rodauth-oauth 0.10.4 → 1.0.0.pre.beta2

data/locales/pt.yml

@@ -3,21 +3,29 @@ pt:
     require_authorization_error_flash: "Autorize para continuar"
     create_oauth_application_error_flash: "Aconteceu um erro ao registar o aplicativo oauth"
     create_oauth_application_notice_flash: "O seu aplicativo oauth foi registado com sucesso"
-    revoke_unauthorized_account_error_flash: "Não está autorizado a revogar este token"
-    revoke_oauth_token_notice_flash: "O token oauth foi revogado com sucesso"
+    revoke_unauthorized_account_error_flash: "Não está autorizado a revogar esta concessão"
+    revoke_oauth_grant_notice_flash: "O token oauth foi revogado com sucesso"
     device_verification_notice_flash: "O dispositivo foi verificado com sucesso"
     user_code_not_found_error_flash: "Não existe nenhum dispositivo a ser autorizado com o código de usuário inserido"
     authorize_page_title: "Autorizar"
+    authorize_page_lead: "O aplicativo %{name} gostaria de aceder aos seus dados."
+    oauth_cancel_button: "Cancelar"
     oauth_applications_page_title: "Aplicativos OAuth"
     oauth_application_page_title: "Aplicativo Oauth"
     new_oauth_application_page_title: "Novo Aplicativo Oauth"
-    oauth_application_oauth_tokens_page_title: "Tokens Oauth do Aplicativo"
-    oauth_tokens_page_title: "Os meus Tokens Oauth"
+    oauth_application_oauth_grants_page_title: "Concessões Oauth do Aplicativo"
+    oauth_grants_page_title: "As minhas concessões Oauth"
     device_verification_page_title: "Verificação de dispositivo"
     device_search_page_title: "Pesquisa de dispositivo"
     oauth_management_pagination_previous_button: "Anterior"
     oauth_management_pagination_next_button: "Próxima"
-    oauth_tokens_scopes_label: "Escopos"
+    oauth_grants_type_label: "Tipo de concessão"
+    oauth_grants_scopes_label: "Escopos"
+    oauth_grants_token_label: "Token"
+    oauth_grants_refresh_token_label: "Refresh Token"
+    oauth_grants_expires_in_label: "Expira em"
+    oauth_grants_revoked_at_label: "Revogado a"
+    oauth_no_grants_text: "Nenhuma concessão OAuth ainda!"
     oauth_applications_name_label: "Nome"
     oauth_applications_description_label: "Descrição"
     oauth_applications_scopes_label: "Escopos prédefinidos"
@@ -28,30 +36,34 @@ pt:
     oauth_applications_redirect_uri_label: "URL para redireccionamento"
     oauth_applications_client_secret_label: "Segredo de cliente"
     oauth_applications_client_id_label: "ID do cliente"
+    oauth_no_applications_text: "Nenhum aplicativo OAuth ainda!"
     oauth_grant_user_code_label: "Código do usuário"
     oauth_grant_user_jws_jwk_label: "Chaves JSON Web"
     oauth_grant_user_jwt_public_key_label: "Chave pública"
     oauth_application_button: "Registar"
     oauth_authorize_button: "Autorizar"
-    oauth_token_revoke_button: "Revogar"
+    oauth_grant_revoke_button: "Revogar"
     oauth_authorize_post_button: "Voltar para o aplicativo cliente"
+    oauth_device_verification_page_lead: "O dispositivo com o código de usuário %{user_code} gostaria de aceder aos seus dados."
     oauth_device_verification_button: "Verificar"
+    oauth_device_search_page_lead: "Introduza o código de usuário do dispositivo que gostaria de autorizar."
     oauth_device_search_button: "Pesquisar"
-    invalid_client_message: "A autenticação do cliente falhou"
-    invalid_grant_type_message: "Tipo de atribuição inválida"
-    invalid_grant_message: "Atribuição inválida"
-    invalid_scope_message: "Escopo inválido"
+    oauth_invalid_client_message: "A autenticação do cliente falhou"
+    oauth_invalid_grant_type_message: "Tipo de atribuição inválida"
+    oauth_invalid_grant_message: "Atribuição inválida"
+    oauth_invalid_scope_message: "Escopo inválido"
     invalid_url_message: "URL inválido"
-    unsupported_token_type_message: "Sugestão de tipo de token inválida"
-    unique_error_message: "já está sendo utilizado"
+    oauth_unsupported_token_type_message: "Sugestão de tipo de token inválida"
     null_error_message: "não está preenchido"
-    already_in_use_message: "erro ao gerar token único"
-    expired_token_message: "o código de dispositivo expirou"
-    access_denied_message: "o pedido de autorização foi negado"
-    authorization_pending_message: "o pedido de autorização ainda está pendente"
-    slow_down_message: "o pedido de autorização ainda está pendente mas o intervalo de actualização deve ser aumentado"
-    code_challenge_required_message: "código de negociação necessário"
-    unsupported_transform_algorithm_message: "algoritmo de transformação não suportado"
-    request_uri_not_supported_message: "request_uri não é suportado"
-    invalid_request_object_message: "request_object é inválido"
-    invalid_scope_message: "O Token de acesso expirou"
+    oauth_unsupported_response_type_message: "Tipo de resposta inválido"
+    oauth_already_in_use_message: "erro ao gerar token único"
+    oauth_expired_token_message: "o código de dispositivo expirou"
+    oauth_access_denied_message: "o pedido de autorização foi negado"
+    oauth_authorization_pending_message: "o pedido de autorização ainda está pendente"
+    oauth_slow_down_message: "o pedido de autorização ainda está pendente mas o intervalo de actualização deve ser aumentado"
+    oauth_code_challenge_required_message: "código de negociação necessário"
+    oauth_unsupported_transform_algorithm_message: "algoritmo de transformação não suportado"
+    oauth_invalid_request_object_message: "request_object é inválido"
+    oauth_invalid_scope_message: "O Token de acesso expirou"
+    oauth_authorize_parameter_required: "'%{parameter}' é um parâmetro obrigatório"
+    oauth_invalid_post_logout_redirect_uri_message: "URI de redireccionamento pós-logout inválido"

data/templates/authorize.str

@@ -8,10 +8,15 @@
     end
   }
   <p class="lead">
-    The application
-    <a target="_blank" href="#{h(rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column])}">
-      #{h(rodauth.oauth_application[rodauth.oauth_applications_name_column])}
-    </a> would like to access your data.
+  #{
+    application_uri = rodauth.oauth_application[rodauth.oauth_applications_homepage_url_column]
+    application_name = application_uri ? (<<-LINK) : rodauth.oauth_application[rodauth.oauth_applications_name_column]
+      <a target="_blank" href="#{h(application_uri)}">
+        #{h(rodauth.oauth_application[rodauth.oauth_applications_name_column])}
+      </a>
+    LINK
+    rodauth.authorize_page_lead(name: application_name)
+  }
   </p>
   <div class="list-group">
   #{
@@ -52,18 +57,12 @@
   }
 
   <div class="form-group">
-    <h1 class="display-6">#{rodauth.oauth_tokens_scopes_label}</h1>
+    <h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
 
     #{
-      rodauth.scopes.map do |scope|
-        if scope == rodauth.oauth_application_default_scope
-          <<-HTML
-            <div class="form-check">
-              <input id="#{scope}" class="form-check-input" type="checkbox" name="scope[]" value="#{h(scope)}" checked disabled>
-              <label class="form-check-label" for="#{scope}">#{h(scope)}</label>
-              <input type="hidden" name="scope[]" value="#{h(scope)}">
-            </div>
-          HTML
+      rodauth.authorize_scopes.map do |scope|
+        if rodauth.features.include?(:oidc) && scope == "offline_access"
+          "<input type=\"hidden\" name=\"scope[]\" value=\"#{scope}\" />"
         else
           <<-HTML
             <div class="form-check">
@@ -76,7 +75,6 @@
     }
 
     <input type="hidden" name="client_id" value="#{rodauth.param("client_id")}"/>
-
     #{"<input type=\"hidden\" name=\"access_type\" value=\"#{rodauth.param("access_type")}\"/>" if rodauth.param_or_nil("access_type")}
     #{"<input type=\"hidden\" name=\"response_type\" value=\"#{rodauth.param("response_type")}\"/>" if rodauth.param_or_nil("response_type")}
     #{"<input type=\"hidden\" name=\"response_mode\" value=\"#{rodauth.param("response_mode")}\"/>" if rodauth.param_or_nil("response_mode")}
@@ -84,10 +82,12 @@
     #{"<input type=\"hidden\" name=\"redirect_uri\" value=\"#{rodauth.redirect_uri}\"/>" if rodauth.param_or_nil("redirect_uri")}
     #{"<input type=\"hidden\" name=\"code_challenge\" value=\"#{rodauth.param("code_challenge")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge")}
     #{"<input type=\"hidden\" name=\"code_challenge_method\" value=\"#{rodauth.param("code_challenge_method")}\"/>" if rodauth.features.include?(:oauth_pkce) && rodauth.param_or_nil("code_challenge_method")}
+    #{"<input type=\"hidden\" name=\"prompt\" value=\"#{rodauth.param("prompt")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("prompt")}
     #{"<input type=\"hidden\" name=\"nonce\" value=\"#{rodauth.param("nonce")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("nonce")}
     #{"<input type=\"hidden\" name=\"ui_locales\" value=\"#{rodauth.param("ui_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("ui_locales")}
     #{"<input type=\"hidden\" name=\"claims_locales\" value=\"#{rodauth.param("claims_locales")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims_locales")}
-    #{"<input type=\"hidden\" name=\"acr\" value=\"#{rodauth.param("acr_values")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("acr_values")}
+    #{"<input type=\"hidden\" name=\"claims\" value=\"#{h(rodauth.param("claims"))}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("claims")}
+    #{"<input type=\"hidden\" name=\"acr_values\" value=\"#{rodauth.param("acr_values")}\"/>" if rodauth.features.include?(:oidc) && rodauth.param_or_nil("acr_values")}
     #{
       if rodauth.features.include?(:oauth_resource_indicators) && rodauth.resource_indicators
         rodauth.resource_indicators.map do |resource|
@@ -98,6 +98,8 @@
   </div>
   <p class="text-center">
     <input type="submit" class="btn btn-outline-primary" value="#{h(rodauth.oauth_authorize_button)}"/>
-    <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">#{rodauth.oauth_cancel_button}</a>
+    <a href="#{rodauth.redirect_uri}?error=access_denied&error_description=The+resource+owner+or+authorization+server+denied+the+request#{ "&state=#{rodauth.param("state")}" if rodauth.param_or_nil("state")}" class="btn btn-outline-danger">
+      #{rodauth.oauth_cancel_button}
+    </a>
   </p>
 </form>

data/templates/device_search.str

@@ -1,5 +1,5 @@
 <form method="get" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-search-form">
-  <p class="lead">Insert the user code from the device you'd like to authorize.</p>
+  <p class="lead">#{rodauth.oauth_device_search_page_lead}</p>
 
   <div class="form-group">
     <label for="user_code">#{rodauth.oauth_grant_user_code_label}</label>

data/templates/device_verification.str

@@ -1,9 +1,9 @@
 <form method="post" action="#{rodauth.device_path}" class="form-horizontal" role="form" id="device-verification-form">
   #{csrf_tag(rodauth.device_path) if respond_to?(:csrf_tag)}
-  <p class="lead">The device with user code #{@oauth_grant[rodauth.oauth_grants_user_code_column]} would like to access your data.</p>
+  <p class="lead">#{rodauth.oauth_device_verification_page_lead(user_code: @oauth_grant[rodauth.oauth_grants_user_code_column])}</p>
 
   <div class="form-group">
-    <h1 class="display-6">#{rodauth.oauth_tokens_scopes_label}</h1>
+    <h1 class="display-6">#{rodauth.oauth_grants_scopes_label}</h1>
 
     <ul class="list-group">
     #{

data/templates/jwks_field.str

@@ -2,3 +2,4 @@
   <label for="name">#{rodauth.oauth_applications_jwks_label}#{rodauth.input_field_label_suffix}</label>
    <textarea id="jwks" class="form-control" name="#{rodauth.oauth_application_jwks_param}" rows="3"></textarea>
 </div>
+#{rodauth.input_field_string(rodauth.oauth_application_jwks_uri_param, "jwks-uri", :type=>"text")}

data/templates/new_oauth_application.str

@@ -1,6 +1,6 @@
 <h2>#{rodauth.new_oauth_application_page_title}</h2>
 <form method="post" action="#{rodauth.oauth_applications_path}" class="rodauth" role="form" id="oauth-application-form">
-  #{rodauth.csrf_tag}
+  #{csrf_tag(rodauth.oauth_applications_path) if respond_to?(:csrf_tag)}
   #{rodauth.render('name_field')}
   #{rodauth.render('description_field')}
   #{rodauth.render('homepage_url_field')}
@@ -10,7 +10,6 @@
   #{
     if rodauth.features.include?(:oauth_jwt)
       <<-HTML
-        #{rodauth.render('jwt_public_key_field')}
         #{rodauth.render('jwks_field')}
       HTML
     end

data/templates/oauth_application.str

@@ -3,7 +3,7 @@
     #{
       params = [*rodauth.oauth_application_required_params, "client_id", "client_secret"]
       if rodauth.features.include?(:oauth_jwt)
-        params += %w[jwks jwt_public_key]
+        params += %w[jwks]
       end
       params.map do |param|
         "<dt class=\"#{param}\">#{rodauth.send(:"oauth_applications_#{param}_label")}: </dt>" +
@@ -11,5 +11,5 @@
       end.join
     }
   </dl>
-  <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.oauth_applications_oauth_tokens_path}" class="btn btn-outline-secondary">#{rodauth.oauth_application_oauth_tokens_page_title}</a>
+  <a href="#{rodauth.oauth_applications_path}/#{@oauth_application[rodauth.oauth_applications_id_column]}/#{rodauth.oauth_applications_oauth_grants_path}" class="btn btn-outline-secondary">#{rodauth.oauth_application_oauth_grants_page_title}</a>
 </div>

data/templates/oauth_application_oauth_grants.str

@@ -0,0 +1,54 @@
+<div id="oauth-grants">
+  #{
+    if @oauth_grants.count.zero?
+      "<p>#{rodauth.oauth_no_grants_text}</p>"
+    else
+      <<-HTML
+        <table class="table">
+          <thead>
+            <tr>
+              <th scope="col">#{rodauth.oauth_grants_type_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_token_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_revoked_at_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
+              <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
+            </tr>
+          </thead>
+          <tbody>
+            #{
+              @oauth_grants.map do |oauth_grant|
+                <<-HTML
+                  <tr>
+                    <td><code class="token">#{oauth_grant[rodauth.oauth_grants_type_column]}</code></td>
+                    <td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
+                    <td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_revoked_at_column]}</td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
+                    <td>
+                      #{
+                        if !oauth_grant[rodauth.oauth_grants_revoked_at_column] && !oauth_grant[rodauth.oauth_grants_token_hash_column]
+                          <<-HTML
+                            <form method="post" action="#{rodauth.revoke_path}" class="form-horizontal" role="form" id="revoke-form">
+                              #{csrf_tag(rodauth.revoke_path) if respond_to?(:csrf_tag)}
+                              #{rodauth.input_field_string("token_type_hint", "revoke-token-type-hint", :value => "access_token", :type=>"hidden")}
+                              #{rodauth.input_field_string("token", "revoke-token", :value => oauth_grant[rodauth.oauth_grants_token_column], :type=>"hidden")}
+                              #{rodauth.button(rodauth.oauth_grant_revoke_button)}
+                            </form>
+                          HTML
+                        end
+                      }
+                    </td>
+                  </tr>
+                HTML
+              end.join
+            }
+          </tbody>
+        </table>
+        #{rodauth.oauth_management_pagination_links(@oauth_grants)}
+      HTML
+    end
+  }
+</div>

data/templates/oauth_applications.str

@@ -2,11 +2,11 @@
   <a class="btn btn-outline-primary" href="/oauth-applications/new">#{rodauth.new_oauth_application_page_title}</a>
   #{
     if @oauth_applications.count.zero?
-      "<p>No oauth applications yet!</p>"
+      "<p>#{rodauth.oauth_no_applications_text}</p>"
     else
       "<ul class=\"list-group\">" +
         @oauth_applications.map do |application|
-          "<li class=\"list-group-item\"><a href=\"/oauth-applications/#{application[:id]}\">#{application[:name]}</a></li>"
+          "<li class=\"list-group-item\"><a href=\"#{rodauth.oauth_application_path(application[rodauth.oauth_applications_id_column])}\">#{application[:name]}</a></li>"
         end.join +
       "</ul>"
     end

data/templates/oauth_grants.str

@@ -0,0 +1,52 @@
+<div id="oauth-grants">
+  #{
+    if @oauth_grants.count.zero?
+      "<p>#{rodauth.oauth_no_grants_text}</p>"
+    else
+      <<-HTML
+        <table class="table">
+          <thead>
+            <tr>
+              <th scope="col">#{rodauth.oauth_applications_name_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_type_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_token_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_refresh_token_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_expires_in_label}</th>
+              <th scope="col">#{rodauth.oauth_grants_scopes_label}</th>
+              <th scope="col"><span class="badge badge-pill badge-dark">#{@oauth_grants.count}</span>
+            </tr>
+          </thead>
+          <tbody>
+            #{
+              @oauth_grants.map do |oauth_grant|
+                <<-HTML
+                  <tr>
+                    <td>#{oauth_grant[rodauth.oauth_applications_name_column]}</td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_type_column]}</td>
+                    <td><code class="token">#{oauth_grant[rodauth.oauth_grants_token_column]}</code></td>
+                    <td><code class="token">#{oauth_grant[rodauth.oauth_grants_refresh_token_column]}</code></td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_expires_in_column]}</td>
+                    <td>#{oauth_grant[rodauth.oauth_grants_scopes_column]}</td>
+                    <td>
+                      #{
+                        if !oauth_grant[rodauth.oauth_grants_token_hash_column]
+                          <<-HTML
+                            <form method="post" action="#{rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])}" class="form-horizontal" role="form" id="grant-revoke-form">
+                              #{csrf_tag(rodauth.oauth_grant_path(oauth_grant[rodauth.oauth_grants_id_column])) if respond_to?(:csrf_tag)}
+                              #{rodauth.button(rodauth.oauth_grant_revoke_button)}
+                            </form>
+                          HTML
+                        end
+                      }
+                    </td>
+                  </tr>
+                HTML
+              end.join
+            }
+          </tbody>
+        </table>
+        #{rodauth.oauth_management_pagination_links(@oauth_grants)}
+      HTML
+    end
+  }
+</div>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.10.4
+  version: 1.0.0.pre.beta2
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-17 00:00:00.000000000 Z
+date: 2022-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rodauth
@@ -32,6 +32,7 @@ extensions: []
 extra_rdoc_files:
 - LICENSE.txt
 - README.md
+- MIGRATION-GUIDE-v1.md
 - CHANGELOG.md
 - doc/release_notes/0_0_1.md
 - doc/release_notes/0_0_2.md
@@ -65,9 +66,12 @@ extra_rdoc_files:
 - doc/release_notes/0_9_1.md
 - doc/release_notes/0_9_2.md
 - doc/release_notes/0_9_3.md
+- doc/release_notes/1_0_0_beta1.md
+- doc/release_notes/1_0_0_beta2.md
 files:
 - CHANGELOG.md
 - LICENSE.txt
+- MIGRATION-GUIDE-v1.md
 - README.md
 - doc/release_notes/0_0_1.md
 - doc/release_notes/0_0_2.md
@@ -101,47 +105,51 @@ files:
 - doc/release_notes/0_9_1.md
 - doc/release_notes/0_9_2.md
 - doc/release_notes/0_9_3.md
+- doc/release_notes/1_0_0_beta1.md
+- doc/release_notes/1_0_0_beta2.md
 - lib/generators/rodauth/oauth/install_generator.rb
 - lib/generators/rodauth/oauth/templates/app/models/oauth_application.rb
 - lib/generators/rodauth/oauth/templates/app/models/oauth_grant.rb
-- lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/authorize.html.erb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/device_search.html.erb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/device_verification.html.erb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/new_oauth_application.html.erb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application.html.erb
-- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_tokens.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_grants.html.erb
 - lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_applications.html.erb
-- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb
+- lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_grants.html.erb
 - lib/generators/rodauth/oauth/templates/db/migrate/create_rodauth_oauth.rb
 - lib/generators/rodauth/oauth/views_generator.rb
-- lib/rodauth/features/oauth.rb
 - lib/rodauth/features/oauth_application_management.rb
 - lib/rodauth/features/oauth_assertion_base.rb
 - lib/rodauth/features/oauth_authorization_code_grant.rb
 - lib/rodauth/features/oauth_authorize_base.rb
 - lib/rodauth/features/oauth_base.rb
 - lib/rodauth/features/oauth_client_credentials_grant.rb
-- lib/rodauth/features/oauth_device_grant.rb
+- lib/rodauth/features/oauth_device_code_grant.rb
 - lib/rodauth/features/oauth_dynamic_client_registration.rb
-- lib/rodauth/features/oauth_http_mac.rb
+- lib/rodauth/features/oauth_grant_management.rb
 - lib/rodauth/features/oauth_implicit_grant.rb
 - lib/rodauth/features/oauth_jwt.rb
+- lib/rodauth/features/oauth_jwt_base.rb
 - lib/rodauth/features/oauth_jwt_bearer_grant.rb
+- lib/rodauth/features/oauth_jwt_jwks.rb
+- lib/rodauth/features/oauth_jwt_secured_authorization_request.rb
 - lib/rodauth/features/oauth_management_base.rb
 - lib/rodauth/features/oauth_pkce.rb
 - lib/rodauth/features/oauth_resource_indicators.rb
+- lib/rodauth/features/oauth_resource_server.rb
 - lib/rodauth/features/oauth_saml_bearer_grant.rb
 - lib/rodauth/features/oauth_token_introspection.rb
-- lib/rodauth/features/oauth_token_management.rb
 - lib/rodauth/features/oauth_token_revocation.rb
 - lib/rodauth/features/oidc.rb
 - lib/rodauth/features/oidc_dynamic_client_registration.rb
+- lib/rodauth/features/oidc_rp_initiated_logout.rb
 - lib/rodauth/oauth.rb
 - lib/rodauth/oauth/database_extensions.rb
+- lib/rodauth/oauth/http_extensions.rb
 - lib/rodauth/oauth/jwe_extensions.rb
 - lib/rodauth/oauth/railtie.rb
-- lib/rodauth/oauth/refinements.rb
 - lib/rodauth/oauth/ttl_store.rb
 - lib/rodauth/oauth/version.rb
 - locales/en.yml
@@ -153,13 +161,12 @@ files:
 - templates/device_verification.str
 - templates/homepage_url_field.str
 - templates/jwks_field.str
-- templates/jwt_public_key_field.str
 - templates/name_field.str
 - templates/new_oauth_application.str
 - templates/oauth_application.str
-- templates/oauth_application_oauth_tokens.str
+- templates/oauth_application_oauth_grants.str
 - templates/oauth_applications.str
-- templates/oauth_tokens.str
+- templates/oauth_grants.str
 - templates/redirect_uri_field.str
 - templates/scope_field.str
 homepage: https://gitlab.com/honeyryderchuck/rodauth-oauth
@@ -180,12 +187,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.2.32
 signing_key:

data/lib/generators/rodauth/oauth/templates/app/models/oauth_token.rb

@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-class OauthToken < ApplicationRecord
-end

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_application_oauth_tokens.html.erb

@@ -1,39 +0,0 @@
-<% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
-<% tokens_count = oauth_tokens.count %>
-<% if tokens_count.zero? %>
-  <p>No oauth tokens yet!</p>
-<% else %>
-  <table class="table">
-    <thead>
-      <tr>
-        <th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_revoked_at_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
-        <th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
-      </tr>
-    </thead>
-    <tbody>
-      <% oauth_tokens.each do |oauth_token| %>
-        <tr>
-          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
-          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
-          <td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
-          <td><%= oauth_token[rodauth.oauth_tokens_revoked_at_column] %></td>
-          <td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
-          <td>
-            <% if !oauth_token[rodauth.oauth_tokens_revoked_at_column] %>
-              <%= form_tag rodauth.revoke_path, method: :post do %>
-                <%= hidden_field_tag :token_type_hint, "access_token" %>
-                <%= hidden_field_tag :token, oauth_token[rodauth.oauth_tokens_token_column] %>
-                <%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
-              <% end %>
-            <% end %>
-          </td>
-        </tr>
-      <% end %>
-    </tbody>
-  </table>
-  <%= rodauth.oauth_management_pagination_links(@oauth_tokens) %>
-<% end %>

data/lib/generators/rodauth/oauth/templates/app/views/rodauth/oauth_tokens.html.erb

@@ -1,35 +0,0 @@
-<% oauth_tokens = rodauth.scope.instance_variable_get(:@oauth_tokens) %>
-<% tokens_count = oauth_tokens.count %>
-<% if tokens_count.zero? %>
-  <p>No oauth tokens yet!</p>
-<% else %>
-  <table class="table">
-    <thead>
-      <tr>
-        <th scope="col"><=% rodauth.oauth_applications_name_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_token_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_refresh_token_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_expires_in_label %></th>
-        <th scope="col"><=% rodauth.oauth_tokens_scopes_label %></th>
-        <th scope="col"><span class="badge badge-pill badge-dark"><%= tokens_count %></span>
-      </tr>
-    </thead>
-    <tbody>
-      <% oauth_tokens.each do |oauth_token| %>
-        <tr>
-          <td><%= oauth_token[rodauth.oauth_applications_name_column] %></td>
-          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_token_column] %></code></td>
-          <td><code class="token"><%= oauth_token[rodauth.oauth_tokens_refresh_token_column] %></code></td>
-          <td><%= oauth_token[rodauth.oauth_tokens_expires_in_column] %></td>
-          <td><%= oauth_token[rodauth.oauth_tokens_scopes_column] %></td>
-          <td>
-            <%= form_tag rodauth.oauth_token_path(oauth_token[rodauth.oauth_tokens_id_column]), method: :post do %>
-              <%= submit_tag rodauth.oauth_token_revoke_button, class: "btn btn-danger" %>
-            <% end %>
-          </td>
-        </tr>
-      <% end %>
-    </tbody>
-  </table>
-  <%= rodauth.oauth_management_pagination_links(oauth_tokens) %>
-<% end %>

data/lib/rodauth/features/oauth.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-module Rodauth
-  Feature.define(:oauth, :Oauth) do
-    depends :oauth_base, :oauth_authorization_code_grant, :oauth_pkce, :oauth_implicit_grant,
-            :oauth_client_credentials_grant, :oauth_device_grant, :oauth_token_introspection,
-            :oauth_token_revocation, :oauth_application_management, :oauth_token_management
-  end
-end