Skip to content

Latest commit

 

History

History
263 lines (209 loc) · 19.9 KB

CHANGELOG.md

File metadata and controls

263 lines (209 loc) · 19.9 KB

Changelog

All notable changes to this project will be documented in this file.

The format (since v2.0.0) is based on Keep a Changelog v1, and this project adheres to Semantic Versioning v2.

Added

  • #158, #344 - Optionally pass raw response to parsers (@niels)
  • #190, #332, #334, #335, #360, #426, #427, #461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
  • #220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
  • #298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
  • #305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
  • #346 - Modern gem structure (@pboling)
  • #351 - Support Jruby 9k (@pboling)
  • #362 - Support SemVer release version scheme (@pboling)
  • #363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
  • #364 - Support application/hal+json format (@pboling)
  • #365 - Support application/vnd.collection+json format (@pboling)
  • #376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
  • #381 - Spec for extra header params on client credentials (@nikz)
  • #394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
  • #412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
  • #413 - Documentation: License scan and report (@meganemura)
  • #442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
  • #494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
  • #509 - Support IETF MAC Draft 05 (@anvox)
  • #549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionFailed (@nikkypx)
  • #550 - Raise error if location header not present when redirecting (@stanhu)
  • #552 - Add missing version.rb require (@ahorek)
  • #553 - Support application/problem+json format (@janz93)
  • #560 - Support IETF rfc6749, section 2.3.1 - don't set auth params when nil (@bouk)
  • #571 - Support Ruby 3.1 (@pboling)
  • #575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)

Changed

  • #191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
  • #312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
  • #317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
  • #338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
  • #339, #368, #424, #479, #493, #539, #542, #553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
  • #410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
  • #414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
  • #489 - BREAKING default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
  • #489 - BREAKING default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
  • #576 - BREAKING: Stop rescuing parsing errors (@pboling)

Fixed

  • #158, #344 - Handling of errors when using omniauth-facebook (@niels)
  • #294 - Fix: "Unexpected middleware set" issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
  • #300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
  • #318, #326, #343, #347, #397, #464, #561, #565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
  • #322, #331, #337, #361, #371, #377, #383, #392, #395, #400, #401, #403, #415, #567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
  • #328 - Documentation: Homepage URL is SSL (@amatsuda)
  • #339, #479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
  • #366 - Security: Fix logging to $stdout of request and response bodies via Faraday's logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
  • #380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
  • #399 - Fix: stop duplicating redirect_uri in get_token (@markus)
  • #410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
  • #460 - Fix: stop throwing errors when raise_errors is set to false; analog of #524 for 1-4-stable branch (@joaolrpaulo)
  • #472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
  • #482 - Documentation: Update last of intridea links to oauth-xx (@pboling)
  • #536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to #535 on 1-4-stable branch (@pboling)

Removed

  • #341 - Remove Rdoc & Jeweler related files (@josephpage)
  • #342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
  • #539 - Remove reliance on globally included OAuth2 in tests, analog of #538 for 1-4-stable (@anderscarling)
  • #566 - Dependency: Removed wwtd (@bquorning)

1.4.9 - 2022-02-20

  • Fixes compatibility with Faraday v2 572
  • Includes supported versions of Faraday in test matrix:
    • Faraday ~> 2.2.0 with Ruby >= 2.6
    • Faraday ~> 1.10 with Ruby >= 2.4
    • Faraday ~> 0.17.3 with Ruby >= 1.9
  • Add Windows and MacOS to test matrix

1.4.8 - 2022-02-18

  • MFA is now required to push new gem versions (@pboling)
  • README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling)
  • #569 Backport fixes (#561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
  • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
  • Add CodeQL, Security Policy, Funding info (@pboling)
  • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
  • #543 - Support for more modern Open SSL libraries (@pboling)

1.4.7 - 2021-03-19

  • #541 - Backport fix to expires_at handling #533 to 1-4-stable branch. (@dobon)

1.4.6 - 2021-03-19

  • #540 - Add VERSION constant (@pboling)
  • #537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
  • #538 - Remove reliance on globally included OAuth2 in tests, analogous to #539 on master branch (@anderscarling)

1.4.5 - 2021-03-18

  • #535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to #536 on master branch (@pboling)
  • #518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
  • #507 - Fix camel case content type, response keys (@anvox)
  • #500 - Fix YARD documentation formatting (@olleolleolle)

1.4.4 - 2020-02-12

  • #408 - Fixed expires_at for formatted time (@Lomey)

1.4.3 - 2020-01-29

  • #483 - add project metadata to gemspec (@orien)
  • #495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
    • Adds support for private_key_jwt and tls_client_auth
  • #433 - allow field names with square brackets and numbers in params (@asm256)

1.4.2 - 2019-10-01

  • #478 - support latest version of faraday & fix build (@pboling)
    • Officially support Ruby 2.6 and truffleruby

1.4.1 - 2018-10-13

1.4.0 - 2017-06-09

  • Drop Ruby 1.8.7 support (@sferik)
  • Fix some RuboCop offenses (@sferik)
  • Dependency: Remove Yardstick (@sferik)
  • Dependency: Upgrade Faraday to 0.12 (@sferik)

1.3.1 - 2017-03-03

  • Add support for Ruby 2.4.0 (@pschambacher)
  • Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)

1.3.0 - 2016-12-28

  • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
  • Default to header-based authentication when getting a token from an authorisation code (@maletor)
  • Breaking: Allow an auth_scheme (:basic_auth or :request_body) to be set on the client, defaulting to :request_body to maintain backwards compatibility (@maletor, @bjeanes)
  • Handle redirect_uri according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
  • Refactor handling of encoding of error responses (@urkle)
  • Avoid instantiating an Error if there is no error to raise (@urkle)
  • Add support for Faraday 0.10 (@rhymes)

1.2.0 - 2016-07-01

  • Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
  • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
  • Use raise rather than fail to throw exceptions (@sferik)

1.1.0 - 2016-01-30

  • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
  • Add support for Rack 2, and bump various other dependencies (@sferik)

1.0.0 - 2014-07-09

Added

  • Add an implementation of the MAC token spec.

Fixed

  • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.

0.5.0 - 2011-07-29

Changed

  • [breaking] oauth_token renamed to oauth_bearer.
  • [breaking] authorize_path Client option renamed to authorize_url.
  • [breaking] access_token_path Client option renamed to token_url.
  • [breaking] access_token_method Client option renamed to token_method.
  • [breaking] web_server renamed to auth_code.

0.4.1 - 2011-04-20

0.4.0 - 2011-04-20

0.3.0 - 2011-04-08

0.2.0 - 2011-04-01

0.1.1 - 2011-01-12

0.1.0 - 2010-10-13

0.0.13 + 0.0.12 + 0.0.11 - 2010-08-17

0.0.10 - 2010-06-19

0.0.9 - 2010-06-18

0.0.8 + 0.0.7 - 2010-04-27

0.0.6 - 2010-04-25

0.0.5 - 2010-04-23

0.0.4 + 0.0.3 + 0.0.2 + 0.0.1 - 2010-04-22