Permalink
Commits on Jun 14, 2017
  1. Create README.md

    jasonschulte committed Jun 14, 2017
Commits on May 23, 2017
  1. Bump version to 1.3.0

    tmilewski committed May 23, 2017
  2. Merge pull request #73 from volmer/master

    tmilewski committed May 23, 2017
    Do not include query params in callback URLs
Commits on May 19, 2017
  1. Do not include query params in callback URLs

    volmer committed May 19, 2017
    In order to be compatible with GitHub Integration's Oauth flow the callback URL
    must match the same one provided in the integration's settings page. The current
    `callback_url` method includes any query params received previously, which
    causes a mismatch, and GitHub returns "406 Not Accepted" with an error message:
    
    ```
    (github) Callback phase initiated.
    (github) Authentication failure! invalid_credentials: OAuth2::Error,
    redirect_uri_mismatch: The redirect_uri MUST match the registered callback URL
    for this application.
    error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+
    the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2
    Fdeveloper.github.com%2Fv3%2Foauth%2F%23redirect-uri-mismatch2
    ```
    
    For more information:
    https://developer.github.com/early-access/integrations/user-identification-authorization
Commits on Feb 18, 2017
  1. Bump version to 1.2.3

    tmilewski committed Feb 18, 2017
  2. Merge pull request #71 from andrew/omniauth-1.6.0

    tmilewski committed Feb 18, 2017
    Loosen omniauth requirement to allow for 1.X versions
Commits on Feb 16, 2017
  1. Merge pull request #70 from andrew/omniauth-1.5.0

    tmilewski committed Feb 16, 2017
    Update omniauth to 1.5.0
Commits on Feb 13, 2017
  1. Update omniauth to 1.5.0

    andrew committed Feb 13, 2017
Commits on Feb 12, 2017
  1. Bump version to 1.2.2

    tmilewski committed Feb 12, 2017
  2. Merge pull request #69 from almirsarajcic/bug-fixes/email-nil

    tmilewski committed Feb 12, 2017
    Email without scope
Commits on Feb 11, 2017
Commits on Feb 6, 2017
  1. Bump version to 1.2.1

    tmilewski committed Feb 6, 2017
  2. Update omniauth to 1.4.0 (#65)

    andrew authored and tmilewski committed Feb 6, 2017
Commits on Feb 1, 2017
  1. Syntax highlighting in README.md

    alyssais authored and tmilewski committed Oct 25, 2015
  2. Bring `omniauth-github` up-to-date (#61)

    tmilewski committed Feb 1, 2017
    * Prefer https Rubygems URL
    
    * Bring everything up-to-date
    
    * Basic standardization of specs
    
    * Bump version to 1.2.0
    
    * Update omniauth to 1.3.2
Commits on Apr 16, 2015
  1. Merge pull request #51 from miyagawa/ghe-doc

    mbleigh committed Apr 16, 2015
    Correct GHE usage example in README
Commits on Mar 20, 2015
  1. Merge pull request #48 from mattbreeden/verify_emails

    mbleigh committed Mar 20, 2015
    Only return verified email addresses
Commits on Mar 3, 2015
  1. add /api/v3 in GHE usage

    miyagawa committed Mar 3, 2015
Commits on Feb 20, 2015
  1. Only return verified email addresses

    Matthew Breeden
    Matthew Breeden committed Feb 20, 2015
Commits on Feb 13, 2015
  1. Merge pull request #27 from spraints/html_url

    mbleigh committed Feb 13, 2015
    Set info.urls['GitHub'] from the user info
  2. Merge pull request #31 from fooforge/master

    mbleigh committed Feb 13, 2015
    Fix obsolete URL in README
  3. Merge pull request #39 from HeroicEric/fix-email-scope

    mbleigh committed Feb 13, 2015
    Don't allow email access when scope `user:follow`
  4. Merge pull request #40 from jwaterfaucett/add_license_to_gemspec

    mbleigh committed Feb 13, 2015
    Add explicit MIT license declaration in gemspec
  5. Merge pull request #45 from testbrian/master

    mbleigh committed Feb 13, 2015
    omniauth-oauth2 >=1.1.1
Commits on Dec 18, 2014
  1. omniauth-oauth2 >=1.1.1

    testbrian committed Dec 18, 2014
    http://www.rubysec.com/advisories/CVE-2012-6134/
    
    CVE-2012-6134 in omniauth-oauth2 
    Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state.
Commits on Jul 14, 2014
Commits on Jul 8, 2014
  1. Don't allow email access when scope `user:follow`

    HeroicEric committed Jul 8, 2014
    `user:follow` is not a scope that grants email access
Commits on Apr 10, 2014
  1. Bump to 1.1.2

    mbleigh committed Apr 10, 2014
Commits on Dec 22, 2013
  1. Fix obsolete URL in README

    fooforge committed Dec 22, 2013
Commits on Oct 8, 2013
  1. Merge pull request #29 from nwest/master

    mbleigh committed Oct 8, 2013
    Tweak email to prefer primary email address if available
Commits on Jul 16, 2013
  1. Merge pull request #26 from ryan-endacott/master

    mbleigh committed Jul 16, 2013
    Bumped version to 1.1.1.
Commits on Jun 14, 2013
Commits on Apr 10, 2013