oauth2 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bd40b127f03fb47d5d897e4dd917ef3530fe06a863ce40485d3e9d02db32bc7
-  data.tar.gz: 331dd1ee11d2e9490372c8c2106ca3492c9e743b066510ba3b111c7c0e8c5834
+  metadata.gz: 0b2375593530f7a565bfe90a1534e6203bb178428ca3c9670a0dcd728cfa134a
+  data.tar.gz: 04c8289d5202d2db4f12321fc7acda898a77931c1acee21cd5bdd3a7bcbec96a
 SHA512:
-  metadata.gz: 33a5d808e3388045e441fb386793cfdd69264af585f0582e044f59a736276dbe3d84c9f98be77cc5d0b9f29c3cc569c61721dfd5816d2654b57f6170213ed8a1
-  data.tar.gz: 9be4ba6cf11c62156b2f25fae2f04fb556166f4cbb7b8997d46af525968519073fcd6380008a2cc45ddb38986e0267becd7dfcc4f8f23560c437a2ce6f3be348
+  metadata.gz: 78b0c341b7fa62f31227ca3217fd3db5ad9dd17c54b9a9bca492f6e4f6294f2db63d7a88a221b7d3fb671d646ee7fc85c7bd4808a82536448e7f13611a8a7598
+  data.tar.gz: 0c2374b9c939fd0c021e25bfa81c23e033af5313e294f18f802431d4c192098ade257c2aeac131a11429525450b786cf894fa7d0cf50f8171395b2ca6ccb8bd0

data/CHANGELOG.md

@@ -4,7 +4,12 @@ All notable changes to this project will be documented in this file.
 The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
 
-## [2.0.0.rc3] - 2022-06-16
+## [2.0.1] - 2022-06-22
+### Added
+- Documentation improvements (@pboling)
+- Increased test coverage to 99% (@pboling)
+
+## [2.0.0] - 2022-06-21
 ### Added
 - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels)
 - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
@@ -210,7 +215,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
 
-[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD
+[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...HEAD
 [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
 [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
 [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
@@ -246,4 +251,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
 [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
 [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
+[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v2.0.0
+[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1
 [gemfiles/readme]: gemfiles/README.md

data/README.md

@@ -34,7 +34,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
 
 | Version | Release Date | Readme                                                   |
 |---------|--------------|----------------------------------------------------------|
-| 2.0.0   | Soon         | https://github.com/oauth-xx/oauth2/blob/master/README.md |
+| 2.0.1   | 2022-06-22   | https://github.com/oauth-xx/oauth2/blob/master/README.md |
+| 2.0.0   | 2022-06-21   | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md |
 </details>
 
 ### Older Releases
@@ -140,8 +141,8 @@ The link tokens in the following sections should be kept ordered by the row and
 [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
 [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
 [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
-[📗next]: https://github.com/oauth-xx/oauth2/milestone/1
-[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/1?label=Next%20Version
+[📗next]: https://github.com/oauth-xx/oauth2/milestone/12
+[📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/12?label=Next%20Version
 
 <!-- 3️⃣ maintanence & linting -->
 [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
@@ -238,7 +239,7 @@ Tidelift will coordinate the fix and disclosure.
 
 For more see [SECURITY.md][🚎sec-pol].
 
-## What is new for v2.0 (unreleased, `master` branch)?
+## What is new for v2.0?
 
 - Officially support Ruby versions >= 2.7
 - Unofficially support Ruby versions >= 2.5
@@ -253,7 +254,7 @@ For more see [SECURITY.md][🚎sec-pol].
     - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
 - Adds new option to `OAuth2::AccessToken#initialize`:
     - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
-- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased)
+- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
 
 ## Compatibility
 
@@ -291,7 +292,7 @@ of a major release, support for that Ruby version may be dropped.
 
 |     | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially    | Supported Unofficially | Supported Incidentally |
 |:----|----------------------|--------------------|-------------------------|------------------------|------------------------|
-| 1️⃣ | 2.0.x (unreleased)   | `master`           | 2.7, 3.0, 3.1           | 2.5, 2.6               | 2.2, 2.3, 2.4          |
+| 1️⃣ | 2.0.x                | `master`           | 2.7, 3.0, 3.1           | 2.5, 2.6               | 2.2, 2.3, 2.4          |
 | 2️⃣ | 1.4.x                | `1-4-stable`       | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4     | 1.9, 2.0               |
 | 3️⃣ | older                | N/A                | Best of luck to you!    | Please upgrade!        |                        |
 
@@ -309,8 +310,8 @@ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example
 client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
 # => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
 
-token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
-response = token.get('/api/resource', params: {'query_foo' => 'bar'})
+access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
+response = access.get('/api/resource', params: {'query_foo' => 'bar'})
 response.class.name
 # => OAuth2::Response
 ```
@@ -402,28 +403,42 @@ Response instance will contain the `OAuth2::Error` instance.
 
 Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
-use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively.
+use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively.
 
+These aren't full examples, but demonstrative of the differences between usage for each strategy.
 ```ruby
 auth_url = client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
-token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
+access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
 
 auth_url = client.implicit.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
 # get the token params in the callback and
-token = OAuth2::AccessToken.from_kvform(client, query_string)
-
-token = client.password.get_token('username', 'password')
-
-token = client.client_credentials.get_token
-
-token = client.assertion.get_token(assertion_params)
+access = OAuth2::AccessToken.from_kvform(client, query_string)
+
+access = client.password.get_token('username', 'password')
+
+access = client.client_credentials.get_token
+
+# Client Assertion Strategy
+# see: https://tools.ietf.org/html/rfc7523
+claimset = {
+  :iss => "http://localhost:3001",
+  :aud => "http://localhost:8080/oauth2/token",
+  :sub => "me@example.com",
+  :exp => Time.now.utc.to_i + 3600
+}
+assertion_params = [claimset, 'HS256', 'secret_key']
+access = client.assertion.get_token(assertion_params)
+
+# The `access` (i.e. access token) is then used like so:
+access.token # actual access_token string, if you need it somewhere
+access.get("/api/stuff") # making api calls with access token
 ```
 
 If you want to specify additional headers to be sent out with the
 request, add a 'headers' hash under 'params':
 
 ```ruby
-token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
+access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
 ```
 
 You can always use the `#request` method on the `OAuth2::Client` instance to make

data/SECURITY.md

@@ -12,3 +12,9 @@
 
 To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
+
+## OAuth2 for Enterprise
+
+Available as part of the Tidelift Subscription.
+
+The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)

data/lib/oauth2/strategy/assertion.rb

@@ -15,7 +15,7 @@ module OAuth2
     #
     #   claim_set = {
     #     :iss => "http://localhost:3001",
-    #     :aud => "http://localhost:8080/oauth2/token"
+    #     :aud => "http://localhost:8080/oauth2/token",
     #     :sub => "me@example.com",
     #     :exp => Time.now.utc.to_i + 3600,
     #   }

data/lib/oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = '2.0.0'.freeze
+    VERSION = '2.0.1'.freeze
   end
 end

metadata

@@ -1,16 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Peter Boling
-- Michael Bleigh
 - Erik Michaels-Ober
+- Michael Bleigh
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-06-21 00:00:00.000000000 Z
+date: 2022-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -307,10 +307,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://github.com/oauth-xx/oauth2
-  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.0
-  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.0/CHANGELOG.md
+  source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.1
+  changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.1/CHANGELOG.md
   bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.0
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.1
   wiki_uri: https://github.com/oauth-xx/oauth2/wiki
   rubygems_mfa_required: 'true'
 post_install_message: