All notable changes to this project will be documented in this file.
The format (since v2.0.0) is based on Keep a Changelog v1, and this project adheres to Semantic Versioning v2.
- #158, #344 - Optionally pass raw response to parsers (@niels)
- #190, #332, #334, #335, #360, #426, #427, #461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
- #220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
- #298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
- #305 - Option:
OAuth2::Client#get_token-:access_token_class(AccessToken); user specified class to use for all calls toget_token(@styd) - #346 - Modern gem structure (@pboling)
- #351 - Support Jruby 9k (@pboling)
- #362 - Support SemVer release version scheme (@pboling)
- #363 - New method
OAuth2::AccessToken#refresh!same as oldrefresh, with backwards compatibility alias (@pboling) - #364 - Support
application/hal+jsonformat (@pboling) - #365 - Support
application/vnd.collection+jsonformat (@pboling) - #376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
- #381 - Spec for extra header params on client credentials (@nikz)
- #394 - Option:
OAuth2::AccessToken#initialize-:expires_latency(nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx) - #412 - Support
application/vdn.api+jsonformat (from jsonapi.org) (@david-christensen) - #413 - Documentation: License scan and report (@meganemura)
- #442 - Option:
OAuth2::Client#initialize-:logger(::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with1-4-stablebranch) (@rthbound) - #494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
- #549 - Wrap
Faraday::ConnectionFailedinOAuth2::ConnectionFailed(@nikkypx) - #550 - Raise error if location header not present when redirecting (@stanhu)
- #552 - Add missing
version.rbrequire (@ahorek) - #553 - Support
application/problem+jsonformat (@janz93) - #560 - Support IETF rfc6749, section 2.3.1 - don't set auth params when
nil(@bouk) - #571 - Support Ruby 3.1 (@pboling)
- #575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
- #581 - Documentation: of breaking changes (@pboling)
- #191 - BREAKING: Token is expired if
expired_attime isnow(@davestevens) - #312 - BREAKING: Set
:basic_authas default for:auth_schemeinstead of:request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777) - #317 - Dependency: Upgrade
jwtto 2.x.x (@travisofthenorth) - #338 - Dependency: Switch from
Rack::Utils.escapetoCGI.escape(@josephpage) - #339, #368, #424, #479, #493, #539, #542, #553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
- #410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
- #414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
- #489 - BREAKING: Default value for option
OAuth2::Client-:authorize_urlremoved leading slash to work with relative paths by default ('oauth/authorize') (@ghost) - #489 - BREAKING: Default value for option
OAuth2::Client-:token_urlremoved leading slash to work with relative paths by default ('oauth/token') (@ghost) - #576 - BREAKING: Stop rescuing parsing errors (@pboling)
- #591 - DEPRECATION:
OAuth2::Client-:extract_access_tokenoption is deprecated
- #158, #344 - Handling of errors when using
omniauth-facebook(@niels) - #294 - Fix: "Unexpected middleware set" issue with Faraday when
OAUTH_DEBUG=true(@spectator, @gafrom) - #300 - Documentation:
Oauth2::Error- Error codes are strings, not symbols (@NobodysNightmare) - #318, #326, #343, #347, #397, #464, #561, #565 - Dependency: Support all versions of
faraday(see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother) - #322, #331, #337, #361, #371, #377, #383, #392, #395, #400, #401, #403, #415, #567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
- #328 - Documentation: Homepage URL is SSL (@amatsuda)
- #339, #479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
- #366 - Security: Fix logging to
$stdoutof request and response bodies via Faraday's logger andENV["OAUTH_DEBUG"] == 'true'(@pboling) - #380 - Fix: Stop attempting to encode non-encodable objects in
Oauth2::Error(@jhmoore) - #399 - Fix: Stop duplicating
redirect_uriinget_token(@markus) - #410 - Fix:
SystemStackErrorcaused by circular reference between Error and Response classes (@jhmoore) - #460 - Fix: Stop throwing errors when
raise_errorsis set tofalse; analog of #524 for1-4-stablebranch (@joaolrpaulo) - #472 - Security: Add checks to enforce
client_secretis never passed in authorize_url query params forimplicitandauth_codegrant types (@dfockler) - #482 - Documentation: Update last of
intridealinks tooauth-xx(@pboling) - #536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to #535 on
1-4-stablebranch (@pboling)
- #341 - Remove Rdoc & Jeweler related files (@josephpage)
- #342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
- #539 - Remove reliance on globally included OAuth2 in tests, analog of #538 for 1-4-stable (@anderscarling)
- #566 - Dependency: Removed
wwtd(@bquorning) - #589, #593 - Remove support for expired MAC token draft spec (@stanhu)
- #590 - Dependency: Removed
multi_json(@stanhu)
1.4.9 - 2022-02-20
- Fixes compatibility with Faraday v2 572
- Includes supported versions of Faraday in test matrix:
- Faraday ~> 2.2.0 with Ruby >= 2.6
- Faraday ~> 1.10 with Ruby >= 2.4
- Faraday ~> 0.17.3 with Ruby >= 1.9
- Add Windows and MacOS to test matrix
1.4.8 - 2022-02-18
- MFA is now required to push new gem versions (@pboling)
- README overhaul w/ new Ruby Verion and Engine compatibility policies (@pboling)
- #569 Backport fixes (#561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
- Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
- Add CodeQL, Security Policy, Funding info (@pboling)
- Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
- #543 - Support for more modern Open SSL libraries (@pboling)
1.4.7 - 2021-03-19
1.4.6 - 2021-03-19
- #540 - Add VERSION constant (@pboling)
- #537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
- #538 - Remove reliance on globally included OAuth2 in tests, analogous to #539 on master branch (@anderscarling)
1.4.5 - 2021-03-18
- #535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to #536 on master branch (@pboling)
- #518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
- #507 - Fix camel case content type, response keys (@anvox)
- #500 - Fix YARD documentation formatting (@olleolleolle)
1.4.4 - 2020-02-12
- #408 - Fixed expires_at for formatted time (@Lomey)
1.4.3 - 2020-01-29
- #483 - add project metadata to gemspec (@orien)
- #495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
- Adds support for private_key_jwt and tls_client_auth
- #433 - allow field names with square brackets and numbers in params (@asm256)
1.4.2 - 2019-10-01
- #478 - support latest version of faraday & fix build (@pboling)
- Officially support Ruby 2.6 and truffleruby
1.4.1 - 2018-10-13
- #417 - update jwt dependency (@thewoolleyman)
- #419 - remove rubocop dependency (temporary, added back in #423) (@pboling)
- #418 - update faraday dependency (@pboling)
- #420 - update oauth2.gemspec (@pboling)
- #421 - fix CHANGELOG.md for previous releases (@pboling)
- #422 - update LICENSE and README.md (@pboling)
- #423 - update builds, Rakefile (@pboling)
1.4.0 - 2017-06-09
- Drop Ruby 1.8.7 support (@sferik)
- Fix some RuboCop offenses (@sferik)
- Dependency: Remove Yardstick (@sferik)
- Dependency: Upgrade Faraday to 0.12 (@sferik)
1.3.1 - 2017-03-03
- Add support for Ruby 2.4.0 (@pschambacher)
- Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
1.3.0 - 2016-12-28
- Add support for header-based authentication to the
Clientso it can be used across the library (@bjeanes) - Default to header-based authentication when getting a token from an authorisation code (@maletor)
- Breaking: Allow an
auth_scheme(:basic_author:request_body) to be set on the client, defaulting to:request_bodyto maintain backwards compatibility (@maletor, @bjeanes) - Handle
redirect_uriaccording to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes) - Refactor handling of encoding of error responses (@urkle)
- Avoid instantiating an
Errorif there is no error to raise (@urkle) - Add support for Faraday 0.10 (@rhymes)
1.2.0 - 2016-07-01
- Properly handle encoding of error responses (so we don't blow up, for example, when Google's response includes a ∞) (@Motoshi-Nishihira)
- Make a copy of the options hash in
AccessToken#from_hashto avoid accidental mutations (@Linuus) - Use
raiserather thanfailto throw exceptions (@sferik)
1.1.0 - 2016-01-30
- Various refactors (eliminating
Hash#merge!usage inAccessToken#refresh!, useyieldinstead of#call, freezing mutable objects in constants, replacing constants with class variables) (@sferik) - Add support for Rack 2, and bump various other dependencies (@sferik)
1.0.0 - 2014-07-09
- Add an implementation of the MAC token spec.
- Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
0.5.0 - 2011-07-29
- [breaking]
oauth_tokenrenamed tooauth_bearer. - [breaking]
authorize_pathClient option renamed toauthorize_url. - [breaking]
access_token_pathClient option renamed totoken_url. - [breaking]
access_token_methodClient option renamed totoken_method. - [breaking]
web_serverrenamed toauth_code.