oauth2 2.0.3 → 2.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +202 -139
- data/CONTRIBUTING.md +5 -5
- data/LICENSE +1 -1
- data/README.md +95 -73
- data/SECURITY.md +12 -6
- data/lib/oauth2/access_token.rb +38 -8
- data/lib/oauth2/client.rb +49 -24
- data/lib/oauth2/error.rb +17 -9
- data/lib/oauth2/response.rb +6 -2
- data/lib/oauth2/strategy/assertion.rb +1 -1
- data/lib/oauth2/strategy/auth_code.rb +1 -1
- data/lib/oauth2/strategy/client_credentials.rb +1 -1
- data/lib/oauth2/version.rb +1 -1
- data/lib/oauth2.rb +10 -2
- metadata +40 -29
- data/lib/oauth2/snaky_hash.rb +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ca10cc72ec9bc6e594334ea57a44fee4cbde470ce93da4148acce84fedcf8cf9
|
|
4
|
+
data.tar.gz: 6fc164a6f1ed3eaabe6e2d9287929be122b1cb2ae0e20a00411abc24158db495
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cec417d5b26211bc6eda04bdc7595667937a6d1f35f0ca294c7c95487884e428ab9ce0bbedda16d9529367c9e9dbe563c80f858dc69851bf1950b53570eda9a1
|
|
7
|
+
data.tar.gz: 1a9e4f0dd3e2ec837fa8ffb6d5cdeef8b3b58c1ff16f1e5c368f9b41a0e403cd0c467523d58917d739e15cf41d24155005ca40df3df8c82ca7ab45de1bb3cce3
|
data/CHANGELOG.md
CHANGED
|
@@ -4,19 +4,64 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [Unreleased]
|
|
8
|
+
### Added
|
|
9
|
+
### Changed
|
|
10
|
+
### Fixed
|
|
11
|
+
### Removed
|
|
12
|
+
|
|
13
|
+
## [2.0.9] - 2022-09-16
|
|
14
|
+
### Added
|
|
15
|
+
- More specs (@pboling)
|
|
16
|
+
### Changed
|
|
17
|
+
- Complete migration to main branch as default (@pboling)
|
|
18
|
+
- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
|
|
19
|
+
|
|
20
|
+
## [2.0.8] - 2022-09-01
|
|
21
|
+
### Changed
|
|
22
|
+
- [!630](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/630) - Extract snaky_hash to external dependency (@pboling)
|
|
23
|
+
### Added
|
|
24
|
+
- [!631](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/631) - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes [#628](https://gitlab.com/oauth-xx/oauth2/-/issues/628)
|
|
25
|
+
|
|
26
|
+
## [2.0.7] - 2022-08-22
|
|
27
|
+
### Added
|
|
28
|
+
- [#629](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
|
29
|
+
### Fixed
|
|
30
|
+
- [#626](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
|
|
31
|
+
- Note: This fixes compatibility with `omniauth-oauth2` and AWS
|
|
32
|
+
- [#625](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/625) - Fixes the printed version in the post install message (@hasghari)
|
|
33
|
+
|
|
34
|
+
## [2.0.6] - 2022-07-13
|
|
35
|
+
### Fixed
|
|
36
|
+
- [#624](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/624) - Fixes a [regression](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
|
|
37
|
+
|
|
38
|
+
## [2.0.5] - 2022-07-07
|
|
39
|
+
### Fixed
|
|
40
|
+
- [#620](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/620) - Documentation improvements, to help with upgrading (@swanson)
|
|
41
|
+
- [#621](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/621) - Fixed [#528](https://gitlab.com/oauth-xx/oauth2/-/issues/528) and [#619](https://gitlab.com/oauth-xx/oauth2/-/issues/619) (@pboling)
|
|
42
|
+
- All data in responses is now returned, with the access token removed and set as `token`
|
|
43
|
+
- `refresh_token` is no longer dropped
|
|
44
|
+
- **BREAKING**: Microsoft's `id_token` is no longer left as `access_token['id_token']`, but moved to the standard `access_token.token` that all other strategies use
|
|
45
|
+
- Remove `parse` and `snaky` from options so they don't get included in response
|
|
46
|
+
- There is now 100% test coverage, for lines _and_ branches, and it will stay that way.
|
|
47
|
+
|
|
48
|
+
## [2.0.4] - 2022-07-01
|
|
49
|
+
### Fixed
|
|
50
|
+
- [#618](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/618) - In some scenarios the `snaky` option default value was not applied (@pboling)
|
|
51
|
+
|
|
7
52
|
## [2.0.3] - 2022-06-28
|
|
8
53
|
### Added
|
|
9
|
-
- [#611](https://
|
|
10
|
-
- [#612](https://
|
|
54
|
+
- [#611](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/611) - Proper deprecation warnings for `extract_access_token` argument (@pboling)
|
|
55
|
+
- [#612](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/612) - Add `snaky: false` option to skip conversion to `OAuth2::SnakyHash` (default: true) (@pboling)
|
|
11
56
|
### Fixed
|
|
12
|
-
- [#608](https://
|
|
13
|
-
- [#615](https://
|
|
57
|
+
- [#608](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/608) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@nbibler)
|
|
58
|
+
- [#615](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/615) - Fix support for requests with blocks, see `Faraday::Connection#run_request` (@pboling)
|
|
14
59
|
|
|
15
60
|
## [2.0.2] - 2022-06-24
|
|
16
61
|
### Fixed
|
|
17
|
-
- [#604](https://
|
|
18
|
-
- [#606](https://
|
|
19
|
-
- [#607](https://
|
|
62
|
+
- [#604](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/604) - Wrap `Faraday::TimeoutError` in `OAuth2::TimeoutError` (@stanhu)
|
|
63
|
+
- [#606](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/606) - Ruby 2.7 deprecation warning fix: Move `access_token_class` parameter into `Client` constructor (@stanhu)
|
|
64
|
+
- [#607](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/607) - CHANGELOG correction, reference to `OAuth2::ConnectionError` (@zavan)
|
|
20
65
|
|
|
21
66
|
## [2.0.1] - 2022-06-22
|
|
22
67
|
### Added
|
|
@@ -25,73 +70,84 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
25
70
|
|
|
26
71
|
## [2.0.0] - 2022-06-21
|
|
27
72
|
### Added
|
|
28
|
-
- [#158](https://
|
|
29
|
-
- [#190](https://
|
|
30
|
-
- [#220](https://
|
|
31
|
-
- [#298](https://
|
|
32
|
-
- [#305](https://
|
|
33
|
-
- [#346](https://
|
|
34
|
-
- [#351](https://
|
|
35
|
-
- [#362](https://
|
|
36
|
-
- [#363](https://
|
|
37
|
-
- [#364](https://
|
|
38
|
-
- [#365](https://
|
|
39
|
-
- [#376](https://
|
|
40
|
-
- [#381](https://
|
|
41
|
-
- [#394](https://
|
|
42
|
-
- [#412](https://
|
|
43
|
-
- [#413](https://
|
|
44
|
-
- [#442](https://
|
|
45
|
-
- [#494](https://
|
|
46
|
-
- [#549](https://
|
|
47
|
-
- [#550](https://
|
|
48
|
-
- [#552](https://
|
|
49
|
-
- [#553](https://
|
|
50
|
-
- [#560](https://
|
|
51
|
-
- [#571](https://
|
|
52
|
-
- [#575](https://
|
|
53
|
-
- [#581](https://
|
|
73
|
+
- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Optionally pass raw response to parsers (@niels)
|
|
74
|
+
- [#190](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/190), [#332](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/332), [#334](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/334), [#335](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/335), [#360](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/360), [#426](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/426), [#427](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/427), [#461](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
|
|
75
|
+
- [#220](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/220) - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
|
|
76
|
+
- [#298](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/298) - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
|
|
77
|
+
- [#305](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/305) - Option: `OAuth2::Client#get_token` - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token` (@styd)
|
|
78
|
+
- [#346](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Modern gem structure (@pboling)
|
|
79
|
+
- [#351](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/351) - Support Jruby 9k (@pboling)
|
|
80
|
+
- [#362](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/362) - Support SemVer release version scheme (@pboling)
|
|
81
|
+
- [#363](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/363) - New method `OAuth2::AccessToken#refresh!` same as old `refresh`, with backwards compatibility alias (@pboling)
|
|
82
|
+
- [#364](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/364) - Support `application/hal+json` format (@pboling)
|
|
83
|
+
- [#365](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/365) - Support `application/vnd.collection+json` format (@pboling)
|
|
84
|
+
- [#376](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/376) - _Documentation_: Example / Test for Google 2-legged JWT (@jhmoore)
|
|
85
|
+
- [#381](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/381) - Spec for extra header params on client credentials (@nikz)
|
|
86
|
+
- [#394](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/394) - Option: `OAuth2::AccessToken#initialize` - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
|
|
87
|
+
- [#412](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/412) - Support `application/vdn.api+json` format (from jsonapi.org) (@david-christensen)
|
|
88
|
+
- [#413](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/413) - _Documentation_: License scan and report (@meganemura)
|
|
89
|
+
- [#442](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/442) - Option: `OAuth2::Client#initialize` - `:logger` (`::Logger.new($stdout)`) logger to use when OAUTH_DEBUG is enabled (for parity with `1-4-stable` branch) (@rthbound)
|
|
90
|
+
- [#494](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/494) - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523) (@SteveyblamWork)
|
|
91
|
+
- [#549](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/549) - Wrap `Faraday::ConnectionFailed` in `OAuth2::ConnectionError` (@nikkypx)
|
|
92
|
+
- [#550](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/550) - Raise error if location header not present when redirecting (@stanhu)
|
|
93
|
+
- [#552](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/552) - Add missing `version.rb` require (@ahorek)
|
|
94
|
+
- [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - Support `application/problem+json` format (@janz93)
|
|
95
|
+
- [#560](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/560) - Support IETF rfc6749, section 2.3.1 - don't set auth params when `nil` (@bouk)
|
|
96
|
+
- [#571](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/571) - Support Ruby 3.1 (@pboling)
|
|
97
|
+
- [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
|
|
98
|
+
- [#581](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/581) - _Documentation_: of breaking changes (@pboling)
|
|
54
99
|
### Changed
|
|
55
|
-
- [#191](https://
|
|
56
|
-
- [#312](https://
|
|
57
|
-
- [#317](https://
|
|
58
|
-
- [#338](https://
|
|
59
|
-
- [#339](https://
|
|
60
|
-
- [#410](https://
|
|
61
|
-
- [#414](https://
|
|
62
|
-
- [#489](https://
|
|
63
|
-
- [#489](https://
|
|
64
|
-
- [#
|
|
65
|
-
-
|
|
100
|
+
- [#191](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/191) - **BREAKING**: Token is expired if `expired_at` time is `now` (@davestevens)
|
|
101
|
+
- [#312](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/312) - **BREAKING**: Set `:basic_auth` as default for `:auth_scheme` instead of `:request_body`. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
|
|
102
|
+
- [#317](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/317) - _Dependency_: Upgrade `jwt` to 2.x.x (@travisofthenorth)
|
|
103
|
+
- [#338](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/338) - _Dependency_: Switch from `Rack::Utils.escape` to `CGI.escape` (@josephpage)
|
|
104
|
+
- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#368](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/368), [#424](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/424), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479), [#493](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/493), [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539), [#542](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/542), [#553](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/553) - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
|
|
105
|
+
- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - **BREAKING**: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
|
|
106
|
+
- [#414](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/414) - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
|
|
107
|
+
- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:authorize_url` removed leading slash to work with relative paths by default (`'oauth/authorize'`) (@ghost)
|
|
108
|
+
- [#489](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/489) - **BREAKING**: Default value for option `OAuth2::Client` - `:token_url` removed leading slash to work with relative paths by default (`'oauth/token'`) (@ghost)
|
|
109
|
+
- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507), [#575](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/575) - **BREAKING**: Transform keys to camel case, always, by default (ultimately via `rash_alt` gem)
|
|
110
|
+
- Original keys will still work as previously, in most scenarios, thanks to `rash_alt` gem.
|
|
111
|
+
- However, this is a _breaking_ change if you rely on `response.parsed.to_h`, as the keys in the result will be camel case.
|
|
112
|
+
- As of version 2.0.4 you can turn key transformation off with the `snaky: false` option.
|
|
113
|
+
- [#576](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - **BREAKING**: Stop rescuing parsing errors (@pboling)
|
|
114
|
+
- [#591](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/576) - _DEPRECATION_: `OAuth2::Client` - `:extract_access_token` option is deprecated
|
|
66
115
|
### Fixed
|
|
67
|
-
- [#158](https://
|
|
68
|
-
- [#294](https://
|
|
69
|
-
- [#300](https://
|
|
70
|
-
- [#318](https://
|
|
71
|
-
- [#322](https://
|
|
72
|
-
- [#328](https://
|
|
73
|
-
- [#339](https://
|
|
74
|
-
- [#366](https://
|
|
75
|
-
- [#380](https://
|
|
76
|
-
- [#399](https://
|
|
77
|
-
- [#410](https://
|
|
78
|
-
- [#460](https://
|
|
79
|
-
- [#472](https://
|
|
80
|
-
- [#482](https://
|
|
81
|
-
- [#536](https://
|
|
82
|
-
- [#595](https://
|
|
83
|
-
- [#596](https://
|
|
84
|
-
- [#598](https://
|
|
116
|
+
- [#158](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/158), [#344](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/344) - Handling of errors when using `omniauth-facebook` (@niels)
|
|
117
|
+
- [#294](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/294) - Fix: "Unexpected middleware set" issue with Faraday when `OAUTH_DEBUG=true` (@spectator, @gafrom)
|
|
118
|
+
- [#300](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/300) - _Documentation_: `Oauth2::Error` - Error codes are strings, not symbols (@NobodysNightmare)
|
|
119
|
+
- [#318](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/318), [#326](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/326), [#343](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/343), [#347](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/347), [#397](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/397), [#464](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/464), [#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561), [#565](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/565) - _Dependency_: Support all versions of `faraday` (see [gemfiles/README.md][gemfiles/readme] for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
|
|
120
|
+
- [#322](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/322), [#331](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/331), [#337](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/337), [#361](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/361), [#371](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/371), [#377](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/377), [#383](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/383), [#392](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/392), [#395](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/395), [#400](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/400), [#401](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/401), [#403](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/403), [#415](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/415), [#567](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/567) - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
|
|
121
|
+
- [#328](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/328) - _Documentation_: Homepage URL is SSL (@amatsuda)
|
|
122
|
+
- [#339](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/339), [#479](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/479) - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
|
|
123
|
+
- [#366](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/366) - **Security**: Fix logging to `$stdout` of request and response bodies via Faraday's logger and `ENV["OAUTH_DEBUG"] == 'true'` (@pboling)
|
|
124
|
+
- [#380](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/380) - Fix: Stop attempting to encode non-encodable objects in `Oauth2::Error` (@jhmoore)
|
|
125
|
+
- [#399](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/399) - Fix: Stop duplicating `redirect_uri` in `get_token` (@markus)
|
|
126
|
+
- [#410](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/410) - Fix: `SystemStackError` caused by circular reference between Error and Response classes (@jhmoore)
|
|
127
|
+
- [#460](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/460) - Fix: Stop throwing errors when `raise_errors` is set to `false`; analog of [#524](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/524) for `1-4-stable` branch (@joaolrpaulo)
|
|
128
|
+
- [#472](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/472) - **Security**: Add checks to enforce `client_secret` is *never* passed in authorize_url query params for `implicit` and `auth_code` grant types (@dfockler)
|
|
129
|
+
- [#482](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/482) - _Documentation_: Update last of `intridea` links to `oauth-xx` (@pboling)
|
|
130
|
+
- [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) - **Security**: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) on `1-4-stable` branch (@pboling)
|
|
131
|
+
- [#595](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/595) - Graceful handling of empty responses from `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
|
132
|
+
- [#596](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/596) - Consistency between `AccessToken#refresh` and `Client#get_token` named arguments (@stanhu)
|
|
133
|
+
- [#598](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/598) - Fix unparseable data not raised as error in `Client#get_token`, respecting `:raise_errors` config (@stanhu)
|
|
85
134
|
### Removed
|
|
86
|
-
- [#341](https://
|
|
87
|
-
- [#342](https://
|
|
88
|
-
- [#539](https://
|
|
89
|
-
- [#566](https://
|
|
90
|
-
- [#589](https://
|
|
91
|
-
- [#590](https://
|
|
135
|
+
- [#341](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/341) - Remove Rdoc & Jeweler related files (@josephpage)
|
|
136
|
+
- [#342](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/342) - **BREAKING**: Dropped support for Ruby 1.8 (@josephpage)
|
|
137
|
+
- [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) - Remove reliance on globally included OAuth2 in tests, analog of [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) for 1-4-stable (@anderscarling)
|
|
138
|
+
- [#566](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/566) - _Dependency_: Removed `wwtd` (@bquorning)
|
|
139
|
+
- [#589](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/589), [#593](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/593) - Remove support for expired MAC token draft spec (@stanhu)
|
|
140
|
+
- [#590](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/590) - _Dependency_: Removed `multi_json` (@stanhu)
|
|
141
|
+
|
|
142
|
+
## [1.4.11] - 2022-09-16
|
|
143
|
+
- Complete migration to main branch as default (@pboling)
|
|
144
|
+
- Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
|
|
145
|
+
|
|
146
|
+
## [1.4.10] - 2022-07-01
|
|
147
|
+
- FIPS Compatibility [#587](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/587) (@akostadinov)
|
|
92
148
|
|
|
93
149
|
## [1.4.9] - 2022-02-20
|
|
94
|
-
- Fixes compatibility with Faraday v2 [572](https://
|
|
150
|
+
- Fixes compatibility with Faraday v2 [572](https://gitlab.com/oauth-xx/oauth2/-/issues/572)
|
|
95
151
|
- Includes supported versions of Faraday in test matrix:
|
|
96
152
|
- Faraday ~> 2.2.0 with Ruby >= 2.6
|
|
97
153
|
- Faraday ~> 1.10 with Ruby >= 2.4
|
|
@@ -100,48 +156,48 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
100
156
|
|
|
101
157
|
## [1.4.8] - 2022-02-18
|
|
102
158
|
- MFA is now required to push new gem versions (@pboling)
|
|
103
|
-
- README overhaul w/ new Ruby
|
|
104
|
-
- [#569](https://
|
|
159
|
+
- README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
|
|
160
|
+
- [#569](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/569) Backport fixes ([#561](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/561) by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
|
|
105
161
|
- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
|
|
106
162
|
- Add CodeQL, Security Policy, Funding info (@pboling)
|
|
107
163
|
- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
|
|
108
|
-
- [#543](https://
|
|
164
|
+
- [#543](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/543) - Support for more modern Open SSL libraries (@pboling)
|
|
109
165
|
|
|
110
166
|
## [1.4.7] - 2021-03-19
|
|
111
|
-
- [#541](https://
|
|
167
|
+
- [#541](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/541) - Backport fix to expires_at handling [#533](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/533) to 1-4-stable branch. (@dobon)
|
|
112
168
|
|
|
113
169
|
## [1.4.6] - 2021-03-19
|
|
114
|
-
- [#540](https://
|
|
115
|
-
- [#537](https://
|
|
116
|
-
- [#538](https://
|
|
170
|
+
- [#540](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/540) - Add VERSION constant (@pboling)
|
|
171
|
+
- [#537](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/537) - Fix crash in OAuth2::Client#get_token (@anderscarling)
|
|
172
|
+
- [#538](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/538) - Remove reliance on globally included OAuth2 in tests, analogous to [#539](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/539) on main branch (@anderscarling)
|
|
117
173
|
|
|
118
174
|
## [1.4.5] - 2021-03-18
|
|
119
|
-
- [#535](https://
|
|
120
|
-
- [#518](https://
|
|
121
|
-
- [#507](https://
|
|
122
|
-
- [#500](https://
|
|
175
|
+
- [#535](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/535) - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to [#536](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/536) on main branch (@pboling)
|
|
176
|
+
- [#518](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/518) - Add extract_access_token option to OAuth2::Client (@jonspalmer)
|
|
177
|
+
- [#507](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/507) - Fix camel case content type, response keys (@anvox)
|
|
178
|
+
- [#500](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/500) - Fix YARD documentation formatting (@olleolleolle)
|
|
123
179
|
|
|
124
180
|
## [1.4.4] - 2020-02-12
|
|
125
|
-
- [#408](https://
|
|
181
|
+
- [#408](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/408) - Fixed expires_at for formatted time (@Lomey)
|
|
126
182
|
|
|
127
183
|
## [1.4.3] - 2020-01-29
|
|
128
|
-
- [#483](https://
|
|
129
|
-
- [#495](https://
|
|
184
|
+
- [#483](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/483) - add project metadata to gemspec (@orien)
|
|
185
|
+
- [#495](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/495) - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
|
|
130
186
|
- Adds support for private_key_jwt and tls_client_auth
|
|
131
|
-
- [#433](https://
|
|
187
|
+
- [#433](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/433) - allow field names with square brackets and numbers in params (@asm256)
|
|
132
188
|
|
|
133
189
|
## [1.4.2] - 2019-10-01
|
|
134
|
-
- [#478](https://
|
|
190
|
+
- [#478](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/478) - support latest version of faraday & fix build (@pboling)
|
|
135
191
|
- Officially support Ruby 2.6 and truffleruby
|
|
136
192
|
|
|
137
193
|
## [1.4.1] - 2018-10-13
|
|
138
|
-
- [#417](https://
|
|
139
|
-
- [#419](https://
|
|
140
|
-
- [#418](https://
|
|
141
|
-
- [#420](https://
|
|
142
|
-
- [#421](https://
|
|
143
|
-
- [#422](https://
|
|
144
|
-
- [#423](https://
|
|
194
|
+
- [#417](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/417) - update jwt dependency (@thewoolleyman)
|
|
195
|
+
- [#419](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/419) - remove rubocop dependency (temporary, added back in [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423)) (@pboling)
|
|
196
|
+
- [#418](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/418) - update faraday dependency (@pboling)
|
|
197
|
+
- [#420](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/420) - update [oauth2.gemspec](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/oauth2.gemspec) (@pboling)
|
|
198
|
+
- [#421](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/421) - fix [CHANGELOG.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/CHANGELOG.md) for previous releases (@pboling)
|
|
199
|
+
- [#422](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/422) - update [LICENSE](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/LICENSE) and [README.md](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/README.md) (@pboling)
|
|
200
|
+
- [#423](https://gitlab.com/oauth-xx/oauth2/-/merge_requests/423) - update [builds](https://travis-ci.org/oauth-xx/oauth2/builds), [Rakefile](https://gitlab.com/oauth-xx/oauth2/-/blob/1-4-stable/Rakefile) (@pboling)
|
|
145
201
|
- officially document supported Rubies
|
|
146
202
|
* Ruby 1.9.3
|
|
147
203
|
* Ruby 2.0.0
|
|
@@ -191,17 +247,16 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
191
247
|
## [1.0.0] - 2014-07-09
|
|
192
248
|
### Added
|
|
193
249
|
- Add an implementation of the MAC token spec.
|
|
194
|
-
|
|
195
250
|
### Fixed
|
|
196
251
|
- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
|
|
197
|
-
## [0.5.0] - 2011-07-29
|
|
198
252
|
|
|
253
|
+
## [0.5.0] - 2011-07-29
|
|
199
254
|
### Changed
|
|
200
|
-
-
|
|
201
|
-
-
|
|
202
|
-
-
|
|
203
|
-
-
|
|
204
|
-
-
|
|
255
|
+
- *breaking* `oauth_token` renamed to `oauth_bearer`.
|
|
256
|
+
- *breaking* `authorize_path` Client option renamed to `authorize_url`.
|
|
257
|
+
- *breaking* `access_token_path` Client option renamed to `token_url`.
|
|
258
|
+
- *breaking* `access_token_method` Client option renamed to `token_method`.
|
|
259
|
+
- *breaking* `web_server` renamed to `auth_code`.
|
|
205
260
|
|
|
206
261
|
## [0.4.1] - 2011-04-20
|
|
207
262
|
|
|
@@ -229,44 +284,52 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
|
|
|
229
284
|
|
|
230
285
|
## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
|
|
231
286
|
|
|
232
|
-
[
|
|
233
|
-
[0.0.
|
|
234
|
-
[0.0.
|
|
235
|
-
[0.0.
|
|
236
|
-
[0.0.
|
|
237
|
-
[0.0.
|
|
238
|
-
[0.0.
|
|
239
|
-
[0.0.
|
|
240
|
-
[0.0.
|
|
241
|
-
[0.0.
|
|
242
|
-
[0.0.
|
|
243
|
-
[0.0.
|
|
244
|
-
[0.0.
|
|
245
|
-
[0.0
|
|
246
|
-
[0.1.
|
|
247
|
-
[0.
|
|
248
|
-
[0.
|
|
249
|
-
[0.
|
|
250
|
-
[0.4.
|
|
251
|
-
[0.
|
|
252
|
-
[0.
|
|
253
|
-
[1.
|
|
254
|
-
[1.
|
|
255
|
-
[1.
|
|
256
|
-
[1.3.
|
|
257
|
-
[1.
|
|
258
|
-
[1.4.
|
|
259
|
-
[1.4.
|
|
260
|
-
[1.4.
|
|
261
|
-
[1.4.
|
|
262
|
-
[1.4.
|
|
263
|
-
[1.4.
|
|
264
|
-
[1.4.
|
|
265
|
-
[1.4.
|
|
266
|
-
[1.4.
|
|
267
|
-
[1.4.
|
|
268
|
-
[
|
|
269
|
-
[2.0.
|
|
270
|
-
[2.0.
|
|
271
|
-
[2.0.
|
|
287
|
+
[0.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/311d9f4...v0.0.1
|
|
288
|
+
[0.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.1...v0.0.2
|
|
289
|
+
[0.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.2...v0.0.3
|
|
290
|
+
[0.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.3...v0.0.4
|
|
291
|
+
[0.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.4...v0.0.5
|
|
292
|
+
[0.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.5...v0.0.6
|
|
293
|
+
[0.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.6...v0.0.7
|
|
294
|
+
[0.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.7...v0.0.8
|
|
295
|
+
[0.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.8...v0.0.9
|
|
296
|
+
[0.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.9...v0.0.10
|
|
297
|
+
[0.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.10...v0.0.11
|
|
298
|
+
[0.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.11...v0.0.12
|
|
299
|
+
[0.0.13]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.12...v0.0.13
|
|
300
|
+
[0.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.0.13...v0.1.0
|
|
301
|
+
[0.1.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.0...v0.1.1
|
|
302
|
+
[0.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.1.1...v0.2.0
|
|
303
|
+
[0.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.2.0...v0.3.0
|
|
304
|
+
[0.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.3.0...v0.4.0
|
|
305
|
+
[0.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.0...v0.4.1
|
|
306
|
+
[0.5.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.4.1...v0.5.0
|
|
307
|
+
[1.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v0.9.4...v1.0.0
|
|
308
|
+
[1.1.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.0.0...v1.1.0
|
|
309
|
+
[1.2.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.1.0...v1.2.0
|
|
310
|
+
[1.3.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.2.0...v1.3.0
|
|
311
|
+
[1.3.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.0...v1.3.1
|
|
312
|
+
[1.4.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.3.1...v1.4.0
|
|
313
|
+
[1.4.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.0...v1.4.1
|
|
314
|
+
[1.4.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.1...v1.4.2
|
|
315
|
+
[1.4.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.2...v1.4.3
|
|
316
|
+
[1.4.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.3...v1.4.4
|
|
317
|
+
[1.4.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.4...v1.4.5
|
|
318
|
+
[1.4.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.5...v1.4.6
|
|
319
|
+
[1.4.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.6...v1.4.7
|
|
320
|
+
[1.4.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.7...v1.4.8
|
|
321
|
+
[1.4.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.8...v1.4.9
|
|
322
|
+
[1.4.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.9...v1.4.10
|
|
323
|
+
[1.4.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.10...v1.4.11
|
|
324
|
+
[2.0.0]: https://gitlab.com/oauth-xx/oauth2/-/compare/v1.4.11...v2.0.0
|
|
325
|
+
[2.0.1]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.0...v2.0.1
|
|
326
|
+
[2.0.2]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.1...v2.0.2
|
|
327
|
+
[2.0.3]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.2...v2.0.3
|
|
328
|
+
[2.0.4]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.3...v2.0.4
|
|
329
|
+
[2.0.5]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.4...v2.0.5
|
|
330
|
+
[2.0.6]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.5...v2.0.6
|
|
331
|
+
[2.0.7]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.6...v2.0.7
|
|
332
|
+
[2.0.8]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.7...v2.0.8
|
|
333
|
+
[2.0.9]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.8...v2.0.9
|
|
334
|
+
[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...HEAD
|
|
272
335
|
[gemfiles/readme]: gemfiles/README.md
|
data/CONTRIBUTING.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
## Contributing
|
|
2
2
|
|
|
3
|
-
Bug reports and pull requests are welcome on
|
|
3
|
+
Bug reports and pull requests are welcome on GitLab at [https://gitlab.com/oauth-xx/oauth2][source]
|
|
4
4
|
. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to
|
|
5
5
|
the [code of conduct][conduct].
|
|
6
6
|
|
|
@@ -27,18 +27,18 @@ To submit a patch, please fork the project and create a patch with tests. Once y
|
|
|
27
27
|
|
|
28
28
|
## Contributors
|
|
29
29
|
|
|
30
|
-
[][contributors]
|
|
30
|
+
[][🚎contributors]
|
|
31
31
|
|
|
32
32
|
Made with [contributors-img][contrib-rocks].
|
|
33
33
|
|
|
34
34
|
[comment]: <> (Following links are used by README, CONTRIBUTING)
|
|
35
35
|
|
|
36
|
-
[conduct]: https://
|
|
36
|
+
[conduct]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CODE_OF_CONDUCT.md
|
|
37
37
|
|
|
38
38
|
[contrib-rocks]: https://contrib.rocks
|
|
39
39
|
|
|
40
|
-
[contributors]: https://
|
|
40
|
+
[🚎contributors]: https://gitlab.com/oauth-xx/oauth2/-/graphs/main
|
|
41
41
|
|
|
42
42
|
[comment]: <> (Following links are used by README, CONTRIBUTING, Homepage)
|
|
43
43
|
|
|
44
|
-
[source]: https://
|
|
44
|
+
[source]: https://gitlab.com/oauth-xx/oauth2/
|
data/LICENSE
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
MIT License
|
|
2
2
|
|
|
3
3
|
Copyright (c) 2011 - 2013 Michael Bleigh and Intridea, Inc.
|
|
4
|
-
Copyright (c) 2017 - 2022 oauth-xx organization, https://
|
|
4
|
+
Copyright (c) 2017 - 2022 oauth-xx organization, https://gitlab.com/oauth-xx
|
|
5
5
|
|
|
6
6
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
7
7
|
of this software and associated documentation files (the "Software"), to deal
|