oauth2 2.0.11 → 2.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4fbe5e9ef7a438960d018f63b2fcf4e409a30fe1a57192a335d38adc6a3fdb84
-  data.tar.gz: 92761da258a1ac1335e048966e235b9278b6fd4096ee29b424d96b9796dff35b
+  metadata.gz: a3c3d9d7db53b8fd6bfda9314ac4f6ebde44a08d8f9544c909b055dd5d1a5c37
+  data.tar.gz: cfe4790fb04182fc2357d1015988f9b4bf77540f350a998a448fadb43c75d510
 SHA512:
-  metadata.gz: 9cc454d65145c89f4c75c234c99432cce1090b41e1dc228f42285d854cda6063647b8d443022058d49eeac79e82dd6c04e610a3ba99a70a4ed339180b69ce11f
-  data.tar.gz: 59f3b0f528397a93a3b691bef5112fa3a0cf60df108613474f47c690c2eecf300ab4847403d359565d2ec176e771202400cfd85fbefa87c62628cc38e6ede6a2
+  metadata.gz: b66e35c72d4f4ba2e38cb3a2147bc5aca5c05a5675d04515b2927f0c3c687444348b309799383a960351d106a8fbc1fa6a6bba08e672cef22059d1d4c03cbc26
+  data.tar.gz: 55395528b41b5487eb5ef1f8ab2800028f63b51ef2d889d06d4e16237bc470d3cc8c7c9ec8ba8e895988665e6c9a9f5ad84e513de6dad66b276873eae85fbaad

data/CHANGELOG.md

@@ -12,6 +12,28 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 ### Fixed
 ### Security
 
+## [2.0.12] - 2025-05-31
+- TAG: [v2.0.12][2.0.12t]
+- Line Coverage: 100.0% (520 / 520)
+- Branch Coverage: 100.0% (174 / 174)
+- 80.00% documented
+### Added
+- [gh652][gh652] - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+  - Support JWT `kid` for key discovery and management
+- More Documentation by @pboling
+  - Documented Serialization Extensions
+  - Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
+- Documentation site @ https://oauth2.galtzo.com now complete
+### Changed
+- Updates to gemspec (email, funding url, post install message)
+### Deprecated
+### Removed
+### Fixed
+- Documentation Typos by @pboling
+### Security
+
+[gh652]: https://github.com/oauth-xx/oauth2/pull/652
+
 ## [2.0.11] - 2025-05-23
 - TAG: [v2.0.11][2.0.11t]
 - COVERAGE: 100.00% -- 518/518 lines in 14 files
@@ -395,7 +417,9 @@ and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.
 
 [gemfiles/readme]: gemfiles/README.md
 
-[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...HEAD
+[Unreleased]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.12...HEAD
+[2.0.12]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.11...v2.0.12
+[2.0.12t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.12
 [2.0.11]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.10...v2.0.11
 [2.0.11t]: https://gitlab.com/oauth-xx/oauth2/-/tags/v2.0.11
 [2.0.10]: https://gitlab.com/oauth-xx/oauth2/-/compare/v2.0.9...v2.0.10

data/CONTRIBUTING.md

@@ -96,7 +96,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
 4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
@@ -114,7 +114,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
-    - Checksums will be committed automatically by the script, but not pushed
+    - Checksums will be committed automatically by the script but not pushed
 12. Run `bundle exec rake release` which will create a git tag for the version,
     push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
 

data/README.md

@@ -1,4 +1,7 @@
 <p align="center">
+    <a href="https://discord.gg/3qme4XHNKN" target="_blank" rel="noopener">
+      <img width="124px" src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/galtzo-floss-logos-original.svg?raw=true" alt="Galtzo.com Logo by Aboling0, CC BY-SA 4.0">
+    </a>
     <a href="http://oauth.net/2/" target="_blank" rel="noopener">
       <img src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/oauth2-logo-124px.png?raw=true" alt="OAuth 2.0 Logo by Chris Messina, CC BY-SA 3.0">
     </a>
@@ -48,14 +51,14 @@ covering the latest patch for each of the following minor versions:
 * MRI Ruby @ v2.3, v2.4, v2.5, v2.6, v2.7, v3.0, v3.1, v3.2, v3.3, v3.4, HEAD
   * NOTE: This gem will still install on ruby v2.2, but vanilla GitHub Actions no longer supports testing against it, so YMMV.
 * JRuby @ v9.2, v9.3, v9.4, v10.0, HEAD
-* TruffleRuby @ v23.1, v23.2, HEAD
+* TruffleRuby @ v23.1, v24.1, HEAD
 * gem `faraday` @ v0, v1, v2, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [lostisland/faraday](https://github.com/lostisland/faraday)
-* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `jwt` @ v1, v2, v3, HEAD ⏩️ [jwt/ruby-jwt](https://github.com/jwt/ruby-jwt)
+* gem `logger` @ v1.2, v1.5, v1.7, HEAD ⏩️ [ruby/logger](https://github.com/ruby/logger)
 * gem `multi_xml` @ v0.5, v0.6, v0.7, HEAD ⏩️ [sferik/multi_xml](https://github.com/sferik/multi_xml)
 * gem `rack` @ v1.2, v1.6, v2, v3, HEAD ⏩️ [rack/rack](https://github.com/rack/rack)
-* gem `snaky_hash` @v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)
-* gem `version_gem` - @v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem)
+* gem `snaky_hash` @ v2, HEAD ⏩️ [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash)
+* gem `version_gem` @ v1, HEAD ⏩️ [oauth-xx/version_gem](https://gitlab.com/oauth-xx/version_gem)
 
 The last two were extracted from this gem. They are part of the `oauth-xx` org,
 and are developed in tight collaboration with this gem.
@@ -160,11 +163,12 @@ One of these might be what you are looking for:
 ### Version 2.0.x
 
 <details>
-  <summary>2.0.x CHANGELOGs and READMEs</summary>
+  <summary>2.0.x CHANGELOG and README</summary>
 
 | Version | Release Date | CHANGELOG                             | README                          |
 |---------|--------------|---------------------------------------|---------------------------------|
-| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.10 README][2.0.11-readme] |
+| 2.0.12  | 2025-05-31   | [v2.0.12 CHANGELOG][2.0.12-changelog] | [v2.0.12 README][2.0.12-readme] |
+| 2.0.11  | 2025-05-23   | [v2.0.11 CHANGELOG][2.0.11-changelog] | [v2.0.11 README][2.0.11-readme] |
 | 2.0.10  | 2025-05-17   | [v2.0.10 CHANGELOG][2.0.10-changelog] | [v2.0.10 README][2.0.10-readme] |
 | 2.0.9   | 2022-09-16   | [v2.0.9 CHANGELOG][2.0.9-changelog]   | [v2.0.9 README][2.0.9-readme]   |
 | 2.0.8   | 2022-09-01   | [v2.0.8 CHANGELOG][2.0.8-changelog]   | [v2.0.8 README][2.0.8-readme]   |
@@ -178,6 +182,7 @@ One of these might be what you are looking for:
 | 2.0.0   | 2022-06-21   | [v2.0.0 CHANGELOG][2.0.0-changelog]   | [v2.0.0 README][2.0.0-readme]   |
 </details>
 
+[2.0.12-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2012---2025-05-31
 [2.0.11-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2011---2025-05-23
 [2.0.10-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#2010---2025-05-17
 [2.0.9-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#209---2022-09-16
@@ -191,7 +196,8 @@ One of these might be what you are looking for:
 [2.0.1-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#201---2022-06-22
 [2.0.0-changelog]: https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md?ref_type=heads#200---2022-06-21
 
-[2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
+[2.0.12-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/README.md
+[2.0.11-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/README.md
 [2.0.10-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.10/README.md
 [2.0.9-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.9/README.md
 [2.0.8-readme]: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.8/README.md
@@ -330,9 +336,11 @@ For more see [SECURITY.md][🔐security].
 
 - Works with Ruby versions >= 2.2
 - Drop support for the expired MAC Draft (all versions)
-- Support IETF rfc7523 JWT Bearer Tokens
-- Support IETF rfc7231 Relative Location in Redirect
-- Support IETF rfc6749 Don't set oauth params when nil
+- Support IETF rfc7515 JSON Web Signature - JWS (since v2.0.12)
+  - Support JWT `kid` for key discovery and management
+- Support IETF rfc7523 JWT Bearer Tokens (since v2.0.0)
+- Support IETF rfc7231 Relative Location in Redirect (since v2.0.0)
+- Support IETF rfc6749 Don't set oauth params when nil (since v2.0.0)
 - Support IETF rfc7009 Token Revocation (since v2.0.10)
 - Support [OIDC 1.0 Private Key JWT](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication); based on the OAuth JWT assertion specification [(RFC 7523)](https://tools.ietf.org/html/rfc7523)
 - Support new formats, including from [jsonapi.org](http://jsonapi.org/format/): `application/vdn.api+json`, `application/vnd.collection+json`, `application/hal+json`, `application/problem+json`
@@ -485,16 +493,90 @@ response.parsed.class.name        # => SnakyHash::StringKeyed (from snaky_hash g
 
 As of v2.0.11, if you need to serialize the parsed result, you can!
 
-There are two ways to do this, and the second option recommended.
+There are two ways to do this, globally, or discretely.  The discrete way is recommended.
 
 1. Globally configure `SnakyHash::StringKeyed` to use the serializer. Put this in your code somewhere reasonable (like an initializer for Rails):
 
-```ruby
+    ```ruby
 SnakyHash::StringKeyed.class_eval do
   extend SnakyHash::Serializer
+end
+    ```
+
+2. Discretely configure a custom Snaky Hash class to use the serializer:
+
+    ```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+end
+
+    # And tell your client to use the custom class in each call:
+client = OAuth2::Client.new("client_id", "client_secret", site: "https://example.org/oauth2")
+token = client.get_token({snaky_hash_klass: MySnakyHash})
+    ```
+
+##### Serialization Extensions
+
+There are a few hacks you may need in your class to support Ruby < 2.4.2 or < 2.6.
+They are likely not needed if you are on a newer Ruby.
+See `response_spec.rb` if you need to study the hacks for older Rubies.
+
+```ruby
+class MySnakyHash < SnakyHash::StringKeyed
+  # Give this hash class `dump` and `load` abilities!
+  extend SnakyHash::Serializer
+
+  #### Serialization Extentions
+  #
+  # Act on the non-hash values (including the values of hashes) as they are dumped to JSON
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become bananas.
+  # WARNING: This is a silly example!
+  dump_value_extensions.add(:to_fruit) do |value|
+    "banana" # => Make values "banana" on dump
+  end
+
+  # Act on the non-hash values (including the values of hashes) as they are loaded from the JSON dump
+  # In other words, this retains nested hashes, and only the deepest leaf nodes become ***.
+  # WARNING: This is a silly example!
+  load_value_extensions.add(:to_stars) do |value|
+    "***" # Turn dumped bananas into *** when they are loaded
+  end
+
+  # Act on the entire hash as it is prepared for dumping to JSON
+  # WARNING: This is a silly example!
+  dump_hash_extensions.add(:to_cheese) do |value|
+    if value.is_a?(Hash)
+      value.transform_keys do |key|
+        split = key.split("_")
+        first_word = split[0]
+        key.sub(first_word, "cheese")
+      end
+    else
+      value
+    end
+  end
+
+  # Act on the entire hash as it is loaded from the JSON dump
+  # WARNING: This is a silly example!
+  load_hash_extensions.add(:to_pizza) do |value|
+    if value.is_a?(Hash)
+      res = klass.new
+      value.keys.each_with_object(res) do |key, result|
+        split = key.split("_")
+        last_word = split[-1]
+        new_key = key.sub(last_word, "pizza")
+        result[new_key] = value[key]
+      end
+      res
+    else
+      value
+    end
+  end
 end
 ```
 
+See `response_spec.rb`, or the [oauth-xx/snaky_hash](https://gitlab.com/oauth-xx/snaky_hash) gem for more ideas.
 
 #### What if I hate snakes and/or indifference?
 
@@ -612,10 +694,6 @@ access = client.auth_code.get_token("code_value", redirect_uri: "http://localhos
 You can always use the `#request` method on the `OAuth2::Client` instance to make
 requests for tokens for any Authentication grant type.
 
-### 🚀 Release Instructions
-
-See [CONTRIBUTING.md][🤝contributing].
-
 ## 🔐 Security
 
 See [SECURITY.md][🔐security].
@@ -630,6 +708,10 @@ We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you m
 
 See [CONTRIBUTING.md][🤝contributing] for more detailed instructions.
 
+### 🚀 Release Instructions
+
+See [CONTRIBUTING.md][🤝contributing].
+
 ### Code Coverage
 
 [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls]
@@ -706,10 +788,10 @@ See [LICENSE.txt][📄license] for the official [Copyright Notice][📄copyright
 <ul>
     <li>
         2017 - 2025 Peter H. Boling, of
-        <a href="https://railsbling.com">
-            RailsBling.com
+        <a href="https://discord.gg/3qme4XHNKN">
+            Galtzo.com
             <picture>
-                <img alt="Rails Bling" height="20" src="https://railsbling.com/images/logos/RailsBling-TrainLogo.svg" />
+              <img src="https://github.com/oauth-xx/oauth2/raw/main/docs/images/logo/galtzo-floss-logos-wordless.svg?raw=true" alt="Galtzo.com Logo by Aboling0, CC BY-SA 4.0" height="20">
             </picture>
         </a>, and oauth2 contributors
     </li>
@@ -912,14 +994,3 @@ or one of the others at the head of this README.
 <a rel="me" alt="Follow me on Ruby.social" href="https://ruby.social/@galtzo"><img src="https://img.shields.io/mastodon/follow/109447111526622197?domain=https%3A%2F%2Fruby.social&style=social&label=Follow%20%40galtzo%20on%20Ruby.social"></a>
 <a rel="me" alt="Follow me on FLOSS.social" href="https://floss.social/@galtzo"><img src="https://img.shields.io/mastodon/follow/110304921404405715?domain=https%3A%2F%2Ffloss.social&style=social&label=Follow%20%40galtzo%20on%20Floss.social"></a>
 </details>
-
-<details>
-  <summary>Deprecated Badges</summary>
-
-CodeCov currently fails to parse the coverage upload.
-
-[![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov]
-
-[![Coverage Graph][🔑codecov-g♻️]][🔑codecov]
-
-</details>

data/SECURITY.md

@@ -2,25 +2,34 @@
 
 ## Supported Versions
 
-| Version  | Supported | EOL     | Post-EOL / Enterprise                 |
-|----------|-----------|---------|---------------------------------------|
-| 2.latest | ✅         | 04/2026 | [Tidelift Subscription][tidelift-ref] |
-| 1.latest | ✅         | 10/2025 | [Tidelift Subscription][tidelift-ref] |
-| <= 1     | ⛔         | ⛔       | ⛔                                     |
+| Version  | Supported | Post-EOL / Enterprise                 |
+|----------|-----------|---------------------------------------|
+| 2.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| 1.latest | ✅         | [Tidelift Subscription][tidelift-ref] |
+| <= 1     | ⛔         | ⛔                                     |
 
 ### EOL Policy
 
 Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
 
-## Reporting a Vulnerability
+## Security contact information
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 
-## OAuth2 for Enterprise
+## Additional Support
+
+If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the [README].
+
+[README]: README.md
+
+## Enterprise Support
 
 Available as part of the Tidelift Subscription.
 
-The maintainers of oauth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
+The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. [Learn more.][tidelift-ref]
 
 [tidelift-ref]: https://tidelift.com/subscription/pkg/rubygems-oauth2?utm_source=rubygems-oauth2&utm_medium=referral&utm_campaign=enterprise&utm_term=repo

data/lib/oauth2/strategy/assertion.rb

@@ -95,7 +95,10 @@ module OAuth2
       def build_assertion(claims, encoding_opts)
         raise ArgumentError.new(message: "Please provide an encoding_opts hash with :algorithm and :key") if !encoding_opts.is_a?(Hash) || (%i[algorithm key] - encoding_opts.keys).any?
 
-        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm])
+        headers = {}
+        headers[:kid] = encoding_opts[:kid] if encoding_opts.key?(:kid)
+
+        JWT.encode(claims, encoding_opts[:key], encoding_opts[:algorithm], headers)
       end
     end
   end

data/lib/oauth2/version.rb

@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.11"
+    VERSION = "2.0.12"
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.11
+  version: 2.0.12
 platform: ruby
 authors:
 - Peter Boling
@@ -37,7 +37,7 @@ cert_chain:
   DVjBtqT23eugOqQ73umLcYDZkc36vnqGxUBSsXrzY9pzV5gGr2I8YUxMqf6ATrZt
   L9nRqA==
   -----END CERTIFICATE-----
-date: 2025-05-23 00:00:00.000000000 Z
+date: 2025-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -365,8 +365,7 @@ dependencies:
         version: '1.0'
 description: Ruby wrapper for the OAuth 2.0 protocol
 email:
-- peter.boling@gmail.com
-- oauth-ruby@googlegroups.com
+- floss@galtzo.com
 executables: []
 extensions: []
 extra_rdoc_files:
@@ -402,38 +401,33 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://oauth2.galtzo.com/
-  source_code_uri: https://github.com/oauth-xx/oauth2/releases/tag//v2.0.11
-  changelog_uri: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/CHANGELOG.md
+  source_code_uri: https://github.com/oauth-xx/oauth2/releases/tag//v2.0.12
+  changelog_uri: https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/CHANGELOG.md
   bug_tracker_uri: https://gitlab.com/oauth-xx/oauth2/-/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.11
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.12
   wiki_uri: https://gitlab.com/oauth-xx/oauth2/-/wiki
   mailing_list_uri: https://groups.google.com/g/oauth-ruby
-  funding_uri: https://liberapay.com/pboling
+  funding_uri: https://github.com/sponsors/pboling
   news_uri: https://www.railsbling.com/tags/oauth2
   rubygems_mfa_required: 'true'
 post_install_message: |2
 
-  You have installed oauth2 version 2.0.11, congratulations!
+  ---+++ oauth2 v2.0.12 +++---
 
-  There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy!
+  There are BREAKING CHANGES when upgrading from < v2
+  Most will not encounter them, and updating your code should be easy!
   Please see:
   • https://gitlab.com/oauth-xx/oauth2/-/blob/main/SECURITY.md
-  • https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.11/CHANGELOG.md#200-2022-06-21-tag
+  • https://gitlab.com/oauth-xx/oauth2/-/blob/v2.0.12/CHANGELOG.md#200-2022-06-21-tag
   • Summary of most important breaking changes: https://gitlab.com/oauth-xx/oauth2#what-is-new-for-v20
 
-  There are BUGFIXES in v2.0.11, which depending on how you relied on them instead of reporting and fixing them, may be BREAKING for you.
-  For more information please see:
-  https://railsbling.com/tags/oauth2
-
-  Important News:
-  1. Google Group is "active" (again)!
-  • https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE
-  2. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
+  News:
+  1. New documentation website: https://oauth2.galtzo.com
+  2. Discord for discussion and support: https://discord.gg/3qme4XHNKN
+  3. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
   Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then.
-  3. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
-  4. I need your support.
-
-  If you are sentient, please consider a donation as I move toward supporting myself with Open Source work:
+  4. Gem releases are now cryptographically signed with a 20-year cert, with checksums by stone_checksums.
+  5. Please consider supporting this project, and my other open source work, with one of the following methods:
   • https://liberapay.com/pboling
   • https://ko-fi.com/pboling
   • https://www.buymeacoffee.com/pboling