oauth2 1.4.9 → 2.0.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ecc51b3695e669f4853934aa43c64de29380877340685e35e44ccc1be8957226
4
- data.tar.gz: aa8e0e388084a5374743b1fc7122fd85729f41876fdbe9d679a441813cb3e10c
3
+ metadata.gz: 4f893ee5488c3e0e61af487f370c4551217ec539c4f5d5acc503911a5b2c8f99
4
+ data.tar.gz: a241433f0dbd5cb551bbd381841d2c1e25e4ef39335a2210f25b938b20fc6f29
5
5
  SHA512:
6
- metadata.gz: 06c89fbcf461bc08dce02c484b7fef1284d31bed026c606bf966fe85ca351451063763e9c580e9f716bd7a811e0dd8d2f0b3572df5190724dcaf0c539fd9d4aa
7
- data.tar.gz: cf59ec61aa6d7e7c595ff2b5ea73a24441364300ba846efb52508907568ed5aa62619b69dec6428bbfbd341540a4d802709b03703e431fc83ed1de9634d10523
6
+ metadata.gz: 8c2677bd855e0935c95af8709ef5a04dcbea75e0143a05bc93eec89e3b9e29c643371afade072400aeffced32bc26999b8138277fecca5ddf916363486efad0a
7
+ data.tar.gz: c226b23b31be3ab8c27ce8d7eec08675fe74a49c76299083e1aabe135bd836a5fbc2163bdb49d264e677d1e48b1452ab8ebec3db45bccdf0b3dab958aff0bf94
data/CHANGELOG.md CHANGED
@@ -1,10 +1,74 @@
1
- # Change Log
1
+ # Changelog
2
2
  All notable changes to this project will be documented in this file.
3
3
 
4
- ## unreleased
4
+ The format (since v2.0.0) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
5
+ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
5
6
 
6
- ## [1.4.9] - 2022-02-20
7
+ ## [Unreleased]
8
+ ### Added
9
+ - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels)
10
+ - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
11
+ - [#220](https://github.com/oauth-xx/oauth2/pull/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
12
+ - [#298](https://github.com/oauth-xx/oauth2/pull/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
13
+ - [#305](https://github.com/oauth-xx/oauth2/pull/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
14
+ - [#346](https://github.com/oauth-xx/oauth2/pull/571) - Modern gem structure (@pboling)
15
+ - [#351](https://github.com/oauth-xx/oauth2/pull/351) - Support Jruby 9k (@pboling)
16
+ - [#362](https://github.com/oauth-xx/oauth2/pull/362) - Support SemVer release version scheme (@pboling)
17
+ - [#363](https://github.com/oauth-xx/oauth2/pull/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
18
+ - [#364](https://github.com/oauth-xx/oauth2/pull/364) - Support `application/hal+json` format (@pboling)
19
+ - [#365](https://github.com/oauth-xx/oauth2/pull/365) - Support `application/vnd.collection+json` format (@pboling)
20
+ - [#376](https://github.com/oauth-xx/oauth2/pull/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
21
+ - [#381](https://github.com/oauth-xx/oauth2/pull/381) - Spec for extra header params on client credentials (@nikz)
22
+ - [#394](https://github.com/oauth-xx/oauth2/pull/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
23
+ - [#412](https://github.com/oauth-xx/oauth2/pull/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
24
+ - [#413](https://github.com/oauth-xx/oauth2/pull/413) - _Documentation_: License scan and report (@meganemura)
25
+ - [#442](https://github.com/oauth-xx/oauth2/pull/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
26
+ - [#494](https://github.com/oauth-xx/oauth2/pull/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
27
+ - [#549](https://github.com/oauth-xx/oauth2/pull/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionFailed` (@nikkypx)
28
+ - [#550](https://github.com/oauth-xx/oauth2/pull/550) - Raise error if location header not present when redirecting (@stanhu)
29
+ - [#552](https://github.com/oauth-xx/oauth2/pull/552) - Add missing `version.rb` require (@ahorek)
30
+ - [#553](https://github.com/oauth-xx/oauth2/pull/553) - Support `application/problem+json` format (@janz93)
31
+ - [#560](https://github.com/oauth-xx/oauth2/pull/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
32
+ - [#571](https://github.com/oauth-xx/oauth2/pull/571) - Support Ruby 3.1 (@pboling)
33
+ - [#575](https://github.com/oauth-xx/oauth2/pull/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
34
+ - [#581](https://github.com/oauth-xx/oauth2/pull/581) - _Documentation_: of breaking changes (@pboling)
35
+ ### Changed
36
+ - [#191](https://github.com/oauth-xx/oauth2/pull/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
37
+ - [#312](https://github.com/oauth-xx/oauth2/pull/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
38
+ - [#317](https://github.com/oauth-xx/oauth2/pull/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
39
+ - [#338](https://github.com/oauth-xx/oauth2/pull/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
40
+ - [#339](https://github.com/oauth-xx/oauth2/pull/339), [#368](https://github.com/oauth-xx/oauth2/pull/368), [#424](https://github.com/oauth-xx/oauth2/pull/424), [#479](https://github.com/oauth-xx/oauth2/pull/479), [#493](https://github.com/oauth-xx/oauth2/pull/493), [#539](https://github.com/oauth-xx/oauth2/pull/539), [#542](https://github.com/oauth-xx/oauth2/pull/542), [#553](https://github.com/oauth-xx/oauth2/pull/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
41
+ - [#410](https://github.com/oauth-xx/oauth2/pull/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
42
+ - [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
43
+ - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
44
+ - [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
45
+ - [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
46
+ - [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
47
+ ### Fixed
48
+ - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Handling of errors when using `omniauth-facebook` (@niels)
49
+ - [#294](https://github.com/oauth-xx/oauth2/pull/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
50
+ - [#300](https://github.com/oauth-xx/oauth2/pull/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
51
+ - [#318](https://github.com/oauth-xx/oauth2/pull/318), [#326](https://github.com/oauth-xx/oauth2/pull/326), [#343](https://github.com/oauth-xx/oauth2/pull/343), [#347](https://github.com/oauth-xx/oauth2/pull/347), [#397](https://github.com/oauth-xx/oauth2/pull/397), [#464](https://github.com/oauth-xx/oauth2/pull/464), [#561](https://github.com/oauth-xx/oauth2/pull/561), [#565](https://github.com/oauth-xx/oauth2/pull/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
52
+ - [#322](https://github.com/oauth-xx/oauth2/pull/322), [#331](https://github.com/oauth-xx/oauth2/pull/331), [#337](https://github.com/oauth-xx/oauth2/pull/337), [#361](https://github.com/oauth-xx/oauth2/pull/361), [#371](https://github.com/oauth-xx/oauth2/pull/371), [#377](https://github.com/oauth-xx/oauth2/pull/377), [#383](https://github.com/oauth-xx/oauth2/pull/383), [#392](https://github.com/oauth-xx/oauth2/pull/392), [#395](https://github.com/oauth-xx/oauth2/pull/395), [#400](https://github.com/oauth-xx/oauth2/pull/400), [#401](https://github.com/oauth-xx/oauth2/pull/401), [#403](https://github.com/oauth-xx/oauth2/pull/403), [#415](https://github.com/oauth-xx/oauth2/pull/415), [#567](https://github.com/oauth-xx/oauth2/pull/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
53
+ - [#328](https://github.com/oauth-xx/oauth2/pull/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
54
+ - [#339](https://github.com/oauth-xx/oauth2/pull/339), [#479](https://github.com/oauth-xx/oauth2/pull/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
55
+ - [#366](https://github.com/oauth-xx/oauth2/pull/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
56
+ - [#380](https://github.com/oauth-xx/oauth2/pull/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
57
+ - [#399](https://github.com/oauth-xx/oauth2/pull/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
58
+ - [#410](https://github.com/oauth-xx/oauth2/pull/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
59
+ - [#460](https://github.com/oauth-xx/oauth2/pull/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://github.com/oauth-xx/oauth2/pull/524) for `1-4-stable` branch (@joaolrpaulo)
60
+ - [#472](https://github.com/oauth-xx/oauth2/pull/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
61
+ - [#482](https://github.com/oauth-xx/oauth2/pull/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
62
+ - [#536](https://github.com/oauth-xx/oauth2/pull/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://github.com/oauth-xx/oauth2/pull/535) on `1-4-stable` branch (@pboling)
63
+ ### Removed
64
+ - [#341](https://github.com/oauth-xx/oauth2/pull/341) - Remove Rdoc & Jeweler related files (@josephpage)
65
+ - [#342](https://github.com/oauth-xx/oauth2/pull/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
66
+ - [#539](https://github.com/oauth-xx/oauth2/pull/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://github.com/oauth-xx/oauth2/pull/538) for 1-4-stable (@anderscarling)
67
+ - [#566](https://github.com/oauth-xx/oauth2/pull/566) - _Dependency_: Removed `wwtd` (@bquorning)
68
+ - [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu)
69
+ - [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu)
7
70
 
71
+ ## [1.4.9] - 2022-02-20
8
72
  - Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572)
9
73
  - Includes supported versions of Faraday in test matrix:
10
74
  - Faraday ~> 2.2.0 with Ruby >= 2.6
@@ -13,7 +77,6 @@ All notable changes to this project will be documented in this file.
13
77
  - Add Windows and MacOS to test matrix
14
78
 
15
79
  ## [1.4.8] - 2022-02-18
16
-
17
80
  - MFA is now required to push new gem versions (@pboling)
18
81
  - README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling)
19
82
  - [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
@@ -23,40 +86,33 @@ All notable changes to this project will be documented in this file.
23
86
  - [#543](https://github.com/oauth-xx/oauth2/pull/543) - Support for more modern Open SSL libraries (@pboling)
24
87
 
25
88
  ## [1.4.7] - 2021-03-19
26
-
27
89
  - [#541](https://github.com/oauth-xx/oauth2/pull/541) - Backport fix to expires_at handling [#533](https://github.com/oauth-xx/oauth2/pull/533) to 1-4-stable branch. (@dobon)
28
90
 
29
91
  ## [1.4.6] - 2021-03-19
30
-
31
92
  - [#540](https://github.com/oauth-xx/oauth2/pull/540) - Add VERSION constant (@pboling)
32
93
  - [#537](https://github.com/oauth-xx/oauth2/pull/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
33
- - [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests for version 1.4 (@anderscarling)
94
+ - [#538](https://github.com/oauth-xx/oauth2/pull/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://github.com/oauth-xx/oauth2/pull/539) on master branch (@anderscarling)
34
95
 
35
96
  ## [1.4.5] - 2021-03-18
36
-
37
- - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions (@pboling)
97
+ - [#535](https://github.com/oauth-xx/oauth2/pull/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://github.com/oauth-xx/oauth2/pull/536) on master branch (@pboling)
38
98
  - [#518](https://github.com/oauth-xx/oauth2/pull/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
39
99
  - [#507](https://github.com/oauth-xx/oauth2/pull/507) - Fix camel case content type, response keys (@anvox)
40
100
  - [#500](https://github.com/oauth-xx/oauth2/pull/500) - Fix YARD documentation formatting (@olleolleolle)
41
101
 
42
102
  ## [1.4.4] - 2020-02-12
43
-
44
103
  - [#408](https://github.com/oauth-xx/oauth2/pull/408) - Fixed expires_at for formatted time (@Lomey)
45
104
 
46
105
  ## [1.4.3] - 2020-01-29
47
-
48
106
  - [#483](https://github.com/oauth-xx/oauth2/pull/483) - add project metadata to gemspec (@orien)
49
107
  - [#495](https://github.com/oauth-xx/oauth2/pull/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
50
108
  - Adds support for private_key_jwt and tls_client_auth
51
109
  - [#433](https://github.com/oauth-xx/oauth2/pull/433) - allow field names with square brackets and numbers in params (@asm256)
52
110
 
53
111
  ## [1.4.2] - 2019-10-01
54
-
55
112
  - [#478](https://github.com/oauth-xx/oauth2/pull/478) - support latest version of faraday & fix build (@pboling)
56
- - officially support Ruby 2.6 and truffleruby
113
+ - Officially support Ruby 2.6 and truffleruby
57
114
 
58
115
  ## [1.4.1] - 2018-10-13
59
-
60
116
  - [#417](https://github.com/oauth-xx/oauth2/pull/417) - update jwt dependency (@thewoolleyman)
61
117
  - [#419](https://github.com/oauth-xx/oauth2/pull/419) - remove rubocop dependency (temporary, added back in [#423](https://github.com/oauth-xx/oauth2/pull/423)) (@pboling)
62
118
  - [#418](https://github.com/oauth-xx/oauth2/pull/418) - update faraday dependency (@pboling)
@@ -83,19 +139,16 @@ All notable changes to this project will be documented in this file.
83
139
  [jruby-9.2]: https://www.jruby.org/2018/05/24/jruby-9-2-0-0.html
84
140
 
85
141
  ## [1.4.0] - 2017-06-09
86
-
87
142
  - Drop Ruby 1.8.7 support (@sferik)
88
143
  - Fix some RuboCop offenses (@sferik)
89
144
  - _Dependency_: Remove Yardstick (@sferik)
90
145
  - _Dependency_: Upgrade Faraday to 0.12 (@sferik)
91
146
 
92
147
  ## [1.3.1] - 2017-03-03
93
-
94
148
  - Add support for Ruby 2.4.0 (@pschambacher)
95
149
  - _Dependency_: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
96
150
 
97
151
  ## [1.3.0] - 2016-12-28
98
-
99
152
  - Add support for header-based authentication to the `Client` so it can be used across the library (@bjeanes)
100
153
  - Default to header-based authentication when getting a token from an authorisation code (@maletor)
101
154
  - **Breaking**: Allow an `auth_scheme` (`:basic_auth` or `:request_body`) to be set on the client, defaulting to `:request_body` to maintain backwards compatibility (@maletor, @bjeanes)
@@ -105,24 +158,20 @@ All notable changes to this project will be documented in this file.
105
158
  - Add support for Faraday 0.10 (@rhymes)
106
159
 
107
160
  ## [1.2.0] - 2016-07-01
108
-
109
161
  - Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
110
162
  - Make a copy of the options hash in `AccessToken#from_hash` to avoid accidental mutations (@Linuus)
111
163
  - Use `raise` rather than `fail` to throw exceptions (@sferik)
112
164
 
113
165
  ## [1.1.0] - 2016-01-30
114
-
115
166
  - Various refactors (eliminating `Hash#merge!` usage in `AccessToken#refresh!`, use `yield` instead of `#call`, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
116
167
  - Add support for Rack 2, and bump various other dependencies (@sferik)
117
168
 
118
169
  ## [1.0.0] - 2014-07-09
119
-
120
170
  ### Added
121
171
  - Add an implementation of the MAC token spec.
122
172
 
123
173
  ### Fixed
124
174
  - Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
125
-
126
175
  ## [0.5.0] - 2011-07-29
127
176
 
128
177
  ### Changed
@@ -158,7 +207,7 @@ All notable changes to this project will be documented in this file.
158
207
 
159
208
  ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
160
209
 
161
-
210
+ [Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD
162
211
  [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
163
212
  [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
164
213
  [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
@@ -193,4 +242,5 @@ All notable changes to this project will be documented in this file.
193
242
  [1.4.6]: https://github.com/oauth-xx/oauth2/compare/v1.4.5...v1.4.6
194
243
  [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
195
244
  [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
196
- [unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.1...HEAD
245
+ [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
246
+ [gemfiles/readme]: gemfiles/README.md
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,18 @@
1
+ ## Submitting a Pull Request
2
+ 1. [Fork the repository.][fork]
3
+ 2. [Create a topic branch.][branch]
4
+ 3. Add specs for your unimplemented feature or bug fix.
5
+ 4. Run `bundle exec rake spec`. If your specs pass, return to step 3.
6
+ 5. Implement your feature or bug fix.
7
+ 6. Run `bundle exec rake`. If your specs fail, return to step 5.
8
+ 7. Run `open coverage/index.html`. If your changes are not completely covered
9
+ by your tests, return to step 3.
10
+ 8. Add documentation for your feature or bug fix.
11
+ 9. Run `bundle exec rake verify_measurements`. If your changes are not 100%
12
+ documented, go back to step 8.
13
+ 10. Commit and push your changes.
14
+ 11. [Submit a pull request.][pr]
15
+
16
+ [fork]: http://help.github.com/fork-a-repo/
17
+ [branch]: http://learn.github.com/p/branching.html
18
+ [pr]: http://help.github.com/send-pull-requests/
data/README.md CHANGED
@@ -1,8 +1,8 @@
1
1
  <p align="center">
2
- <a href="http://oauth.net/2/" target="_blank" rel="noopener noreferrer">
2
+ <a href="http://oauth.net/2/" target="_blank" rel="noopener">
3
3
  <img src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/oauth2-logo-124px.png?raw=true" alt="OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0">
4
4
  </a>
5
- <a href="https://www.ruby-lang.org/" target="_blank" rel="noopener noreferrer">
5
+ <a href="https://www.ruby-lang.org/" target="_blank" rel="noopener">
6
6
  <img width="124px" src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/ruby-logo-198px.svg?raw=true" alt="Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5">
7
7
  </a>
8
8
  </p>
@@ -15,29 +15,36 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author
15
15
  This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications.
16
16
  See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
17
17
 
18
- ⚠️ **_WARNING_**: You are viewing the `README` of the soon-to-be-deprecated `1-4-stable`
19
- branch which for version 1.4.x releases. Version 2.0 is coming! ⚠️
20
-
21
18
  ---
22
19
 
23
20
  * [OAuth 2.0 Spec][oauth2-spec]
24
- * [OAuth 1.0 sibling gem][sibling-gem]
25
- * Help us finish release [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues.
26
- * Oauth2 gem is _always_ looking for additional maintainers. See [#307][maintainers-discussion].
21
+ * [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby.
27
22
 
28
23
  [oauth2-spec]: https://oauth.net/2/
29
24
  [sibling-gem]: https://github.com/oauth-xx/oauth-ruby
30
25
  [next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1
31
26
  [next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1
32
- [maintainers-discussion]: https://github.com/oauth-xx/oauth2/issues/307
33
27
 
34
28
  ## Release Documentation
35
29
 
30
+ ### Version 2.0.x
31
+
32
+ <details>
33
+ <summary>2.0.x Readmes</summary>
34
+
35
+ | Version | Release Date | Readme |
36
+ |---------|--------------|----------------------------------------------------------|
37
+ | 2.0.0 | Soon | https://github.com/oauth-xx/oauth2/blob/master/README.md |
38
+ </details>
39
+
40
+ ### Older Releases
41
+
36
42
  <details>
37
43
  <summary>1.4.x Readmes</summary>
38
44
 
39
45
  | Version | Release Date | Readme |
40
46
  |---------|--------------|----------------------------------------------------------|
47
+ | 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md |
41
48
  | 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md |
42
49
  | 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
43
50
  | 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
@@ -69,6 +76,8 @@ branch which for version 1.4.x releases. Version 2.0 is coming! ⚠️
69
76
  | < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags |
70
77
  </details>
71
78
 
79
+ ## Status
80
+
72
81
  <!--
73
82
  Numbering rows and badges in each row as a visual "database" lookup,
74
83
  as the table is extremely dense, and it can be very difficult to find anything
@@ -91,17 +100,20 @@ badge #s:
91
100
  🖐
92
101
  🧮
93
102
  📗
103
+
104
+ appended indicators:
105
+ ♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient.
94
106
  -->
95
107
 
96
- | | Project | oauth2 |
97
- |:----|-----------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
98
- | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] |
99
- | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-open-img]][🖐prs-open] [![Closed PRs][🧮prs-closed-img]][🧮prs-closed] |
100
- | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
101
- | 4️⃣ | testing | [![Build][⛳️tot-bld-img]][⛳️tot-bld] [![supported][🖇supported-wf-img]][🖇supported-wf] [![EOL & Code Coverage Build][🏘eol-wf-img]][🏘eol-wf] [![unsupported][🚎unsupported-wf-img]][🚎unsupported-wf] |
102
- | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] |
103
- | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
104
- | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] |
108
+ | | Project | bundle add oauth2 |
109
+ |:----|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
110
+ | 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] |
111
+ | 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img]][📗next] |
112
+ | 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
113
+ | 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] |
114
+ | 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] |
115
+ | 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
116
+ | 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] [🌹][politicme] |
105
117
 
106
118
  <!--
107
119
  The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
@@ -124,18 +136,20 @@ The link tokens in the following sections should be kept ordered by the row and
124
136
  [🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg
125
137
  [🚎src-home]: https://github.com/oauth-xx/oauth2
126
138
  [🚎src-home-img]: https://img.shields.io/badge/source-github-brightgreen.svg?style=flat
127
- [🖐prs-open]: https://github.com/oauth-xx/oauth2/pulls
128
- [🖐prs-open-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
129
- [🧮prs-closed]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
130
- [🧮prs-closed-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
139
+ [🖐prs-o]: https://github.com/oauth-xx/oauth2/pulls
140
+ [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
141
+ [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
142
+ [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
143
+ [📗next]: https://github.com/oauth-xx/oauth2/milestone/1
144
+ [📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/1?label=Next%20Version
131
145
 
132
146
  <!-- 3️⃣ maintanence & linting -->
133
147
  [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
134
- [⛳cclim-maint-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
148
+ [⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
135
149
  [🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2
136
150
  [🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg
137
- [🏘depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445
138
- [🏘depfu-img]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
151
+ [🏘depfu♻️]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445
152
+ [🏘depfu-img♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
139
153
  [🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors
140
154
  [🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2
141
155
  [🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml
@@ -144,28 +158,34 @@ The link tokens in the following sections should be kept ordered by the row and
144
158
  [🧮kloc-img]: https://img.shields.io/tokei/lines/github.com/oauth-xx/oauth2
145
159
 
146
160
  <!-- 4️⃣ testing -->
147
- [⛳️tot-bld]: https://actions-badge.atrox.dev/oauth-xx/oauth2/goto
148
- [⛳️tot-bld-img]: https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2Foauth-xx%2Foauth2%2Fbadge&style=flat
149
- [🖇supported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml
150
- [🖇supported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg
151
- [🏘eol-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml
152
- [🏘eol-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg
153
- [🚎unsupported-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml
154
- [🚎unsupported-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg
155
- [🖐issues]: https://github.com/oauth-xx/oauth2/issues
156
- [🖐issues-img]: https://github.com/oauth-xx/oauth2/issues
161
+ [⛳iss-o]: https://github.com/oauth-xx/oauth2/issues
162
+ [⛳iss-o-img]: https://img.shields.io/github/issues-raw/oauth-xx/oauth2
163
+ [🖇iss-c]: https://github.com/oauth-xx/oauth2/issues?q=is%3Aissue+is%3Aclosed
164
+ [🖇iss-c-img]: https://img.shields.io/github/issues-closed-raw/oauth-xx/oauth2
165
+ [🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml
166
+ [🏘sup-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg
167
+ [🚎heads-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml
168
+ [🚎heads-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml/badge.svg
169
+ [🖐uns-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml
170
+ [🖐uns-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg
171
+ [🧮mac-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml
172
+ [🧮mac-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml/badge.svg
173
+ [📗win-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml
174
+ [📗win-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml/badge.svg
157
175
 
158
176
  <!-- 5️⃣ coverage & security -->
159
177
  [⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage
160
- [⛳cclim-cov-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage
161
- [🖇codecov-img]: https://codecov.io/gh/oauth-xx/oauth2/branch/1-4-stable/graph/badge.svg?token=bNqSzNiuo2
178
+ [⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage
179
+ [🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2
162
180
  [🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2
163
- [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=1-4-stable
164
- [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=1-4-stable
181
+ [🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master
182
+ [🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master
165
183
  [🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/master/SECURITY.md
166
184
  [🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
167
185
  [🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning
168
186
  [🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
187
+ [🧮cov-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml
188
+ [🧮cov-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg
169
189
 
170
190
  <!-- 6️⃣ resources -->
171
191
  [⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions
@@ -195,29 +215,51 @@ The link tokens in the following sections should be kept ordered by the row and
195
215
  [coderme]:http://coderwall.com/pboling
196
216
  [politicme]: https://nationalprogressiveparty.org
197
217
 
198
-
199
218
  ## Installation
200
219
 
201
- ```shell
202
- gem install oauth2
203
- ```
220
+ Install the gem and add to the application's Gemfile by executing:
204
221
 
205
- Or inside a `Gemfile`
222
+ $ bundle add oauth2
206
223
 
207
- ```ruby
208
- gem 'oauth2'
209
- ```
210
- And then execute in a shell:
211
- ```shell
212
- bundle
213
- ```
224
+ If bundler is not being used to manage dependencies, install the gem by executing:
225
+
226
+ $ gem install oauth2
227
+
228
+ ## OAuth2 for Enterprise
214
229
 
230
+ Available as part of the Tidelift Subscription.
231
+
232
+ The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise)
233
+
234
+ ## Security contact information
235
+
236
+ To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
237
+ Tidelift will coordinate the fix and disclosure.
238
+
239
+ For more see [SECURITY.md][🚎sec-pol].
240
+
241
+ ## What is new for v2.0 (unreleased, `master` branch)?
242
+
243
+ - Officially support Ruby versions >= 2.7
244
+ - Unofficially support Ruby versions >= 2.5
245
+ - Incidentally support Ruby versions >= 2.2
246
+ - Drop support for the expired MAC Draft (all versions)
247
+ - Support IETF rfc7523 JWT Bearer Tokens
248
+ - Support IETF rfc7231 Relative Location in Redirect
249
+ - Support IETF rfc6749 Don't set oauth params when nil
250
+ - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
251
+ - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
252
+ - Adds new option to `OAuth2::Client#get_token`:
253
+ - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
254
+ - Adds new option to `OAuth2::AccessToken#initialize`:
255
+ - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
256
+ - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased)
215
257
 
216
258
  ## Compatibility
217
259
 
218
260
  Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and
219
261
  3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby.
220
- Ruby is limited to 1.9+ in the gemspec for the 1.4.x series and will be 2.2+ for 2.x releases (see `master` branch).
262
+ Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubies.
221
263
 
222
264
  <details>
223
265
  <summary>Ruby Engine Compatibility Policy</summary>
@@ -249,28 +291,57 @@ of a major release, support for that Ruby version may be dropped.
249
291
 
250
292
  | | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally |
251
293
  |:----|----------------------|--------------------|-------------------------|------------------------|------------------------|
252
- | 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.6, 2.5 | 2.4, 2.3, 2.2 |
253
- | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 2.0, 1.9 |
294
+ | 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 |
295
+ | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 |
254
296
  | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | |
255
297
 
256
- NOTE: Once 2.0 is released, the 1.4 series will only receive critical bug and security updates.
298
+ NOTE: The 1.4 series will only receive critical bug and security updates.
257
299
  See [SECURITY.md][🚎sec-pol]
258
300
 
259
301
  ## Usage Examples
260
302
 
303
+ ### `authorize_url` and `token_url` are on site root (Just Works!)
304
+
261
305
  ```ruby
262
306
  require 'oauth2'
263
- client = OAuth2::Client.new('client_id', 'client_secret', :site => 'https://example.org')
307
+ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org')
308
+ # => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
309
+ client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
310
+ # => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
264
311
 
265
- client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth2/callback')
266
- # => "https://example.org/oauth/authorization?response_type=code&client_id=client_id&redirect_uri=http://localhost:8080/oauth2/callback"
267
-
268
- token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'})
269
- response = token.get('/api/resource', :params => {'query_foo' => 'bar'})
312
+ token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
313
+ response = token.get('/api/resource', params: {'query_foo' => 'bar'})
270
314
  response.class.name
271
315
  # => OAuth2::Response
272
316
  ```
273
317
 
318
+ ### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
319
+
320
+ In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
321
+
322
+ ```ruby
323
+ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/nested/directory/on/your/server')
324
+ # => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
325
+ client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
326
+ # => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
327
+ ```
328
+
329
+ ### Customize `authorize_url` and `token_url`
330
+
331
+ You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
332
+
333
+ ```ruby
334
+ client = OAuth2::Client.new('client_id', 'client_secret',
335
+ site: 'https://example.org/nested/directory/on/your/server',
336
+ authorize_url: '/jaunty/authorize/',
337
+ token_url: '/stirrups/access_token')
338
+ # => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
339
+ client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
340
+ # => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
341
+ client.class.name
342
+ # => OAuth2::Client
343
+ ```
344
+
274
345
  <details>
275
346
  <summary>Debugging</summary>
276
347
 
@@ -289,8 +360,8 @@ require 'oauth2'
289
360
  client = OAuth2::Client.new(
290
361
  'client_id',
291
362
  'client_secret',
292
- :site => 'https://example.org',
293
- :logger => Logger.new('example.log', 'weekly')
363
+ site: 'https://example.org',
364
+ logger: Logger.new('example.log', 'weekly')
294
365
  )
295
366
  ```
296
367
  </details>
@@ -334,10 +405,10 @@ authentication grant types have helper strategy classes that simplify client
334
405
  use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively.
335
406
 
336
407
  ```ruby
337
- auth_url = client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth/callback')
338
- token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback')
408
+ auth_url = client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
409
+ token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
339
410
 
340
- auth_url = client.implicit.authorize_url(:redirect_uri => 'http://localhost:8080/oauth/callback')
411
+ auth_url = client.implicit.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
341
412
  # get the token params in the callback and
342
413
  token = OAuth2::AccessToken.from_kvform(client, query_string)
343
414
 
@@ -352,7 +423,7 @@ If you want to specify additional headers to be sent out with the
352
423
  request, add a 'headers' hash under 'params':
353
424
 
354
425
  ```ruby
355
- token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback', :headers => {'Some' => 'Header'})
426
+ token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
356
427
  ```
357
428
 
358
429
  You can always use the `#request` method on the `OAuth2::Client` instance to make
@@ -373,7 +444,7 @@ dependency on this gem using the [Pessimistic Version Constraint][pvc] with two
373
444
  For example:
374
445
 
375
446
  ```ruby
376
- spec.add_dependency 'oauth2', '~> 1.4'
447
+ spec.add_dependency 'oauth2', '~> 2.0'
377
448
  ```
378
449
 
379
450
  [semver]: http://semver.org/
@@ -395,7 +466,7 @@ spec.add_dependency 'oauth2', '~> 1.4'
395
466
 
396
467
  ## Development
397
468
 
398
- After checking out the repo, run `bundle install` to install dependencies. Then, run `bundle excec rake spec` to run the tests.
469
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
399
470
 
400
471
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
401
472
 
data/SECURITY.md ADDED
@@ -0,0 +1,14 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ | Version | Supported |
6
+ |--------------|-----------|
7
+ | 2.0.<latest> | ✅ |
8
+ | 1.4.<latest> | ✅ |
9
+ | older | ⛔️ |
10
+
11
+ ## Reporting a Vulnerability
12
+
13
+ To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
14
+ Tidelift will coordinate the fix and disclosure.