oauth2 1.4.9 → 2.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +124 -24
- data/CONTRIBUTING.md +44 -0
- data/README.md +225 -97
- data/SECURITY.md +20 -0
- data/lib/oauth2/access_token.rb +41 -21
- data/lib/oauth2/authenticator.rb +9 -4
- data/lib/oauth2/client.rb +122 -80
- data/lib/oauth2/error.rb +41 -24
- data/lib/oauth2/response.rb +77 -22
- data/lib/oauth2/snaky_hash.rb +8 -0
- data/lib/oauth2/strategy/assertion.rb +63 -38
- data/lib/oauth2/strategy/auth_code.rb +13 -2
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/strategy/implicit.rb +7 -0
- data/lib/oauth2/version.rb +1 -59
- data/lib/oauth2.rb +19 -1
- metadata +107 -77
- data/lib/oauth2/mac_token.rb +0 -130
- data/spec/fixtures/README.md +0 -11
- data/spec/fixtures/RS256/jwtRS256.key +0 -51
- data/spec/fixtures/RS256/jwtRS256.key.pub +0 -14
- data/spec/helper.rb +0 -33
- data/spec/oauth2/access_token_spec.rb +0 -218
- data/spec/oauth2/authenticator_spec.rb +0 -86
- data/spec/oauth2/client_spec.rb +0 -556
- data/spec/oauth2/mac_token_spec.rb +0 -122
- data/spec/oauth2/response_spec.rb +0 -96
- data/spec/oauth2/strategy/assertion_spec.rb +0 -113
- data/spec/oauth2/strategy/auth_code_spec.rb +0 -108
- data/spec/oauth2/strategy/base_spec.rb +0 -7
- data/spec/oauth2/strategy/client_credentials_spec.rb +0 -71
- data/spec/oauth2/strategy/implicit_spec.rb +0 -28
- data/spec/oauth2/strategy/password_spec.rb +0 -58
- data/spec/oauth2/version_spec.rb +0 -23
data/README.md
CHANGED
@@ -1,8 +1,8 @@
|
|
1
1
|
<p align="center">
|
2
|
-
<a href="http://oauth.net/2/" target="_blank" rel="noopener
|
2
|
+
<a href="http://oauth.net/2/" target="_blank" rel="noopener">
|
3
3
|
<img src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/oauth2-logo-124px.png?raw=true" alt="OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0">
|
4
4
|
</a>
|
5
|
-
<a href="https://www.ruby-lang.org/" target="_blank" rel="noopener
|
5
|
+
<a href="https://www.ruby-lang.org/" target="_blank" rel="noopener">
|
6
6
|
<img width="124px" src="https://github.com/oauth-xx/oauth2/raw/master/docs/images/logo/ruby-logo-198px.svg?raw=true" alt="Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5">
|
7
7
|
</a>
|
8
8
|
</p>
|
@@ -15,38 +15,48 @@ OAuth 2.0 focuses on client developer simplicity while providing specific author
|
|
15
15
|
This is a RubyGem for implementing OAuth 2.0 clients and servers in Ruby applications.
|
16
16
|
See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
|
17
17
|
|
18
|
-
⚠️ **_WARNING_**: You are viewing the `README` of the soon-to-be-deprecated `1-4-stable`
|
19
|
-
branch which for version 1.4.x releases. Version 2.0 is coming! ⚠️
|
20
|
-
|
21
18
|
---
|
22
19
|
|
23
20
|
* [OAuth 2.0 Spec][oauth2-spec]
|
24
|
-
* [
|
25
|
-
* Help us finish release [![2.0.0 release milestone][next-milestone-pct-img]][next-milestone-pct] by submitting or reviewing PRs and issues.
|
26
|
-
* Oauth2 gem is _always_ looking for additional maintainers. See [#307][maintainers-discussion].
|
21
|
+
* [oauth sibling gem][sibling-gem] for OAuth 1.0 implementations in Ruby.
|
27
22
|
|
28
23
|
[oauth2-spec]: https://oauth.net/2/
|
29
24
|
[sibling-gem]: https://github.com/oauth-xx/oauth-ruby
|
30
|
-
[next-milestone-pct]: https://github.com/oauth-xx/oauth2/milestone/1
|
31
|
-
[next-milestone-pct-img]: https://img.shields.io/github/milestones/progress-percent/oauth-xx/oauth2/1
|
32
|
-
[maintainers-discussion]: https://github.com/oauth-xx/oauth2/issues/307
|
33
25
|
|
34
26
|
## Release Documentation
|
35
27
|
|
28
|
+
### Version 2.0.x
|
29
|
+
|
36
30
|
<details>
|
37
|
-
<summary>
|
31
|
+
<summary>2.0.x Readmes</summary>
|
38
32
|
|
39
33
|
| Version | Release Date | Readme |
|
40
34
|
|---------|--------------|----------------------------------------------------------|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
35
|
+
| 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md |
|
36
|
+
| 2.0.3 | 2022-06-28 | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md |
|
37
|
+
| 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md |
|
38
|
+
| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.1/README.md |
|
39
|
+
| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md |
|
40
|
+
</details>
|
41
|
+
|
42
|
+
### Older Releases
|
43
|
+
|
44
|
+
<details>
|
45
|
+
<summary>1.4.x Readmes</summary>
|
46
|
+
|
47
|
+
| Version | Release Date | Readme |
|
48
|
+
|---------|--------------|-----------------------------------------------------------|
|
49
|
+
| 1.4.10 | Jul 1, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.10/README.md |
|
50
|
+
| 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md |
|
51
|
+
| 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md |
|
52
|
+
| 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
|
53
|
+
| 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
|
54
|
+
| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md |
|
55
|
+
| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md |
|
56
|
+
| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md |
|
57
|
+
| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md |
|
58
|
+
| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md |
|
59
|
+
| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
|
50
60
|
</details>
|
51
61
|
|
52
62
|
<details>
|
@@ -69,6 +79,8 @@ branch which for version 1.4.x releases. Version 2.0 is coming! ⚠️
|
|
69
79
|
| < 1.0.0 | Find here | https://github.com/oauth-xx/oauth2/tags |
|
70
80
|
</details>
|
71
81
|
|
82
|
+
## Status
|
83
|
+
|
72
84
|
<!--
|
73
85
|
Numbering rows and badges in each row as a visual "database" lookup,
|
74
86
|
as the table is extremely dense, and it can be very difficult to find anything
|
@@ -91,17 +103,20 @@ badge #s:
|
|
91
103
|
🖐
|
92
104
|
🧮
|
93
105
|
📗
|
106
|
+
|
107
|
+
appended indicators:
|
108
|
+
♻️ - URL needs to be updated from SASS integration. Find / Replace is insufficient.
|
94
109
|
-->
|
95
110
|
|
96
|
-
| | Project | oauth2
|
97
|
-
|
98
|
-
| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard]
|
99
|
-
| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-
|
100
|
-
| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img]][🏘depfu] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc]
|
101
|
-
| 4️⃣ | testing | [![
|
102
|
-
| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img]][⛳cclim-cov] [![CodeCov][🖇codecov-img]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL]
|
103
|
-
| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki]
|
104
|
-
| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme]
|
111
|
+
| | Project | bundle add oauth2 |
|
112
|
+
|:----|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|
113
|
+
| 1️⃣ | name, license, docs | [![RubyGems.org][⛳️name-img]][⛳️gem] [![License: MIT][🖇src-license-img]][🖇src-license] [![FOSSA][🏘fossa-img]][🏘fossa] [![RubyDoc.info][🚎yard-img]][🚎yard] [![InchCI][🖐inch-ci-img]][🚎yard] |
|
114
|
+
| 2️⃣ | version & activity | [![Gem Version][⛳️version-img]][⛳️gem] [![Total Downloads][🖇DL-total-img]][⛳️gem] [![Download Rank][🏘DL-rank-img]][⛳️gem] [![Source Code][🚎src-home-img]][🚎src-home] [![Open PRs][🖐prs-o-img]][🖐prs-o] [![Closed PRs][🧮prs-c-img]][🧮prs-c] [![Next Version][📗next-img♻️]][📗next♻️] |
|
115
|
+
| 3️⃣ | maintanence & linting | [![Maintainability][⛳cclim-maint-img♻️]][⛳cclim-maint] [![Helpers][🖇triage-help-img]][🖇triage-help] [![Depfu][🏘depfu-img♻️]][🏘depfu♻️] [![Contributors][🚎contributors-img]][🚎contributors] [![Style][🖐style-wf-img]][🖐style-wf] [![Kloc Roll][🧮kloc-img]][🧮kloc] |
|
116
|
+
| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] |
|
117
|
+
| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] |
|
118
|
+
| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
|
119
|
+
| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] |
|
105
120
|
|
106
121
|
<!--
|
107
122
|
The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
|
@@ -124,18 +139,20 @@ The link tokens in the following sections should be kept ordered by the row and
|
|
124
139
|
[🏘DL-rank-img]: https://img.shields.io/gem/rt/oauth2.svg
|
125
140
|
[🚎src-home]: https://github.com/oauth-xx/oauth2
|
126
141
|
[🚎src-home-img]: https://img.shields.io/badge/source-github-brightgreen.svg?style=flat
|
127
|
-
[🖐prs-
|
128
|
-
[🖐prs-
|
129
|
-
[🧮prs-
|
130
|
-
[🧮prs-
|
131
|
-
|
132
|
-
|
142
|
+
[🖐prs-o]: https://github.com/oauth-xx/oauth2/pulls
|
143
|
+
[🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
|
144
|
+
[🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
|
145
|
+
[🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
|
146
|
+
[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/15
|
147
|
+
[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/15?label=Next%20Version
|
148
|
+
|
149
|
+
<!-- 3️⃣ maintenance & linting -->
|
133
150
|
[⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
|
134
|
-
[⛳cclim-maint-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
|
151
|
+
[⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
|
135
152
|
[🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2
|
136
153
|
[🖇triage-help-img]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg
|
137
|
-
[🏘depfu]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445
|
138
|
-
[🏘depfu-img]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
|
154
|
+
[🏘depfu♻️]: https://depfu.com/github/oauth-xx/oauth2?project_id=4445
|
155
|
+
[🏘depfu-img♻️]: https://badges.depfu.com/badges/6d34dc1ba682bbdf9ae2a97848241743/count.svg
|
139
156
|
[🚎contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors
|
140
157
|
[🚎contributors-img]: https://img.shields.io/github/contributors-anon/oauth-xx/oauth2
|
141
158
|
[🖐style-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/style.yml
|
@@ -144,28 +161,34 @@ The link tokens in the following sections should be kept ordered by the row and
|
|
144
161
|
[🧮kloc-img]: https://img.shields.io/tokei/lines/github.com/oauth-xx/oauth2
|
145
162
|
|
146
163
|
<!-- 4️⃣ testing -->
|
147
|
-
[
|
148
|
-
[
|
149
|
-
[🖇
|
150
|
-
[🖇
|
151
|
-
[🏘
|
152
|
-
[🏘
|
153
|
-
[🚎
|
154
|
-
[🚎
|
155
|
-
[🖐
|
156
|
-
[🖐
|
164
|
+
[⛳iss-o]: https://github.com/oauth-xx/oauth2/issues
|
165
|
+
[⛳iss-o-img]: https://img.shields.io/github/issues-raw/oauth-xx/oauth2
|
166
|
+
[🖇iss-c]: https://github.com/oauth-xx/oauth2/issues?q=is%3Aissue+is%3Aclosed
|
167
|
+
[🖇iss-c-img]: https://img.shields.io/github/issues-closed-raw/oauth-xx/oauth2
|
168
|
+
[🏘sup-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml
|
169
|
+
[🏘sup-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/supported.yml/badge.svg
|
170
|
+
[🚎heads-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml
|
171
|
+
[🚎heads-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/heads.yml/badge.svg
|
172
|
+
[🖐uns-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml
|
173
|
+
[🖐uns-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/unsupported.yml/badge.svg
|
174
|
+
[🧮mac-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml
|
175
|
+
[🧮mac-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/macos.yml/badge.svg
|
176
|
+
[📗win-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml
|
177
|
+
[📗win-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/windows.yml/badge.svg
|
157
178
|
|
158
179
|
<!-- 5️⃣ coverage & security -->
|
159
180
|
[⛳cclim-cov]: https://codeclimate.com/github/oauth-xx/oauth2/test_coverage
|
160
|
-
[⛳cclim-cov-img]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage
|
161
|
-
[🖇codecov-img]: https://codecov.io/gh/oauth-xx/oauth2/branch/
|
181
|
+
[⛳cclim-cov-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/test_coverage
|
182
|
+
[🖇codecov-img♻️]: https://codecov.io/gh/oauth-xx/oauth2/branch/master/graph/badge.svg?token=bNqSzNiuo2
|
162
183
|
[🖇codecov]: https://codecov.io/gh/oauth-xx/oauth2
|
163
|
-
[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=
|
164
|
-
[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=
|
184
|
+
[🏘coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=master
|
185
|
+
[🏘coveralls-img]: https://coveralls.io/repos/github/oauth-xx/oauth2/badge.svg?branch=master
|
165
186
|
[🚎sec-pol]: https://github.com/oauth-xx/oauth2/blob/master/SECURITY.md
|
166
187
|
[🚎sec-pol-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
|
167
188
|
[🖐codeQL]: https://github.com/oauth-xx/oauth2/security/code-scanning
|
168
189
|
[🖐codeQL-img]: https://github.com/oauth-xx/oauth2/actions/workflows/codeql-analysis.yml/badge.svg
|
190
|
+
[🧮cov-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml
|
191
|
+
[🧮cov-wf-img]: https://github.com/oauth-xx/oauth2/actions/workflows/coverage.yml/badge.svg
|
169
192
|
|
170
193
|
<!-- 6️⃣ resources -->
|
171
194
|
[⛳gh-discussions]: https://github.com/oauth-xx/oauth2/discussions
|
@@ -193,31 +216,60 @@ The link tokens in the following sections should be kept ordered by the row and
|
|
193
216
|
[aboutme]: https://about.me/peter.boling
|
194
217
|
[angelme]: https://angel.co/peter-boling
|
195
218
|
[coderme]:http://coderwall.com/pboling
|
196
|
-
[politicme]: https://nationalprogressiveparty.org
|
197
|
-
|
198
219
|
|
199
220
|
## Installation
|
200
221
|
|
201
|
-
|
202
|
-
gem install oauth2
|
203
|
-
```
|
222
|
+
Install the gem and add to the application's Gemfile by executing:
|
204
223
|
|
205
|
-
|
224
|
+
$ bundle add oauth2
|
206
225
|
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
226
|
+
If bundler is not being used to manage dependencies, install the gem by executing:
|
227
|
+
|
228
|
+
$ gem install oauth2
|
229
|
+
|
230
|
+
## OAuth2 for Enterprise
|
231
|
+
|
232
|
+
Available as part of the Tidelift Subscription.
|
233
|
+
|
234
|
+
The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
|
214
235
|
|
236
|
+
[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise
|
237
|
+
|
238
|
+
## Security contact information
|
239
|
+
|
240
|
+
To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
|
241
|
+
Tidelift will coordinate the fix and disclosure.
|
242
|
+
|
243
|
+
For more see [SECURITY.md][🚎sec-pol].
|
244
|
+
|
245
|
+
## What is new for v2.0?
|
246
|
+
|
247
|
+
- Officially support Ruby versions >= 2.7
|
248
|
+
- Unofficially support Ruby versions >= 2.5
|
249
|
+
- Incidentally support Ruby versions >= 2.2
|
250
|
+
- Drop support for the expired MAC Draft (all versions)
|
251
|
+
- Support IETF rfc7523 JWT Bearer Tokens
|
252
|
+
- Support IETF rfc7231 Relative Location in Redirect
|
253
|
+
- Support IETF rfc6749 Don't set oauth params when nil
|
254
|
+
- Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
|
255
|
+
- Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
|
256
|
+
- Adds new option to `OAuth2::Client#get_token`:
|
257
|
+
- `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
|
258
|
+
- Adds new option to `OAuth2::AccessToken#initialize`:
|
259
|
+
- `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
|
260
|
+
- By default, keys are transformed to camel case.
|
261
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
262
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
263
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
264
|
+
- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
|
265
|
+
- Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
|
266
|
+
- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
|
215
267
|
|
216
268
|
## Compatibility
|
217
269
|
|
218
270
|
Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.7, 3.0 and
|
219
271
|
3.1. Compatibility is further distinguished by supported and unsupported versions of Ruby.
|
220
|
-
Ruby is limited to
|
272
|
+
Ruby is limited to 2.2+ for 2.x releases. See `1-4-stable` branch for older rubies.
|
221
273
|
|
222
274
|
<details>
|
223
275
|
<summary>Ruby Engine Compatibility Policy</summary>
|
@@ -247,30 +299,84 @@ fashion. If critical issues for a particular implementation exist at the time
|
|
247
299
|
of a major release, support for that Ruby version may be dropped.
|
248
300
|
</details>
|
249
301
|
|
250
|
-
| | Ruby
|
251
|
-
|
252
|
-
| 1️⃣ | 2.0.x
|
253
|
-
| 2️⃣ | 1.4.x
|
254
|
-
| 3️⃣ | older
|
302
|
+
| | Ruby OAuth2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally |
|
303
|
+
|:----|---------------------|--------------------|-------------------------|------------------------|------------------------|
|
304
|
+
| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 |
|
305
|
+
| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 |
|
306
|
+
| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | |
|
255
307
|
|
256
|
-
NOTE:
|
308
|
+
NOTE: The 1.4 series will only receive critical security updates.
|
257
309
|
See [SECURITY.md][🚎sec-pol]
|
258
310
|
|
259
311
|
## Usage Examples
|
260
312
|
|
313
|
+
### `authorize_url` and `token_url` are on site root (Just Works!)
|
314
|
+
|
261
315
|
```ruby
|
262
316
|
require 'oauth2'
|
263
|
-
client = OAuth2::Client.new('client_id', 'client_secret', :
|
317
|
+
client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org')
|
318
|
+
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
|
319
|
+
client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
|
320
|
+
# => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
|
264
321
|
|
265
|
-
client.auth_code.
|
266
|
-
|
267
|
-
|
268
|
-
token = client.auth_code.get_token('authorization_code_value', :redirect_uri => 'http://localhost:8080/oauth2/callback', :headers => {'Authorization' => 'Basic some_password'})
|
269
|
-
response = token.get('/api/resource', :params => {'query_foo' => 'bar'})
|
322
|
+
access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
|
323
|
+
response = access.get('/api/resource', params: {'query_foo' => 'bar'})
|
270
324
|
response.class.name
|
271
325
|
# => OAuth2::Response
|
272
326
|
```
|
273
327
|
|
328
|
+
### Relative `authorize_url` and `token_url` (Not on site root, Just Works!)
|
329
|
+
|
330
|
+
In above example, the default Authorization URL is `oauth/authorize` and default Access Token URL is `oauth/token`, and, as they are missing a leading `/`, both are relative.
|
331
|
+
|
332
|
+
```ruby
|
333
|
+
client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example.org/nested/directory/on/your/server')
|
334
|
+
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
|
335
|
+
client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
|
336
|
+
# => "https://example.org/nested/directory/on/your/server/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
|
337
|
+
```
|
338
|
+
|
339
|
+
### Customize `authorize_url` and `token_url`
|
340
|
+
|
341
|
+
You can specify custom URLs for authorization and access token, and when using a leading `/` they will _not be relative_, as shown below:
|
342
|
+
|
343
|
+
```ruby
|
344
|
+
client = OAuth2::Client.new('client_id', 'client_secret',
|
345
|
+
site: 'https://example.org/nested/directory/on/your/server',
|
346
|
+
authorize_url: '/jaunty/authorize/',
|
347
|
+
token_url: '/stirrups/access_token')
|
348
|
+
# => #<OAuth2::Client:0x00000001204c8288 @id="client_id", @secret="client_sec...
|
349
|
+
client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
|
350
|
+
# => "https://example.org/jaunty/authorize/?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
|
351
|
+
client.class.name
|
352
|
+
# => OAuth2::Client
|
353
|
+
```
|
354
|
+
|
355
|
+
### snake_case and indifferent access in Response#parsed
|
356
|
+
|
357
|
+
```ruby
|
358
|
+
response = access.get('/api/resource', params: {'query_foo' => 'bar'})
|
359
|
+
# Even if the actual response is CamelCase. it will be made available as snaky:
|
360
|
+
JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
361
|
+
response.parsed # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
|
362
|
+
response.parsed.access_token # => "aaaaaaaa"
|
363
|
+
response.parsed[:access_token] # => "aaaaaaaa"
|
364
|
+
response.parsed.additional_data # => "additional"
|
365
|
+
response.parsed[:additional_data] # => "additional"
|
366
|
+
response.parsed.class.name # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
|
367
|
+
```
|
368
|
+
|
369
|
+
#### What if I hate snakes and/or indifference?
|
370
|
+
|
371
|
+
```ruby
|
372
|
+
response = access.get('/api/resource', params: {'query_foo' => 'bar'}, snaky: false)
|
373
|
+
JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
374
|
+
response.parsed # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
375
|
+
response.parsed['accessToken'] # => "aaaaaaaa"
|
376
|
+
response.parsed['additionalData'] # => "additional"
|
377
|
+
response.parsed.class.name # => Hash (just, regular old Hash)
|
378
|
+
```
|
379
|
+
|
274
380
|
<details>
|
275
381
|
<summary>Debugging</summary>
|
276
382
|
|
@@ -289,8 +395,8 @@ require 'oauth2'
|
|
289
395
|
client = OAuth2::Client.new(
|
290
396
|
'client_id',
|
291
397
|
'client_secret',
|
292
|
-
:
|
293
|
-
:
|
398
|
+
site: 'https://example.org',
|
399
|
+
logger: Logger.new('example.log', 'weekly')
|
294
400
|
)
|
295
401
|
```
|
296
402
|
</details>
|
@@ -301,7 +407,7 @@ The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic
|
|
301
407
|
will return an instance of the #OAuth2::Response class.
|
302
408
|
|
303
409
|
This instance contains a `#parsed` method that will parse the response body and
|
304
|
-
return a Hash if the `Content-Type` is `application/x-www-form-urlencoded` or if
|
410
|
+
return a Hash-like [`OAuth2::SnakyHash`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
|
305
411
|
the body is a JSON object. It will return an Array if the body is a JSON
|
306
412
|
array. Otherwise, it will return the original body string.
|
307
413
|
|
@@ -331,28 +437,42 @@ Response instance will contain the `OAuth2::Error` instance.
|
|
331
437
|
|
332
438
|
Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
|
333
439
|
authentication grant types have helper strategy classes that simplify client
|
334
|
-
use. They are available via the `#auth_code
|
440
|
+
use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively.
|
335
441
|
|
442
|
+
These aren't full examples, but demonstrative of the differences between usage for each strategy.
|
336
443
|
```ruby
|
337
|
-
auth_url = client.auth_code.authorize_url(:
|
338
|
-
|
444
|
+
auth_url = client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
|
445
|
+
access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
|
339
446
|
|
340
|
-
auth_url = client.implicit.authorize_url(:
|
447
|
+
auth_url = client.implicit.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
|
341
448
|
# get the token params in the callback and
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
449
|
+
access = OAuth2::AccessToken.from_kvform(client, query_string)
|
450
|
+
|
451
|
+
access = client.password.get_token('username', 'password')
|
452
|
+
|
453
|
+
access = client.client_credentials.get_token
|
454
|
+
|
455
|
+
# Client Assertion Strategy
|
456
|
+
# see: https://tools.ietf.org/html/rfc7523
|
457
|
+
claimset = {
|
458
|
+
iss: 'http://localhost:3001',
|
459
|
+
aud: 'http://localhost:8080/oauth2/token',
|
460
|
+
sub: 'me@example.com',
|
461
|
+
exp: Time.now.utc.to_i + 3600,
|
462
|
+
}
|
463
|
+
assertion_params = [claimset, 'HS256', 'secret_key']
|
464
|
+
access = client.assertion.get_token(assertion_params)
|
465
|
+
|
466
|
+
# The `access` (i.e. access token) is then used like so:
|
467
|
+
access.token # actual access_token string, if you need it somewhere
|
468
|
+
access.get('/api/stuff') # making api calls with access token
|
349
469
|
```
|
350
470
|
|
351
471
|
If you want to specify additional headers to be sent out with the
|
352
472
|
request, add a 'headers' hash under 'params':
|
353
473
|
|
354
474
|
```ruby
|
355
|
-
|
475
|
+
access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
|
356
476
|
```
|
357
477
|
|
358
478
|
You can always use the `#request` method on the `OAuth2::Client` instance to make
|
@@ -373,7 +493,7 @@ dependency on this gem using the [Pessimistic Version Constraint][pvc] with two
|
|
373
493
|
For example:
|
374
494
|
|
375
495
|
```ruby
|
376
|
-
spec.add_dependency 'oauth2', '~>
|
496
|
+
spec.add_dependency 'oauth2', '~> 2.0'
|
377
497
|
```
|
378
498
|
|
379
499
|
[semver]: http://semver.org/
|
@@ -395,13 +515,21 @@ spec.add_dependency 'oauth2', '~> 1.4'
|
|
395
515
|
|
396
516
|
## Development
|
397
517
|
|
398
|
-
After checking out the repo, run `
|
518
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
399
519
|
|
400
520
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
401
521
|
|
402
522
|
## Contributing
|
403
523
|
|
404
|
-
|
524
|
+
See [CONTRIBUTING.md][contributing]
|
525
|
+
|
526
|
+
[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md
|
527
|
+
|
528
|
+
## Contributors
|
529
|
+
|
530
|
+
[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)]("https://github.com/oauth-xx/oauth2/graphs/contributors")
|
531
|
+
|
532
|
+
Made with [contributors-img](https://contrib.rocks).
|
405
533
|
|
406
534
|
## Code of Conduct
|
407
535
|
|
data/SECURITY.md
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# Security Policy
|
2
|
+
|
3
|
+
## Supported Versions
|
4
|
+
|
5
|
+
| Version | Supported |
|
6
|
+
|----------|---------------------------|
|
7
|
+
| 2.latest | ✅ |
|
8
|
+
| 1.latest | ✅ (security updates only) |
|
9
|
+
| older | ⛔️ |
|
10
|
+
|
11
|
+
## Reporting a Vulnerability
|
12
|
+
|
13
|
+
To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
|
14
|
+
Tidelift will coordinate the fix and disclosure.
|
15
|
+
|
16
|
+
## OAuth2 for Enterprise
|
17
|
+
|
18
|
+
Available as part of the Tidelift Subscription.
|
19
|
+
|
20
|
+
The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
|