oauth2 2.0.2 → 2.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +38 -4
- data/CONTRIBUTING.md +27 -1
- data/README.md +69 -26
- data/SECURITY.md +5 -5
- data/lib/oauth2/access_token.rb +20 -9
- data/lib/oauth2/client.rb +32 -16
- data/lib/oauth2/error.rb +17 -9
- data/lib/oauth2/response.rb +18 -5
- data/lib/oauth2/strategy/assertion.rb +1 -1
- data/lib/oauth2/strategy/auth_code.rb +1 -1
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/version.rb +1 -1
- metadata +19 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b016b4a0d35d5e6b17d60c9417f7a456b78a38462120fff7d68021235dee6f6d
|
4
|
+
data.tar.gz: 5627dc50a7dfc395f226a1209606aa63d1c8c9642ba6aba390f5ba3605567b33
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cbbfb987df74ec80833a13f2d7ae5fc090af533cfe3e0ce7146ed3f1dcec45159a8ac4447c0aacbc5ad2c9e8490d76a9c227dcb857b9fc2cc4a5b6b6634d1b41
|
7
|
+
data.tar.gz: ebf819a7fcfb1c66041bb01b46f023fcfd8cb06f1762ff938795faab71e4871d00986899c592465e8424ebd40eff1e90c6a85a77e4717f4211a07ec41a148144
|
data/CHANGELOG.md
CHANGED
@@ -4,8 +4,30 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
|
-
## [2.0.
|
7
|
+
## [2.0.5] - 2022-07-07
|
8
|
+
### Fixed
|
9
|
+
- [#620](https://github.com/oauth-xx/oauth2/pull/620) - Documentation improvements, to help with upgrading (@swanson)
|
10
|
+
- [#621](https://github.com/oauth-xx/oauth2/pull/621) - Fixed [#528](https://github.com/oauth-xx/oauth2/issues/528) and [#619](https://github.com/oauth-xx/oauth2/issues/619) (@pboling)
|
11
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
12
|
+
- `refresh_token` is no longer dropped
|
13
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
14
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
15
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
16
|
+
|
17
|
+
## [2.0.4] - 2022-07-01
|
18
|
+
### Fixed
|
19
|
+
- [#618](https://github.com/oauth-xx/oauth2/pull/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
20
|
+
|
21
|
+
## [2.0.3] - 2022-06-28
|
8
22
|
### Added
|
23
|
+
- [#611](https://github.com/oauth-xx/oauth2/pull/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
|
24
|
+
- [#612](https://github.com/oauth-xx/oauth2/pull/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
|
25
|
+
### Fixed
|
26
|
+
- [#608](https://github.com/oauth-xx/oauth2/pull/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
|
27
|
+
- [#615](https://github.com/oauth-xx/oauth2/pull/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
|
28
|
+
|
29
|
+
## [2.0.2] - 2022-06-24
|
30
|
+
### Fixed
|
9
31
|
- [#604](https://github.com/oauth-xx/oauth2/pull/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
|
10
32
|
- [#606](https://github.com/oauth-xx/oauth2/pull/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
|
11
33
|
- [#607](https://github.com/oauth-xx/oauth2/pull/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
|
@@ -53,6 +75,10 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
53
75
|
- [#414](https://github.com/oauth-xx/oauth2/pull/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
54
76
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
55
77
|
- [#489](https://github.com/oauth-xx/oauth2/pull/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
78
|
+
- [#507](https://github.com/oauth-xx/oauth2/pull/507), [#575](https://github.com/oauth-xx/oauth2/pull/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
79
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
80
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
81
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
56
82
|
- [#576](https://github.com/oauth-xx/oauth2/pull/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
57
83
|
- [#591](https://github.com/oauth-xx/oauth2/pull/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
58
84
|
### Fixed
|
@@ -82,6 +108,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
82
108
|
- [#589](https://github.com/oauth-xx/oauth2/pull/589), [#593](https://github.com/oauth-xx/oauth2/pull/593) - Remove support for expired MAC token draft spec (@stanhu)
|
83
109
|
- [#590](https://github.com/oauth-xx/oauth2/pull/590) - _Dependency_: Removed `multi_json` (@stanhu)
|
84
110
|
|
111
|
+
## [1.4.10] - 2022-07-01
|
112
|
+
- FIPS Compatibility [#587](https://github.com/oauth-xx/oauth2/pull/587) (@akostadinov)
|
113
|
+
|
85
114
|
## [1.4.9] - 2022-02-20
|
86
115
|
- Fixes compatibility with Faraday v2 [572](https://github.com/oauth-xx/oauth2/issues/572)
|
87
116
|
- Includes supported versions of Faraday in test matrix:
|
@@ -92,7 +121,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
92
121
|
|
93
122
|
## [1.4.8] - 2022-02-18
|
94
123
|
- MFA is now required to push new gem versions (@pboling)
|
95
|
-
- README overhaul w/ new Ruby
|
124
|
+
- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
|
96
125
|
- [#569](https://github.com/oauth-xx/oauth2/pull/569) Backport fixes ([#561](https://github.com/oauth-xx/oauth2/pull/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
|
97
126
|
- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
|
98
127
|
- Add CodeQL, Security Policy, Funding info (@pboling)
|
@@ -221,7 +250,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
221
250
|
|
222
251
|
## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
|
223
252
|
|
224
|
-
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...HEAD
|
225
253
|
[0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
|
226
254
|
[0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
|
227
255
|
[0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
|
@@ -257,6 +285,12 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
257
285
|
[1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
|
258
286
|
[1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
|
259
287
|
[1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
|
260
|
-
[
|
288
|
+
[1.4.10]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v1.4.10
|
289
|
+
[2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.10...v2.0.0
|
261
290
|
[2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1
|
291
|
+
[2.0.2]: https://github.com/oauth-xx/oauth2/compare/v2.0.1...v2.0.2
|
292
|
+
[2.0.3]: https://github.com/oauth-xx/oauth2/compare/v2.0.2...v2.0.3
|
293
|
+
[2.0.4]: https://github.com/oauth-xx/oauth2/compare/v2.0.3...v2.0.4
|
294
|
+
[2.0.5]: https://github.com/oauth-xx/oauth2/compare/v2.0.4...v2.0.5
|
295
|
+
[Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.5...HEAD
|
262
296
|
[gemfiles/readme]: gemfiles/README.md
|
data/CONTRIBUTING.md
CHANGED
@@ -1,4 +1,12 @@
|
|
1
|
-
##
|
1
|
+
## Contributing
|
2
|
+
|
3
|
+
Bug reports and pull requests are welcome on GitHub at [https://github.com/oauth-xx/oauth2][source]
|
4
|
+
. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
|
5
|
+
the [code of conduct][conduct].
|
6
|
+
|
7
|
+
To submit a patch, please fork the project and create a patch with tests. Once you're happy with it send a pull request!
|
8
|
+
|
9
|
+
## Detailed instructions on Submitting a Pull Request
|
2
10
|
1. [Fork the repository.][fork]
|
3
11
|
2. [Create a topic branch.][branch]
|
4
12
|
3. Add specs for your unimplemented feature or bug fix.
|
@@ -16,3 +24,21 @@
|
|
16
24
|
[fork]: http://help.github.com/fork-a-repo/
|
17
25
|
[branch]: http://learn.github.com/p/branching.html
|
18
26
|
[pr]: http://help.github.com/send-pull-requests/
|
27
|
+
|
28
|
+
## Contributors
|
29
|
+
|
30
|
+
[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)][contributors]
|
31
|
+
|
32
|
+
Made with [contributors-img][contrib-rocks].
|
33
|
+
|
34
|
+
[comment]: <> (Following links are used by README, CONTRIBUTING)
|
35
|
+
|
36
|
+
[conduct]: https://github.com/oauth-xx/oauth2/blob/master/CODE_OF_CONDUCT.md
|
37
|
+
|
38
|
+
[contrib-rocks]: https://contrib.rocks
|
39
|
+
|
40
|
+
[contributors]: https://github.com/oauth-xx/oauth2/graphs/contributors
|
41
|
+
|
42
|
+
[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
|
43
|
+
|
44
|
+
[source]: https://github.com/oauth-xx/oauth2/
|
data/README.md
CHANGED
@@ -32,6 +32,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
|
|
32
32
|
|
33
33
|
| Version | Release Date | Readme |
|
34
34
|
|---------|--------------|----------------------------------------------------------|
|
35
|
+
| 2.0.4 | 2022-07-01 | https://github.com/oauth-xx/oauth2/blob/v2.0.4/README.md |
|
36
|
+
| 2.0.3 | 2022-06-28 | https://github.com/oauth-xx/oauth2/blob/v2.0.3/README.md |
|
35
37
|
| 2.0.2 | 2022-06-24 | https://github.com/oauth-xx/oauth2/blob/v2.0.2/README.md |
|
36
38
|
| 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/v2.0.1/README.md |
|
37
39
|
| 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md |
|
@@ -42,18 +44,19 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
|
|
42
44
|
<details>
|
43
45
|
<summary>1.4.x Readmes</summary>
|
44
46
|
|
45
|
-
| Version | Release Date | Readme
|
46
|
-
|
47
|
-
| 1.4.
|
48
|
-
| 1.4.
|
49
|
-
| 1.4.
|
50
|
-
| 1.4.
|
51
|
-
| 1.4.
|
52
|
-
| 1.4.
|
53
|
-
| 1.4.
|
54
|
-
| 1.4.
|
55
|
-
| 1.4.
|
56
|
-
| 1.4.
|
47
|
+
| Version | Release Date | Readme |
|
48
|
+
|---------|--------------|-----------------------------------------------------------|
|
49
|
+
| 1.4.10 | Jul 1, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.10/README.md |
|
50
|
+
| 1.4.9 | Feb 20, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.9/README.md |
|
51
|
+
| 1.4.8 | Feb 18, 2022 | https://github.com/oauth-xx/oauth2/blob/v1.4.8/README.md |
|
52
|
+
| 1.4.7 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.7/README.md |
|
53
|
+
| 1.4.6 | Mar 19, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.6/README.md |
|
54
|
+
| 1.4.5 | Mar 18, 2021 | https://github.com/oauth-xx/oauth2/blob/v1.4.5/README.md |
|
55
|
+
| 1.4.4 | Feb 12, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.4/README.md |
|
56
|
+
| 1.4.3 | Jan 29, 2020 | https://github.com/oauth-xx/oauth2/blob/v1.4.3/README.md |
|
57
|
+
| 1.4.2 | Oct 1, 2019 | https://github.com/oauth-xx/oauth2/blob/v1.4.2/README.md |
|
58
|
+
| 1.4.1 | Oct 13, 2018 | https://github.com/oauth-xx/oauth2/blob/v1.4.1/README.md |
|
59
|
+
| 1.4.0 | Jun 9, 2017 | https://github.com/oauth-xx/oauth2/blob/v1.4.0/README.md |
|
57
60
|
</details>
|
58
61
|
|
59
62
|
<details>
|
@@ -113,7 +116,7 @@ appended indicators:
|
|
113
116
|
| 4️⃣ | testing | [![Open Issues][⛳iss-o-img]][⛳iss-o] [![Closed Issues][🖇iss-c-img]][🖇iss-c] [![Supported][🏘sup-wf-img]][🏘sup-wf] [![Heads][🚎heads-wf-img]][🚎heads-wf] [![Unofficial Support][🖐uns-wf-img]][🖐uns-wf] [![MacOS][🧮mac-wf-img]][🧮mac-wf] [![Windows][📗win-wf-img]][📗win-wf] |
|
114
117
|
| 5️⃣ | coverage & security | [![CodeClimate][⛳cclim-cov-img♻️]][⛳cclim-cov] [![CodeCov][🖇codecov-img♻️]][🖇codecov] [![Coveralls][🏘coveralls-img]][🏘coveralls] [![Security Policy][🚎sec-pol-img]][🚎sec-pol] [![CodeQL][🖐codeQL-img]][🖐codeQL] [![Code Coverage][🧮cov-wf-img]][🧮cov-wf] |
|
115
118
|
| 6️⃣ | resources | [![Discussion][⛳gh-discussions-img]][⛳gh-discussions] [![Get help on Codementor][🖇codementor-img]][🖇codementor] [![Chat][🏘chat-img]][🏘chat] [![Blog][🚎blog-img]][🚎blog] [![Blog][🖐wiki-img]][🖐wiki] |
|
116
|
-
| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme]
|
119
|
+
| 7️⃣ | spread 💖 | [![Liberapay Patrons][⛳liberapay-img]][⛳liberapay] [![Sponsor Me][🖇sponsor-img]][🖇sponsor] [![Tweet @ Peter][🏘tweet-img]][🏘tweet] [🌏][aboutme] [👼][angelme] [💻][coderme] |
|
117
120
|
|
118
121
|
<!--
|
119
122
|
The link tokens in the following sections should be kept ordered by the row and badge numbering scheme
|
@@ -140,10 +143,10 @@ The link tokens in the following sections should be kept ordered by the row and
|
|
140
143
|
[🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
|
141
144
|
[🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
|
142
145
|
[🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
|
143
|
-
[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/
|
144
|
-
[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/
|
146
|
+
[📗next♻️]: https://github.com/oauth-xx/oauth2/milestone/15
|
147
|
+
[📗next-img♻️]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/15?label=Next%20Version
|
145
148
|
|
146
|
-
<!-- 3️⃣
|
149
|
+
<!-- 3️⃣ maintenance & linting -->
|
147
150
|
[⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
|
148
151
|
[⛳cclim-maint-img♻️]: https://api.codeclimate.com/v1/badges/688c612528ff90a46955/maintainability
|
149
152
|
[🖇triage-help]: https://www.codetriage.com/oauth-xx/oauth2
|
@@ -213,7 +216,6 @@ The link tokens in the following sections should be kept ordered by the row and
|
|
213
216
|
[aboutme]: https://about.me/peter.boling
|
214
217
|
[angelme]: https://angel.co/peter-boling
|
215
218
|
[coderme]:http://coderwall.com/pboling
|
216
|
-
[politicme]: https://nationalprogressiveparty.org
|
217
219
|
|
218
220
|
## Installation
|
219
221
|
|
@@ -229,7 +231,9 @@ If bundler is not being used to manage dependencies, install the gem by executin
|
|
229
231
|
|
230
232
|
Available as part of the Tidelift Subscription.
|
231
233
|
|
232
|
-
The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.]
|
234
|
+
The maintainers of OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
|
235
|
+
|
236
|
+
[tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise
|
233
237
|
|
234
238
|
## Security contact information
|
235
239
|
|
@@ -253,6 +257,12 @@ For more see [SECURITY.md][🚎sec-pol].
|
|
253
257
|
- `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
|
254
258
|
- Adds new option to `OAuth2::AccessToken#initialize`:
|
255
259
|
- `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
|
260
|
+
- By default, keys are transformed to camel case.
|
261
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
262
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
263
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
264
|
+
- By default, the `:auth_scheme` is now `:basic_auth` (instead of `:request_body`)
|
265
|
+
- Third-party strategies and gems may need to be updated if a provider was requiring client id/secret in the request body
|
256
266
|
- [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
|
257
267
|
|
258
268
|
## Compatibility
|
@@ -289,13 +299,13 @@ fashion. If critical issues for a particular implementation exist at the time
|
|
289
299
|
of a major release, support for that Ruby version may be dropped.
|
290
300
|
</details>
|
291
301
|
|
292
|
-
| | Ruby
|
293
|
-
|
294
|
-
| 1️⃣ | 2.0.x
|
295
|
-
| 2️⃣ | 1.4.x
|
296
|
-
| 3️⃣ | older
|
302
|
+
| | Ruby OAuth2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally |
|
303
|
+
|:----|---------------------|--------------------|-------------------------|------------------------|------------------------|
|
304
|
+
| 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 |
|
305
|
+
| 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 |
|
306
|
+
| 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | |
|
297
307
|
|
298
|
-
NOTE: The 1.4 series will only receive critical
|
308
|
+
NOTE: The 1.4 series will only receive critical security updates.
|
299
309
|
See [SECURITY.md][🚎sec-pol]
|
300
310
|
|
301
311
|
## Usage Examples
|
@@ -342,6 +352,31 @@ client.class.name
|
|
342
352
|
# => OAuth2::Client
|
343
353
|
```
|
344
354
|
|
355
|
+
### snake_case and indifferent access in Response#parsed
|
356
|
+
|
357
|
+
```ruby
|
358
|
+
response = access.get('/api/resource', params: {'query_foo' => 'bar'})
|
359
|
+
# Even if the actual response is CamelCase. it will be made available as snaky:
|
360
|
+
JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
361
|
+
response.parsed # => {"access_token"=>"aaaaaaaa", "additional_data"=>"additional"}
|
362
|
+
response.parsed.access_token # => "aaaaaaaa"
|
363
|
+
response.parsed[:access_token] # => "aaaaaaaa"
|
364
|
+
response.parsed.additional_data # => "additional"
|
365
|
+
response.parsed[:additional_data] # => "additional"
|
366
|
+
response.parsed.class.name # => OAuth2::SnakyHash (subclass of Hashie::Mash::Rash, from `rash_alt` gem)
|
367
|
+
```
|
368
|
+
|
369
|
+
#### What if I hate snakes and/or indifference?
|
370
|
+
|
371
|
+
```ruby
|
372
|
+
response = access.get('/api/resource', params: {'query_foo' => 'bar'}, snaky: false)
|
373
|
+
JSON.parse(response.body) # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
374
|
+
response.parsed # => {"accessToken"=>"aaaaaaaa", "additionalData"=>"additional"}
|
375
|
+
response.parsed['accessToken'] # => "aaaaaaaa"
|
376
|
+
response.parsed['additionalData'] # => "additional"
|
377
|
+
response.parsed.class.name # => Hash (just, regular old Hash)
|
378
|
+
```
|
379
|
+
|
345
380
|
<details>
|
346
381
|
<summary>Debugging</summary>
|
347
382
|
|
@@ -372,7 +407,7 @@ The `AccessToken` methods `#get`, `#post`, `#put` and `#delete` and the generic
|
|
372
407
|
will return an instance of the #OAuth2::Response class.
|
373
408
|
|
374
409
|
This instance contains a `#parsed` method that will parse the response body and
|
375
|
-
return a Hash if the `Content-Type` is `application/x-www-form-urlencoded` or if
|
410
|
+
return a Hash-like [`OAuth2::SnakyHash`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/snaky_hash.rb) if the `Content-Type` is `application/x-www-form-urlencoded` or if
|
376
411
|
the body is a JSON object. It will return an Array if the body is a JSON
|
377
412
|
array. Otherwise, it will return the original body string.
|
378
413
|
|
@@ -486,7 +521,15 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
486
521
|
|
487
522
|
## Contributing
|
488
523
|
|
489
|
-
|
524
|
+
See [CONTRIBUTING.md][contributing]
|
525
|
+
|
526
|
+
[contributing]: https://github.com/oauth-xx/oauth2/blob/master/CONTRIBUTING.md
|
527
|
+
|
528
|
+
## Contributors
|
529
|
+
|
530
|
+
[![Contributors](https://contrib.rocks/image?repo=oauth-xx/oauth2)]("https://github.com/oauth-xx/oauth2/graphs/contributors")
|
531
|
+
|
532
|
+
Made with [contributors-img](https://contrib.rocks).
|
490
533
|
|
491
534
|
## Code of Conduct
|
492
535
|
|
data/SECURITY.md
CHANGED
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
## Supported Versions
|
4
4
|
|
5
|
-
| Version
|
6
|
-
|
7
|
-
| 2.
|
8
|
-
| 1.
|
9
|
-
| older
|
5
|
+
| Version | Supported |
|
6
|
+
|----------|---------------------------|
|
7
|
+
| 2.latest | ✅ |
|
8
|
+
| 1.latest | ✅ (security updates only) |
|
9
|
+
| older | ⛔️ |
|
10
10
|
|
11
11
|
## Reporting a Vulnerability
|
12
12
|
|
data/lib/oauth2/access_token.rb
CHANGED
@@ -8,12 +8,18 @@ module OAuth2
|
|
8
8
|
class << self
|
9
9
|
# Initializes an AccessToken from a Hash
|
10
10
|
#
|
11
|
-
# @param
|
12
|
-
# @param
|
11
|
+
# @param [Client] client the OAuth2::Client instance
|
12
|
+
# @param [Hash] hash a hash of AccessToken property values
|
13
|
+
# @option hash [String] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
|
13
14
|
# @return [AccessToken] the initialized AccessToken
|
14
15
|
def from_hash(client, hash)
|
15
16
|
hash = hash.dup
|
16
|
-
|
17
|
+
token = hash.delete('access_token') || hash.delete(:access_token) ||
|
18
|
+
hash.delete('id_token') || hash.delete(:id_token) ||
|
19
|
+
hash.delete('token') || hash.delete(:token) ||
|
20
|
+
hash.delete('accessToken') || hash.delete(:accessToken) ||
|
21
|
+
hash.delete('idToken') || hash.delete(:idToken)
|
22
|
+
new(client, token, hash)
|
17
23
|
end
|
18
24
|
|
19
25
|
# Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
|
@@ -24,10 +30,6 @@ module OAuth2
|
|
24
30
|
def from_kvform(client, kvform)
|
25
31
|
from_hash(client, Rack::Utils.parse_query(kvform))
|
26
32
|
end
|
27
|
-
|
28
|
-
def contains_token?(hash)
|
29
|
-
hash.key?('access_token') || hash.key?('id_token') || hash.key?('token')
|
30
|
-
end
|
31
33
|
end
|
32
34
|
|
33
35
|
# Initialize an AccessToken
|
@@ -47,6 +49,11 @@ module OAuth2
|
|
47
49
|
def initialize(client, token, opts = {})
|
48
50
|
@client = client
|
49
51
|
@token = token.to_s
|
52
|
+
|
53
|
+
if @client.options[:raise_errors] && (@token.nil? || @token.empty?)
|
54
|
+
error = Error.new(opts)
|
55
|
+
raise(error)
|
56
|
+
end
|
50
57
|
opts = opts.dup
|
51
58
|
%i[refresh_token expires_in expires_at expires_latency].each do |arg|
|
52
59
|
instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
|
@@ -95,7 +102,11 @@ module OAuth2
|
|
95
102
|
params[:refresh_token] = refresh_token
|
96
103
|
new_token = @client.get_token(params, access_token_opts)
|
97
104
|
new_token.options = options
|
98
|
-
|
105
|
+
if new_token.refresh_token
|
106
|
+
# Keep it, if there is one
|
107
|
+
else
|
108
|
+
new_token.refresh_token = refresh_token
|
109
|
+
end
|
99
110
|
new_token
|
100
111
|
end
|
101
112
|
# A compatibility alias
|
@@ -114,7 +125,7 @@ module OAuth2
|
|
114
125
|
# @param [Symbol] verb the HTTP request method
|
115
126
|
# @param [String] path the HTTP URL path of the request
|
116
127
|
# @param [Hash] opts the options to make the request with
|
117
|
-
#
|
128
|
+
# @see Client#request
|
118
129
|
def request(verb, path, opts = {}, &block)
|
119
130
|
configure_authentication!(opts)
|
120
131
|
@client.request(verb, path, opts, &block)
|
data/lib/oauth2/client.rb
CHANGED
@@ -9,7 +9,7 @@ module OAuth2
|
|
9
9
|
|
10
10
|
# The OAuth2::Client class
|
11
11
|
class Client # rubocop:disable Metrics/ClassLength
|
12
|
-
RESERVED_PARAM_KEYS = %w[headers parse].freeze
|
12
|
+
RESERVED_PARAM_KEYS = %w[body headers params parse snaky].freeze
|
13
13
|
|
14
14
|
attr_reader :id, :secret, :site
|
15
15
|
attr_accessor :options
|
@@ -41,7 +41,7 @@ module OAuth2
|
|
41
41
|
@secret = client_secret
|
42
42
|
@site = opts.delete(:site)
|
43
43
|
ssl = opts.delete(:ssl)
|
44
|
-
|
44
|
+
warn('OAuth2::Client#initialize argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class`.') if opts[:extract_access_token]
|
45
45
|
@options = {
|
46
46
|
authorize_url: 'oauth/authorize',
|
47
47
|
token_url: 'oauth/token',
|
@@ -108,9 +108,10 @@ module OAuth2
|
|
108
108
|
# @option opts [Boolean] :raise_errors whether or not to raise an OAuth2::Error on 400+ status
|
109
109
|
# code response for this request. Will default to client option
|
110
110
|
# @option opts [Symbol] :parse @see Response::initialize
|
111
|
-
# @
|
112
|
-
|
113
|
-
|
111
|
+
# @option opts [true, false] :snaky (true) @see Response::initialize
|
112
|
+
# @yield [req] @see Faraday::Connection#run_request
|
113
|
+
def request(verb, url, opts = {}, &block)
|
114
|
+
response = execute_request(verb, url, opts, &block)
|
114
115
|
|
115
116
|
case response.status
|
116
117
|
when 301, 302, 303, 307
|
@@ -146,11 +147,16 @@ module OAuth2
|
|
146
147
|
|
147
148
|
# Initializes an AccessToken by making a request to the token endpoint
|
148
149
|
#
|
149
|
-
# @param params [Hash] a Hash of params for the token endpoint
|
150
|
+
# @param params [Hash] a Hash of params for the token endpoint, except:
|
151
|
+
# @option params [Symbol] :parse @see Response#initialize
|
152
|
+
# @option params [true, false] :snaky (true) @see Response#initialize
|
150
153
|
# @param access_token_opts [Hash] access token options, to pass to the AccessToken object
|
151
154
|
# @param extract_access_token [Proc] proc that extracts the access token from the response (DEPRECATED)
|
155
|
+
# @yield [req] @see Faraday::Connection#run_request
|
152
156
|
# @return [AccessToken] the initialized AccessToken
|
153
|
-
def get_token(params, access_token_opts = {}, extract_access_token =
|
157
|
+
def get_token(params, access_token_opts = {}, extract_access_token = nil, &block)
|
158
|
+
warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token
|
159
|
+
extract_access_token ||= options[:extract_access_token]
|
154
160
|
params = params.map do |key, value|
|
155
161
|
if RESERVED_PARAM_KEYS.include?(key)
|
156
162
|
[key.to_sym, value]
|
@@ -159,20 +165,27 @@ module OAuth2
|
|
159
165
|
end
|
160
166
|
end.to_h
|
161
167
|
|
168
|
+
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
169
|
+
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
170
|
+
|
171
|
+
request_opts = {
|
172
|
+
raise_errors: options[:raise_errors],
|
173
|
+
parse: parse,
|
174
|
+
snaky: snaky,
|
175
|
+
}
|
162
176
|
params = authenticator.apply(params)
|
163
|
-
opts = {raise_errors: options[:raise_errors], parse: params.delete(:parse)}
|
164
177
|
headers = params.delete(:headers) || {}
|
165
178
|
if options[:token_method] == :post
|
166
|
-
|
167
|
-
|
179
|
+
request_opts[:body] = params
|
180
|
+
request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
168
181
|
else
|
169
|
-
|
170
|
-
|
182
|
+
request_opts[:params] = params
|
183
|
+
request_opts[:headers] = {}
|
171
184
|
end
|
172
|
-
|
185
|
+
request_opts[:headers].merge!(headers)
|
173
186
|
http_method = options[:token_method]
|
174
187
|
http_method = :post if http_method == :post_with_query_string
|
175
|
-
response = request(http_method, token_url,
|
188
|
+
response = request(http_method, token_url, request_opts, &block)
|
176
189
|
|
177
190
|
# In v1.4.x, the deprecated extract_access_token option retrieves the token from the response.
|
178
191
|
# We preserve this behavior here, but a custom access_token_class that implements #from_hash
|
@@ -256,7 +269,10 @@ module OAuth2
|
|
256
269
|
raise TimeoutError, e
|
257
270
|
end
|
258
271
|
|
259
|
-
|
272
|
+
parse = opts.key?(:parse) ? opts.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
273
|
+
snaky = opts.key?(:snaky) ? opts.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
274
|
+
|
275
|
+
Response.new(response, parse: parse, snaky: snaky)
|
260
276
|
end
|
261
277
|
|
262
278
|
# Returns the authenticator object
|
@@ -283,7 +299,7 @@ module OAuth2
|
|
283
299
|
access_token_class = options[:access_token_class]
|
284
300
|
data = response.parsed
|
285
301
|
|
286
|
-
unless data.is_a?(Hash) &&
|
302
|
+
unless data.is_a?(Hash) && !data.empty?
|
287
303
|
return unless options[:raise_errors]
|
288
304
|
|
289
305
|
error = Error.new(response)
|
data/lib/oauth2/error.rb
CHANGED
@@ -2,21 +2,29 @@
|
|
2
2
|
|
3
3
|
module OAuth2
|
4
4
|
class Error < StandardError
|
5
|
-
attr_reader :response, :code, :description
|
5
|
+
attr_reader :response, :body, :code, :description
|
6
6
|
|
7
7
|
# standard error codes include:
|
8
8
|
# 'invalid_request', 'invalid_client', 'invalid_token', 'invalid_grant', 'unsupported_grant_type', 'invalid_scope'
|
9
|
+
# response might be a Response object, or the response.parsed hash
|
9
10
|
def initialize(response)
|
10
11
|
@response = response
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
if response.respond_to?(:parsed)
|
13
|
+
if response.parsed.is_a?(Hash)
|
14
|
+
@code = response.parsed['error']
|
15
|
+
@description = response.parsed['error_description']
|
16
|
+
end
|
17
|
+
elsif response.is_a?(Hash)
|
18
|
+
@code = response['error']
|
19
|
+
@description = response['error_description']
|
17
20
|
end
|
18
|
-
|
19
|
-
|
21
|
+
@body = if response.respond_to?(:body)
|
22
|
+
response.body
|
23
|
+
else
|
24
|
+
@response
|
25
|
+
end
|
26
|
+
message_opts = parse_error_description(@code, @description)
|
27
|
+
super(error_message(@body, message_opts))
|
20
28
|
end
|
21
29
|
|
22
30
|
private
|
data/lib/oauth2/response.rb
CHANGED
@@ -7,6 +7,10 @@ require 'rack'
|
|
7
7
|
module OAuth2
|
8
8
|
# OAuth2::Response class
|
9
9
|
class Response
|
10
|
+
DEFAULT_OPTIONS = {
|
11
|
+
parse: :automatic,
|
12
|
+
snaky: true,
|
13
|
+
}.freeze
|
10
14
|
attr_reader :response
|
11
15
|
attr_accessor :options
|
12
16
|
|
@@ -39,12 +43,17 @@ module OAuth2
|
|
39
43
|
# Initializes a Response instance
|
40
44
|
#
|
41
45
|
# @param [Faraday::Response] response The Faraday response instance
|
42
|
-
# @param [
|
43
|
-
# @option opts [Symbol] :parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
|
46
|
+
# @param [Symbol] parse (:automatic) how to parse the response body. one of :query (for x-www-form-urlencoded),
|
44
47
|
# :json, or :automatic (determined by Content-Type response header)
|
45
|
-
|
48
|
+
# @param [true, false] snaky (true) Convert @parsed to a snake-case,
|
49
|
+
# indifferent-access OAuth2::SnakyHash, which is a subclass of Hashie::Mash::Rash (from rash_alt gem)?
|
50
|
+
# @param [Hash] options all other options for initializing the instance
|
51
|
+
def initialize(response, parse: :automatic, snaky: true, **options)
|
46
52
|
@response = response
|
47
|
-
@options = {
|
53
|
+
@options = {
|
54
|
+
parse: parse,
|
55
|
+
snaky: snaky,
|
56
|
+
}.merge(options)
|
48
57
|
end
|
49
58
|
|
50
59
|
# The HTTP response headers
|
@@ -81,7 +90,7 @@ module OAuth2
|
|
81
90
|
end
|
82
91
|
end
|
83
92
|
|
84
|
-
@parsed = OAuth2::SnakyHash.new(@parsed) if @parsed.is_a?(Hash)
|
93
|
+
@parsed = OAuth2::SnakyHash.new(@parsed) if options[:snaky] && @parsed.is_a?(Hash)
|
85
94
|
|
86
95
|
@parsed
|
87
96
|
end
|
@@ -125,10 +134,14 @@ module OAuth2
|
|
125
134
|
end
|
126
135
|
|
127
136
|
OAuth2::Response.register_parser(:xml, ['text/xml', 'application/rss+xml', 'application/rdf+xml', 'application/atom+xml', 'application/xml']) do |body|
|
137
|
+
next body unless body.respond_to?(:to_str)
|
138
|
+
|
128
139
|
MultiXml.parse(body)
|
129
140
|
end
|
130
141
|
|
131
142
|
OAuth2::Response.register_parser(:json, ['application/json', 'text/javascript', 'application/hal+json', 'application/vnd.collection+json', 'application/vnd.api+json', 'application/problem+json']) do |body|
|
143
|
+
next body unless body.respond_to?(:to_str)
|
144
|
+
|
132
145
|
body = body.dup.force_encoding(::Encoding::ASCII_8BIT) if body.respond_to?(:force_encoding)
|
133
146
|
|
134
147
|
::JSON.parse(body)
|
@@ -80,7 +80,7 @@ module OAuth2
|
|
80
80
|
assertion = build_assertion(claims, encoding_opts)
|
81
81
|
params = build_request(assertion, request_opts)
|
82
82
|
|
83
|
-
@client.get_token(params, response_opts
|
83
|
+
@client.get_token(params, response_opts)
|
84
84
|
end
|
85
85
|
|
86
86
|
private
|
@@ -25,7 +25,7 @@ module OAuth2
|
|
25
25
|
#
|
26
26
|
# @param [String] code The Authorization Code value
|
27
27
|
# @param [Hash] params additional params
|
28
|
-
# @param [Hash] opts
|
28
|
+
# @param [Hash] opts access_token_opts, @see Client#get_token
|
29
29
|
# @note that you must also provide a :redirect_uri with most OAuth 2.0 providers
|
30
30
|
def get_token(code, params = {}, opts = {})
|
31
31
|
params = {'grant_type' => 'authorization_code', 'code' => code}.merge(@client.redirection_params).merge(params)
|
@@ -19,7 +19,7 @@ module OAuth2
|
|
19
19
|
# @param [Hash] opts options
|
20
20
|
def get_token(params = {}, opts = {})
|
21
21
|
params = params.merge('grant_type' => 'client_credentials')
|
22
|
-
@client.get_token(params, opts
|
22
|
+
@client.get_token(params, opts)
|
23
23
|
end
|
24
24
|
end
|
25
25
|
end
|
data/lib/oauth2/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Boling
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2022-
|
13
|
+
date: 2022-07-07 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: faraday
|
@@ -112,14 +112,14 @@ dependencies:
|
|
112
112
|
requirements:
|
113
113
|
- - "~>"
|
114
114
|
- !ruby/object:Gem::Version
|
115
|
-
version: '1.
|
115
|
+
version: '1.1'
|
116
116
|
type: :runtime
|
117
117
|
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - "~>"
|
121
121
|
- !ruby/object:Gem::Version
|
122
|
-
version: '1.
|
122
|
+
version: '1.1'
|
123
123
|
- !ruby/object:Gem::Dependency
|
124
124
|
name: addressable
|
125
125
|
requirement: !ruby/object:Gem::Requirement
|
@@ -307,13 +307,24 @@ licenses:
|
|
307
307
|
- MIT
|
308
308
|
metadata:
|
309
309
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
310
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.5
|
311
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.5/CHANGELOG.md
|
312
312
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
313
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.5
|
314
314
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
315
315
|
rubygems_mfa_required: 'true'
|
316
|
-
post_install_message:
|
316
|
+
post_install_message: |2+
|
317
|
+
|
318
|
+
You have installed oauth2 version OAuth2::Version, congratulations!
|
319
|
+
|
320
|
+
There are BREAKING changes, but most will not encounter them, and updating your code should be easy!
|
321
|
+
|
322
|
+
Please see:
|
323
|
+
• https://github.com/oauth-xx/oauth2#what-is-new-for-v20
|
324
|
+
• https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md
|
325
|
+
|
326
|
+
Please report issues, and support the project! Thanks, |7eter l-|. l3oling
|
327
|
+
|
317
328
|
rdoc_options: []
|
318
329
|
require_paths:
|
319
330
|
- lib
|