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5">
+    </a>
+</p>
+## What
+OAuth 2.0 is the industry-standard protocol for authorization.
+OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
+    desktop applications, mobile phones, and living room devices.
+This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications.
+See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
+⚠️ **_WARNING_**: You are viewing the `README` of the soon-to-be-deprecated `1-4-stable`
+branch which for version 1.4.x releases. Version 2.0 is coming! ⚠️
-If you need the readme for a released version of the gem please find it below:
+---
+* [OAuth 2.0 Spec][oauth2-spec]
+* [OAuth 1.0 sibling gem][sibling-gem]
+* Help us finish release [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues.
+* Oauth2 gem is _always_ looking for additional maintainers. See [#307][maintainers-discussion].
+[oauth2-spec]: https://oauth.net/2/
+[sibling-gem]: https://github.com/oauth-xx/oauth-ruby
+[next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1
+[next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1
+[maintainers-discussion]: https://github.com/oauth-xx/oauth2/issues/307
+## Release Documentation
+<details>
+  <summary>1.4.x Readmes</summary>
+| Version | Release Date | Readme                                                   |
+|---------|--------------|----------------------------------------------------------|
+| 1.4.8   | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md |
+| 1.4.7   | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
+| 1.4.6   | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
+| 1.4.5   | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md |
+| 1.4.4   | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md |
+| 1.4.3   | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md |
+| 1.4.2   | Oct 1, 2019  | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md |
+| 1.4.1   | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md |
+| 1.4.0   | Jun 9, 2017  | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
+</details>
+<details>
+  <summary>1.3.x Readmes</summary>
 | Version  | Release Date | Readme                                                   |
 |----------|--------------|----------------------------------------------------------|
-| 1.4.7    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
-| 1.4.6    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
-| 1.4.5    | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md |
-| 1.4.4    | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md |
-| 1.4.3    | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md |
-| 1.4.2    | Oct 1, 2019  | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md |
-| 1.4.1    | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md |
-| 1.4.0    | Jun 9, 2017  | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
 | 1.3.1    | Mar 3, 2017  | https://github.com/oauth-xx/oauth2/blob/v1.3.1/README.md |
 | 1.3.0    | Dec 27, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.3.0/README.md |
+</details>
+<details>
+  <summary>&le;= 1.2.x Readmes (2016 and before)</summary>
+| Version  | Release Date | Readme                                                   |
+|----------|--------------|----------------------------------------------------------|
 | 1.2.0    | Jun 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.2.0/README.md |
 | 1.1.0    | Jan 30, 2016 | https://github.com/oauth-xx/oauth2/blob/v1.1.0/README.md |
 | 1.0.0    | May 23, 2014 | https://github.com/oauth-xx/oauth2/blob/v1.0.0/README.md |
 | < 1.0.0  | Find here    | https://github.com/oauth-xx/oauth2/tags                  |
+</details>
+<!--
+Numbering rows and badges in each row as a visual "database" lookup,
+    as the table is extremely dense, and it can be very difficult to find anything
+Putting one on each row here, to document the emoji that should be used, and for ease of copy/paste.
+row #s:
+1️⃣
+2️⃣
+3️⃣
+4️⃣
+5️⃣
+6️⃣
+7️⃣
+badge #s:
+⛳️
+🖇
+🏘
+🚎
+🖐
+🧮
+📗
+-->
+|     | Project               | oauth2                                                                                                                                                                                                                                                              |
+|:----|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 1️⃣ | name, license, docs   | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard]                                                                  |
+| 2️⃣ | version & activity    | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed]  |
+| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
+| 4️⃣ | testing               | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf]                                                             |
+| 5️⃣ | coverage & security   | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL]                                                 |
+| 6️⃣ | resources             | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki]                                                         |
+| 7️⃣ | spread 💖             | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme]                                                                     |
+<!--
+The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
+-->
+<!-- 1️⃣ name, license, docs -->
+[⛳️gem]: https://rubygems.org/gems/oauth2
+[⛳️name-img]: https://img.shields.io/badge/name-oauth2-brightgreen.svg?style=flat
+[🖇src-license]: https://opensource.org/licenses/MIT
+[🖇src-license-img]: https://img.shields.io/badge/License-MIT-green.svg
+[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield
+[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield
+[🚎yard]: https://www.rubydoc.info/github/oauth-xx/oauth2
+[🚎yard-img]: https://img.shields.io/badge/documentation-rubydoc-brightgreen.svg?style=flat
+[🖐inch-ci-img]: http://inch-ci.org/github/oauth-xx/oauth2.png
+<!-- 2️⃣ version & activity -->
+[⛳️version-img]: http://img.shields.io/gem/v/oauth2.svg
+[🖇DL-total-img]: https://img.shields.io/gem/dt/oauth2.svg
+[🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg
+[🚎src-home]: https://github.com/oauth-xx/oauth2
+[🚎src-home-img]: https://img.shields.io/badge/source-github-brightgreen.svg?style=flat
+[🖐prs-open]: https://github.com/oauth-xx/oauth2/pulls
+[🖐prs-open-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
+[🧮prs-closed]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
+[🧮prs-closed-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
+<!-- 3️⃣ maintanence & linting -->
+[⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
+[⛳cclim-maint-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
+[🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2
+[🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg
+[🏘depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445
+[🏘depfu-img]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
+[🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors
+[🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2
+[🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml
+[🖐style-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml/badge.svg
+[🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
+[🧮kloc-img]: https://img.shields.io/tokei/lines/github.com/oauth-xx/oauth2
+<!-- 4️⃣ testing -->
+[⛳️tot-bld]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto
+[⛳️tot-bld-img]: https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat
+[🖇supported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml
+[🖇supported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg
+[🏘eol-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml
+[🏘eol-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg
+[🚎unsupported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml
+[🚎unsupported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg
+[🖐issues]: https://github.com/oauth-xx/oauth2/issues
+[🖐issues-img]: https://github.com/oauth-xx/oauth2/issues
+<!-- 5️⃣ coverage & security -->
+[⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage
+[⛳cclim-cov-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage
+[🖇codecov-img]: https://codecov.io/gh/oauth-xx/oauth2/branch/1-4-stable/graph/badge.svg?token=bNqSzNiuo2
+[🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2
+[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=1-4-stable
+[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=1-4-stable
+[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/master/SECURITY.md
+[🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
+[🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning
+[🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
+<!-- 6️⃣ resources -->
+[⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions
+[⛳gh-discussions-img]: https://img.shields.io/github/discussions/oauth-xx/oauth2
+[🖇codementor]: https://www.codementor.io/peterboling?utm_source=github&utm_medium=button&utm_term=peterboling&utm_campaign=github
+[🖇codementor-img]: https://cdn.codementor.io/badges/get_help_github.svg
+[🏘chat]: https://gitter.im/oauth-xx/oauth2
+[🏘chat-img]: https://img.shields.io/gitter/room/oauth-xx/oauth2.svg
+[🚎blog]: http://www.railsbling.com/tags/oauth2/
+[🚎blog-img]: https://img.shields.io/badge/blog-railsbling-brightgreen.svg?style=flat
+[🖐wiki]: https://github.com/oauth-xx/oauth2/wiki
+[🖐wiki-img]: https://img.shields.io/badge/wiki-examples-brightgreen.svg?style=flat
+<!-- 7️⃣ spread 💖 -->
+[⛳liberapay-img]: https://img.shields.io/liberapay/patrons/pboling.svg?logo=liberapay
+[⛳liberapay]: https://liberapay.com/pboling/donate
+[🖇sponsor-img]: https://img.shields.io/badge/sponsor-pboling.svg?style=social&logo=github
+[🖇sponsor]: https://github.com/sponsors/pboling
+[🏘tweet-img]: https://img.shields.io/twitter/follow/galtzo.svg?style=social&label=Follow
+[🏘tweet]: http://twitter.com/galtzo
+<!-- Maintainer Contact Links -->
+[railsbling]: http://www.railsbling.com
+[peterboling]: http://www.peterboling.com
+[aboutme]: https://about.me/peter.boling
+[angelme]: https://angel.co/peter-boling
+[coderme]:http://coderwall.com/pboling
+[politicme]: https://nationalprogressiveparty.org
-[![Gem Version](http://img.shields.io/gem/v/oauth2.svg)][gem]
-[![Total Downloads](https://img.shields.io/gem/dt/oauth2.svg)][gem]
-[![Downloads Today](https://img.shields.io/gem/rt/oauth2.svg)][gem]
-[![Build Status](https://travis-ci.org/oauth-xx/oauth2.svg?branch=1-4-stable)][travis]
-[![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat)][github-actions]
-[![Test Coverage](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage)][codeclimate-coverage]
-[![Maintainability](https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability)][codeclimate-maintainability]
-[![Depfu](https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg)][depfu]
-[![Open Source Helpers](https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg)][code-triage]
-[![Chat](https://img.shields.io/gitter/room/oauth-xx/oauth2.svg)](https://gitter.im/oauth-xx/oauth2)
-[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license]
-[![Documentation](http://inch-ci.org/github/oauth-xx/oauth2.png)][inch-ci]
-[gem]: https://rubygems.org/gems/oauth2
-[travis]: http://travis-ci.org/oauth-xx/oauth2
-[github-actions]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto
-[coveralls]: https://coveralls.io/r/oauth-xx/oauth2
-[codeclimate-maintainability]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
-[codeclimate-coverage]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage
-[depfu]: https://depfu.com/github/oauth-xx/oauth2
-[source-license]: https://opensource.org/licenses/MIT
-[inch-ci]: http://inch-ci.org/github/oauth-xx/oauth2
-[code-triage]: https://www.codetriage.com/oauth-xx/oauth2
-[fossa1]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield
-A Ruby wrapper for the [OAuth 2.0 specification][oauth2-spec].
-[oauth2-spec]: https://oauth.net/2/
 ## Installation
-Add this line to your application's Gemfile:
+```shell
+gem install oauth2
+```
+Or inside a `Gemfile`
 ```ruby
 gem 'oauth2'
 ```
+And then execute in a shell:
+```shell
+bundle
+```
-And then execute:
-    $ bundle
+## Compatibility
-Or install it yourself as:
+Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and
+3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby.
+Ruby is limited to 1.9+ in the gemspec for the 1.4.x series and will be 2.2+ for 2.x releases (see `master` branch).
-    $ gem install oauth2
+<details>
+  <summary>Ruby Engine Compatibility Policy</summary>
-## Resources
+This gem is tested against MRI, JRuby, and Truffleruby.
+Each of those has varying versions that target a specific version of MRI Ruby.
+This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
+If you would like to add support for additional engines,
+  first make sure Github Actions supports the engine,
+  then submit a PR to the correct maintenance branch as according to the table below.
+</details>
-* [View Source on GitHub][code]
-* [Report Issues on GitHub][issues]
-* [Read More at the Wiki][wiki]
+<details>
+  <summary>Ruby Version Compatibility Policy</summary>
-[code]: https://github.com/oauth-xx/oauth2
-[issues]: https://github.com/oauth-xx/oauth2/issues
-[wiki]: https://wiki.github.com/oauth-xx/oauth2
+If something doesn't work on one of these interpreters, it's a bug.
+This library may inadvertently work (or seem to work) on other Ruby
+implementations, however support will only be provided for the versions listed
+above.
+If you would like this library to support another Ruby version, you may
+volunteer to be a maintainer. Being a maintainer entails making sure all tests
+run and pass on that implementation. When something breaks on your
+implementation, you will be responsible for providing patches in a timely
+fashion. If critical issues for a particular implementation exist at the time
+of a major release, support for that Ruby version may be dropped.
+</details>
+|     | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially    | Supported Unofficially | Supported Incidentally |
+|:----|----------------------|--------------------|-------------------------|------------------------|------------------------|
+| 1️⃣ | 2.0.x (unreleased)   | `master`           | 2.7, 3.0, 3.1           | 2.6, 2.5               | 2.4, 2.3, 2.2          |
+| 2️⃣ | 1.4.x                | `1-4-stable`       | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4     | 2.0, 1.9               |
+| 3️⃣ | older                | N/A                | Best of luck to you!    | Please upgrade!        |                        |
+NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates.
+See [SECURITY.md][🚎sec-pol]
 ## Usage Examples
@@ -88,13 +270,38 @@ response = token.get('/api/resource', :params => {'query_foo' => 'bar'})
 response.class.name
 # => OAuth2::Response
 ```
+<details>
+  <summary>Debugging</summary>
+Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv).
+```ruby
+# will log both request and response, including bodies
+ENV['OAUTH_DEBUG'] = 'true'
+```
+By default, debug output will go to `$stdout`. This can be overridden when
+initializing your OAuth2::Client.
+```ruby
+require 'oauth2'
+client = OAuth2::Client.new(
+  'client_id',
+  'client_secret',
+  :site => 'https://example.org',
+  :logger => Logger.new('example.log', 'weekly')
+)
+```
+</details>
 ## OAuth2::Response
-The AccessToken methods #get, #post, #put and #delete and the generic #request
+The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
 will return an instance of the #OAuth2::Response class.
-This instance contains a #parsed method that will parse the response body and
-return a Hash if the Content-Type is application/x-www-form-urlencoded or if
+This instance contains a `#parsed` method that will parse the response body and
+return a Hash if the `Content-Type` is `application/x-www-form-urlencoded` or if
 the body is a JSON object.  It will return an Array if the body is a JSON
 array.  Otherwise, it will return the original body string.
@@ -104,27 +311,27 @@ respective methods.
 ## OAuth2::AccessToken
 If you have an existing Access Token for a user, you can initialize an instance
-using various class methods including the standard new, from_hash (if you have
-a hash of the values), or from_kvform (if you have an
-application/x-www-form-urlencoded encoded string of the values).
+using various class methods including the standard new, `from_hash` (if you have
+a hash of the values), or `from_kvform` (if you have an
+`application/x-www-form-urlencoded` encoded string of the values).
 ## OAuth2::Error
-On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
-standard OAuth2 error response, the body will be parsed and #code and #description will contain the values provided from the error and
-error_description parameters.  The #response property of OAuth2::Error will
-always contain the OAuth2::Response instance.
+On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
+standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
+`error_description` parameters.  The `#response` property of `OAuth2::Error` will
+always contain the `OAuth2::Response` instance.
-If you do not want an error to be raised, you may use :raise_errors => false
-option on initialization of the client.  In this case the OAuth2::Response
+If you do not want an error to be raised, you may use `:raise_errors => false`
+option on initialization of the client.  In this case the `OAuth2::Response`
 instance will be returned as usual and on 400+ status code responses, the
-Response instance will contain the OAuth2::Error instance.
+Response instance will contain the `OAuth2::Error` instance.
 ## Authorization Grants
 Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
-use.  They are available via the #auth_code, #implicit, #password, #client_credentials, and #assertion methods respectively.
+use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively.
 ```ruby
 auth_url = client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth/callback')
@@ -148,56 +355,9 @@ request, add a 'headers' hash under 'params':
 token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback', :headers => {'Some' => 'Header'})
 ```
-You can always use the #request method on the OAuth2::Client instance to make
+You can always use the `#request` method on the `OAuth2::Client` instance to make
 requests for tokens for any Authentication grant type.
-## Supported Ruby Versions
-This library aims to support and is [tested against][travis] the following Ruby
-implementations:
-### Rubies with support ending at Oauth2 1.x
-* Ruby 1.9.3
-  - [JRuby 1.7][jruby-1.7] (targets MRI v1.9)
-* Ruby 2.0.0
-  - [JRuby 9.0][jruby-9.0] (targets MRI v2.0)
-* Ruby 2.1
----
-### Rubies with continued support past Oauth2 2.x
-* Ruby 2.2 - Support ends with version 2.x series
-* Ruby 2.3 - Support ends with version 3.x series
-  - [JRuby 9.1][jruby-9.1] (targets MRI v2.3)
-* Ruby 2.4 - Support ends with version 4.x series
-* Ruby 2.5 - Support ends with version 5.x series
-  - [JRuby 9.2][jruby-9.2] (targets MRI v2.5)
-  - [truffleruby][truffleruby] (targets MRI 2.5)
-* Ruby 2.6 - Support ends with version 6.x series
-* Ruby 2.7 - Support ends with version 7.x series
-[jruby-1.7]: https://www.jruby.org/2017/05/11/jruby-1-7-27.html
-[jruby-9.0]: https://www.jruby.org/2016/01/26/jruby-9-0-5-0.html
-[jruby-9.1]: https://www.jruby.org/2017/05/16/jruby-9-1-9-0.html
-[jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
-[truffleruby]: https://github.com/oracle/truffleruby
-If something doesn't work on one of these interpreters, it's a bug.
-This library may inadvertently work (or seem to work) on other Ruby
-implementations, however support will only be provided for the versions listed
-above.
-If you would like this library to support another Ruby version, you may
-volunteer to be a maintainer. Being a maintainer entails making sure all tests
-run and pass on that implementation. When something breaks on your
-implementation, you will be responsible for providing patches in a timely
-fashion. If critical issues for a particular implementation exist at the time
-of a major release, support for that Ruby version may be dropped.
 ## Versioning
 This library aims to adhere to [Semantic Versioning 2.0.0][semver].
@@ -221,21 +381,21 @@ spec.add_dependency 'oauth2', '~> 1.4'
 ## License
-[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)][source-license]
+[![License: MIT][🖇src-license-img]][🖇src-license]
 - Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
-- Copyright (c) 2017-2018 [oauth-xx organization][oauth-xx]
+- Copyright (c) 2017-2022 [oauth-xx organization][oauth-xx]
 - See [LICENSE][license] for details.
 [![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large)][fossa2]
-[license]: LICENSE
+[license]: https://github.com/oauth-xx/oauth2/blob/master/LICENSE
 [oauth-xx]: https://github.com/oauth-xx
 [fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large
 ## Development
-After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec` to run the tests.
+After checking out the repo, run `bundle install` to install dependencies. Then, run `bundle excec rake spec` to run the tests.
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

data/lib/oauth2/client.rb CHANGED Viewed

@@ -59,15 +59,12 @@ module OAuth2
     # The Faraday connection object
     def connection
-      @connection ||= begin
-        conn = Faraday.new(site, options[:connection_opts])
-        if options[:connection_build]
-          conn.build do |b|
-            options[:connection_build].call(b)
+      @connection ||=
+        Faraday.new(site, options[:connection_opts]) do |builder|
+          if options[:connection_build]
+            options[:connection_build].call(builder)
           end
         end
-        conn
-      end
     end
     # The authorize endpoint URL of the OAuth2 provider

data/lib/oauth2/error.rb CHANGED Viewed

@@ -23,7 +23,7 @@ module OAuth2
     def error_message(response_body, opts = {})
       message = []
-      opts[:error_description] && message << opts[:error_description]
+      opts[:error_description] && (message << opts[:error_description])
       error_message = if opts[:error_description] && opts[:error_description].respond_to?(:encoding)
                         script_encoding = opts[:error_description].encoding

data/lib/oauth2/mac_token.rb CHANGED Viewed

@@ -95,24 +95,22 @@ module OAuth2
     #
     # @param [String] alg the algorithm to use (one of 'hmac-sha-1', 'hmac-sha-256')
     def algorithm=(alg)
-      @algorithm = begin
-        case alg.to_s
-        when 'hmac-sha-1'
-          begin
-            OpenSSL::Digest('SHA1').new
-          rescue StandardError
-            OpenSSL::Digest.new('SHA1')
-          end
-        when 'hmac-sha-256'
-          begin
-            OpenSSL::Digest('SHA256').new
-          rescue StandardError
-            OpenSSL::Digest.new('SHA256')
-          end
-        else
-          raise(ArgumentError, 'Unsupported algorithm')
-        end
-      end
+      @algorithm = case alg.to_s
+                   when 'hmac-sha-1'
+                     begin
+                       OpenSSL::Digest('SHA1').new
+                     rescue StandardError
+                       OpenSSL::Digest.new('SHA1')
+                     end
+                   when 'hmac-sha-256'
+                     begin
+                       OpenSSL::Digest('SHA256').new
+                     rescue StandardError
+                       OpenSSL::Digest.new('SHA256')
+                     end
+                   else
+                     raise(ArgumentError, 'Unsupported algorithm')
+                   end
     end
   private

data/lib/oauth2/version.rb CHANGED Viewed

@@ -24,7 +24,7 @@ module OAuth2
     #
     # @return [Integer]
     def patch
-      7
+      8
     end
     # The pre-release version, if any

data/spec/helper.rb CHANGED Viewed

@@ -1,25 +1,18 @@
 DEBUG = ENV['DEBUG'] == 'true'
 ruby_version = Gem::Version.new(RUBY_VERSION)
+minimum_version = ->(version) { ruby_version >= Gem::Version.new(version) && RUBY_ENGINE == 'ruby' }
+coverage = minimum_version.call('2.7')
+debug = minimum_version.call('2.5')
-if ruby_version >= Gem::Version.new('2.7')
-  require 'simplecov'
-  require 'coveralls'
-  SimpleCov.formatters = [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter]
-  SimpleCov.start do
-    add_filter '/spec'
-    minimum_coverage(95)
-  end
-end
-require 'byebug' if DEBUG && ruby_version >= Gem::Version.new('2.4')
+require 'simplecov' if coverage
+require 'byebug' if DEBUG && debug
 require 'oauth2'
 require 'addressable/uri'
 require 'rspec'
 require 'rspec/stubbed_env'
+require 'rspec/pending_for'
 require 'silent_stream'
 RSpec.configure do |config|

data/spec/oauth2/client_spec.rb CHANGED Viewed

@@ -46,7 +46,7 @@ describe OAuth2::Client do
     it 'is able to pass a block to configure the connection' do
       connection = double('connection')
       builder = double('builder')
-      allow(connection).to receive(:build).and_yield(builder)
+      allow(Faraday).to receive(:new).and_yield(builder)
       allow(Faraday::Connection).to receive(:new).and_return(connection)
       expect(builder).to receive(:adapter).with(:test)
@@ -403,10 +403,11 @@ describe OAuth2::Client do
     describe ':raise_errors flag' do
       let(:options) { {} }
       let(:token_response) { nil }
+      let(:post_args) { [] }
       let(:client) do
         stubbed_client(options.merge(:raise_errors => raise_errors)) do |stub|
-          stub.post('/oauth/token') do
+          stub.post('/oauth/token', *post_args) do
             # stub 200 response so that we're testing the get_token handling of :raise_errors flag not request
             [200, {'Content-Type' => 'application/json'}, token_response]
           end
@@ -430,6 +431,29 @@ describe OAuth2::Client do
           end
         end
+        context 'when the request body has an access token' do
+          let(:token_response) { MultiJson.encode('access_token' => 'the-token') }
+          it 'returns the parsed :access_token from body' do
+            token = client.get_token({})
+            expect(token).to be_a OAuth2::AccessToken
+            expect(token.token).to eq('the-token')
+          end
+          context 'when :auth_scheme => :request_body' do
+            context 'when arbitrary params are present' do
+              let(:post_args) { ['arbitrary' => 'parameter', 'client_id' => 'abc', 'client_secret' => 'def'] }
+              let(:options) { {:auth_scheme => :request_body} }
+              it 'does not affect access token' do
+                token = client.get_token(*post_args)
+                expect(token).to be_a OAuth2::AccessToken
+                expect(token.token).to eq('the-token')
+              end
+            end
+          end
+        end
         context 'when extract_access_token raises an exception' do
           let(:options) do
             {
@@ -493,7 +517,7 @@ describe OAuth2::Client do
   context 'with SSL options' do
     subject do
       cli = described_class.new('abc', 'def', :site => 'https://api.example.com', :ssl => {:ca_file => 'foo.pem'})
-      cli.connection.build do |b|
+      cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b|
         b.adapter :test
       end
       cli

data/spec/oauth2/mac_token_spec.rb CHANGED Viewed

@@ -24,15 +24,18 @@ describe OAuth2::MACToken do
     end
     it 'defaults algorithm to hmac-sha-256' do
+      pending_for(:engine => 'ruby', :versions => '1.9.3', :reason => "Ruby 1.9's OpenSSL uses instance of OpenSSL::Digest")
       expect(subject.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
     end
     it 'handles hmac-sha-256' do
+      pending_for(:engine => 'ruby', :versions => '1.9.3', :reason => "Ruby 1.9's OpenSSL uses instance of OpenSSL::Digest")
       mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-256')
       expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA256)
     end
     it 'handles hmac-sha-1' do
+      pending_for(:engine => 'ruby', :versions => '1.9.3', :reason => "Ruby 1.9's OpenSSL uses instance of OpenSSL::Digest")
       mac = described_class.new(client, token, 'abc123', :algorithm => 'hmac-sha-1')
       expect(mac.algorithm).to be_instance_of(OpenSSL::Digest::SHA1)
     end

data/spec/oauth2/strategy/assertion_spec.rb CHANGED Viewed

@@ -3,7 +3,8 @@ describe OAuth2::Strategy::Assertion do
   let(:client) do
     cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
-    cli.connection.build do |b|
+    cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b|
+      b.request :url_encoded
       b.adapter :test do |stub|
         stub.post('/oauth/token') do |env|
           case @mode

data/spec/oauth2/strategy/client_credentials_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ describe OAuth2::Strategy::ClientCredentials do
       builder.adapter :test do |stub|
         stub.post('/oauth/token', 'grant_type' => 'client_credentials') do |env|
           client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2)
-          client_id == 'abc' && client_secret == 'def' || raise(Faraday::Adapter::Test::Stubs::NotFound)
+          (client_id == 'abc' && client_secret == 'def') || raise(Faraday::Adapter::Test::Stubs::NotFound)
           case @mode
           when 'formencoded'
             [200, {'Content-Type' => 'application/x-www-form-urlencoded'}, kvform_token]

data/spec/oauth2/strategy/password_spec.rb CHANGED Viewed

@@ -3,7 +3,8 @@ describe OAuth2::Strategy::Password do
   let(:client) do
     cli = OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com')
-    cli.connection.build do |b|
+    cli.connection = Faraday.new(cli.site, cli.options[:connection_opts]) do |b|
+      b.request :url_encoded
       b.adapter :test do |stub|
         stub.post('/oauth/token') do |env|
           case @mode

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 1.4.7
+  version: 1.4.8
 platform: ruby
 authors:
 - Peter Boling
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-19 00:00:00.000000000 Z
+date: 2022-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -21,7 +21,7 @@ dependencies:
         version: '0.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -31,7 +31,7 @@ dependencies:
         version: '0.8'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -142,20 +142,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
-- !ruby/object:Gem::Dependency
-  name: coveralls
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.8'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -318,10 +304,11 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v1.4.7/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/1.4.7
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v1.4.7
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v1.4.8/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/1.4.8
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v1.4.8
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -337,21 +324,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.5
 requirements: []
-rubygems_version: 3.2.9
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: A Ruby wrapper for the OAuth 2.0 protocol.
 test_files:
 - spec/helper.rb
-- spec/oauth2/client_spec.rb
-- spec/oauth2/version_spec.rb
+- spec/oauth2/access_token_spec.rb
 - spec/oauth2/authenticator_spec.rb
+- spec/oauth2/client_spec.rb
 - spec/oauth2/mac_token_spec.rb
-- spec/oauth2/access_token_spec.rb
 - spec/oauth2/response_spec.rb
-- spec/oauth2/strategy/password_spec.rb
-- spec/oauth2/strategy/client_credentials_spec.rb
 - spec/oauth2/strategy/assertion_spec.rb
-- spec/oauth2/strategy/implicit_spec.rb
 - spec/oauth2/strategy/auth_code_spec.rb
 - spec/oauth2/strategy/base_spec.rb
+- spec/oauth2/strategy/client_credentials_spec.rb
+- spec/oauth2/strategy/implicit_spec.rb
+- spec/oauth2/strategy/password_spec.rb
+- spec/oauth2/version_spec.rb