Bumps Faraday to < 0.16.0, recover spec

[joshRpowell]

Per the discussion here #373 (comment)

It appears to be a simple spec recovery after reviewing the diff here lostisland/faraday@v0.14.0...v0.15.0#diff-edec4a38ac976ddeb50ec36ed13bf8e1R23

closes #384

[coveralls]

Pull Request Test Coverage Report for Build 629

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at ?%

---

Totals
Change from base Build 625:	0.0%
Covered Lines:
Relevant Lines:	0

---

💛 - Coveralls

[pboling]

@joshRpowell Thanks for the PR. Looks like we need to pend the failing spec for jruby-1.7. Some strange variance in the request diff there, though I don't think it looks concerning. We use rspec-pending_for to pend ruby engine specific failures like this.

[raimondasv]

@joshRpowell any news? Shall we reopen this with new PR?

[pboling]

We just need someone to pend the failing spec. I will get around to it eventually, unless someone else does first.

https://github.com/pboling/rspec-pending_for

[joshRpowell]

@raimondasv have a local headstart after @pboling comment #385 (comment) but the wife decided to buy a house. moving day is Friday. I should be able to wrap up next week.

No offense taken if you want to wrap it up in another PR. would rather have it done / merged.

[pboling]

This change was merged in #397, thanks!

[morgoth]

any idea when we can expect new release with faraday and jwt gems version dependencies unlocked?

[pboling]

@morgoth @tisba Ideally we would have people reporting in that master HEAD is working for them. As it is I am not aware of anyone running master HEAD live in production, and there are breaking changes. I'll try to make time to dog food this soon, but my use case is about as tiny as possible (I have dozens of users, DOZENS!), so it won't be a great test.

More importantly, we need assistance finishing up the remaining issues in the release milestone. Please contribute!

https://github.com/oauth-xx/oauth2/milestone/1

[morgoth]

I can report that master is working for me :-)
However I use it only through https://github.com/basecamp/google_sign_in

[tisba]

@pboling understood. I'll see what I can do. but the oauth2 gem is just a small part in a bigger "chain" of dependencies we use (via omniauth-github, omniauth-oauth2, …). I guess they all have to incorporated the breaking changes in oauth2 master :-/

Currently we run off a forked version with a relaxed faraday constraint which is also pretty much the only thing that was important to us in our case.

[pboling]

The breaking changes are very unlikely to affect most things. They are breaking in the sense that some people may have been relying on bug-as-a-feature, or quite minor changes to existing behavior. See the changelog. I expect most 'happy path' use cases will not require changes.

As always, please look at the changelog.

Of Note

It is the case that the "industrial" oauth2 spec itself has evolved over the years, and some of the things that were valid when this gem was written are now explicitly forbidden, or have changed significantly in the spec.

We had to evolve the gem (and make some breaking changes) to keep up with the standard, and thereby allow compatibility with some vendors and services that actually follow the standard. Many oauth2 services and vendors deviate from the standard in bespoke ways, and that gets tricky also.

This gem was already out of date in some ways, as compared to the official spec, when it was last released as 1.4.0.