oauth2 2.0.6 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/lib/oauth2/access_token.rb +1 -1
- data/lib/oauth2/client.rb +39 -19
- data/lib/oauth2/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb9943fbd1a1592461b1397edb9ac16faf301da6ac1c8a2f9e441218c1a51924
|
4
|
+
data.tar.gz: 4435312a9b4cc0392dc49a15f9f71e8a1ed3ff3ca71ba6a7fbaf480aeede052a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 82997d8c41529574701ef25565735fe46d7e343689e5cc07f93cd9bcb074aaa78370aa50062aa59adcfa078f432fb9d2b7ada58d17fae4ac3874a51843e881d6
|
7
|
+
data.tar.gz: c3ce8c8fec91b43a570392791bcab65ccf0b4e4051e3ad6c726c0d23575ae7caf600adbf2a07c27eb1363be6aa9d5019c3adb34d7c166cd5e2c9ae411af9aac9
|
data/CHANGELOG.md
CHANGED
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
|
|
4
4
|
The format (since v2) is based on [Keep a Changelog v1](https://keepachangelog.com/en/1.0.0/),
|
5
5
|
and this project adheres to [Semantic Versioning v2](https://semver.org/spec/v2.0.0.html).
|
6
6
|
|
7
|
+
## [2.0.7] - 2022-08-22
|
8
|
+
### Added
|
9
|
+
- [#629](https://github.com/oauth-xx/oauth2/pull/629) - Allow POST of JSON to get token (@pboling, @terracatta)
|
10
|
+
|
11
|
+
### Fixed
|
12
|
+
- [#626](https://github.com/oauth-xx/oauth2/pull/626) - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
|
13
|
+
- Note: This fixes compatibility with `omniauth-oauth2` and AWS
|
14
|
+
- [#625](https://github.com/oauth-xx/oauth2/pull/625) - Fixes the printed version in the post install message (@hasghari)
|
15
|
+
|
7
16
|
## [2.0.6] - 2022-07-13
|
8
17
|
### Fixed
|
9
18
|
- [#624](https://github.com/oauth-xx/oauth2/pull/624) - Fixes a [regression](https://github.com/oauth-xx/oauth2/pull/623) in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
|
data/lib/oauth2/access_token.rb
CHANGED
@@ -18,7 +18,7 @@ module OAuth2
|
|
18
18
|
# @return [AccessToken] the initialized AccessToken
|
19
19
|
def from_hash(client, hash)
|
20
20
|
fresh = hash.dup
|
21
|
-
supported_keys = fresh.keys
|
21
|
+
supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
|
22
22
|
key = supported_keys[0]
|
23
23
|
# Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
|
24
24
|
warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.") if supported_keys.length > 1
|
data/lib/oauth2/client.rb
CHANGED
@@ -157,46 +157,50 @@ module OAuth2
|
|
157
157
|
def get_token(params, access_token_opts = {}, extract_access_token = nil, &block)
|
158
158
|
warn('OAuth2::Client#get_token argument `extract_access_token` will be removed in oauth2 v3. Refactor to use `access_token_class` on #initialize.') if extract_access_token
|
159
159
|
extract_access_token ||= options[:extract_access_token]
|
160
|
-
|
161
|
-
if RESERVED_PARAM_KEYS.include?(key)
|
162
|
-
[key.to_sym, value]
|
163
|
-
else
|
164
|
-
[key, value]
|
165
|
-
end
|
166
|
-
end.to_h
|
167
|
-
|
168
|
-
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
169
|
-
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
160
|
+
parse, snaky, params, headers = parse_snaky_params_headers(params)
|
170
161
|
|
171
162
|
request_opts = {
|
172
163
|
raise_errors: options[:raise_errors],
|
173
164
|
parse: parse,
|
174
165
|
snaky: snaky,
|
175
166
|
}
|
176
|
-
params = authenticator.apply(params)
|
177
|
-
headers = params.delete(:headers) || {}
|
178
167
|
if options[:token_method] == :post
|
179
|
-
|
168
|
+
|
169
|
+
# NOTE: If proliferation of request types continues we should implement a parser solution for Request,
|
170
|
+
# just like we have with Response.
|
171
|
+
request_opts[:body] = if headers['Content-Type'] == 'application/json'
|
172
|
+
params.to_json
|
173
|
+
else
|
174
|
+
params
|
175
|
+
end
|
176
|
+
|
180
177
|
request_opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
|
181
178
|
else
|
182
179
|
request_opts[:params] = params
|
183
180
|
request_opts[:headers] = {}
|
184
181
|
end
|
185
182
|
request_opts[:headers].merge!(headers)
|
186
|
-
http_method = options[:token_method]
|
187
|
-
http_method = :post if http_method == :post_with_query_string
|
188
183
|
response = request(http_method, token_url, request_opts, &block)
|
189
184
|
|
190
185
|
# In v1.4.x, the deprecated extract_access_token option retrieves the token from the response.
|
191
186
|
# We preserve this behavior here, but a custom access_token_class that implements #from_hash
|
192
187
|
# should be used instead.
|
193
188
|
if extract_access_token
|
194
|
-
|
189
|
+
parse_response_legacy(response, access_token_opts, extract_access_token)
|
195
190
|
else
|
196
191
|
parse_response(response, access_token_opts)
|
197
192
|
end
|
198
193
|
end
|
199
194
|
|
195
|
+
# The HTTP Method of the request
|
196
|
+
# @return [Symbol] HTTP verb, one of :get, :post, :put, :delete
|
197
|
+
def http_method
|
198
|
+
http_meth = options[:token_method].to_sym
|
199
|
+
return :post if http_meth == :post_with_query_string
|
200
|
+
|
201
|
+
http_meth
|
202
|
+
end
|
203
|
+
|
200
204
|
# The Authorization Code strategy
|
201
205
|
#
|
202
206
|
# @see http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1
|
@@ -255,6 +259,22 @@ module OAuth2
|
|
255
259
|
|
256
260
|
private
|
257
261
|
|
262
|
+
def parse_snaky_params_headers(params)
|
263
|
+
params = params.map do |key, value|
|
264
|
+
if RESERVED_PARAM_KEYS.include?(key)
|
265
|
+
[key.to_sym, value]
|
266
|
+
else
|
267
|
+
[key, value]
|
268
|
+
end
|
269
|
+
end.to_h
|
270
|
+
parse = params.key?(:parse) ? params.delete(:parse) : Response::DEFAULT_OPTIONS[:parse]
|
271
|
+
snaky = params.key?(:snaky) ? params.delete(:snaky) : Response::DEFAULT_OPTIONS[:snaky]
|
272
|
+
params = authenticator.apply(params)
|
273
|
+
# authenticator may add :headers, and we remove them here
|
274
|
+
headers = params.delete(:headers) || {}
|
275
|
+
[parse, snaky, params, headers]
|
276
|
+
end
|
277
|
+
|
258
278
|
def execute_request(verb, url, opts = {})
|
259
279
|
url = connection.build_url(url).to_s
|
260
280
|
|
@@ -282,8 +302,8 @@ module OAuth2
|
|
282
302
|
Authenticator.new(id, secret, options[:auth_scheme])
|
283
303
|
end
|
284
304
|
|
285
|
-
def
|
286
|
-
access_token =
|
305
|
+
def parse_response_legacy(response, access_token_opts, extract_access_token)
|
306
|
+
access_token = build_access_token_legacy(response, access_token_opts, extract_access_token)
|
287
307
|
|
288
308
|
return access_token if access_token
|
289
309
|
|
@@ -321,7 +341,7 @@ module OAuth2
|
|
321
341
|
# Builds the access token from the response of the HTTP call with legacy extract_access_token
|
322
342
|
#
|
323
343
|
# @return [AccessToken] the initialized AccessToken
|
324
|
-
def
|
344
|
+
def build_access_token_legacy(response, access_token_opts, extract_access_token)
|
325
345
|
extract_access_token.call(self, response.parsed.merge(access_token_opts))
|
326
346
|
rescue StandardError
|
327
347
|
nil
|
data/lib/oauth2/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Peter Boling
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2022-
|
13
|
+
date: 2022-08-22 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: faraday
|
@@ -307,15 +307,15 @@ licenses:
|
|
307
307
|
- MIT
|
308
308
|
metadata:
|
309
309
|
homepage_uri: https://github.com/oauth-xx/oauth2
|
310
|
-
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.
|
311
|
-
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.
|
310
|
+
source_code_uri: https://github.com/oauth-xx/oauth2/tree/v2.0.7
|
311
|
+
changelog_uri: https://github.com/oauth-xx/oauth2/blob/v2.0.7/CHANGELOG.md
|
312
312
|
bug_tracker_uri: https://github.com/oauth-xx/oauth2/issues
|
313
|
-
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.
|
313
|
+
documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.7
|
314
314
|
wiki_uri: https://github.com/oauth-xx/oauth2/wiki
|
315
315
|
rubygems_mfa_required: 'true'
|
316
316
|
post_install_message: |2+
|
317
317
|
|
318
|
-
You have installed oauth2 version
|
318
|
+
You have installed oauth2 version 2.0.7, congratulations!
|
319
319
|
|
320
320
|
There are BREAKING changes, but most will not encounter them, and updating your code should be easy!
|
321
321
|
|
@@ -339,7 +339,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
339
339
|
- !ruby/object:Gem::Version
|
340
340
|
version: '0'
|
341
341
|
requirements: []
|
342
|
-
rubygems_version: 3.3.
|
342
|
+
rubygems_version: 3.3.18
|
343
343
|
signing_key:
|
344
344
|
specification_version: 4
|
345
345
|
summary: A Ruby wrapper for the OAuth 2.0 protocol.
|