oauth2 2.0.0 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7bd40b127f03fb47d5d897e4dd917ef3530fe06a863ce40485d3e9d02db32bc7
4
- data.tar.gz: 331dd1ee11d2e9490372c8c2106ca3492c9e743b066510ba3b111c7c0e8c5834
3
+ metadata.gz: 0b2375593530f7a565bfe90a1534e6203bb178428ca3c9670a0dcd728cfa134a
4
+ data.tar.gz: 04c8289d5202d2db4f12321fc7acda898a77931c1acee21cd5bdd3a7bcbec96a
5
5
  SHA512:
6
- metadata.gz: 33a5d808e3388045e441fb386793cfdd69264af585f0582e044f59a736276dbe3d84c9f98be77cc5d0b9f29c3cc569c61721dfd5816d2654b57f6170213ed8a1
7
- data.tar.gz: 9be4ba6cf11c62156b2f25fae2f04fb556166f4cbb7b8997d46af525968519073fcd6380008a2cc45ddb38986e0267becd7dfcc4f8f23560c437a2ce6f3be348
6
+ metadata.gz: 78b0c341b7fa62f31227ca3217fd3db5ad9dd17c54b9a9bca492f6e4f6294f2db63d7a88a221b7d3fb671d646ee7fc85c7bd4808a82536448e7f13611a8a7598
7
+ data.tar.gz: 0c2374b9c939fd0c021e25bfa81c23e033af5313e294f18f802431d4c192098ade257c2aeac131a11429525450b786cf894fa7d0cf50f8171395b2ca6ccb8bd0
data/CHANGELOG.md CHANGED
@@ -4,7 +4,12 @@ All notable changes to this project will be documented in this file.
4
4
  The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
5
5
  and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
6
6
 
7
- ## [2.0.0.rc3] - 2022-06-16
7
+ ## [2.0.1] - 2022-06-22
8
+ ### Added
9
+ - Documentation improvements (@pboling)
10
+ - Increased test coverage to 99% (@pboling)
11
+
12
+ ## [2.0.0] - 2022-06-21
8
13
  ### Added
9
14
  - [#158](https://github.com/oauth-xx/oauth2/pull/158), [#344](https://github.com/oauth-xx/oauth2/pull/344) - Optionally pass raw response to parsers (@niels)
10
15
  - [#190](https://github.com/oauth-xx/oauth2/pull/190), [#332](https://github.com/oauth-xx/oauth2/pull/332), [#334](https://github.com/oauth-xx/oauth2/pull/334), [#335](https://github.com/oauth-xx/oauth2/pull/335), [#360](https://github.com/oauth-xx/oauth2/pull/360), [#426](https://github.com/oauth-xx/oauth2/pull/426), [#427](https://github.com/oauth-xx/oauth2/pull/427), [#461](https://github.com/oauth-xx/oauth2/pull/461) - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
@@ -210,7 +215,7 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
210
215
 
211
216
  ## [0.0.4] + [0.0.3] + [0.0.2] + [0.0.1] - 2010-04-22
212
217
 
213
- [Unreleased]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...HEAD
218
+ [Unreleased]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...HEAD
214
219
  [0.0.1]: https://github.com/oauth-xx/oauth2/compare/311d9f4...v0.0.1
215
220
  [0.0.2]: https://github.com/oauth-xx/oauth2/compare/v0.0.1...v0.0.2
216
221
  [0.0.3]: https://github.com/oauth-xx/oauth2/compare/v0.0.2...v0.0.3
@@ -246,4 +251,6 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
246
251
  [1.4.7]: https://github.com/oauth-xx/oauth2/compare/v1.4.6...v1.4.7
247
252
  [1.4.8]: https://github.com/oauth-xx/oauth2/compare/v1.4.7...v1.4.8
248
253
  [1.4.9]: https://github.com/oauth-xx/oauth2/compare/v1.4.8...v1.4.9
254
+ [2.0.0]: https://github.com/oauth-xx/oauth2/compare/v1.4.9...v2.0.0
255
+ [2.0.1]: https://github.com/oauth-xx/oauth2/compare/v2.0.0...v2.0.1
249
256
  [gemfiles/readme]: gemfiles/README.md
data/README.md CHANGED
@@ -34,7 +34,8 @@ See the sibling `oauth` gem for OAuth 1.0 implementations in Ruby.
34
34
 
35
35
  | Version | Release Date | Readme |
36
36
  |---------|--------------|----------------------------------------------------------|
37
- | 2.0.0 | Soon | https://github.com/oauth-xx/oauth2/blob/master/README.md |
37
+ | 2.0.1 | 2022-06-22 | https://github.com/oauth-xx/oauth2/blob/master/README.md |
38
+ | 2.0.0 | 2022-06-21 | https://github.com/oauth-xx/oauth2/blob/v2.0.0/README.md |
38
39
  </details>
39
40
 
40
41
  ### Older Releases
@@ -140,8 +141,8 @@ The link tokens in the following sections should be kept ordered by the row and
140
141
  [🖐prs-o-img]: https://img.shields.io/github/issues-pr/oauth-xx/oauth2
141
142
  [🧮prs-c]: https://github.com/oauth-xx/oauth2/pulls?q=is%3Apr+is%3Aclosed
142
143
  [🧮prs-c-img]: https://img.shields.io/github/issues-pr-closed/oauth-xx/oauth2
143
- [📗next]: https://github.com/oauth-xx/oauth2/milestone/1
144
- [📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/1?label=Next%20Version
144
+ [📗next]: https://github.com/oauth-xx/oauth2/milestone/12
145
+ [📗next-img]: https://img.shields.io/github/milestones/progress/oauth-xx/oauth2/12?label=Next%20Version
145
146
 
146
147
  <!-- 3️⃣ maintanence & linting -->
147
148
  [⛳cclim-maint]: https://codeclimate.com/github/oauth-xx/oauth2/maintainability
@@ -238,7 +239,7 @@ Tidelift will coordinate the fix and disclosure.
238
239
 
239
240
  For more see [SECURITY.md][🚎sec-pol].
240
241
 
241
- ## What is new for v2.0 (unreleased, `master` branch)?
242
+ ## What is new for v2.0?
242
243
 
243
244
  - Officially support Ruby versions >= 2.7
244
245
  - Unofficially support Ruby versions >= 2.5
@@ -253,7 +254,7 @@ For more see [SECURITY.md][🚎sec-pol].
253
254
  - `:access_token_class` (`AccessToken`); user specified class to use for all calls to `get_token`
254
255
  - Adds new option to `OAuth2::AccessToken#initialize`:
255
256
  - `:expires_latency` (`nil`); number of seconds by which AccessToken validity will be reduced to offset latency
256
- - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#unreleased)
257
+ - [... A lot more](https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#2.0.0)
257
258
 
258
259
  ## Compatibility
259
260
 
@@ -291,7 +292,7 @@ of a major release, support for that Ruby version may be dropped.
291
292
 
292
293
  | | Ruby OAuth 2 Version | Maintenance Branch | Supported Officially | Supported Unofficially | Supported Incidentally |
293
294
  |:----|----------------------|--------------------|-------------------------|------------------------|------------------------|
294
- | 1️⃣ | 2.0.x (unreleased) | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 |
295
+ | 1️⃣ | 2.0.x | `master` | 2.7, 3.0, 3.1 | 2.5, 2.6 | 2.2, 2.3, 2.4 |
295
296
  | 2️⃣ | 1.4.x | `1-4-stable` | 2.5, 2.6, 2.7, 3.0, 3.1 | 2.1, 2.2, 2.3, 2.4 | 1.9, 2.0 |
296
297
  | 3️⃣ | older | N/A | Best of luck to you! | Please upgrade! | |
297
298
 
@@ -309,8 +310,8 @@ client = OAuth2::Client.new('client_id', 'client_secret', site: 'https://example
309
310
  client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth2/callback')
310
311
  # => "https://example.org/oauth/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2%2Fcallback&response_type=code"
311
312
 
312
- token = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
313
- response = token.get('/api/resource', params: {'query_foo' => 'bar'})
313
+ access = client.auth_code.get_token('authorization_code_value', redirect_uri: 'http://localhost:8080/oauth2/callback', headers: {'Authorization' => 'Basic some_password'})
314
+ response = access.get('/api/resource', params: {'query_foo' => 'bar'})
314
315
  response.class.name
315
316
  # => OAuth2::Response
316
317
  ```
@@ -402,28 +403,42 @@ Response instance will contain the `OAuth2::Error` instance.
402
403
 
403
404
  Currently the Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials, and Assertion
404
405
  authentication grant types have helper strategy classes that simplify client
405
- use. They are available via the `#auth_code`, `#implicit`, `#password`, `#client_credentials`, and `#assertion` methods respectively.
406
+ use. They are available via the [`#auth_code`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/auth_code.rb), [`#implicit`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/implicit.rb), [`#password`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/password.rb), [`#client_credentials`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/client_credentials.rb), and [`#assertion`](https://github.com/oauth-xx/oauth2/blob/master/lib/oauth2/strategy/assertion.rb) methods respectively.
406
407
 
408
+ These aren't full examples, but demonstrative of the differences between usage for each strategy.
407
409
  ```ruby
408
410
  auth_url = client.auth_code.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
409
- token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
411
+ access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback')
410
412
 
411
413
  auth_url = client.implicit.authorize_url(redirect_uri: 'http://localhost:8080/oauth/callback')
412
414
  # get the token params in the callback and
413
- token = OAuth2::AccessToken.from_kvform(client, query_string)
414
-
415
- token = client.password.get_token('username', 'password')
416
-
417
- token = client.client_credentials.get_token
418
-
419
- token = client.assertion.get_token(assertion_params)
415
+ access = OAuth2::AccessToken.from_kvform(client, query_string)
416
+
417
+ access = client.password.get_token('username', 'password')
418
+
419
+ access = client.client_credentials.get_token
420
+
421
+ # Client Assertion Strategy
422
+ # see: https://tools.ietf.org/html/rfc7523
423
+ claimset = {
424
+ :iss => "http://localhost:3001",
425
+ :aud => "http://localhost:8080/oauth2/token",
426
+ :sub => "me@example.com",
427
+ :exp => Time.now.utc.to_i + 3600
428
+ }
429
+ assertion_params = [claimset, 'HS256', 'secret_key']
430
+ access = client.assertion.get_token(assertion_params)
431
+
432
+ # The `access` (i.e. access token) is then used like so:
433
+ access.token # actual access_token string, if you need it somewhere
434
+ access.get("/api/stuff") # making api calls with access token
420
435
  ```
421
436
 
422
437
  If you want to specify additional headers to be sent out with the
423
438
  request, add a 'headers' hash under 'params':
424
439
 
425
440
  ```ruby
426
- token = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
441
+ access = client.auth_code.get_token('code_value', redirect_uri: 'http://localhost:8080/oauth/callback', headers: {'Some' => 'Header'})
427
442
  ```
428
443
 
429
444
  You can always use the `#request` method on the `OAuth2::Client` instance to make
data/SECURITY.md CHANGED
@@ -12,3 +12,9 @@
12
12
 
13
13
  To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
14
14
  Tidelift will coordinate the fix and disclosure.
15
+
16
+ ## OAuth2 for Enterprise
17
+
18
+ Available as part of the Tidelift Subscription.
19
+
20
+ The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.](https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)
@@ -15,7 +15,7 @@ module OAuth2
15
15
  #
16
16
  # claim_set = {
17
17
  # :iss => "http://localhost:3001",
18
- # :aud => "http://localhost:8080/oauth2/token"
18
+ # :aud => "http://localhost:8080/oauth2/token",
19
19
  # :sub => "me@example.com",
20
20
  # :exp => Time.now.utc.to_i + 3600,
21
21
  # }
@@ -2,6 +2,6 @@
2
2
 
3
3
  module OAuth2
4
4
  module Version
5
- VERSION = '2.0.0'.freeze
5
+ VERSION = '2.0.1'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,16 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Boling
8
- - Michael Bleigh
9
8
  - Erik Michaels-Ober
9
+ - Michael Bleigh
10
10
  autorequire:
11
11
  bindir: exe
12
12
  cert_chain: []
13
- date: 2022-06-21 00:00:00.000000000 Z
13
+ date: 2022-06-22 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: faraday
@@ -307,10 +307,10 @@ licenses:
307
307
  - MIT
308
308
  metadata:
309
309
  homepage_uri: https://github.com/oauth-xx/oauth2
310
- source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.0
311
- changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.0/CHANGELOG.md
310
+ source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.1
311
+ changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.1/CHANGELOG.md
312
312
  bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
313
- documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.0
313
+ documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.1
314
314
  wiki_uri: https://github.com/oauth-xx/oauth2/wiki
315
315
  rubygems_mfa_required: 'true'
316
316
  post_install_message: