oauth2 2.0.6 → 2.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/oauth2/access_token.rb +1 -1
- data/lib/oauth2/client.rb +39 -19
- data/lib/oauth2/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fb9943fbd1a1592461b1397edb9ac16faf301da6ac1c8a2f9e441218c1a51924
|
|
4
|
+
data.tar.gz: 4435312a9b4cc0392dc49a15f9f71e8a1ed3ff3ca71ba6a7fbaf480aeede052a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82997d8c41529574701ef25565735fe46d7e343689e5cc07f93cd9bcb074aaa78370aa50062aa59adcfa078f432fb9d2b7ada58d17fae4ac3874a51843e881d6
|
|
7
|
+
data.tar.gz: c3ce8c8fec91b43a570392791bcab65ccf0b4e4051e3ad6c726c0d23575ae7caf600adbf2a07c27eb1363be6aa9d5019c3adb34d7c166cd5e2c9ae411af9aac9
|
data/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
+
## [2.0.7] - 2022-08-22
|
|
8
|
+
### Added
|
|
9
|
+
- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
|
|
13
|
+
- Note: This fixes compatibility with `omniauth-oauth2` and AWS
|
|
14
|
+
- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari)
|
|
15
|
+
|
|
7
16
|
## [2.0.6] - 2022-07-13
|
|
8
17
|
### Fixed
|
|
9
18
|
- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
|
data/lib/oauth2/access_token.rb
CHANGED
|
@@ -18,7 +18,7 @@ module OAuth2
|
|
|
18
18
|
# @return [AccessToken] the initialized AccessToken
|
|
19
19
|
def from_hash(client, hash)
|
|
20
20
|
fresh = hash.dup
|
|
21
|
-
supported_keys = fresh.keys
|
|
21
|
+
supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
|
|
22
22
|
key = supported_keys[0]
|
|
23
23
|
# Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
|
|
24
24
|
warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1
|
data/lib/oauth2/client.rb
CHANGED
|
@@ -157,46 +157,50 @@ module OAuth2
|
|
|
157
157
|
def get_token(params, access_token_opts = {}, extract_access_token = nil, &block)
|
|
158
158
|
warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token
|
|
159
159
|
extract_access_token ||= options[:extract_access_token]
|
|
160
|
-
|
|
161
|
-
if RESERVED_PARAM_KEYS.include?(key)
|
|
162
|
-
[key.to_sym, value]
|
|
163
|
-
else
|
|
164
|
-
[key, value]
|
|
165
|
-
end
|
|
166
|
-
end.to_h
|
|
167
|
-
|
|
168
|
-
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
|
169
|
-
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
|
160
|
+
parse, snaky, params, headers = parse_snaky_params_headers(params)
|
|
170
161
|
|
|
171
162
|
request_opts = {
|
|
172
163
|
raise_errors: options[:raise_errors],
|
|
173
164
|
parse: parse,
|
|
174
165
|
snaky: snaky,
|
|
175
166
|
}
|
|
176
|
-
params = authenticator.apply(params)
|
|
177
|
-
headers = params.delete(:headers) || {}
|
|
178
167
|
if options[:token_method] == :post
|
|
179
|
-
|
|
168
|
+
|
|
169
|
+
# NOTE: If proliferation of request types continues we should implement a parser solution for Request,
|
|
170
|
+
# just like we have with Response.
|
|
171
|
+
request_opts[:body] = if headers['Content-Type'] == 'application/json'
|
|
172
|
+
params.to_json
|
|
173
|
+
else
|
|
174
|
+
params
|
|
175
|
+
end
|
|
176
|
+
|
|
180
177
|
request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
|
181
178
|
else
|
|
182
179
|
request_opts[:params] = params
|
|
183
180
|
request_opts[:headers] = {}
|
|
184
181
|
end
|
|
185
182
|
request_opts[:headers].merge!(headers)
|
|
186
|
-
http_method = options[:token_method]
|
|
187
|
-
http_method = :post if http_method == :post_with_query_string
|
|
188
183
|
response = request(http_method, token_url, request_opts, &block)
|
|
189
184
|
|
|
190
185
|
# In v1.4.x, the deprecated extract_access_token option retrieves the token from the response.
|
|
191
186
|
# We preserve this behavior here, but a custom access_token_class that implements #from_hash
|
|
192
187
|
# should be used instead.
|
|
193
188
|
if extract_access_token
|
|
194
|
-
|
|
189
|
+
parse_response_legacy(response, access_token_opts, extract_access_token)
|
|
195
190
|
else
|
|
196
191
|
parse_response(response, access_token_opts)
|
|
197
192
|
end
|
|
198
193
|
end
|
|
199
194
|
|
|
195
|
+
# The HTTP Method of the request
|
|
196
|
+
# @return [Symbol] HTTP verb, one of :get, :post, :put, :delete
|
|
197
|
+
def http_method
|
|
198
|
+
http_meth = options[:token_method].to_sym
|
|
199
|
+
return :post if http_meth == :post_with_query_string
|
|
200
|
+
|
|
201
|
+
http_meth
|
|
202
|
+
end
|
|
203
|
+
|
|
200
204
|
# The Authorization Code strategy
|
|
201
205
|
#
|
|
202
206
|
# @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1
|
|
@@ -255,6 +259,22 @@ module OAuth2
|
|
|
255
259
|
|
|
256
260
|
private
|
|
257
261
|
|
|
262
|
+
def parse_snaky_params_headers(params)
|
|
263
|
+
params = params.map do |key, value|
|
|
264
|
+
if RESERVED_PARAM_KEYS.include?(key)
|
|
265
|
+
[key.to_sym, value]
|
|
266
|
+
else
|
|
267
|
+
[key, value]
|
|
268
|
+
end
|
|
269
|
+
end.to_h
|
|
270
|
+
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
|
271
|
+
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
|
272
|
+
params = authenticator.apply(params)
|
|
273
|
+
# authenticator may add :headers, and we remove them here
|
|
274
|
+
headers = params.delete(:headers) || {}
|
|
275
|
+
[parse, snaky, params, headers]
|
|
276
|
+
end
|
|
277
|
+
|
|
258
278
|
def execute_request(verb, url, opts = {})
|
|
259
279
|
url = connection.build_url(url).to_s
|
|
260
280
|
|
|
@@ -282,8 +302,8 @@ module OAuth2
|
|
|
282
302
|
Authenticator.new(id, secret, options[:auth_scheme])
|
|
283
303
|
end
|
|
284
304
|
|
|
285
|
-
def
|
|
286
|
-
access_token =
|
|
305
|
+
def parse_response_legacy(response, access_token_opts, extract_access_token)
|
|
306
|
+
access_token = build_access_token_legacy(response, access_token_opts, extract_access_token)
|
|
287
307
|
|
|
288
308
|
return access_token if access_token
|
|
289
309
|
|
|
@@ -321,7 +341,7 @@ module OAuth2
|
|
|
321
341
|
# Builds the access token from the response of the HTTP call with legacy extract_access_token
|
|
322
342
|
#
|
|
323
343
|
# @return [AccessToken] the initialized AccessToken
|
|
324
|
-
def
|
|
344
|
+
def build_access_token_legacy(response, access_token_opts, extract_access_token)
|
|
325
345
|
extract_access_token.call(self, response.parsed.merge(access_token_opts))
|
|
326
346
|
rescue StandardError
|
|
327
347
|
nil
|
data/lib/oauth2/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oauth2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Peter Boling
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2022-
|
|
13
|
+
date: 2022-08-22 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: faraday
|
|
@@ -307,15 +307,15 @@ licenses:
|
|
|
307
307
|
- MIT
|
|
308
308
|
metadata:
|
|
309
309
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
|
310
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.7
|
|
311
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.7/CHANGELOG.md
|
|
312
312
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
|
313
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.7
|
|
314
314
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
|
315
315
|
rubygems_mfa_required: 'true'
|
|
316
316
|
post_install_message: |2+
|
|
317
317
|
|
|
318
|
-
You have installed oauth2 version
|
|
318
|
+
You have installed oauth2 version 2.0.7, congratulations!
|
|
319
319
|
|
|
320
320
|
There are BREAKING changes, but most will not encounter them, and updating your code should be easy!
|
|
321
321
|
|
|
@@ -339,7 +339,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
339
339
|
- !ruby/object:Gem::Version
|
|
340
340
|
version: '0'
|
|
341
341
|
requirements: []
|
|
342
|
-
rubygems_version: 3.3.
|
|
342
|
+
rubygems_version: 3.3.18
|
|
343
343
|
signing_key:
|
|
344
344
|
specification_version: 4
|
|
345
345
|
summary: A Ruby wrapper for the OAuth 2.0 protocol.
|