From 6bb185bc93b90163610fa40705981b58aaf24910 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 8 Sep 2025 02:04:29 -0600 Subject: [PATCH 1/5] =?UTF-8?q?=F0=9F=94=A5=20Remove=20codecov=20(again)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - https://github.com/codecov/engineering-team/issues/3594 --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index d69fc2f5..3eca1004 100644 --- a/README.md +++ b/README.md @@ -1262,8 +1262,6 @@ See [CONTRIBUTING.md][🤝contributing]. ### Code Coverage -[![Coverage Graph][🔑codecov-g]][🔑codecov] - [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] From fdd67ca2f59f273c46ffe53a72e4c829b74673d1 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 8 Sep 2025 02:06:03 -0600 Subject: [PATCH 2/5] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20Fix=20internal=20link?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3eca1004..6c663c58 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ covering the latest patch for each of the following minor versions: - You should upgrade the dependencies of this gem with confidence\*. - Please do upgrade, and then, when it goes smooth as butter [please sponsor me][🖇sponsor]. Thanks! -[sv-pub-api]: #-is-platform-support-part-of-the-public-api +[sv-pub-api]: #-versioning \* MIT license; The only guarantees I make are for [enterprise support](#enterprise-support). From 190cfd05807e24d199642b372cbd663f8763c162 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 8 Sep 2025 02:12:08 -0600 Subject: [PATCH 3/5] =?UTF-8?q?=F0=9F=93=9D=20Improve=20documentation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6c663c58..e3256c73 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,11 @@ [![Version][👽versioni]][👽version] [![GitHub tag (latest SemVer)][⛳️tag-img]][⛳️tag] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI Truffle Ruby][🚎9-t-wfi]][🚎9-t-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CodeQL][🖐codeQL-img]][🖐codeQL] -If ☝️ `ci_badges.map(&:color).detect { it != "green"}` [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord]. +`if ci_badges.map(&:color).detect { it != "green"}` ☝️ [let me know][🖼️galtzo-discord], as I may have missed the [discord notification][🖼️galtzo-discord]. --- -OTOH, if `ci_badges.map(&:color).all? { it == "green"}` 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job. +`if ci_badges.map(&:color).all? { it == "green"}` 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job. [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate to my FLOSS or refugee efforts at ko-fi.com][🖇kofi-img]][🖇kofi] [![Donate to my FLOSS or refugee efforts using Patreon][🖇patreon-img]][🖇patreon] @@ -128,10 +128,10 @@ leading versions per each minor version of Ruby of all the runtime dependencies What does that mean specifically for the runtime dependencies? -We have 100% test coverage of lines and branches, and this test suite runs across a large matrix -covering the latest patch for each of the following minor versions: +We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix. +It wouldn't be possible without appraisal2. -| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 | +| 🚚 _Amazing_ test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚 | |------------------------------------------------|--------------------------------------------------------| | 👟 Check it out! | ✨ [github.com/appraisal-rb/appraisal2][💎appraisal2] ✨ | @@ -1366,7 +1366,7 @@ To join the community or get help 👇️ Join the Discord. [![Live Chat on Discord][✉️discord-invite-img-ftb]][✉️discord-invite] -To say "thanks for maintaining such a great tool" ☝️ Join the Discord or 👇️ send money. +To say "thanks!" ☝️ Join the Discord or 👇️ send money. [![Sponsor ruby-oauth/oauth2 on Open Source Collective][🖇osc-all-bottom-img]][🖇osc] 💌 [![Sponsor me on GitHub Sponsors][🖇sponsor-bottom-img]][🖇sponsor] 💌 [![Sponsor me on Liberapay][⛳liberapay-bottom-img]][⛳liberapay-img] 💌 [![Donate on PayPal][🖇paypal-bottom-img]][🖇paypal-img] From 9f037785206db3ed34269f01f8efaf3020bf05e0 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 8 Sep 2025 02:20:17 -0600 Subject: [PATCH 4/5] =?UTF-8?q?=F0=9F=93=9D=20Update=20post=5Finstall=5Fme?= =?UTF-8?q?ssage?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- oauth2.gemspec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2.gemspec b/oauth2.gemspec index 58fb10c1..9861f294 100644 --- a/oauth2.gemspec +++ b/oauth2.gemspec @@ -50,7 +50,7 @@ Gem::Specification.new do |spec| (minor) ⚠️ BREAKING CHANGES ⚠️ when upgrading from < v2 • Summary of breaking changes: #{gl_homepage}#what-is-new-for-v20 -• Changes in this patch: #{gl_homepage}/-/blob/v#{spec.version}/CHANGELOG.md#200-2022-06-21-tag +• Changes in this patch: #{gl_homepage}/-/blob/v#{gem_version}/CHANGELOG.md#2015-2025-09-08 News: 1. New documentation website, including for OAuth 2.1 and OIDC: https://oauth2.galtzo.com @@ -58,7 +58,7 @@ News: 3. New org name "ruby-oauth" on Open Source Collective, GitHub, GitLab, Codeberg (update git remotes!) 4. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date. Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then. -5. Gem releases are cryptographically signed with a 20-year cert, with checksums by stone_checksums. +5. Gem releases are cryptographically signed with a 20-year cert; SHA-256 & SHA-512 checksums by stone_checksums. 6. Please consider supporting this project: • https://opencollective.com/ruby-oauth (new!) • https://liberapay.com/pboling From eb15243b7b412c27fc64c8b6ca37c3218dcaeb94 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Mon, 8 Sep 2025 02:25:30 -0600 Subject: [PATCH 5/5] =?UTF-8?q?=F0=9F=94=96=20Prepare=20release=20v2.0.15?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ⚡️ A message from a fellow meat-based-AI ⚡️ - [❤️] Finely-crafted open-source tools like oauth2 (& many more) are a full-time endeavor. - [❤️] Though I adore my work, it lacks financial sustainability. - [❤️] Please, help me continue enhancing your tools by becoming a sponsor: - [💲] https://liberapay.com/pboling/donate - [💲] https://github.com/sponsors/pboling --- CHANGELOG.md | 18 +- Gemfile.lock | 2 +- docs/OAuth2.html | 2 +- docs/OAuth2/AccessToken.html | 95 ++-- docs/OAuth2/Authenticator.html | 2 +- docs/OAuth2/Client.html | 2 +- docs/OAuth2/Error.html | 2 +- docs/OAuth2/FilteredAttributes.html | 2 +- .../FilteredAttributes/ClassMethods.html | 2 +- docs/OAuth2/Response.html | 2 +- docs/OAuth2/Strategy.html | 2 +- docs/OAuth2/Strategy/Assertion.html | 2 +- docs/OAuth2/Strategy/AuthCode.html | 2 +- docs/OAuth2/Strategy/Base.html | 2 +- docs/OAuth2/Strategy/ClientCredentials.html | 2 +- docs/OAuth2/Strategy/Implicit.html | 2 +- docs/OAuth2/Strategy/Password.html | 2 +- docs/OAuth2/Version.html | 4 +- docs/_index.html | 2 +- docs/file.CHANGELOG.html | 415 ++++-------------- docs/file.CITATION.html | 2 +- docs/file.CODE_OF_CONDUCT.html | 2 +- docs/file.CONTRIBUTING.html | 47 +- docs/file.FUNDING.html | 2 +- docs/file.LICENSE.html | 2 +- docs/file.OIDC.html | 2 +- docs/file.README.html | 160 ++++++- docs/file.REEK.html | 2 +- docs/file.RUBOCOP.html | 2 +- docs/file.SECURITY.html | 24 +- docs/file.access_token.html | 2 +- docs/file.authenticator.html | 2 +- docs/file.client.html | 2 +- docs/file.error.html | 2 +- docs/file.filtered_attributes.html | 2 +- docs/file.oauth2-2.0.10.gem.html | 2 +- docs/file.oauth2-2.0.11.gem.html | 2 +- docs/file.oauth2-2.0.12.gem.html | 2 +- docs/file.oauth2-2.0.13.gem.html | 2 +- docs/file.oauth2-2.0.14.gem.html | 2 +- docs/file.oauth2.html | 2 +- docs/file.response.html | 2 +- docs/file.strategy.html | 2 +- docs/file.version.html | 2 +- docs/index.html | 160 ++++++- docs/top-level-namespace.html | 2 +- lib/oauth2/version.rb | 2 +- 47 files changed, 522 insertions(+), 479 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a52a91f3..c4904aa9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,18 @@ Please file a bug if you notice a violation of semantic versioning. ## [Unreleased] ### Added +### Changed +### Deprecated +### Removed +### Fixed +### Security + +## [2.0.15] - 2025-09-08 +- TAG: [v2.0.15][2.0.15t] +- COVERAGE: 100.00% -- 519/519 lines in 14 files +- BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files +- 90.48% documented +### Added - [gh!671][gh!671] - Complete documentation example for Instagram by @pboling - .env.local.example for contributor happiness - note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0 @@ -27,8 +39,6 @@ Please file a bug if you notice a violation of semantic versioning. - e.g., Instagram GET=:query, POST/DELETE=:header ### Changed - [gh!669][gh!669] - Upgrade to kettle-dev v1.1.9 by @pboling -### Deprecated -### Removed ### Fixed - Remove accidentally duplicated lines, and fix typos in CHANGELOG.md - point badge to the correct workflow for Ruby 2.3 (caboose.yml) @@ -520,7 +530,9 @@ Please file a bug if you notice a violation of semantic versioning. [gemfiles/readme]: gemfiles/README.md -[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...HEAD +[Unreleased]: https://github.com/ruby-oauth/oauth2/compare/v2.0.15...HEAD +[2.0.15]: https://github.com/ruby-oauth/oauth2/compare/v2.0.14...v2.0.15 +[2.0.15t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.15 [2.0.14]: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14 [2.0.14t]: https://github.com/ruby-oauth/oauth2/releases/tag/v2.0.14 [2.0.13]: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13 diff --git a/Gemfile.lock b/Gemfile.lock index 6bbe0251..a666a693 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -13,7 +13,7 @@ GIT PATH remote: . specs: - oauth2 (2.0.14) + oauth2 (2.0.15) faraday (>= 0.17.3, < 4.0) jwt (>= 1.0, < 4.0) logger (~> 1.2) diff --git a/docs/OAuth2.html b/docs/OAuth2.html index 6282a46f..1a5f9800 100644 --- a/docs/OAuth2.html +++ b/docs/OAuth2.html @@ -415,7 +415,7 @@

diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html index 65ab00e2..2e8db0f0 100644 --- a/docs/OAuth2/AccessToken.html +++ b/docs/OAuth2/AccessToken.html @@ -967,7 +967,7 @@

  • :mode - (Symbol) + (Symbol or callable) — default: @@ -975,8 +975,9 @@

    - —

    the transmission mode of the Access Token parameter value
    -one of :header, :body or :query

    + —

    the transmission mode of the Access Token parameter value:
    +either one of :header, :body or :query, or a callable that accepts a request-verb parameter
    +and returns one of these three symbols.

    • @@ -1038,7 +1039,6 @@ 

     
 
-142
 143
 144
 145
@@ -1071,10 +1071,11 @@ 
    
 172
 173
 174
-175
    +175 +176 - 
    # File 'lib/oauth2/access_token.rb', line 142
+      
    # File 'lib/oauth2/access_token.rb', line 143
 
 def initialize(client, token, opts = {})
   @client = client
@@ -1935,12 +1936,12 @@ 
    
       
     
 
-180
 181
-182
    
+182
+183
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 180
+      
    # File 'lib/oauth2/access_token.rb', line 181
 
 def [](key)
   @params[key]
@@ -1982,12 +1983,12 @@ 
    
       
     
 
-362
 363
-364
    
+364
+365
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 362
+      
    # File 'lib/oauth2/access_token.rb', line 363
 
 def delete(path, opts = {}, &block)
   request(:delete, path, opts, &block)
@@ -2039,12 +2040,12 @@ 
    
       
     
 
-194
 195
-196
    
+196
+197
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 194
+      
    # File 'lib/oauth2/access_token.rb', line 195
 
 def expired?
   expires? && (expires_at <= Time.now.to_i)
@@ -2092,12 +2093,12 @@ 
    
       
     
 
-187
 188
-189
    
+189
+190
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 187
+      
    # File 'lib/oauth2/access_token.rb', line 188
 
 def expires?
   !!@expires_at
@@ -2139,12 +2140,12 @@ 
    
       
     
 
-334
 335
-336
    
+336
+337
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 334
+      
    # File 'lib/oauth2/access_token.rb', line 335
 
 def get(path, opts = {}, &block)
   request(:get, path, opts, &block)
@@ -2179,12 +2180,12 @@ 
    
       
     
 
-367
 368
-369
    
+369
+370
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 367
+      
    # File 'lib/oauth2/access_token.rb', line 368
 
 def headers
   {"Authorization" => options[:header_format] % token}
@@ -2226,12 +2227,12 @@ 
    
       
     
 
-355
 356
-357
    
+357
+358
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 355
+      
    # File 'lib/oauth2/access_token.rb', line 356
 
 def patch(path, opts = {}, &block)
   request(:patch, path, opts, &block)
@@ -2273,12 +2274,12 @@ 
    
       
     
 
-341
 342
-343
    
+343
+344
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 341
+      
    # File 'lib/oauth2/access_token.rb', line 342
 
 def post(path, opts = {}, &block)
   request(:post, path, opts, &block)
@@ -2320,12 +2321,12 @@ 
    
       
     
 
-348
 349
-350
    
+350
+351
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 348
+      
    # File 'lib/oauth2/access_token.rb', line 349
 
 def put(path, opts = {}, &block)
   request(:put, path, opts, &block)
@@ -2475,7 +2476,6 @@ 
    
       
     
 
-209
 210
 211
 212
@@ -2488,10 +2488,11 @@ 
    
 219
 220
 221
-222
    
+222
+223
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 209
+      
    # File 'lib/oauth2/access_token.rb', line 210
 
 def refresh(params = {}, access_token_opts = {}, &block)
   raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
@@ -2697,16 +2698,16 @@ 
    
       
     
 
-326
 327
 328
-329
    
+329
+330
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 326
+      
    # File 'lib/oauth2/access_token.rb', line 327
 
 def request(verb, path, opts = {}, &block)
-  configure_authentication!(opts)
+  configure_authentication!(opts, verb)
   @client.request(verb, path, opts, &block)
 end
    
     
@@ -2911,7 +2912,6 @@ 
    
       
     
 
-258
 259
 260
 261
@@ -2935,10 +2935,11 @@ 
    
 279
 280
 281
-282
    
+282
+283
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 258
+      
    # File 'lib/oauth2/access_token.rb', line 259
 
 def revoke(params = {}, &block)
   token_type_hint_orig = params.delete(:token_type_hint)
@@ -3019,7 +3020,6 @@ 
    
       
     
 
-292
 293
 294
 295
@@ -3036,10 +3036,11 @@ 
    
 306
 307
 308
-309
    
+309
+310
    
     
     
-      
    # File 'lib/oauth2/access_token.rb', line 292
+      
    # File 'lib/oauth2/access_token.rb', line 293
 
 def to_hash
   hsh = {
@@ -3069,7 +3070,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html
index faf89410..7c1b8216 100644
--- a/docs/OAuth2/Authenticator.html
+++ b/docs/OAuth2/Authenticator.html
@@ -883,7 +883,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html
index 51a88241..4ab3fadb 100644
--- a/docs/OAuth2/Client.html
+++ b/docs/OAuth2/Client.html
@@ -2656,7 +2656,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html
index 5b3f877f..8d552c44 100644
--- a/docs/OAuth2/Error.html
+++ b/docs/OAuth2/Error.html
@@ -772,7 +772,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html
index 62a00b76..4f0e8f35 100644
--- a/docs/OAuth2/FilteredAttributes.html
+++ b/docs/OAuth2/FilteredAttributes.html
@@ -335,7 +335,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html
index f5a90ad2..ebba80bb 100644
--- a/docs/OAuth2/FilteredAttributes/ClassMethods.html
+++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html
@@ -280,7 +280,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html
index ae0d68ae..ad798cd7 100644
--- a/docs/OAuth2/Response.html
+++ b/docs/OAuth2/Response.html
@@ -1619,7 +1619,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html
index 8085e14f..0a529183 100644
--- a/docs/OAuth2/Strategy.html
+++ b/docs/OAuth2/Strategy.html
@@ -107,7 +107,7 @@ 
    Defined Under Namespace
    
 
 
       
diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html
index a73c3e38..f3677860 100644
--- a/docs/OAuth2/Strategy/Assertion.html
+++ b/docs/OAuth2/Strategy/Assertion.html
@@ -481,7 +481,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html
index e51945bb..972c4e66 100644
--- a/docs/OAuth2/Strategy/AuthCode.html
+++ b/docs/OAuth2/Strategy/AuthCode.html
@@ -483,7 +483,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html
index b520e5b3..41ddc3ca 100644
--- a/docs/OAuth2/Strategy/Base.html
+++ b/docs/OAuth2/Strategy/Base.html
@@ -195,7 +195,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html
index 4c10c316..4908facc 100644
--- a/docs/OAuth2/Strategy/ClientCredentials.html
+++ b/docs/OAuth2/Strategy/ClientCredentials.html
@@ -343,7 +343,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html
index 6126dbcf..2a52b5c8 100644
--- a/docs/OAuth2/Strategy/Implicit.html
+++ b/docs/OAuth2/Strategy/Implicit.html
@@ -420,7 +420,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html
index 6ac72792..25bb5a64 100644
--- a/docs/OAuth2/Strategy/Password.html
+++ b/docs/OAuth2/Strategy/Password.html
@@ -374,7 +374,7 @@ 
    
 
 
       
diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html
index 07846f2b..f433a10e 100644
--- a/docs/OAuth2/Version.html
+++ b/docs/OAuth2/Version.html
@@ -95,7 +95,7 @@ 
    
         
    VERSION =
           
         
    
-        
    "2.0.14"
    
+        
    "2.0.15"
    
       
     
   
@@ -111,7 +111,7 @@ 
    
 
 
       
diff --git a/docs/_index.html b/docs/_index.html
index a92b83b2..99fa4912 100644
--- a/docs/_index.html
+++ b/docs/_index.html
@@ -372,7 +372,7 @@ 
    Namespace Listing A-Z
    
 
 
       
diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html
index de8e3bb2..4278f3f0 100644
--- a/docs/file.CHANGELOG.html
+++ b/docs/file.CHANGELOG.html
@@ -68,24 +68,48 @@
 and yes, platform and engine support are part of the public API.
    
 Please file a bug if you notice a violation of semantic versioning.
    
 
-
    Unreleased
    
+
    Unreleased
    
 
    Added
    
+
    Changed
    
+
    Deprecated
    
+
    Removed
    
+
    Fixed
    
+
    Security
    
+
+
    
+2.0.15 - 2025-09-08
    
 
      
+  
    • TAG: v2.0.15
+
      • 
+  
    • COVERAGE: 100.00% – 519/519 lines in 14 files
      • 
+  
    • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
      • 
+  
    • 90.48% documented
+    
      Added
      
+  
      • 
+  
    • 
+gh!671 - Complete documentation example for Instagram by @pboling
      • 
   
    • .env.local.example for contributor happiness
      • 
   
    • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
     
+  
      • 
+  
    • 
+gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
+    
        
+      
      • e.g., Instagram GET=:query, POST/DELETE=:header
+        
        Changed
        
       
        • 
     
      
   
      • 
+  
    • 
+gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
+    
      Fixed
      
+  
      • 
+  
    • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
      • 
   
    • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
-    
      Security
      
+    
      Security
      
   
      • 
 
    
 
@@ -97,19 +121,19 @@ 
    
   
  • COVERAGE: 100.00% – 519/519 lines in 14 files
    • 
   
  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
    • 
   
  • 90.48% documented
-    
    Added
    
+    
    Added
    
   
    • 
   
  • improved documentation by @pboling
    • 
   
  • 
-gh665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
    • 
+gh!665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
   
  • 
-gh666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
+gh!666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling
     
      
       
    • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
      • 
     
    
   
    • 
   
  • 
-gh662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
+gh!662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling
     
      
       
    • PKCE required for auth code,
      • 
       
    • exact redirect URI match,
      • 
@@ -120,13 +144,13 @@ 
      Added
      
     
    
   
    • 
   
  • 
-gh663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
+gh!663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling
     
      
       
    • also, list libraries built on top of the oauth2 gem that implement OIDC
      • 
     
    
   
    • 
   
  • 
-gh664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
    • 
+gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
 
 
 
    
@@ -137,30 +161,30 @@ 
    
   
  • COVERAGE: 100.00% – 519/519 lines in 14 files
    • 
   
  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
    • 
   
  • 90.48% documented
-    
    Added
    
+    
    Added
    
   
    • 
   
  • 
-gh656 - Support revocation with URL-encoded parameters
    • 
+gh!656 - Support revocation with URL-encoded parameters
   
  • 
-gh660 - Inline yard documentation by @pboling
    • 
+gh!660 - Inline yard documentation by @pboling
   
  • 
-gh660 - Complete RBS types documentation by @pboling
    • 
+gh!660 - Complete RBS types documentation by @pboling
   
  • 
-gh660- (more) Comprehensive documentation / examples by @pboling
    • 
+gh!660- (more) Comprehensive documentation / examples by @pboling
   
  • 
-gh657 - Updated documentation for org-rename by @pboling
    • 
+gh!657 - Updated documentation for org-rename by @pboling
   
  • More funding links by @Aboling0
    • 
   
  • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
-    
    Changed
    
+    
    Changed
    
   
    • 
   
  • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
    • 
   
  • 
-gh660 - Shrink post-install message by 4 lines by @pboling
-    
    Fixed
    
+gh!660 - Shrink post-install message by 4 lines by @pboling
+    
    Fixed
    
   
    • 
   
  • 
-gh660 - Links in README (including link to HEAD documentation) by @pboling
-    
    Security
    
+gh!660 - Links in README (including link to HEAD documentation) by @pboling
+    
    Security
    
   
    • 
 
 
@@ -172,10 +196,10 @@ 
    
   
  • Line Coverage: 100.0% (520 / 520)
    • 
   
  • Branch Coverage: 100.0% (174 / 174)
    • 
   
  • 80.00% documented
-    
    Added
    
+    
    Added
    
   
    • 
   
  • 
-gh652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
+gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang
     
      
       
    • Support JWT kid for key discovery and management
      • 
     
    
@@ -187,16 +211,12 @@ 
    Added
    
     
   
    • 
   
  • Documentation site @ https://oauth2.galtzo.com now complete
-    
    Changed
    
+    
    Changed
    
   
    • 
   
  • Updates to gemspec (email, funding url, post install message)
-    
    Deprecated
    
-    
    Removed
    
-    
    Fixed
    
-  
    • 
-  
  • Documentation Typos by @pboling
-    
    Security
    
+    
    Fixed
    
   
    • 
+  
  • Documentation Typos by @pboling
    • 
 
 
 
    
@@ -207,16 +227,13 @@ 
    
   
  • COVERAGE: 100.00% – 518/518 lines in 14 files
    • 
   
  • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
    • 
   
  • 80.00% documented
-    
    Added
    
+    
    Added
    
   
    • 
   
  • 
-gh651 - :snaky_hash_klass option (@pboling)
    • 
-  
  • 
-gh651 - :snaky_hash_klass option (@pboling)
    • 
+gh!651 - :snaky_hash_klass option (@pboling)
   
  • More documentation
    • 
   
  • Codeberg as ethical mirror (@pboling)
     
      
-      
    • https://codeberg.org/oauth-xx/oauth2
      • 
       
    • https://codeberg.org/ruby-oauth/oauth2
      • 
     
    
   
    • 
@@ -230,34 +247,26 @@ 
    Added
    
     
   
   
  • 
-!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
    • 
-  
  • 
-gh651 - Mock OAuth2 server for testing (@pboling)
    • 
-  
  • 
 !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
    • 
   
  • 
-gh651 - Mock OAuth2 server for testing (@pboling)
+gh!651 - Mock OAuth2 server for testing (@pboling)
     
      
       
    • https://github.com/navikt/mock-oauth2-server
-        
      Changed
      
+        
      Changed
      
       
      • 
     
    
   
    • 
   
  • 
-gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
    • 
-  
  • 
-gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
+gh!651 - Upgraded to snaky_hash v2.0.3 (@pboling)
     
      
       
    • Provides solution for serialization issues
      • 
     
    
   
    • 
   
  • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
-    
    Fixed
    
+    
    Fixed
    
   
    • 
   
  • 
-gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
    • 
-  
  • 
-gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
    • 
+gh!650 - Regression in return type of OAuth2::Response#parsed (@pboling)
   
  • Incorrect documentation related to silencing warnings (@pboling)
    • 
 
 
@@ -269,17 +278,9 @@ 
    
   
  • COVERAGE: 100.00% – 518/518 lines in 14 files
    • 
   
  • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
    • 
   
  • 79.05% documented
-    
    Added
    
+    
    Added
    
   
    • 
   
  • 
-gh!632 - Added funding.yml (@Aboling0)
    • 
-  
  • 
-!635 - Added .gitlab-ci.yml (@jessieay)
    • 
-  
  • 
-#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
    • 
-  
  • 
-!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
    • 
-  
  • 
 gh!632 - Added funding.yml (@Aboling0)
    • 
   
  • 
 !635 - Added .gitlab-ci.yml (@jessieay)
    • 
@@ -299,20 +300,12 @@ 
    Added
    
     
   
   
  • 
-!643 - Add token_name option (@pboling)
    • 
-  
  • 
 !643 - Add token_name option (@pboling)
     
      
       
    • Specify the parameter name that identifies the access token
      • 
     
    
   
    • 
   
  • 
-!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
    • 
-  
  • 
-!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
    • 
-  
  • 
-!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
    • 
-  
  • 
 !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
    • 
   
  • 
 !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
    • 
@@ -325,14 +318,10 @@ 
    Added
    
     
   
   
  • 
-gh!644, gh!645 - Added CITATION.cff (@Aboling0)
    • 
-  
  • 
-!648 - Improved documentation (@pboling)
    • 
-  
  • 
 gh!644, gh!645 - Added CITATION.cff (@Aboling0)
    • 
   
  • 
 !648 - Improved documentation (@pboling)
-    
    Changed
    
+    
    Changed
    
   
    • 
   
  • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
    • 
   
  • Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
@@ -341,50 +330,20 @@ 
    Changed
    
     
   
    • 
   
  • 
-!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
    • 
-  
  • 
-!647 - OAuth2.config is no longer writable (@pboling)
    • 
-  
  • 
-!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
    • 
-  
  • 
 !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
    • 
   
  • 
 !647 - OAuth2.config is no longer writable (@pboling)
    • 
   
  • 
 !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
-    
    Fixed
    
+    
    Fixed
    
   
    • 
   
  • 
-#95 - restoring an access token via AccessToken#from_hash (@pboling)
    • 
-  
  • 
 #95 - restoring an access token via AccessToken#from_hash (@pboling)
     
      
       
    • This was a 13 year old bug report. 😘
      • 
     
    
   
    • 
   
  • 
-#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
    • 
-  
  • 
-!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
    • 
-  
  • 
-!634 - CHANGELOG.md documentation fix (@skuwa229)
    • 
-  
  • 
-!638 - fix expired? when expires_in is 0 (@disep)
    • 
-  
  • 
-!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
    • 
-  
  • 
-#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
    • 
-  
  • 
-!640 - README.md documentation fix (@martinezcoder)
    • 
-  
  • 
-!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
    • 
-  
  • 
-#641 - Made default JSON response parser more resilient (@pboling)
    • 
-  
  • 
-#645 - Response no longer becomes a snaky hash (@pboling)
    • 
-  
  • 
-gh!646 - Change require to require_relative (improve performance) (@Aboling0)
    • 
-  
  • 
 #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
    • 
   
  • 
 !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
    • 
@@ -412,10 +371,10 @@ 
    
 2.0.9 - 2022-09-16
    
 
      
   
    • TAG: v2.0.9
-    
      Added
      
+    
      Added
      
   
      • 
   
    • More specs (@pboling)
-    
      Changed
      
+    
      Changed
      
   
      • 
   
    • Complete migration to main branch as default (@pboling)
      • 
   
    • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
      • 
@@ -425,18 +384,13 @@ 
      
 2.0.8 - 2022-09-01
      
 
        
   
      • TAG: v2.0.8
-    
        Changed
        
+    
        Changed
        
   
        • 
   
      • 
-!630 - Extract snaky_hash to external dependency (@pboling)
        • 
-  
      • 
 !630 - Extract snaky_hash to external dependency (@pboling)
-    
        Added
        
+    
        Added
        
   
        • 
   
      • 
-!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
-
        • 
-  
      • 
 !631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628
 
        • 
 
      
@@ -445,25 +399,19 @@ 
      
 2.0.7 - 2022-08-22
      
 
        
   
      • TAG: v2.0.7
-    
        Added
        
+    
        Added
        
   
        • 
   
      • 
-!629 - Allow POST of JSON to get token (@pboling, @terracatta)
        • 
-  
      • 
 !629 - Allow POST of JSON to get token (@pboling, @terracatta)
-    
        Fixed
        
+    
        Fixed
        
   
        • 
   
      • 
-!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
        • 
-  
      • 
 !626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby)
     
          
       
        • Note: This fixes compatibility with omniauth-oauth2 and AWS
          • 
     
        
   
        • 
   
      • 
-!625 - Fixes the printed version in the post install message (@hasghari)
        • 
-  
      • 
 !625 - Fixes the printed version in the post install message (@hasghari)
        • 
 
      
 
@@ -471,11 +419,9 @@ 
      
 2.0.6 - 2022-07-13
      
 
        
   
      • TAG: v2.0.6
-    
        Fixed
        
+    
        Fixed
        
   
        • 
   
      • 
-!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
        • 
-  
      • 
 !624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
        • 
 
      
 
@@ -483,13 +429,9 @@ 
      
 2.0.5 - 2022-07-07
      
 
        
   
      • TAG: v2.0.5
-    
        Fixed
        
+    
        Fixed
        
   
        • 
   
      • 
-!620 - Documentation improvements, to help with upgrading (@swanson)
        • 
-  
      • 
-!621 - Fixed #528 and #619 (@pboling)
        • 
-  
      • 
 !620 - Documentation improvements, to help with upgrading (@swanson)
        • 
   
      • 
 !621 - Fixed #528 and #619 (@pboling)
@@ -512,11 +454,9 @@ 
        
 2.0.4 - 2022-07-01
        
 
          
   
        • TAG: v2.0.4
-    
          Fixed
          
+    
          Fixed
          
   
          • 
   
        • 
-!618 - In some scenarios the snaky option default value was not applied (@pboling)
          • 
-  
        • 
 !618 - In some scenarios the snaky option default value was not applied (@pboling)
          • 
 
        
 
@@ -524,23 +464,15 @@ 
        
 2.0.3 - 2022-06-28
        
 
          
   
        • TAG: v2.0.3
-    
          Added
          
+    
          Added
          
   
          • 
   
        • 
-!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
          • 
-  
        • 
-!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
          • 
-  
        • 
 !611 - Proper deprecation warnings for extract_access_token argument (@pboling)
          • 
   
        • 
 !612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
-    
          Fixed
          
+    
          Fixed
          
   
          • 
   
        • 
-!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
          • 
-  
        • 
-!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
          • 
-  
        • 
 !608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
          • 
   
        • 
 !615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
          • 
@@ -550,15 +482,9 @@ 
          
 2.0.2 - 2022-06-24
          
 
            
   
          • TAG: v2.0.2
-    
            Fixed
            
+    
            Fixed
            
   
            • 
   
          • 
-!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
            • 
-  
          • 
-!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
            • 
-  
          • 
-!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
            • 
-  
          • 
 !604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
            • 
   
          • 
 !606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
            • 
@@ -570,7 +496,7 @@ 
            
 2.0.1 - 2022-06-22
            
 
              
   
            • TAG: v2.0.1
-    
              Added
              
+    
              Added
              
   
              • 
   
            • Documentation improvements (@pboling)
              • 
   
            • Increased test coverage to 99% (@pboling)
              • 
@@ -580,61 +506,9 @@ 
              
 2.0.0 - 2022-06-21
              
 
                
   
              • TAG: v2.0.0
-    
                Added
                
+    
                Added
                
   
                • 
   
              • 
-!158, !344 - Optionally pass raw response to parsers (@niels)
                • 
-  
              • 
-!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                • 
-  
              • 
-!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
                • 
-  
              • 
-!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
                • 
-  
              • 
-!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
                • 
-  
              • 
-!346 - Modern gem structure (@pboling)
                • 
-  
              • 
-!351 - Support Jruby 9k (@pboling)
                • 
-  
              • 
-!362 - Support SemVer release version scheme (@pboling)
                • 
-  
              • 
-!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
                • 
-  
              • 
-!364 - Support application/hal+json format (@pboling)
                • 
-  
              • 
-!365 - Support application/vnd.collection+json format (@pboling)
                • 
-  
              • 
-!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
                • 
-  
              • 
-!381 - Spec for extra header params on client credentials (@nikz)
                • 
-  
              • 
-!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
                • 
-  
              • 
-!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
                • 
-  
              • 
-!413 - Documentation: License scan and report (@meganemura)
                • 
-  
              • 
-!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
                • 
-  
              • 
-!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
                • 
-  
              • 
-!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
                • 
-  
              • 
-!550 - Raise error if location header not present when redirecting (@stanhu)
                • 
-  
              • 
-!552 - Add missing version.rb require (@ahorek)
                • 
-  
              • 
-!553 - Support application/problem+json format (@janz93)
                • 
-  
              • 
-!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
                • 
-  
              • 
-!571 - Support Ruby 3.1 (@pboling)
                • 
-  
              • 
-!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
                • 
-  
              • 
-!581 - Documentation: of breaking changes (@pboling)
                • 
-  
              • 
 !158, !344 - Optionally pass raw response to parsers (@niels)
                • 
   
              • 
 !190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
                • 
@@ -686,29 +560,9 @@ 
                Added
                
 !575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
   
              • 
 !581 - Documentation: of breaking changes (@pboling)
-    
                Changed
                
+    
                Changed
                
   
                • 
   
              • 
-!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                • 
-  
              • 
-!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                • 
-  
              • 
-!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
                • 
-  
              • 
-!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
                • 
-  
              • 
-!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
                • 
-  
              • 
-!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
                • 
-  
              • 
-!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
                • 
-  
              • 
-!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
                • 
-  
              • 
-!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
                • 
-  
              • 
-!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem)
                • 
-  
              • 
 !191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
                • 
   
              • 
 !312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
                • 
@@ -735,52 +589,12 @@ 
                Changed
                
     
              
   
   
            • 
-!576 - BREAKING: Stop rescuing parsing errors (@pboling)
              • 
-  
            • 
-!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
              • 
-  
            • 
 !576 - BREAKING: Stop rescuing parsing errors (@pboling)
              • 
   
            • 
 !591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
-    
              Fixed
              
+    
              Fixed
              
   
              • 
   
            • 
-!158, !344 - Handling of errors when using omniauth-facebook (@niels)
              • 
-  
            • 
-!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
              • 
-  
            • 
-!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
              • 
-  
            • 
-!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
              • 
-  
            • 
-!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
              • 
-  
            • 
-!328 - Documentation: Homepage URL is SSL (@amatsuda)
              • 
-  
            • 
-!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
              • 
-  
            • 
-!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
              • 
-  
            • 
-!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
              • 
-  
            • 
-!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
              • 
-  
            • 
-!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
              • 
-  
            • 
-!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
              • 
-  
            • 
-!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
              • 
-  
            • 
-!482 - Documentation: Update last of intridea links to oauth-xx (@pboling)
              • 
-  
            • 
-!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
              • 
-  
            • 
-!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
              • 
-  
            • 
-!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
              • 
-  
            • 
-!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
              • 
-  
            • 
 !158, !344 - Handling of errors when using omniauth-facebook (@niels)
              • 
   
            • 
 !294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
              • 
@@ -816,21 +630,9 @@ 
              Fixed
              
 !596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
   
            • 
 !598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
-    
              Removed
              
+    
              Removed
              
   
              • 
   
            • 
-!341 - Remove Rdoc & Jeweler related files (@josephpage)
              • 
-  
            • 
-!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
              • 
-  
            • 
-!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
              • 
-  
            • 
-!566 - Dependency: Removed wwtd (@bquorning)
              • 
-  
            • 
-!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
              • 
-  
            • 
-!590 - Dependency: Removed multi_json (@stanhu)
              • 
-  
            • 
 !341 - Remove Rdoc & Jeweler related files (@josephpage)
              • 
   
            • 
 !342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
              • 
@@ -858,7 +660,6 @@ 
              
 
                
   
              • TAG: v1.4.10
 
                • 
-  
              • FIPS Compatibility !587 (@akostadinov)
                • 
   
              • FIPS Compatibility !587 (@akostadinov)
                • 
 
              
 
@@ -866,8 +667,6 @@ 
              
 1.4.9 - 2022-02-20
              
 
                
   
              • TAG: v1.4.9
-
                • 
-  
              • Fixes compatibility with Faraday v2 572
 
                • 
   
              • Fixes compatibility with Faraday v2 572
 
                • 
@@ -889,15 +688,11 @@ 
                
   
              • MFA is now required to push new gem versions (@pboling)
                • 
   
              • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
                • 
   
              • 
-!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                • 
-  
              • 
 !569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
                • 
   
              • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
                • 
   
              • Add CodeQL, Security Policy, Funding info (@pboling)
                • 
   
              • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
                • 
   
              • 
-!543 - Support for more modern Open SSL libraries (@pboling)
                • 
-  
              • 
 !543 - Support for more modern Open SSL libraries (@pboling)
                • 
 
              
 
@@ -907,8 +702,6 @@ 
              
   
            • TAG: v1.4.7
 
              • 
   
            • 
-!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
              • 
-  
            • 
 !541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
              • 
 
            
 
@@ -918,12 +711,6 @@ 
            
   
          • TAG: v1.4.6
 
            • 
   
          • 
-!540 - Add VERSION constant (@pboling)
            • 
-  
          • 
-!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
            • 
-  
          • 
-!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
            • 
-  
          • 
 !540 - Add VERSION constant (@pboling)
            • 
   
          • 
 !537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
            • 
@@ -937,14 +724,6 @@ 
            
   
          • TAG: v1.4.5
 
            • 
   
          • 
-!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
            • 
-  
          • 
-!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
            • 
-  
          • 
-!507 - Fix camel case content type, response keys (@anvox)
            • 
-  
          • 
-!500 - Fix YARD documentation formatting (@olleolleolle)
            • 
-  
          • 
 !535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
            • 
   
          • 
 !518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
            • 
@@ -960,8 +739,6 @@ 
            
   
          • TAG: v1.4.4
 
            • 
   
          • 
-!408 - Fixed expires_at for formatted time (@Lomey)
            • 
-  
          • 
 !408 - Fixed expires_at for formatted time (@Lomey)
            • 
 
          
 
@@ -971,10 +748,6 @@ 
          
   
        • TAG: v1.4.3
 
          • 
   
        • 
-!483 - add project metadata to gemspec (@orien)
          • 
-  
        • 
-!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
          • 
-  
        • 
 !483 - add project metadata to gemspec (@orien)
          • 
   
        • 
 !495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz)
@@ -983,8 +756,6 @@ 
          
     
        
   
        • 
   
      • 
-!433 - allow field names with square brackets and numbers in params (@asm256)
        • 
-  
      • 
 !433 - allow field names with square brackets and numbers in params (@asm256)
        • 
 
      
 
@@ -994,8 +765,6 @@ 
      
   
    • TAG: v1.4.2
 
      • 
   
    • 
-!478 - support latest version of faraday & fix build (@pboling)
      • 
-  
    • 
 !478 - support latest version of faraday & fix build (@pboling)
     
        
       
      • Officially support Ruby 2.6 and truffleruby
        • 
@@ -1009,20 +778,6 @@ 
        
   
      • TAG: v1.4.1
 
        • 
   
      • 
-!417 - update jwt dependency (@thewoolleyman)
        • 
-  
      • 
-!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
        • 
-  
      • 
-!418 - update faraday dependency (@pboling)
        • 
-  
      • 
-!420 - update oauth2.gemspec (@pboling)
        • 
-  
      • 
-!421 - fix CHANGELOG.md for previous releases (@pboling)
        • 
-  
      • 
-!422 - update LICENSE and README.md (@pboling)
        • 
-  
      • 
-!423 - update builds, Rakefile (@pboling)
        • 
-  
      • 
 !417 - update jwt dependency (@thewoolleyman)
        • 
   
      • 
 !419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
        • 
@@ -1121,10 +876,10 @@ 
        
 1.0.0 - 2014-07-09
        
 
          
   
        • TAG: v1.0.0
-    
          Added
          
+    
          Added
          
   
          • 
   
        • Add an implementation of the MAC token spec.
-    
          Fixed
          
+    
          Fixed
          
   
          • 
   
        • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
          • 
 
        
@@ -1133,7 +888,7 @@ 
        
 0.5.0 - 2011-07-29
        
 
          
   
        • TAG: v0.5.0
-    
          Changed
          
+    
          Changed
          
   
          • 
   
        • 
 breaking oauth_token renamed to oauth_bearer.
          • 
@@ -1283,7 +1038,7 @@ 
          
 
 
       
diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html
index 4b363e04..5ef04f4b 100644
--- a/docs/file.CITATION.html
+++ b/docs/file.CITATION.html
@@ -82,7 +82,7 @@
 
 
       
diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html
index 9ab02890..d2fc3603 100644
--- a/docs/file.CODE_OF_CONDUCT.html
+++ b/docs/file.CODE_OF_CONDUCT.html
@@ -191,7 +191,7 @@ 
          Attribution
          
 
 
       
diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html
index 69263c84..9b453235 100644
--- a/docs/file.CONTRIBUTING.html
+++ b/docs/file.CONTRIBUTING.html
@@ -63,8 +63,7 @@
 This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
          
 the code of conduct.
          
 
-
          To submit a patch, please fork the project, create a patch with tests, and send a pull request.
          
-Post a message to the google group if you want to.
          
+
          To submit a patch, please fork the project, create a patch with tests, and send a pull request.
          
 
 
          Remember to Keep A Changelog if you make changes.
          
 
@@ -84,6 +83,35 @@ 
          Help out!
          
   
        • Create new Pull Request.
          • 
 
 
+
          Executables vs Rake tasks
          
+
+
          Executables shipped by oauth2 can be used with or without generating the binstubs.
          
+They will work when oauth2 is installed globally (i.e., gem install oauth2) and do not require that oauth2 be in your bundle.
          
+
+
            
+  
          • kettle-changelog
            • 
+  
          • kettle-commit-msg
            • 
+  
          • oauth2-setup
            • 
+  
          • kettle-dvcs
            • 
+  
          • kettle-pre-release
            • 
+  
          • kettle-readme-backers
            • 
+  
          • kettle-release
            • 
+
          
+
+
          However, the rake tasks provided by oauth2 do require oauth2 to be added as a development dependency and loaded in your Rakefile.
          
+See the full list of rake tasks in head of Rakefile
          
+
+
          Gemfile
          
+
          group :development do
+  gem "oauth2", require: false
+end
+
          
+
+
          Rakefile
          
+
          # Rakefile
+require "oauth2"
+
          
+
 
          Environment Variables for Local Development
          
 
 
          Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.
          
@@ -159,9 +187,10 @@ 
          Run Tests
          
 
          Spec organization (required)
          
 
 
            
-  
          • For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name (e.g., specs for lib/oauth2/release_cli.rb live in spec/oauth2/release_cli_spec.rb).
            • 
-  
          • Do not create ad-hoc “_more” or split spec files for the same class/module. Consolidate all unit tests into the main spec file for that class/module.
            • 
-  
          • Only integration scenarios that intentionally span multiple classes belong in spec/integration/.
            • 
+  
          • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/release_cli.rb -> spec/oauth2/release_cli_spec.rb.
            • 
+  
          • Never add a second spec file for the same class/module. Examples of disallowed names: *_more_spec.rb, *_extra_spec.rb, *_status_spec.rb, or any other suffix that still targets the same class. If you find yourself wanting a second file, merge those examples into the canonical spec file for that class/module.
            • 
+  
          • Exception: Integration specs that intentionally span multiple classes. Place these under spec/integration/ (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
            • 
+  
          • Migration note: If a duplicate spec file exists, move all examples into the canonical file and delete the duplicate. Do not leave stubs or empty files behind.
            • 
 
          
 
 
          Lint It
          
@@ -222,7 +251,11 @@ 
          To release a new version:
          
 
 
          Automated process
          
 
-
          Run bundle exec kettle-release.
          
+
            
+  
          1. Update version.rb to contian the correct version-to-be-released.
            2. 
+  
          2. Run bundle exec kettle-changelog.
            3. 
+  
          3. Run bundle exec kettle-release.
            4. 
+
          
 
 
          Manual process
          
 
@@ -275,7 +308,7 @@ 
          Manual process
          
 
 
       
diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html
index b48ef0de..560c0cc2 100644
--- a/docs/file.FUNDING.html
+++ b/docs/file.FUNDING.html
@@ -104,7 +104,7 @@ 
          Another Way to Support Open
 
 
       
diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html
index 6d677a46..ce620220 100644
--- a/docs/file.LICENSE.html
+++ b/docs/file.LICENSE.html
@@ -60,7 +60,7 @@
       
          MIT License

          Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
          Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

          Permission is hereby granted, free of charge, to any person obtaining a copy
          of this software and associated documentation files (the "Software"), to deal
          in the Software without restriction, including without limitation the rights
          to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
          copies of the Software, and to permit persons to whom the Software is
          furnished to do so, subject to the following conditions:

          The above copyright notice and this permission notice shall be included in all
          copies or substantial portions of the Software.

          THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
          IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
          FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
          AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
          LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
          OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
          SOFTWARE.
          
 
       
diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html
index c6d7b33c..4b19c806 100644
--- a/docs/file.OIDC.html
+++ b/docs/file.OIDC.html
@@ -247,7 +247,7 @@ 
          Raw OIDC with ruby-oauth/oauth2
          
 
 
       
diff --git a/docs/file.README.html b/docs/file.README.html
index a2501cf8..68a651dc 100644
--- a/docs/file.README.html
+++ b/docs/file.README.html
@@ -63,13 +63,13 @@ 
          🔐 OAuth 2.0 Authorization Framewor
 
 
          ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
          
 
-
          Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
          
+
          Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
          
 
-
          If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
          
+
          if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
          
 
 
          
 
-
          OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
          
+
          if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
          
 
 
          OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
          
 
@@ -180,7 +180,7 @@ 
          💡 Info you can shake a stick at
          
     
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
     
@@ -192,7 +192,7 @@ 
          💡 Info you can shake a stick at
          
     
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
     
@@ -264,14 +264,14 @@ 
          Upgrading Runtime Gem DependenciesWhat does that mean specifically for the runtime dependencies?
          
 
-
          We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
          
-covering the latest patch for each of the following minor versions:
          
+
          We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
          
+It wouldn’t be possible without appraisal2.
          
 
 
-      
+      
@@ -285,7 +285,7 @@ 
          Upgrading Runtime Gem DependenciesYou should upgrade this gem with confidence*.
            
-  
          • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+  
          • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
     
              
       
            • Dropping support for any of the runtime dependency versions above will be a major version bump.
              • 
       
            • If you aren’t on one of the minor versions above, make getting there a priority.
              • 
@@ -315,7 +315,7 @@ 
              You should upgrade this gem
 
              Federated DVCS
              
 
 
              
-  Find this repo on other forges (Coming soon!)
+  Find this repo on other forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
@@ -820,6 +820,65 @@ 
              OAuth2::AccessToken
              
 a hash of the values), or from_kvform (if you have an
              
 application/x-www-form-urlencoded encoded string of the values).
              
 
+
              Options (since v2.0.x unless noted):
              
+
                
+  
              • 
+    
          
   
     
          
       🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎🔎 appraisal2 🔎 and the color 💚 green 💚
     
          
             
   
 
 
          
+      
+        
+          
+          
+        
+      
+    
          expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
          
+  
+  
        • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
          token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
          
+  
          • 
+  
        • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
          mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
          
+    
            
+      
          • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
            • 
+      
          • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
            • 
+      
          • Verb-dependent (since v2.0.15): Provide either:
+        
              
+          
            • 
+            
+              
+                
+                  
+                  
+                  
+                
+              
+            
              a Proc takingverband returning :header or :query, or
              
+          
              • 
+          
            • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
              • 
+        
            
+      
            • 
+    
          
+  
          • 
+
        
+
+
        Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
        
+
 
        OAuth2::Error
        
 
 
        On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
        
@@ -994,6 +1053,79 @@ 
        Examples
        
 
 
 
+
        Instagram API (verb‑dependent token mode)
        
+
+
        Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
        
+
          
+  
        • GET requests: token must be in the query string (?access_token=…)
          • 
+  
        • POST/DELETE requests: token must be in the Authorization header (Bearer …)
          • 
+
        
+
+
        Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
        
+
+
        Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
        
+
+
        require "oauth2"
+
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
+
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
+  client,
+  ENV["IG_SHORT_LIVED_TOKEN"],
+  # Key part: verb‑dependent mode
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
+#    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
+exchange = short_lived.get(
+  "/access_token",
+  params: {
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
+    # access_token param will be added automatically by the AccessToken (mode => :query for GET)
+  },
+)
+long_lived_token_value = exchange.parsed["access_token"]
+
+long_lived = OAuth2::AccessToken.new(
+  client,
+  long_lived_token_value,
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+refresh_resp = long_lived.get(
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
+)
+long_lived = OAuth2::AccessToken.new(
+  client,
+  refresh_resp.parsed["access_token"],
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
+# such as publishing media via the Graph API endpoints.
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
        
+
+
        Tips:
        
+
          
+  
        • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
          • 
+  
        • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
          • 
+
        
+
 
        Refresh Tokens
        
 
 
        When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
        
@@ -1448,7 +1580,7 @@ 
        🤑 A request for help
        
 
 
        Live Chat on Discord
        
 
-
        To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
        
+
        To say “thanks!” ☝️ Join the Discord or 👇️ send money.
        
 
 
        Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
        
 
@@ -1461,8 +1593,8 @@ 
        Please give the project a star ⭐ ♥
     rel="me" Social Proofs
   
 
-
-
+
+
 
 
 
@@ -1476,7 +1608,7 @@ 
        Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/file.REEK.html b/docs/file.REEK.html
index 3820ad01..bd056a06 100644
--- a/docs/file.REEK.html
+++ b/docs/file.REEK.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html
index c356839a..4e8301ae 100644
--- a/docs/file.RUBOCOP.html
+++ b/docs/file.RUBOCOP.html
@@ -161,7 +161,7 @@ 
        Benefits of rubocop_gradual
        
 
 
       
diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html
index d2aea7ee..97fa7b30 100644
--- a/docs/file.SECURITY.html
+++ b/docs/file.SECURITY.html
@@ -66,32 +66,16 @@ 
        Supported Versions
        
     
       Version
       Supported
-      Post-EOL / Enterprise
     
   
   
-    
-      2.latest
-      ✅
-      Tidelift Subscription
-    
     
       1.latest
       ✅
-      Tidelift Subscription
-    
-    
-      <= 1
-      ⛔
-      ⛔
     
   
 
 
-
        EOL Policy
        
-
-
        Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April.
        
-
 
        Security contact information
        
 
 
        To report a security vulnerability, please use the
        
@@ -104,16 +88,10 @@ 
        Additional Support
        
 please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
        
 or find other sponsorship links in the README.
        
 
-
        Enterprise Support
        
-
-
        Available as part of the Tidelift Subscription.
        
-
-
        The maintainers of this library and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
        
-
 
 
       
diff --git a/docs/file.access_token.html b/docs/file.access_token.html
index 8c8b190e..11edd2ed 100644
--- a/docs/file.access_token.html
+++ b/docs/file.access_token.html
@@ -84,7 +84,7 @@
 
 
       
diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html
index 418162db..a91fe62b 100644
--- a/docs/file.authenticator.html
+++ b/docs/file.authenticator.html
@@ -81,7 +81,7 @@
 
 
       
diff --git a/docs/file.client.html b/docs/file.client.html
index 6e7c3a0c..a08b0873 100644
--- a/docs/file.client.html
+++ b/docs/file.client.html
@@ -111,7 +111,7 @@
 
 
       
diff --git a/docs/file.error.html b/docs/file.error.html
index 41c84414..2f085919 100644
--- a/docs/file.error.html
+++ b/docs/file.error.html
@@ -68,7 +68,7 @@
 
 
       
diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html
index ef605c3e..a8c8b02c 100644
--- a/docs/file.filtered_attributes.html
+++ b/docs/file.filtered_attributes.html
@@ -66,7 +66,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.10.gem.html b/docs/file.oauth2-2.0.10.gem.html
index c0b336c1..73b4cbbc 100644
--- a/docs/file.oauth2-2.0.10.gem.html
+++ b/docs/file.oauth2-2.0.10.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.11.gem.html b/docs/file.oauth2-2.0.11.gem.html
index b5615efd..66025eab 100644
--- a/docs/file.oauth2-2.0.11.gem.html
+++ b/docs/file.oauth2-2.0.11.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.12.gem.html b/docs/file.oauth2-2.0.12.gem.html
index b4d3ea9c..a492a78b 100644
--- a/docs/file.oauth2-2.0.12.gem.html
+++ b/docs/file.oauth2-2.0.12.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.13.gem.html b/docs/file.oauth2-2.0.13.gem.html
index 4511e72c..c155024b 100644
--- a/docs/file.oauth2-2.0.13.gem.html
+++ b/docs/file.oauth2-2.0.13.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2-2.0.14.gem.html b/docs/file.oauth2-2.0.14.gem.html
index 0f3a1796..4810d937 100644
--- a/docs/file.oauth2-2.0.14.gem.html
+++ b/docs/file.oauth2-2.0.14.gem.html
@@ -61,7 +61,7 @@
 
 
       
diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html
index cae2ccb7..3ed53f1b 100644
--- a/docs/file.oauth2.html
+++ b/docs/file.oauth2.html
@@ -69,7 +69,7 @@
 
 
       
diff --git a/docs/file.response.html b/docs/file.response.html
index 7aca41d4..a5939f29 100644
--- a/docs/file.response.html
+++ b/docs/file.response.html
@@ -77,7 +77,7 @@
 
 
       
diff --git a/docs/file.strategy.html b/docs/file.strategy.html
index 306658cd..7f46af9a 100644
--- a/docs/file.strategy.html
+++ b/docs/file.strategy.html
@@ -93,7 +93,7 @@
 
 
       
diff --git a/docs/file.version.html b/docs/file.version.html
index 111a1dfe..11beef54 100644
--- a/docs/file.version.html
+++ b/docs/file.version.html
@@ -65,7 +65,7 @@
 
 
       
diff --git a/docs/index.html b/docs/index.html
index aa23d0ad..754184ee 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -63,13 +63,13 @@ 
        🔐 OAuth 2.0 Authorization Framewor
 
 
        ⭐️ including OAuth 2.1 draft spec & OpenID Connect (OIDC)
        
 
-
        Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Caboose is an absolute WAGON CI Test Coverage CI Style CodeQL
        
+
        Version GitHub tag (latest SemVer) License: MIT Downloads Rank Open Source Helpers Coveralls Test Coverage QLTY Test Coverage QLTY Maintainability CI Heads CI Runtime Dependencies @ HEAD CI Current CI Truffle Ruby CI JRuby Deps Locked Deps Unlocked CI Supported CI Legacy CI Unsupported CI Ancient CI Test Coverage CI Style CodeQL
        
 
-
        If ☝️ ci_badges.map(&:color).detect { it != "green"}  let me know, as I may have missed the discord notification.
        
+
        if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
        
 
 
        
 
-
        OTOH, if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
        
+
        if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
        
 
 
        OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate to my FLOSS or refugee efforts at ko-fi.com Donate to my FLOSS or refugee efforts using Patreon
        
 
@@ -180,7 +180,7 @@ 
        💡 Info you can shake a stick at
        
     
       Style
       
-Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
+Enforced Code Style Linter Keep-A-Changelog 1.0.0 Gitmoji Commits Compatibility appraised by: appraisal2
 
     
     
@@ -192,7 +192,7 @@ 
        💡 Info you can shake a stick at
        
     
       Maintainer 🎖️
       
-Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
+Follow Me on LinkedIn Follow Me on Ruby.Social Follow Me on Bluesky Contact Maintainer My technical writing
 
     
     
@@ -264,14 +264,14 @@ 
        Upgrading Runtime Gem DependenciesWhat does that mean specifically for the runtime dependencies?
        
 
-
        We have 100% test coverage of lines and branches, and this test suite runs across a large matrix
        
-covering the latest patch for each of the following minor versions:
        
+
        We have 100% test coverage of lines and branches, and this test suite runs across a very large matrix.
        
+It wouldn’t be possible without appraisal2.
        
 
 
-      
+      
@@ -285,7 +285,7 @@ 
        Upgrading Runtime Gem DependenciesYou should upgrade this gem with confidence*.
          
-  
        • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
+  
        • This gem follows a strict & correct (according to the maintainer of SemVer; more info) interpretation of SemVer.
     
            
       
          • Dropping support for any of the runtime dependency versions above will be a major version bump.
            • 
       
          • If you aren’t on one of the minor versions above, make getting there a priority.
            • 
@@ -315,7 +315,7 @@ 
            You should upgrade this gem
 
            Federated DVCS
            
 
 
            
-  Find this repo on other forges (Coming soon!)
+  Find this repo on other forges
 
 | Federated [DVCS][💎d-in-dvcs] Repository      | Status                                                                | Issues                    | PRs                      | Wiki                      | CI                       | Discussions                  |
 |-----------------------------------------------|-----------------------------------------------------------------------|---------------------------|--------------------------|---------------------------|--------------------------|------------------------------|
@@ -820,6 +820,65 @@ 
            OAuth2::AccessToken
            
 a hash of the values), or from_kvform (if you have an
            
 application/x-www-form-urlencoded encoded string of the values).
            
 
+
            Options (since v2.0.x unless noted):
            
+
              
+  
            • 
+    
        
   
     
        
       🚚 Amazing test matrix was brought to you by🔎 appraisal2 🔎🔎 appraisal2 🔎 and the color 💚 green 💚
     
        
           
   
 
 
        
+      
+        
+          
+          
+        
+      
+    
        expires_latency (Integernil): Seconds to subtract from expires_in when computing #expired? to offset latency.
        
+  
+  
      • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
        token_name (StringSymbolnil): When multiple token-like fields exist in responses, select the field name to use as the access token (since v2.0.10).
        
+  
        • 
+  
      • 
+    
+      
+        
+          
+          
+          
+        
+      
+    
        mode (SymbolProcHash): Controls how the token is transmitted on requests made via this AccessToken instance.
        
+    
          
+      
        • :header — Send as Authorization: Bearer  header (default and preferred by OAuth 2.1 draft guidance).
+
          • 
+      
        • :query — Send as access_token query parameter (discouraged in general, but required by some providers).
          • 
+      
        • Verb-dependent (since v2.0.15): Provide either:
+        
            
+          
          • 
+            
+              
+                
+                  
+                  
+                  
+                
+              
+            
            a Proc takingverband returning :header or :query, or
            
+          
            • 
+          
          • a Hash with verb symbols as keys, for example: :query, post: :header, delete: :header.
            • 
+        
          
+      
          • 
+    
        
+  
        • 
+
      
+
+
      Note: Verb-dependent mode was added in v2.0.15 to support providers like Instagram that require query mode for GET and header mode for POST/DELETE.
      
+
 
      OAuth2::Error
      
 
 
      On 400+ status code responses, an OAuth2::Error will be raised.  If it is a
      
@@ -994,6 +1053,79 @@ 
      Examples
      
 
 
 
+
      Instagram API (verb‑dependent token mode)
      
+
+
      Providers like Instagram require the access token to be sent differently depending on the HTTP verb:
      
+
        
+  
      • GET requests: token must be in the query string (?access_token=…)
        • 
+  
      • POST/DELETE requests: token must be in the Authorization header (Bearer …)
        • 
+
      
+
+
      Since v2.0.15, you can configure an AccessToken with a verb‑dependent mode. The gem will choose how to send the token based on the request method.
      
+
+
      Example: exchanging and refreshing long‑lived Instagram tokens, and making API calls
      
+
+
      require "oauth2"
+
+# NOTE: Users authenticate via Facebook Login to obtain a short‑lived user token (not shown here).
+# See Facebook Login docs for obtaining the initial short‑lived token.
+
+client = OAuth2::Client.new(nil, nil, site: "https://graph.instagram.com")
+
+# Start with a short‑lived token you already obtained via Facebook Login
+short_lived = OAuth2::AccessToken.new(
+  client,
+  ENV["IG_SHORT_LIVED_TOKEN"],
+  # Key part: verb‑dependent mode
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 1) Exchange for a long‑lived token (Instagram requires GET with access_token in query)
+#    Endpoint: GET https://graph.instagram.com/access_token
+#    Params: grant_type=ig_exchange_token, client_secret=APP_SECRET
+exchange = short_lived.get(
+  "/access_token",
+  params: {
+    grant_type: "ig_exchange_token",
+    client_secret: ENV["IG_APP_SECRET"],
+    # access_token param will be added automatically by the AccessToken (mode => :query for GET)
+  },
+)
+long_lived_token_value = exchange.parsed["access_token"]
+
+long_lived = OAuth2::AccessToken.new(
+  client,
+  long_lived_token_value,
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 2) Refresh the long‑lived token (Instagram uses GET with token in query)
+#    Endpoint: GET https://graph.instagram.com/refresh_access_token
+refresh_resp = long_lived.get(
+  "/refresh_access_token",
+  params: {grant_type: "ig_refresh_token"},
+)
+long_lived = OAuth2::AccessToken.new(
+  client,
+  refresh_resp.parsed["access_token"],
+  mode: {get: :query, post: :header, delete: :header},
+)
+
+# 3) Typical API GET request (token in query automatically)
+me = long_lived.get("/me", params: {fields: "id,username"}).parsed
+
+# 4) Example POST (token sent via Bearer header automatically)
+# Note: Replace the path/params with a real Instagram Graph API POST you need,
+# such as publishing media via the Graph API endpoints.
+# long_lived.post("/me/media", body: {image_url: "https://...", caption: "hello"})
+
      
+
+
      Tips:
      
+
        
+  
      • Avoid query‑string bearer tokens unless required by your provider. Instagram explicitly requires it for GET.
        • 
+  
      • If you need a custom rule, you can pass a Proc for mode, e.g. mode: ->(verb) { verb == :get ? :query : :header }.
        • 
+
      
+
 
      Refresh Tokens
      
 
 
      When the server issues a refresh_token, you can refresh manually or implement an auto-refresh wrapper.
      
@@ -1448,7 +1580,7 @@ 
      🤑 A request for help
      
 
 
      Live Chat on Discord
      
 
-
      To say “thanks for maintaining such a great tool” ☝️ Join the Discord or 👇️ send money.
      
+
      To say “thanks!” ☝️ Join the Discord or 👇️ send money.
      
 
 
      Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal
      
 
@@ -1461,8 +1593,8 @@ 
      Please give the project a star ⭐ ♥
     rel="me" Social Proofs
   
 
-
-
+
+
 
 
 
@@ -1476,7 +1608,7 @@ 
      Please give the project a star ⭐ ♥
 
 
       
diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html
index 91c7f665..9204eaf4 100644
--- a/docs/top-level-namespace.html
+++ b/docs/top-level-namespace.html
@@ -100,7 +100,7 @@ 
      Defined Under Namespace
      
 
 
       
diff --git a/lib/oauth2/version.rb b/lib/oauth2/version.rb
index 201418e0..7d7683c0 100644
--- a/lib/oauth2/version.rb
+++ b/lib/oauth2/version.rb
@@ -2,6 +2,6 @@
 
 module OAuth2
   module Version
-    VERSION = "2.0.14"
+    VERSION = "2.0.15"
   end
 end