rack-oauth2 1.12.0 → 2.2.0

data/spec/rack/oauth2/server/resource/bearer_spec.rb

@@ -22,29 +22,29 @@ describe Rack::OAuth2::Server::Resource::Bearer do
 
   shared_examples_for :authenticated_bearer_request do
     it 'should be authenticated' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should == bearer_token
     end
   end
   shared_examples_for :unauthorized_bearer_request do
     it 'should be unauthorized' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 401
-      header['WWW-Authenticate'].should include 'Bearer'
+      headers['WWW-Authenticate'].should include 'Bearer'
       access_token.should be_nil
     end
   end
   shared_examples_for :bad_bearer_request do
     it 'should be bad_request' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 400
       access_token.should be_nil
     end
   end
   shared_examples_for :skipped_authentication_request do
     it 'should skip OAuth 2.0 authentication' do
-      status, header, response = request
+      status, headers, response = request
       status.should == 200
       access_token.should be_nil
     end
@@ -94,15 +94,15 @@ describe Rack::OAuth2::Server::Resource::Bearer do
           end
         end
         it 'should use specified realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{realm}\""
         end
       end
 
       context 'otherwize' do
         it 'should use default realm' do
-          status, header, response = request
-          header['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
+          status, headers, response = request
+          headers['WWW-Authenticate'].should include "Bearer realm=\"#{Rack::OAuth2::Server::Resource::Bearer::DEFAULT_REALM}\""
         end
       end
     end

data/spec/rack/oauth2/server/resource/error_spec.rb

@@ -7,10 +7,10 @@ describe Rack::OAuth2::Server::Resource::BadRequest do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 400
-      header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      headers['Content-Type'].should == 'application/json'
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -40,20 +40,20 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
 
     describe '#finish' do
       it 'should respond in JSON' do
-        status, header, response = error_with_scheme.finish
+        status, headers, response = error_with_scheme.finish
         status.should == 401
-        header['Content-Type'].should == 'application/json'
-        header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
-        response.body.should == ['{"error":"invalid_token"}']
+        headers['Content-Type'].should == 'application/json'
+        headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\", error=\"invalid_token\""
+        response.should == ['{"error":"invalid_token"}']
       end
 
       context 'when error_code is not invalid_token' do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new(:something) }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          response.first.should include '"error":"something"'
         end
       end
 
@@ -61,9 +61,9 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Unauthorized.new }
 
         it 'should have error_code in body but not in WWW-Authenticate header' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should == '{"error":"unauthorized"}'
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          response.first.should == '{"error":"unauthorized"}'
         end
       end
 
@@ -72,9 +72,9 @@ describe Rack::OAuth2::Server::Resource::Unauthorized do
         let(:error) { Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(:something, nil, realm: realm) }
 
         it 'should use given realm' do
-          status, header, response = error_with_scheme.finish
-          header['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
-          response.body.first.should include '"error":"something"'
+          status, headers, response = error_with_scheme.finish
+          headers['WWW-Authenticate'].should == "Scheme realm=\"#{realm}\""
+          response.first.should include '"error":"something"'
         end
       end
     end
@@ -88,10 +88,10 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 403
-      header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"insufficient_scope"}']
+      headers['Content-Type'].should == 'application/json'
+      response.should == ['{"error":"insufficient_scope"}']
     end
   end
 
@@ -99,8 +99,8 @@ describe Rack::OAuth2::Server::Resource::Forbidden do
     let(:error) { Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(:insufficient_scope, 'Desc', scope: [:scope1, :scope2]) }
 
     it 'should have blank WWW-Authenticate header' do
-      status, header, response = error.finish
-      response.body.first.should include '"scope":"scope1 scope2"'
+      status, headers, response = error.finish
+      response.first.should include '"scope":"scope1 scope2"'
     end
   end
 end

data/spec/rack/oauth2/server/token/authorization_code_spec.rb

@@ -24,8 +24,8 @@ describe Rack::OAuth2::Server::Token::AuthorizationCode do
   its(:body)         { should include '"token_type":"bearer"' }
 
   it 'should prevent to be cached' do
-    response.header['Cache-Control'].should == 'no-store'
-    response.header['Pragma'].should == 'no-cache'
+    response.headers['Cache-Control'].should == 'no-store'
+    response.headers['Pragma'].should == 'no-cache'
   end
 
   [:code].each do |required|

data/spec/rack/oauth2/server/token/client_credentials_spec.rb

@@ -4,14 +4,19 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
   let(:request) { Rack::MockRequest.new app }
   let(:app) do
     Rack::OAuth2::Server::Token.new do |request, response|
+      unless request.client_id == client_id && request.client_secret == client_secret
+        request.invalid_client!
+      end
       response.access_token = Rack::OAuth2::AccessToken::Bearer.new(access_token: 'access_token')
     end
   end
+  let(:client_id) { 'client_id '}
+  let(:client_secret) { 'client_secret' }
   let(:params) do
     {
       grant_type: 'client_credentials',
-      client_id: 'client_id',
-      client_secret: 'client_secret'
+      client_id: client_id,
+      client_secret: client_secret
     }
   end
   subject { request.post('/', params: params) }
@@ -20,4 +25,29 @@ describe Rack::OAuth2::Server::Token::ClientCredentials do
   its(:content_type) { should == 'application/json' }
   its(:body)         { should include '"access_token":"access_token"' }
   its(:body)         { should include '"token_type":"bearer"' }
+
+  context 'basic auth' do
+    let(:params) do
+      { grant_type: 'client_credentials' }
+    end
+    let(:encoded_creds) do
+      Base64.strict_encode64([
+        Rack::OAuth2::Util.www_form_url_encode(client_id),
+        Rack::OAuth2::Util.www_form_url_encode(client_secret)
+      ].join(':'))
+    end
+    subject do
+      request.post('/',
+        {params: params, 'HTTP_AUTHORIZATION' => "Basic #{encoded_creds}"})
+    end
+
+    its(:status)       { should == 200 }
+
+    context 'compliance with RFC6749 sec 2.3.1' do
+      let(:client_id) { 'client: yes/please!' }
+      let(:client_secret) { 'terrible:secret:of:space' }
+
+      its(:status)       { should == 200 }
+    end
+  end
 end

data/spec/rack/oauth2/server/token/error_spec.rb

@@ -7,10 +7,10 @@ describe Rack::OAuth2::Server::Token::BadRequest do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 400
-      header['Content-Type'].should == 'application/json'
-      response.body.should == ['{"error":"invalid_request"}']
+      headers['Content-Type'].should == 'application/json'
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -22,11 +22,11 @@ describe Rack::OAuth2::Server::Token::Unauthorized do
 
   describe '#finish' do
     it 'should respond in JSON' do
-      status, header, response = error.finish
+      status, headers, response = error.finish
       status.should == 401
-      header['Content-Type'].should == 'application/json'
-      header['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
-      response.body.should == ['{"error":"invalid_request"}']
+      headers['Content-Type'].should == 'application/json'
+      headers['WWW-Authenticate'].should == 'Basic realm="OAuth2 Token Endpoint"'
+      response.should == ['{"error":"invalid_request"}']
     end
   end
 end
@@ -74,4 +74,4 @@ describe Rack::OAuth2::Server::Token::ErrorMethods do
       end
     end
   end
-end
+end

data/spec/rack/oauth2/server/token_spec.rb

@@ -28,9 +28,9 @@ describe Rack::OAuth2::Server::Token do
         )
       end
       it 'should fail with unsupported_grant_type' do
-        status, header, response = app.call(env)
+        status, headers, response = app.call(env)
         status.should == 400
-        response.body.first.should include '"error":"invalid_request"'
+        response.first.should include '"error":"invalid_request"'
       end
     end
 
@@ -43,7 +43,7 @@ describe Rack::OAuth2::Server::Token do
         )
       end
       it 'should ignore duplicates' do
-        status, header, response = app.call(env)
+        status, headers, response = app.call(env)
         status.should == 200
       end
     end
@@ -71,6 +71,60 @@ describe Rack::OAuth2::Server::Token do
     end
   end
 
+  context 'when client_id is given via JWT client assertion' do
+    before do
+      require 'json/jwt'
+      params[:client_assertion] = JSON::JWT.new(
+        sub: params[:client_id]
+        # NOTE: actual client_assertion should have more claims.
+      ).sign('client_secret').to_s
+      params[:client_assertion_type] = Rack::OAuth2::URN::ClientAssertionType::JWT_BEARER
+      params.delete(:client_id)
+    end
+
+    context 'when client_assertion is invalid JWT' do
+      before do
+        params[:client_assertion] = 'invalid-jwt'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion_type is missing' do
+      before do
+        params.delete(:client_assertion_type)
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion_type is unknown' do
+      before do
+        params[:client_assertion_type] = 'unknown'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'when client_assertion issuer is different from client_id' do
+      before do
+        params[:client_id] = 'another_client_id'
+      end
+      its(:status)       { should == 400 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"error":"invalid_request"' }
+    end
+
+    context 'otherwise' do
+      its(:status)       { should == 200 }
+      its(:content_type) { should == 'application/json' }
+      its(:body)         { should include '"access_token":"access_token"' }
+    end
+  end
+
   Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION.each do |error, default_message|
     status = if error == :invalid_client
       401
@@ -87,7 +141,22 @@ describe Rack::OAuth2::Server::Token do
       its(:content_type) { should == 'application/json' }
       its(:body)         { should include "\"error\":\"#{error}\"" }
       its(:body)         { should include "\"error_description\":\"#{default_message}\"" }
+      if error == :invalid_client
+        its(:headers)    { should include 'WWW-Authenticate' }
+      end
+    end
+  end
+
+  context 'when skip_www_authenticate option is specified on invalid_client' do
+    let(:app) do
+      Rack::OAuth2::Server::Token.new do |request, response|
+        request.invalid_client!(
+          Rack::OAuth2::Server::Token::ErrorMethods::DEFAULT_DESCRIPTION[:invalid_client],
+          skip_www_authenticate: true
+        )
+      end
     end
+    its(:headers) { should_not include 'WWW-Authenticate' }
   end
 
   context 'when responding' do

data/spec/rack/oauth2/util_spec.rb

@@ -9,9 +9,14 @@ describe Rack::OAuth2::Util do
     'http://client.example.com/callback'
   end
 
-  describe '.rfc3986_encode' do
-    subject { util.rfc3986_encode '=+ .-/' }
-    it { should == '%3D%2B%20.-%2F' }
+  describe '.www_form_url_encode' do
+    subject { util.www_form_url_encode '=+ .-/' }
+    it { should == '%3D%2B+.-%2F' }
+  end
+
+  describe '.www_form_urldecode' do
+    subject { util.www_form_url_decode '%3D%2B+.-%2F' }
+    it { should == '=+ .-/' }
   end
 
   describe '.base64_encode' do

metadata

@@ -1,31 +1,45 @@
 --- !ruby/object:Gem::Specification
 name: rack-oauth2
 version: !ruby/object:Gem::Version
-  version: 1.12.0
+  version: 2.2.0
 platform: ruby
 authors:
 - nov matake
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-25 00:00:00.000000000 Z
+date: 2022-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: httpclient
+  name: faraday-follow_redirects
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -150,8 +164,21 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: OAuth 2.0 Server & Client Library. Both Bearer and MAC token type are
-  supported.
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: OAuth 2.0 Server & Client Library. Both Bearer token type are supported.
 email: nov@matake.jp
 executables: []
 extensions: []
@@ -160,9 +187,11 @@ extra_rdoc_files:
 - README.rdoc
 files:
 - ".document"
+- ".github/FUNDING.yml"
+- ".github/workflows/spec.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE
 - README.rdoc
@@ -172,11 +201,6 @@ files:
 - lib/rack/oauth2/access_token.rb
 - lib/rack/oauth2/access_token/authenticator.rb
 - lib/rack/oauth2/access_token/bearer.rb
-- lib/rack/oauth2/access_token/legacy.rb
-- lib/rack/oauth2/access_token/mac.rb
-- lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb
-- lib/rack/oauth2/access_token/mac/signature.rb
-- lib/rack/oauth2/access_token/mac/verifier.rb
 - lib/rack/oauth2/access_token/mtls.rb
 - lib/rack/oauth2/client.rb
 - lib/rack/oauth2/client/error.rb
@@ -188,8 +212,6 @@ files:
 - lib/rack/oauth2/client/grant/refresh_token.rb
 - lib/rack/oauth2/client/grant/saml2_bearer.rb
 - lib/rack/oauth2/client/grant/token_exchange.rb
-- lib/rack/oauth2/debugger.rb
-- lib/rack/oauth2/debugger/request_filter.rb
 - lib/rack/oauth2/server.rb
 - lib/rack/oauth2/server/abstract.rb
 - lib/rack/oauth2/server/abstract/error.rb
@@ -212,8 +234,6 @@ files:
 - lib/rack/oauth2/server/resource/bearer.rb
 - lib/rack/oauth2/server/resource/bearer/error.rb
 - lib/rack/oauth2/server/resource/error.rb
-- lib/rack/oauth2/server/resource/mac.rb
-- lib/rack/oauth2/server/resource/mac/error.rb
 - lib/rack/oauth2/server/token.rb
 - lib/rack/oauth2/server/token/authorization_code.rb
 - lib/rack/oauth2/server/token/client_credentials.rb
@@ -229,23 +249,14 @@ files:
 - rack-oauth2.gemspec
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
-- spec/mock_response/blank
+- spec/mock_response/blank.txt
 - spec/mock_response/errors/invalid_request.json
 - spec/mock_response/resources/fake.txt
 - spec/mock_response/tokens/_Bearer.json
 - spec/mock_response/tokens/bearer.json
-- spec/mock_response/tokens/legacy.json
-- spec/mock_response/tokens/legacy.txt
-- spec/mock_response/tokens/legacy_without_expires_in.txt
-- spec/mock_response/tokens/mac.json
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
-- spec/rack/oauth2/access_token/legacy_spec.rb
-- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
-- spec/rack/oauth2/access_token/mac/signature_spec.rb
-- spec/rack/oauth2/access_token/mac/verifier_spec.rb
-- spec/rack/oauth2/access_token/mac_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -255,7 +266,6 @@ files:
 - spec/rack/oauth2/client/grant/refresh_token_spec.rb
 - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
 - spec/rack/oauth2/client_spec.rb
-- spec/rack/oauth2/debugger/request_filter_spec.rb
 - spec/rack/oauth2/oauth2_spec.rb
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -268,8 +278,6 @@ files:
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb
 - spec/rack/oauth2/server/resource/bearer_spec.rb
 - spec/rack/oauth2/server/resource/error_spec.rb
-- spec/rack/oauth2/server/resource/mac/error_spec.rb
-- spec/rack/oauth2/server/resource/mac_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/client_credentials_spec.rb
@@ -281,11 +289,11 @@ files:
 - spec/rack/oauth2/server/token_spec.rb
 - spec/rack/oauth2/util_spec.rb
 - spec/spec_helper.rb
-homepage: http://github.com/nov/rack-oauth2
+homepage: https://github.com/nov/rack-oauth2
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options:
 - "--charset=UTF-8"
 require_paths:
@@ -301,30 +309,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.3.7
+signing_key:
 specification_version: 4
-summary: OAuth 2.0 Server & Client Library - Both Bearer and MAC token type are supported
+summary: OAuth 2.0 Server & Client Library - Both Bearer token type are supported
 test_files:
 - spec/helpers/time.rb
 - spec/helpers/webmock_helper.rb
-- spec/mock_response/blank
+- spec/mock_response/blank.txt
 - spec/mock_response/errors/invalid_request.json
 - spec/mock_response/resources/fake.txt
 - spec/mock_response/tokens/_Bearer.json
 - spec/mock_response/tokens/bearer.json
-- spec/mock_response/tokens/legacy.json
-- spec/mock_response/tokens/legacy.txt
-- spec/mock_response/tokens/legacy_without_expires_in.txt
-- spec/mock_response/tokens/mac.json
 - spec/mock_response/tokens/unknown.json
 - spec/rack/oauth2/access_token/authenticator_spec.rb
 - spec/rack/oauth2/access_token/bearer_spec.rb
-- spec/rack/oauth2/access_token/legacy_spec.rb
-- spec/rack/oauth2/access_token/mac/sha256_hex_verifier_spec.rb
-- spec/rack/oauth2/access_token/mac/signature_spec.rb
-- spec/rack/oauth2/access_token/mac/verifier_spec.rb
-- spec/rack/oauth2/access_token/mac_spec.rb
 - spec/rack/oauth2/access_token_spec.rb
 - spec/rack/oauth2/client/error_spec.rb
 - spec/rack/oauth2/client/grant/authorization_code_spec.rb
@@ -334,7 +333,6 @@ test_files:
 - spec/rack/oauth2/client/grant/refresh_token_spec.rb
 - spec/rack/oauth2/client/grant/saml2_bearer_spec.rb
 - spec/rack/oauth2/client_spec.rb
-- spec/rack/oauth2/debugger/request_filter_spec.rb
 - spec/rack/oauth2/oauth2_spec.rb
 - spec/rack/oauth2/server/abstract/error_spec.rb
 - spec/rack/oauth2/server/authorize/code_spec.rb
@@ -347,8 +345,6 @@ test_files:
 - spec/rack/oauth2/server/resource/bearer/error_spec.rb
 - spec/rack/oauth2/server/resource/bearer_spec.rb
 - spec/rack/oauth2/server/resource/error_spec.rb
-- spec/rack/oauth2/server/resource/mac/error_spec.rb
-- spec/rack/oauth2/server/resource/mac_spec.rb
 - spec/rack/oauth2/server/resource_spec.rb
 - spec/rack/oauth2/server/token/authorization_code_spec.rb
 - spec/rack/oauth2/server/token/client_credentials_spec.rb

data/.travis.yml

@@ -1,7 +0,0 @@
-before_install:
-  - gem install bundler
-
-rvm:
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0

data/lib/rack/oauth2/access_token/legacy.rb

@@ -1,19 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class Legacy < AccessToken
-        def initialize(attributes = {})
-          super
-          self.expires_in = (
-            self.expires_in ||
-            attributes[:expires]
-          ).try(:to_i)
-        end
-
-        def authenticate(request)
-          request.header["Authorization"] = "OAuth #{access_token}"
-        end
-      end
-    end
-  end
-end

data/lib/rack/oauth2/access_token/mac/sha256_hex_verifier.rb

@@ -1,17 +0,0 @@
-module Rack
-  module OAuth2
-    class AccessToken
-      class MAC
-        class Sha256HexVerifier < Verifier
-          attr_optional :raw_body
-
-          def calculate
-            return nil unless raw_body.present?
-            
-            OpenSSL::Digest::SHA256.new.digest(raw_body).unpack('H*').first
-          end
-        end
-      end
-    end
-  end
-end