oauth2 2.0.10 → 2.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 74ad05aadb0f9e990bd0aec8907e7d60236d03d8eb4dd9c4c5c338f361d44181
-  data.tar.gz: 2996484493c6d56af8ea4ef873c823c91e6ad15f3f3a63c3816ab1f760179327
+  metadata.gz: a3c3d9d7db53b8fd6bfda9314ac4f6ebde44a08d8f9544c909b055dd5d1a5c37
+  data.tar.gz: cfe4790fb04182fc2357d1015988f9b4bf77540f350a998a448fadb43c75d510
 SHA512:
-  metadata.gz: 6dd801a4085ccb1c9928ae975cac3563bc28c0c01461659cc90f3090c9a09794c686b5475c4425d1becd95df1abea5e129876a3fcb6abc78f348ff4b738169c0
-  data.tar.gz: 323321a6e9d5dcd8b53691fbdda4df2acc24d7eb7b03e788c028712b64590d387eabf1f6c2d68abfaeef49901073e9db80d09f0d5abce9434f1290b7edc34db4
+  metadata.gz: b66e35c72d4f4ba2e38cb3a2147bc5aca5c05a5675d04515b2927f0c3c687444348b309799383a960351d106a8fbc1fa6a6bba08e672cef22059d1d4c03cbc26
+  data.tar.gz: 55395528b41b5487eb5ef1f8ab2800028f63b51ef2d889d06d4e16237bc470d3cc8c7c9ec8ba8e895988665e6c9a9f5ad84e513de6dad66b276873eae85fbaad

data/CHANGELOG.md

@@ -12,7 +12,55 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Security
 
-## [2.0.10] - 2025-05-16
+## [2.0.12] - 2025-05-31
+- TAG: [v2.0.12][2.0.12t]
+- Line Coverage: 100.0% (520 / 520)
+- Branch Coverage: 100.0% (174 / 174)
+- 80.00% documented
+### Added
+- [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+  - Support JWT `kid` for key discovery and management
+- More Documentation by @pboling
+  - Documented Serialization Extensions
+  - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
+- Documentation site @ https://oauth2.galtzo.com now complete
+### Changed
+- Updates to gemspec (email, funding url, post install message)
+### Deprecated
+### Removed
+### Fixed
+- Documentation Typos by @pboling
+### Security
+
+[gh652]: https://github.com/oauth-xx/oauth2/pull/652
+
+## [2.0.11] - 2025-05-23
+- TAG: [v2.0.11][2.0.11t]
+- COVERAGE: 100.00% -- 518/518 lines in 14 files
+- BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
+- 80.00% documented
+### Added
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - `:snaky_hash_klass` option (@pboling)
+- More documentation
+- Codeberg as ethical mirror (@pboling)
+  - https://codeberg.org/oauth-xx/oauth2
+- Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
+- All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
+- YARD config, GFM compatible with relative file links (@pboling)
+- Documentation site on GitHub Pages (@pboling)
+  - [oauth2.galtzo.com](https://oauth2.galtzo.com)
+- [!649](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/649) - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Mock OAuth2 server for testing (@pboling)
+  - https://github.com/navikt/mock-oauth2-server
+### Changed
+- [gh651](https://github.com/oauth-xx/oauth2/pull/651) - Upgraded to snaky_hash v2.0.3 (@pboling)
+  - Provides solution for serialization issues
+- Updated `spec.homepage_uri` in gemspec to GitHub Pages YARD documentation site (@pboling)
+### Fixed
+- [gh650](https://github.com/oauth-xx/oauth2/pull/650) - Regression in return type of `OAuth2::Response#parsed` (@pboling)
+- Incorrect documentation related to silencing warnings (@pboling)
+
+## [2.0.10] - 2025-05-17
 - TAG: [v2.0.10][2.0.10t]
 - COVERAGE: 100.00% -- 518/518 lines in 14 files
 - BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
@@ -369,8 +417,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...HEAD
-[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.09....v2.0.10
+[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.12...HEAD
+[2.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.12
+[2.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...v2.0.11
+[2.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.11
+[2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10
 [2.0.10t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.10
 [2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9
 [2.0.9t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.9

data/CONTRIBUTING.md

@@ -96,7 +96,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
 4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
@@ -114,7 +114,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
-    - Checksums will be committed automatically by the script, but not pushed
+    - Checksums will be committed automatically by the script but not pushed
 12. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 

data/README.md

@@ -1,4 +1,7 @@
 <p align="center">
+    <a href="https://discord.gg/3qme4XHNKN" target="_blank" rel="noopener">
+      <img width="124px" src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/galtzo-floss-logos-original.svg?raw=true" alt="Galtzo.com Logo by Aboling0, CC BY-SA 4.0">
+    </a>
     <a href="http://oauth.net/2/" target="_blank" rel="noopener">
       <img src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/oauth2-logo-124px.png?raw=true" alt="OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0">
     </a>
@@ -9,49 +12,28 @@
 
 ## 🔐 OAuth2
 
-[![Version][👽versioni]][👽version]
-[![License: MIT][📄license-img]][📄license-ref]
-[![Downloads Rank][👽dl-ranki]][👽dl-rank]
-[![Open Source Helpers][👽oss-helpi]][👽oss-help]
-[![Depfu][🔑depfui♻️]][🔑depfu]
-[![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
-[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov]
-[![Maintainability][🔑cc-mnti♻️]][🔑cc-mnt]
-[![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf]
-[![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf]
-[![CI Current][🚎11-c-wfi]][🚎11-c-wf]
-[![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf]
-[![CI JRuby][🚎10-j-wfi]][🚎10-j-wf]
-[![CI Supported][🚎6-s-wfi]][🚎6-s-wf]
-[![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf]
-[![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf]
-[![CI Ancient][🚎1-an-wfi]][🚎1-an-wf]
-[![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf]
-[![CI Style][🚎5-st-wfi]][🚎5-st-wf]
+[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti♻️]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Caboose is an absolute WAGON][🚎13-cbs-wfi]][🚎13-cbs-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL]
 
 ---
 
-[![Liberapay Patrons][⛳liberapay-img]][⛳liberapay]
-[![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor]
-[![Buy me a coffee][🖇buyme-small-img]][🖇buyme]
-[![Donate on Polar][🖇polar-img]][🖇polar]
-[![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi]
-[![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
+[![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon]
 
 OAuth 2.0 is the industry-standard protocol for authorization.
 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
     desktop applications, mobile phones, and living room devices.
 This is a RubyGem for implementing OAuth 2.0 clients (not servers) in Ruby applications.
 
-| Federated [DVCS][💎d-in-dvcs] Repository      | Status         | Issues | PRs | Wiki | CI             | Discussions |
-|-----------------------------------------------|----------------|--------|-----|------|----------------|-------------|
-| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl]      | The Truth      | 💚     | 💚  | 💚   | 🏀 Tiny Matrix | ➖          |
-| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror | 💚     | 💚  | ➖   | 💯 Full Matrix | ➖          |
-| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"        | ➖       | ➖    | ➖     | ➖               | 💚            |
+| Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                            | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
+|-----------------------------------------------|-------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
+| 🧪 [oauth-xx/oauth2 on GitLab][📜src-gl]      | The Truth                                                         | [💚][🤝gl-issues]         | [💚][🤝gl-pulls]         | [💚][📜wiki]              | 🏀 Tiny Matrix           | ➖                            |
+| 🧊 [oauth-xx/oauth2 on CodeBerg][📜src-cb]    | An Ethical Mirror ([Donate][🤝cb-donate])                         | ➖                         | [💚][🤝cb-pulls]         | ➖                         | ⭕️ No Matrix             | ➖                            |
+| 🐙 [oauth-xx/oauth2 on GitHub][📜src-gh]      | A Dirty Mirror                                                    | [💚][🤝gh-issues]         | [💚][🤝gh-pulls]         | ➖                         | 💯 Full Matrix           | ➖                            |
+| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active"                                                          | ➖                         | ➖                        | ➖                         | ➖                        | [💚][⛳gg-discussions]        |
+| 🎮️ [Discord Server][✉️discord-invite]        | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] | [Let's][✉️discord-invite] | [talk][✉️discord-invite] | [about][✉️discord-invite] | [this][✉️discord-invite] | [library!][✉️discord-invite] |
 
 ### Upgrading Runtime Gem Dependencies
 
-This project sits underneath a large portion of the authentication systems on the internet.
+This project sits underneath a large portion of the authorization systems on the internet.
 According to GitHub's project tracking, which I believe only reports on public projects,
 [100,000+ projects](https://github.com/oauth-xx/oauth2/network/dependents), and
 [500+ packages](https://github.com/oauth-xx/oauth2/network/dependents?dependent_type=PACKAGE) depend on this project.
@@ -69,27 +51,30 @@ covering the latest patch for each of the following minor versions:
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v23.2, HEAD
-* gem `faraday` @ v0, v1, v2, HEAD
-* gem `jwt` @ v1, v2, v3, HEAD
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD
-* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD
-* gem `rack` @ v1.2, v1.6, v2, v3, HEAD
+* TruffleRuby @ v23.1, v24.1, HEAD
+* gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
+* gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
+* gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem)
+
+The last two were extracted from this gem. They are part of the `oauth-xx` org,
+and are developed in tight collaboration with this gem.
+
+Also, where reasonable, tested against the runtime dependencies of those dependencies:
+
+* gem `hashie` @ v0, v1, v2, v3, v4, v5, HEAD ⏩️ [hashie/hashie](https://github.com/hashie/hashie)
+
+#### You should upgrade this gem with confidence\*.
 
 - This gem follows a _strict & correct_ (according to the maintainer of SemVer; [more info][sv-pub-api]) interpretation of SemVer.
   - Dropping support for **any** of the runtime dependency versions above will be a major version bump.
   - If you aren't on one of the minor versions above, make getting there a priority.
-- You should upgrade this gem with confidence\*.
 - You should upgrade the dependencies of this gem with confidence\*.
 - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor].  Thanks!
 
-If you are thinking, "that list is missing two runtime dependencies", you are correct!
-Both of them were extracted from this gem. They are part of the `oauth-xx` org,
-and are developed in tight collaboration with this gem, so not much more needs to be said about them.
-
-* gem `snaky_hash` - https://gitlab.com/oauth-xx/snaky_hash
-* gem `version_gem` - https://gitlab.com/oauth-xx/version_gem
-
 [sv-pub-api]: #-is-platform-support-part-of-the-public-api
 
 \* MIT license; I am unable to make guarantees.
@@ -158,30 +143,33 @@ One of these might be what you are looking for:
 
 ## 💡 Info you can shake a stick at
 
-| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                                            |
-|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Works with JRuby        | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                                          |
-| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                                                                                                                  |
-| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                           |
-| Works with MRI Ruby 2   | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎1-an-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                                                                      |
-| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                                           |
-| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                                    |
-| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Enforced Code Style][💎rlts-img]][💎rlts] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji] [![FOSSA][🏘fossa-img]][🏘fossa] |
-| Expert 1:1 Support      | [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] `or` [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                                                                                                      |
-| Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]<br/>💡Subscribe for support guarantees covering _all_ FLOSS dependencies!<br/>💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!<br/>💡Tidelift pays maintainers to maintain the software you depend on!<br/>📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers!                   |
-| Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                                                |
-| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                                     |
+| Tokens to Remember      | [![Gem name][⛳️name-img]][⛳️gem-name] [![Gem namespace][⛳️namespace-img]][⛳️gem-namespace]                                                                                                                                                                                                                                                                                                                                                                          |
+|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Works with JRuby        | [![JRuby 9.2 Compat][💎jruby-9.2i]][🚎10-j-wf] [![JRuby 9.3 Compat][💎jruby-9.3i]][🚎10-j-wf] [![JRuby 9.4 Compat][💎jruby-9.4i]][🚎10-j-wf] [![JRuby 10.0 Compat][💎jruby-c-i]][🚎11-c-wf] [![JRuby HEAD Compat][💎jruby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                        |
+| Works with Truffle Ruby | [![Truffle Ruby 23.1 Compat][💎truby-23.1i]][🚎9-t-wf] [![Truffle Ruby 24.1 Compat][💎truby-c-i]][🚎11-c-wf] [![Truffle Ruby HEAD Compat][💎truby-headi]][🚎3-hd-wf]                                                                                                                                                                                                                                                                                                |
+| Works with MRI Ruby 3   | [![Ruby 3.0 Compat][💎ruby-3.0i]][🚎4-lg-wf] [![Ruby 3.1 Compat][💎ruby-3.1i]][🚎6-s-wf] [![Ruby 3.2 Compat][💎ruby-3.2i]][🚎6-s-wf] [![Ruby 3.3 Compat][💎ruby-3.3i]][🚎6-s-wf] [![Ruby 3.4 Compat][💎ruby-c-i]][🚎11-c-wf] [![Ruby HEAD Compat][💎ruby-headi]][🚎3-hd-wf]                                                                                                                                                                                         |
+| Works with MRI Ruby 2   | [![Ruby 2.3 Compat][💎ruby-2.3i]][🚎13-cbs-wf] [![Ruby 2.4 Compat][💎ruby-2.4i]][🚎1-an-wf] [![Ruby 2.5 Compat][💎ruby-2.5i]][🚎1-an-wf] [![Ruby 2.6 Compat][💎ruby-2.6i]][🚎7-us-wf] [![Ruby 2.7 Compat][💎ruby-2.7i]][🚎7-us-wf]                                                                                                                                                                                                                                  |
+| Source                  | [![Source on GitLab.com][📜src-gl-img]][📜src-gl] [![Source on CodeBerg.org][📜src-cb-img]][📜src-cb] [![Source on Github.com][📜src-gh-img]][📜src-gh] [![The best SHA: dQw4w9WgXcQ!][🧮kloc-img]][🧮kloc]                                                                                                                                                                                                                                                         |
+| Documentation           | [![Discussion][⛳gg-discussions-img]][⛳gg-discussions] [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![HEAD on RubyDoc.info][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                  |
+| Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
+| Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
+| Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
+| Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]<br/>💡Subscribe for support guarantees covering _all_ FLOSS dependencies!<br/>💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!<br/>💡Tidelift pays maintainers to maintain the software you depend on!<br/>📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
+| Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
+| `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
 
 ## 🚀 Release Documentation
 
 ### Version 2.0.x
 
 <details>
-  <summary>2.0.x CHANGELOGs and READMEs</summary>
+  <summary>2.0.x CHANGELOG and README</summary>
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.10  | 2025-05-16   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
+| 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
 | 2.0.7   | 2022-08-22   | [v2.0.7 CHANGELOG][2.0.7-changelog]   | [v2.0.7 README][2.0.7-readme]   |
@@ -194,7 +182,9 @@ One of these might be what you are looking for:
 | 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
 </details>
 
-[2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-16
+[2.0.12-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
+[2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
+[2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
 [2.0.8-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#208---2022-09-01
 [2.0.7-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#207---2022-08-22
@@ -206,6 +196,8 @@ One of these might be what you are looking for:
 [2.0.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
+[2.0.12-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
 [2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md
 [2.0.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md
 [2.0.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md
@@ -304,7 +296,7 @@ by following the instructions below.
 Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
 
 ```shell
-gem cert --add <(curl -Ls https://raw.github.com/kettle-rb/oauth2/main/certs/pboling.pem)
+gem cert --add <(curl -Ls https://raw.github.com/oauth-xx/oauth2/main/certs/pboling.pem)
 ```
 
 You only need to do that once.  Then proceed to install with:
@@ -342,27 +334,30 @@ For more see [SECURITY.md][🔐security].
 
 ## What is new for v2.0?
 
-- Officially support Ruby versions >= 2.7
-- Unofficially support Ruby versions >= 2.5
-- Incidentally support Ruby versions >= 2.2
+- Works with Ruby versions >= 2.2
 - Drop support for the expired MAC Draft (all versions)
-- Support IETF rfc7523 JWT Bearer Tokens
-- Support IETF rfc7231 Relative Location in Redirect
-- Support IETF rfc6749 Don't set oauth params when nil
+- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+  - Support JWT `kid` for key discovery and management
+- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
+- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
+- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
+- Support IETF rfc7009 Token Revocation (since v2.0.10)
 - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
 - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
-- Adds new option to `OAuth2::Client#get_token`:
+- Adds option to `OAuth2::Client#get_token`:
     - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
-- Adds new option to `OAuth2::AccessToken#initialize`:
+- Adds option to `OAuth2::AccessToken#initialize`:
     - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
 - By default, keys are transformed to snake case.
-  - Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
+  - Original keys will still work as previously, in most scenarios, thanks to [snaky_hash][snaky_hash] gem.
   - However, this is a _breaking_ change if you rely on `response.parsed.to_h` to retain the original case, and the original wasn't snake case, as the keys in the result will be snake case.
   - As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
 - By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
   - Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
 - [... A lot more](https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md#200-2022-06-21-tag)
 
+[snaky_hash]: https://gitlab.com/oauth-xx/snaky_hash
+
 ## Compatibility
 
 Targeted ruby compatibility is non-EOL versions of Ruby, currently 3.2, 3.3, and 3.4.
@@ -377,7 +372,7 @@ This gem is tested against MRI, JRuby, and Truffleruby.
 Each of those has varying versions that target a specific version of MRI Ruby.
 This gem should work in the just-listed Ruby engines according to the targeted MRI compatibility in the table below.
 If you would like to add support for additional engines,
-  see `gemfiles/README.md`, then submit a PR to the correct maintenance branch as according to the table below.
+  see [gemfiles/README.md](gemfiles/README.md), then submit a PR to the correct maintenance branch as according to the table below.
 </details>
 
 <details>
@@ -404,25 +399,25 @@ of a major release, support for that Ruby version may be dropped.
 | 3️⃣ | older               | N/A                | Best of luck to you! | Please upgrade!         |                              |
 
 NOTE: The 1.4 series will only receive critical security updates.
-See [SECURITY.md][🚎sec-pol]
+See [SECURITY.md][🔐security].
 
-## Usage Examples
+## 🔧 Basic Usage
 
 ### Global Configuration
 
-If you started seeing this warning, but everything is working fine, you can now silence it.
-```log
-OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
-```
+You can turn on additional warnings.
 
 ```ruby
 OAuth2.configure do |config|
-  config.silence_extra_tokens_warning = true # default: false
-  config.silence_no_tokens_warning = true # default: false, if you want to also silence warnings about no tokens
+  # Turn on a warning like:
+  #   OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key
+  config.silence_extra_tokens_warning = false # default: true
+  # Set to true if you want to also show warnings about no tokens
+  config.silence_no_tokens_warning = false # default: true,
 end
 ```
 
-This comes from ambiguity in the spec about which token is the right token.
+The "extra tokens" problem comes from ambiguity in the spec about which token is the right token.
 Some OAuth 2.0 standards legitimately have multiple tokens.
 You may need to subclass `OAuth2::AccessToken`, or write your own custom alternative to it, and pass it in.
 Specify your custom class with the `access_token_class` option.
@@ -491,9 +486,98 @@ response.parsed.access_token      # => "aaaaaaaa"
 response.parsed[:access_token]    # => "aaaaaaaa"
 response.parsed.additional_data   # => "additional"
 response.parsed[:additional_data] # => "additional"
-response.parsed.class.name        # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
+response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash gem)
+```
+
+#### Serialization
+
+As of v2.0.11, if you need to serialize the parsed result, you can!
+
+There are two ways to do this, globally, or discretely.  The discrete way is recommended.
+
+1. Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
+
+    ```ruby
+SnakyHash::StringKeyed.class_eval do
+  extend SnakyHash::Serializer
+end
+    ```
+
+2. Discretely configure a custom Snaky Hash class to use the serializer:
+
+    ```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+end
+
+    # And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+    ```
+
+##### Serialization Extensions
+
+There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+They are likely not needed if you are on a newer Ruby.
+See `response_spec.rb` if you need to study the hacks for older Rubies.
+
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+
+  #### Serialization Extentions
+  #
+  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
+  # WARNING: This is a silly example!
+  dump_value_extensions.add(:to_fruit) do |value|
+    "banana" # => Make values "banana" on dump
+  end
+
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+  # WARNING: This is a silly example!
+  load_value_extensions.add(:to_stars) do |value|
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
+
+  # Act on the entire hash as it is prepared for dumping to JSON
+  # WARNING: This is a silly example!
+  dump_hash_extensions.add(:to_cheese) do |value|
+    if value.is_a?(Hash)
+      value.transform_keys do |key|
+        split = key.split("_")
+        first_word = split[0]
+        key.sub(first_word, "cheese")
+      end
+    else
+      value
+    end
+  end
+
+  # Act on the entire hash as it is loaded from the JSON dump
+  # WARNING: This is a silly example!
+  load_hash_extensions.add(:to_pizza) do |value|
+    if value.is_a?(Hash)
+      res = klass.new
+      value.keys.each_with_object(res) do |key, result|
+        split = key.split("_")
+        last_word = split[-1]
+        new_key = key.sub(last_word, "pizza")
+        result[new_key] = value[key]
+      end
+      res
+    else
+      value
+    end
+  end
+end
 ```
 
+See `response_spec.rb`, or the [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem for more ideas.
+
 #### What if I hate snakes and/or indifference?
 
 ```ruby
@@ -506,9 +590,9 @@ response.parsed.class.name        # => Hash (just, regular old Hash)
 ```
 
 <details>
-  <summary>Debugging</summary>
+  <summary>Debugging & Logging</summary>
 
-Set an environment variable, however you would [normally do that](https://github.com/bkeepers/dotenv).
+Set an environment variable as per usual (e.g. with [dotenv](https://github.com/bkeepers/dotenv)).
 
 ```ruby
 # will log both request and response, including bodies
@@ -529,27 +613,27 @@ client = OAuth2::Client.new(
 ```
 </details>
 
-## OAuth2::Response
+### OAuth2::Response
 
 The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic `#request`
 will return an instance of the #OAuth2::Response class.
 
 This instance contains a `#parsed` method that will parse the response body and
-return a Hash-like [`OAuth2::SnakyHash`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
+return a Hash-like [`SnakyHash::StringKeyed`](https://gitlab.com/oauth-xx/snaky_hash/-/blob/main/lib/snaky_hash/string_keyed.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
 the body is a JSON object.  It will return an Array if the body is a JSON
 array.  Otherwise, it will return the original body string.
 
 The original response body, headers, and status can be accessed via their
 respective methods.
 
-## OAuth2::AccessToken
+### OAuth2::AccessToken
 
 If you have an existing Access Token for a user, you can initialize an instance
 using various class methods including the standard new, `from_hash` (if you have
 a hash of the values), or `from_kvform` (if you have an
 `application/x-www-form-urlencoded` encoded string of the values).
 
-## OAuth2::Error
+### OAuth2::Error
 
 On 400+ status code responses, an `OAuth2::Error` will be raised.  If it is a
 standard OAuth2 error response, the body will be parsed and `#code` and `#description` will contain the values provided from the error and
@@ -561,9 +645,9 @@ option on initialization of the client.  In this case the `OAuth2::Response`
 instance will be returned as usual and on 400+ status code responses, the
 Response instance will contain the `OAuth2::Error` instance.
 
-## Authorization Grants
+### Authorization Grants
 
-Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
+Currently, the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
 authentication grant types have helper strategy classes that simplify client
 use. They are available via the [`#auth_code`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/auth_code.rb),
 [`#implicit`](https://gitlab.com/oauth-xx/oauth2/-/blob/main/lib/oauth2/strategy/implicit.rb),
@@ -610,10 +694,6 @@ access = client.auth_code.get_token("code_value", redirect_uri: "http://localhos
 You can always use the `#request` method on the `OAuth2::Client` instance to make
 requests for tokens for any Authentication grant type.
 
-### 🚀 Release Instructions
-
-See [CONTRIBUTING.md][🤝contributing].
-
 ## 🔐 Security
 
 See [SECURITY.md][🔐security].
@@ -621,18 +701,21 @@ See [SECURITY.md][🔐security].
 ## 🤝 Contributing
 
 If you need some ideas of where to help, you could work on adding more code coverage,
-or if it is already 💯 (see [below](#code-coverage)) check TODOs (see [below](#todos)),
-or check [issues][🤝issues], or [PRs][🤝pulls],
+or if it is already 💯 (see [below](#code-coverage)) check [issues][🤝gh-issues], or [PRs][🤝gh-pulls],
 or use the gem and think about how it could be better.
 
 We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
 
 See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
 
+### 🚀 Release Instructions
+
+See [CONTRIBUTING.md][🤝contributing].
+
 ### Code Coverage
 
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
-[![QLTY Test Coverage][🔑cc-covi♻️]][🔑cc-cov]
+[![QLTY Test Coverage][🔑qlty-covi♻️]][🔑qlty-cov]
 
 ### 🪇 Code of Conduct
 
@@ -700,20 +783,15 @@ The gem is available as open source under the terms of
 the [MIT License][📄license] [![License: MIT][📄license-img]][📄license-ref].
 See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright-notice-explainer].
 
-[![FOSSA Status][fossa2-img])][fossa2]
-
-[fossa2]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_large
-[fossa2-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=large
-
 ### © Copyright
 
 <ul>
     <li>
         2017 - 2025 Peter H. Boling, of
-        <a href="https://railsbling.com">
-            RailsBling.com
+        <a href="https://discord.gg/3qme4XHNKN">
+            Galtzo.com
             <picture>
-                <img alt="Rails Bling" height="20" src="https://railsbling.com/images/logos/RailsBling-TrainLogo.svg" />
+              <img src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/galtzo-floss-logos-wordless.svg?raw=true" alt="Galtzo.com Logo by Aboling0, CC BY-SA 4.0" height="20">
             </picture>
         </a>, and oauth2 contributors
     </li>
@@ -734,7 +812,7 @@ or one of the others at the head of this README.
 [![Buy me a latte][🖇buyme-img]][🖇buyme]
 
 [⛳gg-discussions]: https://groups.google.com/g/oauth-ruby
-[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-purple.svg?style=flat
+[⛳gg-discussions-img]: https://img.shields.io/badge/google-group-0093D0.svg?style=for-the-badge&logo=google&logoColor=orange
 
 [✇bundle-group-pattern]: https://gist.github.com/pboling/4564780
 [⛳️gem-namespace]: https://github.com/oauth-xx/oauth2
@@ -781,7 +859,7 @@ or one of the others at the head of this README.
 [📜src-gh-img]: https://img.shields.io/badge/GitHub-238636?style=for-the-badge&logo=Github&logoColor=green
 [📜src-gh]: https://github.com/oauth-xx/oauth2
 [📜docs-cr-rd-img]: https://img.shields.io/badge/RubyDoc-Current_Release-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
-[📜docs-head-rd-img]: https://img.shields.io/badge/RubyDoc-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
+[📜docs-head-rd-img]: https://img.shields.io/badge/YARD_on_Galtzo.com-HEAD-943CD2?style=for-the-badge&logo=readthedocs&logoColor=white
 [📜wiki]: https://gitlab.com/oauth-xx/oauth2/-/wikis/home
 [📜wiki-img]: https://img.shields.io/badge/wiki-examples-943CD2.svg?style=for-the-badge&logo=Wiki&logoColor=white
 [👽dl-rank]: https://rubygems.org/gems/oauth2
@@ -790,10 +868,10 @@ or one of the others at the head of this README.
 [👽oss-helpi]: https://www.codetriage.com/oauth-xx/oauth2/badges/users.svg
 [👽version]: https://rubygems.org/gems/oauth2
 [👽versioni]: https://img.shields.io/gem/v/oauth2.svg
-[🔑cc-mnt]: https://qlty.sh/gh/oauth-xx/projects/oauth2
-[🔑cc-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg
-[🔑cc-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2
-[🔑cc-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg
+[🔑qlty-mnt]: https://qlty.sh/gh/oauth-xx/projects/oauth2
+[🔑qlty-mnti♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/maintainability.svg
+[🔑qlty-cov]: https://qlty.sh/gh/oauth-xx/projects/oauth2
+[🔑qlty-covi♻️]: https://qlty.sh/badges/d3370c2c-8791-4202-9759-76f527f76005/test_coverage.svg
 [🔑codecov]: https://codecov.io/gh/oauth-xx/oauth2
 [🔑codecovi♻️]: https://codecov.io/gh/oauth-xx/oauth2/graph/badge.svg?token=bNqSzNiuo2
 [🔑coveralls]: https://coveralls.io/github/oauth-xx/oauth2?branch=main
@@ -826,6 +904,8 @@ or one of the others at the head of this README.
 [🚎11-c-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current.yml/badge.svg
 [🚎12-crh-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml
 [🚎12-crh-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/current-runtime-heads.yml/badge.svg
+[🚎13-cbs-wf]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml
+[🚎13-cbs-wfi]: https://github.com/oauth-xx/oauth2/actions/workflows/caboose.yml/badge.svg
 [⛳liberapay-img]: https://img.shields.io/liberapay/goal/pboling.svg?logo=liberapay
 [⛳liberapay]: https://liberapay.com/pboling/donate
 [🖇sponsor-img]: https://img.shields.io/badge/Sponsor_Me!-pboling.svg?style=social&logo=github
@@ -861,8 +941,13 @@ or one of the others at the head of this README.
 [💎jruby-9.4i]: https://img.shields.io/badge/JRuby-9.4-FBE742?style=for-the-badge&logo=ruby&logoColor=red
 [💎jruby-c-i]: https://img.shields.io/badge/JRuby-current-FBE742?style=for-the-badge&logo=ruby&logoColor=green
 [💎jruby-headi]: https://img.shields.io/badge/JRuby-HEAD-FBE742?style=for-the-badge&logo=ruby&logoColor=blue
-[🤝issues]: https://github.com/oauth-xx/oauth2/issues
-[🤝pulls]: https://github.com/oauth-xx/oauth2/pulls
+[🤝gh-issues]: https://github.com/oauth-xx/oauth2/issues
+[🤝gh-pulls]: https://github.com/oauth-xx/oauth2/pulls
+[🤝gl-issues]: https://gitlab.com/oauth-xx/oauth2/-/issues
+[🤝gl-pulls]: https://gitlab.com/oauth-xx/oauth2/-/merge_requests
+[🤝cb-issues]: https://codeberg.org/oauth-xx/oauth2/issues
+[🤝cb-pulls]: https://codeberg.org/oauth-xx/oauth2/pulls
+[🤝cb-donate]: https://donate.codeberg.org/
 [🤝contributing]: CONTRIBUTING.md
 [🔑codecov-g♻️]: https://codecov.io/gh/oauth-xx/oauth2/graphs/tree.svg?token=bNqSzNiuo2
 [🖐contrib-rocks]: https://contrib.rocks
@@ -870,36 +955,36 @@ or one of the others at the head of this README.
 [🖐contributors-img]: https://contrib.rocks/image?repo=oauth-xx/oauth2
 [🚎contributors-gl]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main
 [🪇conduct]: CODE_OF_CONDUCT.md
-[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-4baaaa.svg
+[🪇conduct-img]: https://img.shields.io/badge/Contributor_Covenant-2.1-259D6C.svg
 [📌pvc]: http://guides.rubygems.org/patterns/#pessimistic-version-constraint
 [📌semver]: https://semver.org/spec/v2.0.0.html
-[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-FFDD67.svg?style=flat
+[📌semver-img]: https://img.shields.io/badge/semver-2.0.0-259D6C.svg?style=flat
 [📌semver-breaking]: https://github.com/semver/semver/issues/716#issuecomment-869336139
 [📌major-versions-not-sacred]: https://tom.preston-werner.com/2022/05/23/major-version-numbers-are-not-sacred.html
 [📌changelog]: CHANGELOG.md
 [📗keep-changelog]: https://keepachangelog.com/en/1.0.0/
-[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
+[📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-34495e.svg?style=flat
 [📌gitmoji]:https://gitmoji.dev
-[📌gitmoji-img]:https://img.shields.io/badge/gitmoji-%20😜%20😍-FFDD67.svg?style=flat-square
+[📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
 [🧮kloc-img]: https://img.shields.io/badge/KLOC-0.518-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
-[🔐security-img]: https://img.shields.io/badge/security-policy-brightgreen.svg?style=flat
+[🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year
 [📄license]: LICENSE.txt
 [📄license-ref]: https://opensource.org/licenses/MIT
-[📄license-img]: https://img.shields.io/badge/License-MIT-green.svg
+[📄license-img]: https://img.shields.io/badge/License-MIT-259D6C.svg
 [📄ilo-declaration]: https://www.ilo.org/declaration/lang--en/index.htm
-[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-brightgreen.svg?style=flat
+[📄ilo-declaration-img]: https://img.shields.io/badge/ILO_Fundamental_Principles-✓-259D6C.svg?style=flat
 [🚎yard-current]: http://rubydoc.info/gems/oauth2
-[🚎yard-head]: https://rubydoc.info/github/oauth-xx/oauth2/main
+[🚎yard-head]: https://oauth2.galtzo.com
 [💎stone_checksums]: https://github.com/pboling/stone_checksums
 [💎SHA_checksums]: https://gitlab.com/oauth-xx/oauth2/-/tree/main/checksums
 [💎rlts]: https://github.com/rubocop-lts/rubocop-lts
-[💎rlts-img]: https://img.shields.io/badge/code_style-rubocop--lts-brightgreen.svg?plastic&logo=ruby&logoColor=white
-[🏘fossa]: https://app.fossa.io/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2?ref=badge_shield
-[🏘fossa-img]: https://app.fossa.io/api/projects/git%2Bgithub.com%2Foauth-xx%2Foauth2.svg?type=shield
+[💎rlts-img]: https://img.shields.io/badge/code_style_%26_linting-rubocop--lts-34495e.svg?plastic&logo=ruby&logoColor=white
 [💎d-in-dvcs]: https://railsbling.com/posts/dvcs/put_the_d_in_dvcs/
+[✉️discord-invite]: https://discord.gg/3qme4XHNKN
+[✉️discord-invite-img]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge
 
 <details>
   <summary>
@@ -909,14 +994,3 @@ or one of the others at the head of this README.
 <a rel="me" alt="Follow me on Ruby.social" href="https://ruby.social/@galtzo"><img src="https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=social&label=Follow%20%40galtzo%20on%20Ruby.social"></a>
 <a rel="me" alt="Follow me on FLOSS.social" href="https://floss.social/@galtzo"><img src="https://img.shields.io/mastodon/follow/110304921404405715?domain=https%3A%2F%2Ffloss.social&style=social&label=Follow%20%40galtzo%20on%20Floss.social"></a>
 </details>
-
-<details>
-  <summary>Deprecated Badges</summary>
-
-CodeCov currently fails to parse the coverage upload.
-
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
-
-</details>

data/SECURITY.md

@@ -2,25 +2,34 @@
 
 ## Supported Versions
 
-| Version  | Supported | EOL     | Post-EOL / Enterprise                 |
-|----------|-----------|---------|---------------------------------------|
-| 2.latest | ✅         | 04/2026 | [Tidelift Subscription][tidelift-ref] |
-| 1.latest | ✅         | 10/2025 | [Tidelift Subscription][tidelift-ref] |
-| <= 1     | ⛔         | ⛔       | ⛔                                     |
+| Version  | Supported | Post-EOL / Enterprise                 |
+|----------|-----------|---------------------------------------|
+| 2.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| 1.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| <= 1     | ⛔         | ⛔                                     |
 
 ### EOL Policy
 
 Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
 
-## Reporting a Vulnerability
+## Security contact information
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-## OAuth2 for Enterprise
+## Additional Support
+
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
+
+[README]: README.md
+
+## Enterprise Support
 
 Available as part of the Tidelift Subscription.
 
-The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
+The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
 
 [tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo

data/lib/oauth2/access_token.rb

@@ -1,5 +1,20 @@
 # frozen_string_literal: true
 
+# :nocov:
+begin
+  # The first version of hashie that has a version file was 1.1.0
+  # The first version of hashie that required the version file at runtime was 3.2.0
+  # If it has already been loaded then this is very low cost, as Kernel.require uses maintains a cache
+  # If this it hasn't this will work to get it loaded, and then we will be able to use
+  #   defined?(Hashie::Version)
+  # as a test.
+  # TODO: get rid this mess when we drop Hashie < 3.2, as Hashie will self-load its version then
+  require "hashie/version"
+rescue LoadError
+  nil
+end
+# :nocov:
+
 module OAuth2
   class AccessToken # rubocop:disable Metrics/ClassLength
     TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze
@@ -54,7 +69,16 @@ module OAuth2
             extra_tokens_warning(supported_keys, t_key)
             t_key
           end
-        token = fresh.delete(key) || ""
+        # :nocov:
+        # TODO: Get rid of this branching logic when dropping Hashie < v3.2
+        token = if !defined?(Hashie::VERSION) # i.e. <= "1.1.0"; the first Hashie to ship with a VERSION constant
+          warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
+          # There is a bug in Hashie v0, which is accounts for.
+          fresh.delete(key) || fresh[key] || ""
+        else
+          fresh.delete(key) || ""
+        end
+        # :nocov:
         new(client, token, fresh)
       end
 

data/lib/oauth2/client.rb

@@ -19,7 +19,7 @@ module OAuth2
   # The OAuth2::Client class
   class Client # rubocop:disable Metrics/ClassLength
     RESERVED_REQ_KEYS = %w[body headers params redirect_count].freeze
-    RESERVED_PARAM_KEYS = (RESERVED_REQ_KEYS + %w[parse snaky token_method]).freeze
+    RESERVED_PARAM_KEYS = (RESERVED_REQ_KEYS + %w[parse snaky snaky_hash_klass token_method]).freeze
 
     include FilteredAttributes
 
@@ -342,14 +342,26 @@ module OAuth2
 
   private
 
-    # A generic token request options parser
+    # Processes request parameters and transforms them into request options
+    #
+    # @param [Hash] params the request parameters to process
+    # @option params [Symbol] :parse (:automatic) parsing strategy for the response
+    # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case
+    # @option params [Class] :snaky_hash_klass (SnakyHash::StringKeyed) class to use for snake_case hash conversion
+    # @option params [Symbol] :token_method (:post) HTTP method to use for token request
+    # @option params [Hash] :headers Additional HTTP headers for the request
+    #
+    # @return [Hash] the processed request options
+    #
+    # @api private
     def params_to_req_opts(params)
-      parse, snaky, token_method, params, headers = parse_snaky_params_headers(params)
+      parse, snaky, snaky_hash_klass, token_method, params, headers = parse_snaky_params_headers(params)
       req_opts = {
         raise_errors: options[:raise_errors],
         token_method: token_method || options[:token_method],
         parse: parse,
         snaky: snaky,
+        snaky_hash_klass: snaky_hash_klass,
       }
       if req_opts[:token_method] == :post
         # NOTE: If proliferation of request types continues, we should implement a parser solution for Request,
@@ -369,19 +381,22 @@ module OAuth2
       req_opts
     end
 
-    # Processes and transforms the input parameters for OAuth requests
+    # Processes and transforms parameters for OAuth requests
     #
     # @param [Hash] params the input parameters to process
-    # @option params [Symbol, nil] :parse (:automatic) parsing strategy for the response
+    # @option params [Symbol] :parse (:automatic) parsing strategy for the response
     # @option params [Boolean] :snaky (true) whether to convert response keys to snake_case
+    # @option params [Class] :snaky_hash_klass (SnakyHash::StringKeyed) class to use for snake_case hash conversion
+    # @option params [Symbol] :token_method overrides the default token method for this request
     # @option params [Hash] :headers HTTP headers for the request
     #
-    # @return [Array<(Symbol, Boolean, Hash, Hash)>] Returns an array containing:
-    #   - [Symbol, nil] parse strategy
-    #   - [Boolean] snaky flag for response key transformation
-    #   - [Symbol, nil] token_method overrides options[:token_method] for a request
-    #   - [Hash] processed parameters
-    #   - [Hash] HTTP headers
+    # @return [Array<(Symbol, Boolean, Class, Symbol, Hash, Hash)>] Returns an array containing:
+    #   - parse strategy (Symbol)
+    #   - snaky flag for response key transformation (Boolean)
+    #   - hash class for snake_case conversion (Class)
+    #   - token method override (Symbol, nil)
+    #   - processed parameters (Hash)
+    #   - HTTP headers (Hash)
     #
     # @api private
     def parse_snaky_params_headers(params)
@@ -394,11 +409,12 @@ module OAuth2
       end.to_h
       parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
       snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
+      snaky_hash_klass = params.key?(:snaky_hash_klass) ? params.delete(:snaky_hash_klass) : Response::DEFAULT_OPTIONS[:snaky_hash_klass]
       token_method = params.delete(:token_method) if params.key?(:token_method)
       params = authenticator.apply(params)
       # authenticator may add :headers, and we separate them from params here
       headers = params.delete(:headers) || {}
-      [parse, snaky, token_method, params, headers]
+      [parse, snaky, snaky_hash_klass, token_method, params, headers]
     end
 
     # Executes an HTTP request with error handling and response processing

data/lib/oauth2/response.rb

@@ -5,23 +5,39 @@ require "multi_xml"
 require "rack"
 
 module OAuth2
-  # OAuth2::Response class
+  # The Response class handles HTTP responses in the OAuth2 gem, providing methods
+  # to access and parse response data in various formats.
+  #
+  # @since 1.0.0
   class Response
+    # Default configuration options for Response instances
+    #
+    # @return [Hash] The default options hash
     DEFAULT_OPTIONS = {
       parse: :automatic,
       snaky: true,
+      snaky_hash_klass: SnakyHash::StringKeyed,
     }.freeze
+
+    # @return [Faraday::Response] The raw Faraday response object
     attr_reader :response
+
+    # @return [Hash] The options hash for this instance
     attr_accessor :options
 
-    # Procs that, when called, will parse a response body according
-    # to the specified format.
+    # @private
+    # Storage for response body parser procedures
+    #
+    # @return [Hash<Symbol, Proc>] Hash of parser procs keyed by format symbol
     @@parsers = {
       query: ->(body) { Rack::Utils.parse_query(body) },
       text: ->(body) { body },
     }
 
-    # Content type assignments for various potential HTTP content types.
+    # @private
+    # Maps content types to parser symbols
+    #
+    # @return [Hash<String, Symbol>] Hash of content types mapped to parser symbols
     @@content_types = {
       "application/x-www-form-urlencoded" => :query,
       "text/plain" => :text,
@@ -29,9 +45,11 @@ module OAuth2
 
     # Adds a new content type parser.
     #
-    # @param [Symbol] key A descriptive symbol key such as :json or :query.
-    # @param [Array] mime_types One or more mime types to which this parser applies.
-    # @yield [String] A block returning parsed content.
+    # @param [Symbol] key A descriptive symbol key such as :json or :query
+    # @param [Array<String>, String] mime_types One or more mime types to which this parser applies
+    # @yield [String] Block that will be called to parse the response body
+    # @yieldparam [String] body The response body to parse
+    # @return [void]
     def self.register_parser(key, mime_types, &block)
       key = key.to_sym
       @@parsers[key] = block
@@ -43,38 +61,48 @@ module OAuth2
     # Initializes a Response instance
     #
     # @param [Faraday::Response] response The Faraday response instance
-    # @param [Symbol] parse (:automatic) how to parse the response body.  one of :query (for x-www-form-urlencoded),
-    #   :json, or :automatic (determined by Content-Type response header)
-    # @param [true, false] snaky (true) Convert @parsed to a snake-case,
-    #   indifferent-access SnakyHash::StringKeyed, which is a subclass of Hashie::Mash (from hashie gem)?
-    # @param [Hash] options all other options for initializing the instance
-    def initialize(response, parse: :automatic, snaky: true, **options)
+    # @param [Symbol] parse (:automatic) How to parse the response body
+    # @param [Boolean] snaky (true) Whether to convert parsed response to snake_case using SnakyHash
+    # @param [Class, nil] snaky_hash_klass (nil) Custom class for snake_case hash conversion
+    # @param [Hash] options Additional options for the response
+    # @option options [Symbol] :parse (:automatic) Parse strategy (:query, :json, or :automatic)
+    # @option options [Boolean] :snaky (true) Enable/disable snake_case conversion
+    # @option options [Class] :snaky_hash_klass (SnakyHash::StringKeyed) Class to use for hash conversion
+    # @return [OAuth2::Response] The new Response instance
+    def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
       @response = response
       @options = {
         parse: parse,
         snaky: snaky,
+        snaky_hash_klass: snaky_hash_klass,
       }.merge(options)
     end
 
     # The HTTP response headers
+    #
+    # @return [Hash] The response headers
     def headers
       response.headers
     end
 
     # The HTTP response status code
+    #
+    # @return [Integer] The response status code
     def status
       response.status
     end
 
     # The HTTP response body
+    #
+    # @return [String] The response body or empty string if nil
     def body
       response.body || ""
     end
 
-    # The {#response} {#body} as parsed by {#parser}.
+    # The parsed response body
     #
-    # @return [Object] As returned by {#parser} if it is #call-able.
-    # @return [nil] If the {#parser} is not #call-able.
+    # @return [Object, SnakyHash::StringKeyed] The parsed response body
+    # @return [nil] If no parser is available
     def parsed
       return @parsed if defined?(@parsed)
 
@@ -91,36 +119,36 @@ module OAuth2
         end
 
       if options[:snaky] && @parsed.is_a?(Hash)
-        parsed = SnakyHash::StringKeyed.new(@parsed)
-        @parsed = parsed.to_h
+        hash_klass = options[:snaky_hash_klass] || DEFAULT_OPTIONS[:snaky_hash_klass]
+        @parsed = hash_klass[@parsed]
       end
 
       @parsed
     end
 
-    # Attempts to determine the content type of the response.
+    # Determines the content type of the response
+    #
+    # @return [String, nil] The content type or nil if headers are not present
     def content_type
       return unless response.headers
 
       ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase
     end
 
-    # Determines the parser (a Proc or other Object which responds to #call)
-    # that will be passed the {#body} (and optional {#response}) to supply
-    # {#parsed}.
+    # Determines the parser to be used for the response body
     #
-    # The parser can be supplied as the +:parse+ option in the form of a Proc
-    # (or other Object responding to #call) or a Symbol. In the latter case,
-    # the actual parser will be looked up in {@@parsers} by the supplied Symbol.
+    # @note The parser can be supplied as the +:parse+ option in the form of a Proc
+    #       (or other Object responding to #call) or a Symbol. In the latter case,
+    #       the actual parser will be looked up in {@@parsers} by the supplied Symbol.
     #
-    # If no +:parse+ option is supplied, the lookup Symbol will be determined
-    # by looking up {#content_type} in {@@content_types}.
+    # @note If no +:parse+ option is supplied, the lookup Symbol will be determined
+    #       by looking up {#content_type} in {@@content_types}.
     #
-    # If {#parser} is a Proc, it will be called with no arguments, just
-    # {#body}, or {#body} and {#response}, depending on the Proc's arity.
+    # @note If {#parser} is a Proc, it will be called with no arguments, just
+    #       {#body}, or {#body} and {#response}, depending on the Proc's arity.
     #
-    # @return [Proc, #call] If a parser was found.
-    # @return [nil] If no parser was found.
+    # @return [Proc, #call] The parser proc or callable object
+    # @return [nil] If no suitable parser is found
     def parser
       return @parser if defined?(@parser)
 
@@ -136,12 +164,16 @@ module OAuth2
   end
 end
 
+# Register XML parser
+# @api private
 OAuth2::Response.register_parser(:xml, ["text/xml", "application/rss+xml", "application/rdf+xml", "application/atom+xml", "application/xml"]) do |body|
   next body unless body.respond_to?(:to_str)
 
   MultiXml.parse(body)
 end
 
+# Register JSON parser
+# @api private
 OAuth2::Response.register_parser(:json, ["application/json", "text/javascript", "application/hal+json", "application/vnd.collection+json", "application/vnd.api+json", "application/problem+json"]) do |body|
   next body unless body.respond_to?(:to_str)
 

data/lib/oauth2/strategy/assertion.rb

@@ -95,7 +95,10 @@ module OAuth2
       def build_assertion(claims, encoding_opts)
         raise ArgumentError.new(message: "Please provide an encoding_opts hash with :algorithm and :key") if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any?
 
-        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm])
+        headers = {}
+        headers[:kid] = encoding_opts[:kid] if encoding_opts.key?(:kid)
+
+        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm], headers)
       end
     end
   end

data/lib/oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.10"
+    VERSION = "2.0.12"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.10
+  version: 2.0.12
 platform: ruby
 authors:
 - Peter Boling
@@ -37,7 +37,7 @@ cert_chain:
   DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt
   L9nRqA==
   -----END CERTIFICATE-----
-date: 2025-05-17 00:00:00.000000000 Z
+date: 2025-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -134,6 +134,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -141,6 +144,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
   name: version_gem
   requirement: !ruby/object:Gem::Requirement
@@ -359,8 +365,7 @@ dependencies:
         version: '1.0'
 description: Ruby wrapper for the OAuth 2.0 protocol
 email:
-- peter.boling@gmail.com
-- oauth-ruby@googlegroups.com
+- floss@galtzo.com
 executables: []
 extensions: []
 extra_rdoc_files:
@@ -395,39 +400,34 @@ homepage: https://github.com/oauth-xx/oauth2
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://gitlab.com/oauth-xx/oauth2
-  source_code_uri: https://gitlab.com/oauth-xx/oauth2/-/tree/v2.0.10
-  changelog_uri: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/CHANGELOG.md
+  homepage_uri: https://oauth2.galtzo.com/
+  source_code_uri: https://github.com/oauth-xx/oauth2/releases/tag//v2.0.12
+  changelog_uri: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/CHANGELOG.md
   bug_tracker_uri: https://gitlab.com/oauth-xx/oauth2/-/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.10
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.12
   wiki_uri: https://gitlab.com/oauth-xx/oauth2/-/wiki
   mailing_list_uri: https://groups.google.com/g/oauth-ruby
+  funding_uri: https://github.com/sponsors/pboling
   news_uri: https://www.railsbling.com/tags/oauth2
-  funding_uri: https://liberapay.com/pboling
   rubygems_mfa_required: 'true'
 post_install_message: |2
 
-  You have installed oauth2 version 2.0.10, congratulations!
+  ---+++ oauth2 v2.0.12 +++---
 
-  There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy!
+  There are BREAKING CHANGES when upgrading from < v2
+  Most will not encounter them, and updating your code should be easy!
   Please see:
   • https://gitlab.com/oauth-xx/oauth2/-/blob/main/SECURITY.md
-  • https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/CHANGELOG.md#200-2022-06-21-tag
+  • https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/CHANGELOG.md#200-2022-06-21-tag
   • Summary of most important breaking changes: https://gitlab.com/oauth-xx/oauth2#what-is-new-for-v20
 
-  There are BUGFIXES in v2.0.10, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you.
-  For more information please see:
-  https://railsbling.com/tags/oauth2
-
-  Important News:
-  1. Google Group is "active" (again)!
-  • https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE
-  2. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
+  News:
+  1. New documentation website: https://oauth2.galtzo.com
+  2. Discord for discussion and support: https://discord.gg/3qme4XHNKN
+  3. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
   Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then.
-  3. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
-  4. I need your support.
-
-  If you are sentient, please consider a donation as I move toward supporting myself with Open Source work:
+  4. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
+  5. Please consider supporting this project, and my other open source work, with one of the following methods:
   • https://liberapay.com/pboling
   • https://ko-fi.com/pboling
   • https://www.buymeacoffee.com/pboling
@@ -444,7 +444,12 @@ rdoc_options:
 - "--title"
 - oauth2 - OAuth 2.0 Core Ruby implementation
 - "--main"
+- CHANGELOG.md
+- CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
+- LICENSE.txt
 - README.md
+- SECURITY.md
 - "--line-numbers"
 - "--inline-source"
 - "--quiet"