rodauth-oauth 0.4.2 → 0.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 38ad6d8c4d03dac86f78e9c883f11426d805f77f82248098192ed4696a9f20e8
-  data.tar.gz: 07d4a10bae7e031033f0660347022e42139adb7be8834daaba307f1530838ce0
+  metadata.gz: 96756ac8a30c904c5b832b64c47a00af9524810561d58c909b6f322da7348e8c
+  data.tar.gz: 965f6ff260bd86c2fcb7bbd2ba2bd131b453f04a39b73f99ef0860d2bc95b0e0
 SHA512:
-  metadata.gz: 6331ba7a98a83f27d5ab3accb21dcf0676d43b21b76b98bf2349b688eeec5eaa1842e3c7e340cbc8a4109f40186ddabfc9d6daf679860b6438f1bb0520c6b383
-  data.tar.gz: 3b3b5f1c512a55fbcd6308cebf1e638bc9fe0a1e720f2acbde3b2cf52ca76431e668f74ae7070bb1f031c9e5b63fa307deab4b525c033caa00aa898d8505bb34
+  metadata.gz: e7e257a12204599a27d0917f2b31c32906f0d4c566d51ee6d4fde146e2340e36afb9a932cff8bf37872d59259f4d43d423d1c1266f3066063c70aa334f83e119
+  data.tar.gz: 07c0e564e7636893f736f6e05f634684cd7bc28e9d0acfb53ba518357fab198bc878792a68bde6b988b8c8ddf2d3e2bb4d4ecebcd9c4bf68d85f75178cdd0fdf

data/CHANGELOG.md

@@ -2,13 +2,17 @@
 
 ## master
 
-### 0.4.2
+### 0.4.3 (09/12/2020)
+
+* Introspection requests made to an Authorization Server in "resource server" mode are not correctly encoding the body using the "application/x-www-form-urlencoded" format.
+
+### 0.4.2 (24/11/2020)
 
 ### Bugfixes
 
-* database entensions were being run in resource server mode, when it's not expected that the oauth db tables are around.
+* database extensions were being run in resource server mode, when it's not expected that the oauth db tables are around.
 
-### 0.4.1
+### 0.4.1 (24/11/2020)
 
 ### Improvements
 
@@ -16,9 +20,9 @@ When in "Resource Server" mode, calling `rodauth.authorization_token` will now r
 
 ### Bugfixes
 
-* An error ocurred if the client passed an empty authorization header (`Authorization: ` or `Authorization: Bearer `), causing an unexpected error; It now responds with the proper `401 Unauthorized` status code.
+* An error occurred if the client passed an empty authorization header (`Authorization: ` or `Authorization: Bearer `), causing an unexpected error; It now responds with the proper `401 Unauthorized` status code.
 
-### 0.4.0
+### 0.4.0 (13/11/2020)
 
 ### Features
 
@@ -37,7 +41,7 @@ When in "Resource Server" mode, calling `rodauth.authorization_token` will now r
 * rails tests were silently not running in CI;
 * The CI suite was revamped, so that all Oauth tests would be run under rails as well. All versions from rails equal or above 5.0 are now targeted;
 
-### 0.3.0
+### 0.3.0 (8/10/2020)
 
 #### Features
 
@@ -66,7 +70,7 @@ Use `rodauth.convert_timestamp` in the templates, whenever dates are displayed.
 
 Set HTTP Cache headers for metadata responses, such as `/.well-known/oauth-authorization-server` and `/.well-known/openid-configuration`, so they can be stored at the edge. The cache will be valid for 1 day (this value isn't set by an option yet).
 
-### 0.2.0
+### 0.2.0 (9/9/2020)
 
 #### Features
 
@@ -110,9 +114,7 @@ Fixed some mishandling of HTTP headers when in in resource-server mode.
 * 97.7% test coverage;
 * `rodauth-oauth` CI tests run against sqlite, postgresql and mysql.
 
-### 0.1.0
-
-(31/7/2020)
+### 0.1.0 (31/7/2020)
 
 #### Features
 
@@ -158,9 +160,7 @@ URI schemes for client applications redirect URIs have to be `https`. In order t
 * fixed trailing "/" in the "issuer" value in server metadata (`https://server.com/` -> `https://server.com`).
 
 
-### 0.0.6
-
-(6/7/2020)
+### 0.0.6 (6/7/2020)
 
 #### Features
 
@@ -183,9 +183,7 @@ The `oauth_jwt` feature now supports JWT Secured Authorization Request (JAR) (se
 Removed React Javascript from example applications.
 
 
-### 0.0.5
-
-(26/6/2020)
+### 0.0.5 (26/6/2020)
 
 #### Features
 
@@ -222,9 +220,7 @@ It **requires** the authorization to implement the server metadata endpoint (`/.
 * option `scopes_param` renamed to `scope_param`;
 *
 
-## 0.0.4
-
-(13/6/2020)
+## 0.0.4 (13/6/2020)
 
 ### Features
 
@@ -261,9 +257,7 @@ The `oauth_jwt` feature now allows the usage of access tokens to authorize the g
 
 * Fixed scope claim of JWT ("scopes" -> "scope");
 
-## 0.0.3
-
-(5/6/2020)
+## 0.0.3 (5/6/2020)
 
 ### Features
 
@@ -295,9 +289,7 @@ end
 * renamed the existing `use_oauth_implicit_grant_type` to `use_oauth_implicit_grant_type?`;
 * It's now usable as JSON API (small caveat: POST authorize will still redirect on success...);
 
-## 0.0.2
-
-(29/5/2020)
+## 0.0.2 (29/5/2020)
 
 ### Features
 
@@ -313,8 +305,6 @@ end
 
 * usage of client secret for authorizing the generation of tokens, as the spec mandates (and refraining from them when doing PKCE).
 
-## 0.0.1
-
-(14/5/2020)
+## 0.0.1 (14/5/2020)
 
 Initial implementation of the Oauth 2.0 framework, with an example app done using roda.

data/lib/rodauth/features/oauth.rb

@@ -624,9 +624,9 @@ module Rodauth
       http.use_ssl = auth_url.scheme == "https"
 
       request = Net::HTTP::Post.new(introspect_path)
-      request["content-type"] = json_response_content_type
+      request["content-type"] = "application/x-www-form-urlencoded"
       request["accept"] = json_response_content_type
-      request.body = JSON.dump({ "token_type_hint" => token_type_hint, "token" => token })
+      request.set_form_data({ "token_type_hint" => token_type_hint, "token" => token })
 
       before_introspection_request(request)
       response = http.request(request)

data/lib/rodauth/oauth/version.rb

@@ -2,6 +2,6 @@
 
 module Rodauth
   module OAuth
-    VERSION = "0.4.2"
+    VERSION = "0.4.3"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-oauth
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.3
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-24 00:00:00.000000000 Z
+date: 2020-12-10 00:00:00.000000000 Z
 dependencies: []
 description: Implementation of the OAuth 2.0 protocol on top of rodauth.
 email: