diff --git a/README.md b/README.md index 82cbb176..bc17fe79 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,3 @@ -| 📍 NOTE | -|-------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| RubyGems (the [GitHub org][rubygems-org], not the website) [suffered][draper-security] a [hostile takeover][ellen-takeover] in September 2025. | -| Ultimately [4 maintainers][simi-removed] were [hard removed][martin-removed] and a reason has been given for only 1 of those, while 2 others resigned in protest. | -| It is a [complicated story][draper-takeover] which is difficult to [parse quickly][draper-lies]. | -| I'm adding notes like this to gems because I [don't condone theft][draper-theft] of repositories or gems from their rightful owners. | -| If a similar theft happened with my repos/gems, I'd hope some would stand up for me. | -| Disenfranchised former-maintainers have started [gem.coop][gem-coop]. | -| Once available I will publish there exclusively; unless RubyCentral makes amends with the community. | -| The ["Technology for Humans: Joel Draper"][reinteractive-podcast] podcast episode by [reinteractive][reinteractive] is the most cogent summary I'm aware of. | -| See [here][gem-naming], [here][gem-coop] and [here][martin-ann] for more info on what comes next. | -| What I'm doing: A (WIP) proposal for [bundler/gem scopes][gem-scopes], and a (WIP) proposal for a federated [gem server][gem-server]. | - -[rubygems-org]: https://github.com/rubygems/ -[draper-security]: https://joel.drapper.me/p/ruby-central-security-measures/ -[draper-takeover]: https://joel.drapper.me/p/ruby-central-takeover/ -[ellen-takeover]: https://pup-e.com/blog/goodbye-rubygems/ -[simi-removed]: https://www.reddit.com/r/ruby/s/gOk42POCaV -[martin-removed]: https://bsky.app/profile/martinemde.com/post/3m3occezxxs2q -[draper-lies]: https://joel.drapper.me/p/ruby-central-fact-check/ -[draper-theft]: https://joel.drapper.me/p/ruby-central/ -[reinteractive]: https://reinteractive.com/ruby-on-rails -[gem-coop]: https://gem.coop -[gem-naming]: https://github.com/gem-coop/gem.coop/issues/12 -[martin-ann]: https://martinemde.com/2025/10/05/announcing-gem-coop.html -[gem-scopes]: https://github.com/galtzo-floss/bundle-namespace -[gem-server]: https://github.com/galtzo-floss/gem-server -[reinteractive-podcast]: https://youtu.be/_H4qbtC5qzU?si=BvuBU90R2wAqD2E6 - [![Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0][🖼️galtzo-i]][🖼️galtzo-discord] [![ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5][🖼️ruby-lang-i]][🖼️ruby-lang] [![oauth2 Logo by Chris Messina, CC BY-SA 3.0][🖼️oauth2-i]][🖼️oauth2] [🖼️galtzo-i]: https://logos.galtzo.com/assets/images/galtzo-floss/avatar-192px.svg @@ -50,6 +21,13 @@ [![OpenCollective Backers][🖇osc-backers-i]][🖇osc-backers] [![OpenCollective Sponsors][🖇osc-sponsors-i]][🖇osc-sponsors] [![Sponsor Me on Github][🖇sponsor-img]][🖇sponsor] [![Liberapay Goal Progress][⛳liberapay-img]][⛳liberapay] [![Donate on PayPal][🖇paypal-img]][🖇paypal] [![Buy me a coffee][🖇buyme-small-img]][🖇buyme] [![Donate on Polar][🖇polar-img]][🖇polar] [![Donate at ko-fi.com][🖇kofi-img]][🖇kofi] +
+ 👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️ + +I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo). + +
+ ## 🌻 Synopsis OAuth 2.0 is the industry-standard protocol for authorization. diff --git a/docs/OAuth2.html b/docs/OAuth2.html index e69de29b..b27a0542 100644 --- a/docs/OAuth2.html +++ b/docs/OAuth2.html @@ -0,0 +1,383 @@ + + + + + + + Module: OAuth2 + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2 + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2.rb,
+ lib/oauth2/error.rb,
lib/oauth2/client.rb,
lib/oauth2/version.rb,
lib/oauth2/response.rb,
lib/oauth2/access_token.rb,
lib/oauth2/authenticator.rb,
lib/oauth2/strategy/base.rb,
lib/oauth2/strategy/implicit.rb,
lib/oauth2/strategy/password.rb,
lib/oauth2/strategy/assertion.rb,
lib/oauth2/strategy/auth_code.rb,
lib/oauth2/filtered_attributes.rb,
lib/oauth2/strategy/client_credentials.rb +
+
+ +
+ +

Overview

+
+

:nocov:

+ + +
+
+
+ + +

Defined Under Namespace

+

+ + + Modules: FilteredAttributes, Strategy, Version + + + + Classes: AccessToken, Authenticator, Client, Error, Response + + +

+ + +

+ Constant Summary + collapse +

+ +
+ +
OAUTH_DEBUG = +
+
+

When true, enables verbose HTTP logging via Faraday’s logger middleware.
+Controlled by the OAUTH_DEBUG environment variable. Any case-insensitive
+value equal to “true” will enable debugging.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+
+ 
ENV.fetch("OAUTH_DEBUG", "false").casecmp("true").zero?
+ +
DEFAULT_CONFIG = +
+
+

Default configuration values for the oauth2 library.

+ + +
+
+
+ +
+

Examples:

+ + +

Toggle warnings

+
+ + 
OAuth2.configure do |config|
+  config[:silence_extra_tokens_warning] = false
+  config[:silence_no_tokens_warning] = false
+end
+ +
+ +

Returns:

+
    + +
  • + + + (SnakyHash::SymbolKeyed) + + + + — +

    A mutable Hash-like config with symbol keys

    +
    + +
    • + +
+ +
+
+ 
SnakyHash::SymbolKeyed.new(
+  silence_extra_tokens_warning: true,
+  silence_no_tokens_warning: true,
+)
+ +
ConnectionError = + +
+ 
Class.new(Faraday::ConnectionFailed)
+ +
TimeoutError = + +
+ 
Class.new(Faraday::TimeoutError)
+ +
+ + + + + + + + + +

+ Class Method Summary + collapse +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + .configObject + + + + + +

+ + + + +
+ 
+
+
+56
+57
+58
+ 		+ 
# File 'lib/oauth2.rb', line 56
+
+def config
+  @config ||= DEFAULT_CONFIG.dup
+end
+
+
+ +
+

+ + .configure {|config| ... } ⇒ void + + + + + +

+
+

This method returns an undefined value.

Configure global library behavior.

+ +

Yields the mutable configuration object so callers can update settings.

+ + +
+
+
+ +

Yield Parameters:

+
    + +
  • + + config + + + (SnakyHash::SymbolKeyed) + + + + — +

    the configuration object

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+66
+67
+68
+ 		+ 
# File 'lib/oauth2.rb', line 66
+
+def configure
+  yield config
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/AccessToken.html b/docs/OAuth2/AccessToken.html index e69de29b..77789deb 100644 --- a/docs/OAuth2/AccessToken.html +++ b/docs/OAuth2/AccessToken.html @@ -0,0 +1,3087 @@ + + + + + + + Class: OAuth2::AccessToken + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::AccessToken + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + +
+
Includes:
+
FilteredAttributes
+
+ + + + + + +
+
Defined in:
+
lib/oauth2/access_token.rb
+
+ +
+ +

Overview

+
+

rubocop:disable Metrics/ClassLength

+ + +
+
+
+ + +
+ +

+ Constant Summary + collapse +

+ +
+ +
TOKEN_KEYS_STR = + +
+ 
%w[access_token id_token token accessToken idToken].freeze
+ +
TOKEN_KEYS_SYM = + +
+ 
%i[access_token id_token token accessToken idToken].freeze
+ +
TOKEN_KEY_LOOKUP = + +
+ 
TOKEN_KEYS_STR + TOKEN_KEYS_SYM
+ +
+ + + + + +

Instance Attribute Summary collapse

+ + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods included from FilteredAttributes

+

included, #inspect

+
+

Constructor Details

+ +
+

+ + #initialize(client, token, opts = {}) ⇒ AccessToken + + + + + +

+
+ +
+ Note: +

For “soon-to-expire”/”clock-skew” functionality see the :expires_latency option.

+
+
+ +
+ Note: +

If no token is provided, the AccessToken will be considered invalid.
+This is to prevent the possibility of a token being accidentally
+created with no token value.
+If you want to create an AccessToken with no token value,
+you can pass in an empty string or nil for the token value.
+If you want to create an AccessToken with no token value and
+no refresh token, you can pass in an empty string or nil for the
+token value and nil for the refresh token, and raise_errors: false.

+
+
+ +

Initialize an AccessToken

+ + +
+
+
+ +
+

Examples:

+ + +

Verb-dependent Hash mode

+
+ + 
# Send token in query for GET, in header for POST/DELETE, in body for PUT/PATCH
+OAuth2::AccessToken.new(client, token, mode: {get: :query, post: :header, delete: :header, put: :body, patch: :body})
+ +
+

Parameters:

+
    + +
  • + + client + + + (Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + token + + + (String) + + + + — +

    the Access Token value (optional, may not be used in refresh flows)

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to create the Access Token with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (opts):

+
    + +
  • + :refresh_token + (String) + + + — default: + nil + + + + —

    the refresh_token value

    +
    + +
    • + +
  • + :expires_in + (FixNum, String) + + + — default: + nil + + + + —

    the number of seconds in which the AccessToken will expire

    +
    + +
    • + +
  • + :expires_at + (FixNum, String) + + + — default: + nil + + + + —

    the epoch time in seconds in which AccessToken will expire

    +
    + +
    • + +
  • + :expires_latency + (FixNum, String) + + + — default: + nil + + + + —

    the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+

    +
    + +
    • + +
  • + :mode + (Symbol, Hash, or callable) + + + — default: + :header + + + + —

    the transmission mode of the Access Token parameter value:
    +either one of :header, :body or :query; or a Hash with verb symbols as keys mapping to one of these symbols
    +(e.g., {get: :query, post: :header, delete: :header}); or a callable that accepts a request-verb parameter
    +and returns one of these three symbols.

    +
    + +
    • + +
  • + :header_format + (String) + + + — default: + 'Bearer %s' + + + + —

    the string format to use for the Authorization header

    +
    + +
    • + +
  • + :param_name + (String) + + + — default: + 'access_token' + + + + —

    the parameter name to use for transmission of the
    +Access Token value in :body or :query transmission mode

    +
    + +
    • + +
  • + :token_name + (String) + + + — default: + nil + + + + —

    the name of the response parameter that identifies the access token
    +When nil one of TOKEN_KEY_LOOKUP will be used

    +
    + +
    • + +
+ + + +
+ + + + +
+ 
+
+
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 145
+
+def initialize(client, token, opts = {})
+  @client = client
+  @token = token.to_s
+  opts = opts.dup
+  %i[refresh_token expires_in expires_at expires_latency].each do |arg|
+    instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
+  end
+  no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?)
+  if no_tokens
+    if @client.options[:raise_errors]
+      raise Error.new({
+        error: "OAuth2::AccessToken has no token",
+        error_description: "Options are: #{opts.inspect}",
+      })
+    elsif !OAuth2.config.silence_no_tokens_warning
+      warn("OAuth2::AccessToken has no token")
+    end
+  end
+  # @option opts [Fixnum, String] :expires is deprecated
+  @expires_in ||= opts.delete("expires")
+  @expires_in &&= @expires_in.to_i
+  @expires_at &&= convert_expires_at(@expires_at)
+  @expires_latency &&= @expires_latency.to_i
+  @expires_at ||= Time.now.to_i + @expires_in if @expires_in && !@expires_in.zero?
+  @expires_at -= @expires_latency if @expires_latency
+  @options = {
+    mode: opts.delete(:mode) || :header,
+    header_format: opts.delete(:header_format) || "Bearer %s",
+    param_name: opts.delete(:param_name) || "access_token",
+  }
+  @options[:token_name] = opts.delete(:token_name) if opts.key?(:token_name)
+
+  @params = opts
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #clientObject (readonly) + + + + + +

+
+

Returns the value of attribute client.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def client
+  @client
+end
+
+
+ + + +
+

+ + #expires_atObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_at.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def expires_at
+  @expires_at
+end
+
+
+ + + +
+

+ + #expires_inObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_in.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def expires_in
+  @expires_in
+end
+
+
+ + + +
+

+ + #expires_latencyObject (readonly) + + + + + +

+
+

Returns the value of attribute expires_latency.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def expires_latency
+  @expires_latency
+end
+
+
+ + + +
+

+ + #optionsObject + + + + + +

+
+

Returns the value of attribute options.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 27
+
+def options
+  @options
+end
+
+
+ + + +
+

+ + #paramsObject (readonly) + + + + + +

+
+

Returns the value of attribute params.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def params
+  @params
+end
+
+
+ + + +
+

+ + #refresh_tokenObject + + + + + +

+
+

Returns the value of attribute refresh_token.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 27
+
+def refresh_token
+  @refresh_token
+end
+
+
+ + + +
+

+ + #responseObject + + + + + +

+
+

Returns the value of attribute response.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 27
+
+def response
+  @response
+end
+
+
+ + + +
+

+ + #tokenObject (readonly) + + + + + +

+
+

Returns the value of attribute token.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 26
+
+def token
+  @token
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .from_hash(client, hash) ⇒ OAuth2::AccessToken + + + + + +

+
+ +
+ Note: +

The method will use the first found token key in the following order:
+‘access_token’, ‘id_token’, ‘token’ (or their symbolic versions)

+
+
+ +
+ Note: +

If multiple token keys are present, a warning will be issued unless
+OAuth2.config.silence_extra_tokens_warning is true

+
+
+ +
+ Note: +

If no token keys are present, a warning will be issued unless
+OAuth2.config.silence_no_tokens_warning is true

+
+
+ +
+ Note: +

For “soon-to-expire”/”clock-skew” functionality see the :expires_latency option.

+
+
+ +
+ Note: +

If snaky key conversion is being used, token_name needs to match the converted key.

+
+
+ +

Initializes an AccessToken from a Hash

+ + +
+
+
+ +
+

Examples:

+ + + 
hash = { 'access_token' => 'token_value', 'refresh_token' => 'refresh_value' }
+access_token = OAuth2::AccessToken.from_hash(client, hash)
+ +
+

Parameters:

+
    + +
  • + + client + + + (OAuth2::Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + hash + + + (Hash) + + + + — +

    a hash containing the token and other properties

    +
    + +
    • + +
+ + + + + + +

Options Hash (hash):

+
    + +
  • + 'access_token' + (String) + + + + + —

    the access token value

    +
    + +
    • + +
  • + 'id_token' + (String) + + + + + —

    alternative key for the access token value

    +
    + +
    • + +
  • + 'token' + (String) + + + + + —

    alternative key for the access token value

    +
    + +
    • + +
  • + 'refresh_token' + (String) + + + — default: + optional + + + + —

    the refresh token value

    +
    + +
    • + +
  • + 'expires_in' + (Integer, String) + + + — default: + optional + + + + —

    number of seconds until token expires

    +
    + +
    • + +
  • + 'expires_at' + (Integer, String) + + + — default: + optional + + + + —

    epoch time in seconds when token expires

    +
    + +
    • + +
  • + 'expires_latency' + (Integer, String) + + + — default: + optional + + + + —

    seconds to reduce token validity by

    +
    + +
    • + +
+ + +

Returns:

+ + +
+ + + + +
+ 
+
+
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 57
+
+def from_hash(client, hash)
+  fresh = hash.dup
+  # If token_name is present, then use that key name
+  if fresh.key?(:token_name)
+    t_key = fresh[:token_name]
+    no_tokens_warning(fresh, t_key)
+  else
+    # Otherwise, if one of the supported default keys is present, use whichever has precedence
+    supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
+    t_key = supported_keys[0]
+    extra_tokens_warning(supported_keys, t_key)
+  end
+  # :nocov:
+  # TODO: Get rid of this branching logic when dropping Hashie < v3.2
+  token = if !defined?(Hashie::VERSION) # i.e. <= "1.1.0"; the first Hashie to ship with a VERSION constant
+    warn("snaky_hash and oauth2 will drop support for Hashie v0 in the next major version. Please upgrade to a modern Hashie.")
+    # There is a bug in Hashie v0, which is accounts for.
+    fresh.delete(t_key) || fresh[t_key] || ""
+  else
+    fresh.delete(t_key) || ""
+  end
+  # :nocov:
+  new(client, token, fresh)
+end
+
+
+ +
+

+ + .from_kvform(client, kvform) ⇒ AccessToken + + + + + +

+
+

Initializes an AccessToken from a key/value application/x-www-form-urlencoded string

+ + +
+
+
+

Parameters:

+
    + +
  • + + client + + + (Client) + + + + — +

    the OAuth2::Client instance

    +
    + +
    • + +
  • + + kvform + + + (String) + + + + — +

    the application/x-www-form-urlencoded string

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (AccessToken) + + + + — +

    the initialized AccessToken

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+87
+88
+89
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 87
+
+def from_kvform(client, kvform)
+  from_hash(client, Rack::Utils.parse_query(kvform))
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #[](key) ⇒ Object + + + + + +

+
+

Indexer to additional params present in token response

+ + +
+
+
+

Parameters:

+
    + +
  • + + key + + + (String) + + + + — +

    entry key to Hash

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+183
+184
+185
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 183
+
+def [](key)
+  @params[key]
+end
+
+
+ +
+

+ + #delete(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a DELETE request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+365
+366
+367
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 365
+
+def delete(path, opts = {}, &block)
+  request(:delete, path, opts, &block)
+end
+
+
+ +
+

+ + #expired?Boolean + + + + + +

+
+

Check if token is expired

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + + — +

    true if the token is expired, false otherwise

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+197
+198
+199
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 197
+
+def expired?
+  expires? && (expires_at <= Time.now.to_i)
+end
+
+
+ +
+

+ + #expires?Boolean + + + + + +

+
+

Whether the token expires

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Boolean) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+190
+191
+192
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 190
+
+def expires?
+  !!@expires_at
+end
+
+
+ +
+

+ + #get(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a GET request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+337
+338
+339
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 337
+
+def get(path, opts = {}, &block)
+  request(:get, path, opts, &block)
+end
+
+
+ +
+

+ + #headersObject + + + + + +

+
+

Get the headers hash (includes Authorization token)

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+370
+371
+372
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 370
+
+def headers
+  {"Authorization" => options[:header_format] % token}
+end
+
+
+ +
+

+ + #patch(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a PATCH request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+358
+359
+360
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 358
+
+def patch(path, opts = {}, &block)
+  request(:patch, path, opts, &block)
+end
+
+
+ +
+

+ + #post(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a POST request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+344
+345
+346
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 344
+
+def post(path, opts = {}, &block)
+  request(:post, path, opts, &block)
+end
+
+
+ +
+

+ + #put(path, opts = {}, &block) ⇒ Object + + + + + +

+
+

Make a PUT request with the Access Token

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+351
+352
+353
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 351
+
+def put(path, opts = {}, &block)
+  request(:put, path, opts, &block)
+end
+
+
+ +
+

+ + #refresh(params = {}, access_token_opts = {}) {|opts| ... } ⇒ OAuth2::AccessToken + + + + Also known as: + refresh! + + + + +

+
+ +
+ Note: +

current token’s options are carried over to the new AccessToken

+
+
+ +

Refreshes the current Access Token

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params to pass to the refresh token request

    +
    + +
    • + +
  • + + access_token_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options that will be passed to the AccessToken initialization

    +
    + +
    • + +
+ +

Yields:

+
    + +
  • + + + (opts) + + + + — +

    The block to modify the refresh token request options

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + opts + + + (Hash) + + + + — +

    The options hash that can be modified

    +
    + +
    • + +
+

Returns:

+ +

Raises:

+ + +
+ + + + +
+ 
+
+
+212
+213
+214
+215
+216
+217
+218
+219
+220
+221
+222
+223
+224
+225
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 212
+
+def refresh(params = {}, access_token_opts = {}, &block)
+  raise OAuth2::Error.new({error: "A refresh_token is not available"}) unless refresh_token
+
+  params[:grant_type] = "refresh_token"
+  params[:refresh_token] = refresh_token
+  new_token = @client.get_token(params, access_token_opts, &block)
+  new_token.options = options
+  if new_token.refresh_token
+    # Keep it if there is one
+  else
+    new_token.refresh_token = refresh_token
+  end
+  new_token
+end
+
+
+ +
+

+ + #request(verb, path, opts = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+

Make a request with the Access Token

+ + +
+
+
+

Parameters:

+
    + +
  • + + verb + + + (Symbol) + + + + — +

    the HTTP request method

    +
    + +
    • + +
  • + + path + + + (String) + + + + — +

    the HTTP URL path of the request

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to make the request with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (opts):

+
    + +
  • + :params + (Hash) + + + + + —

    additional URL parameters

    +
    + +
    • + +
  • + :body + (Hash, String) + + + + + —

    the request body

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    request headers

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block to modify the request

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+
    + +
  • + + + (OAuth2::Response) + + + + — +

    the response from the request

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+329
+330
+331
+332
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 329
+
+def request(verb, path, opts = {}, &block)
+  configure_authentication!(opts, verb)
+  @client.request(verb, path, opts, &block)
+end
+
+
+ +
+

+ + #revoke(params = {}) {|req| ... } ⇒ OAuth2::Response + + + + Also known as: + revoke! + + + + +

+
+ +
+ Note: +

If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
+token as well.

+
+
+ +
+ Note: +

If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
+grant

+
+
+ +
+ Note: +

If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
+requesting client.

+
+
+ +

Revokes the token at the authorization server

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional parameters to be sent during revocation

    +
    + +
    • + +
+ + + + +

Options Hash (params):

+
    + +
  • + :token_type_hint + (String, Symbol, nil) + + + — default: + 'access_token' or 'refresh_token' + + + + —

    hint about which token to revoke

    +
    + +
    • + +
  • + :token_method + (Symbol) + + + — default: + :post_with_query_string + + + + —

    overrides OAuth2::Client#options[:token_method]

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+ +

Raises:

+
    + +
  • + + + (OAuth2::Error) + + + + — +

    if token_type_hint is invalid or the specified token is not available

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+261
+262
+263
+264
+265
+266
+267
+268
+269
+270
+271
+272
+273
+274
+275
+276
+277
+278
+279
+280
+281
+282
+283
+284
+285
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 261
+
+def revoke(params = {}, &block)
+  token_type_hint_orig = params.delete(:token_type_hint)
+  token_type_hint = nil
+  revoke_token = case token_type_hint_orig
+  when "access_token", :access_token
+    token_type_hint = "access_token"
+    token
+  when "refresh_token", :refresh_token
+    token_type_hint = "refresh_token"
+    refresh_token
+  when nil
+    if token
+      token_type_hint = "access_token"
+      token
+    elsif refresh_token
+      token_type_hint = "refresh_token"
+      refresh_token
+    end
+  else
+    raise OAuth2::Error.new({error: "token_type_hint must be one of [nil, :refresh_token, :access_token], so if you need something else consider using a subclass or entirely custom AccessToken class."})
+  end
+  raise OAuth2::Error.new({error: "#{token_type_hint || "unknown token type"} is not available for revoking"}) unless revoke_token && !revoke_token.empty?
+
+  @client.revoke_token(revoke_token, token_type_hint, params, &block)
+end
+
+
+ +
+

+ + #to_hashHash + + + + + +

+
+ +
+ Note: +

Don’t return expires_latency because it has already been deducted from expires_at

+
+
+ +

Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    a hash of AccessToken property values

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+295
+296
+297
+298
+299
+300
+301
+302
+303
+304
+305
+306
+307
+308
+309
+310
+311
+312
+ 		+ 
# File 'lib/oauth2/access_token.rb', line 295
+
+def to_hash
+  hsh = {
+    access_token: token,
+    refresh_token: refresh_token,
+    expires_at: expires_at,
+    mode: options[:mode],
+    header_format: options[:header_format],
+    param_name: options[:param_name],
+  }
+  hsh[:token_name] = options[:token_name] if options.key?(:token_name)
+  # TODO: Switch when dropping Ruby < 2.5 support
+  # params.transform_keys(&:to_sym) # Ruby 2.5 only
+  # Old Ruby transform_keys alternative:
+  sheesh = @params.each_with_object({}) { |(k, v), memo|
+    memo[k.to_sym] = v
+  }
+  sheesh.merge(hsh)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Authenticator.html b/docs/OAuth2/Authenticator.html index e69de29b..0b0766eb 100644 --- a/docs/OAuth2/Authenticator.html +++ b/docs/OAuth2/Authenticator.html @@ -0,0 +1,893 @@ + + + + + + + Class: OAuth2::Authenticator + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Authenticator + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + +
+
Includes:
+
FilteredAttributes
+
+ + + + + + +
+
Defined in:
+
lib/oauth2/authenticator.rb
+
+ +
+ +

Overview

+
+

Builds and applies client authentication to token and revoke requests.

+ +

Depending on the selected mode, credentials are applied as Basic Auth
+headers, request body parameters, or only the client_id is sent (TLS).

+ + +
+
+
+ + +
+ + + +

Instance Attribute Summary collapse

+ + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods included from FilteredAttributes

+

included, #inspect

+
+

Constructor Details

+ +
+

+ + #initialize(id, secret, mode) ⇒ Authenticator + + + + + +

+
+

Create a new Authenticator

+ + +
+
+
+

Parameters:

+
    + +
  • + + id + + + (String, nil) + + + + — +

    Client identifier

    +
    + +
    • + +
  • + + secret + + + (String, nil) + + + + — +

    Client secret

    +
    + +
    • + +
  • + + mode + + + (Symbol, String) + + + + — +

    Authentication mode

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 24
+
+def initialize(id, secret, mode)
+  @id = id
+  @secret = secret
+  @mode = mode
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #idSymbol, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (Symbol, String) + + + + — +

    Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client identifier

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client secret (filtered in inspected output)

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+16
+17
+18
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 16
+
+def id
+  @id
+end
+
+
+ + + +
+

+ + #modeSymbol, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (Symbol, String) + + + + — +

    Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client identifier

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client secret (filtered in inspected output)

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+16
+17
+18
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 16
+
+def mode
+  @mode
+end
+
+
+ + + +
+

+ + #secretSymbol, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (Symbol, String) + + + + — +

    Authentication mode (e.g., :basic_auth, :request_body, :tls_client_auth, :private_key_jwt)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client identifier

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Client secret (filtered in inspected output)

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+16
+17
+18
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 16
+
+def secret
+  @secret
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .encode_basic_auth(user, password) ⇒ String + + + + + +

+
+

Encodes a Basic Authorization header value for the provided credentials.

+ + +
+
+
+

Parameters:

+
    + +
  • + + user + + + (String) + + + + — +

    The client identifier

    +
    + +
    • + +
  • + + password + + + (String) + + + + — +

    The client secret

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    The value to use for the Authorization header

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+60
+61
+62
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 60
+
+def encode_basic_auth(user, password)
+  "Basic #{Base64.strict_encode64("#{user}:#{password}")}"
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #apply(params) ⇒ Hash + + + + + +

+
+

Apply the request credentials used to authenticate to the Authorization Server

+ +

Depending on the configuration, this might be as request params or as an
+Authorization header.

+ +

User-provided params and header take precedence.

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + + — +

    a Hash of params for the token endpoint

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    params amended with appropriate authentication details

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+ 		+ 
# File 'lib/oauth2/authenticator.rb', line 39
+
+def apply(params)
+  case mode.to_sym
+  when :basic_auth
+    apply_basic_auth(params)
+  when :request_body
+    apply_params_auth(params)
+  when :tls_client_auth
+    apply_client_id(params)
+  when :private_key_jwt
+    params
+  else
+    raise NotImplementedError
+  end
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Client.html b/docs/OAuth2/Client.html index ac07320c..80ea5708 100644 --- a/docs/OAuth2/Client.html +++ b/docs/OAuth2/Client.html @@ -6,7 +6,7 @@ Class: OAuth2::Client - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.38 @@ -1905,4 +1905,762 @@ 

# File 'lib/oauth2/client.rb', line 339
 
 def redirection_params
-  if opt
\ No newline at end of file
+  if options[:redirect_uri]
+    {"redirect_uri" => options[:redirect_uri]}
+  else
+    {}
+  end
+end
+ + + + + +
+

+ + #request(verb, url, req_opts = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+

Makes a request relative to the specified site root.

+ +

Updated HTTP 1.1 specification (IETF RFC 7231) relaxed the original constraint (IETF RFC 2616),
+ allowing the use of relative URLs in Location headers.

+ + +
+
+
+

Parameters:

+
    + +
  • + + verb + + + (Symbol) + + + + — +

    one of [:get, :post, :put, :delete]

    +
    + +
    • + +
  • + + url + + + (String) + + + + — +

    URL path of request

    +
    + +
    • + +
  • + + req_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    the options to make the request with

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (req_opts):

+
    + +
  • + :params + (Hash) + + + + + —

    additional query parameters for the URL of the request

    +
    + +
    • + +
  • + :body + (Hash, String) + + + + + —

    the body of the request

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    http request headers

    +
    + +
    • + +
  • + :raise_errors + (Boolean) + + + + + —

    whether to raise an OAuth2::Error on 400+ status
    +code response for this request. Overrides the client instance setting.

    +
    + +
    • + +
  • + :parse + (Symbol) + + + + + —

    @see Response::initialize

    +
    + +
    • + +
  • + :snaky + (Boolean) + + + — default: + true + + + + —

    @see Response::initialize

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+
    + +
  • + + + (OAuth2::Response) + + + + — +

    the response from the request

    +
    + +
    • + +
+ +

See Also:

+ + +
+ + + + +
+ 
+
+
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
+174
+175
+176
+177
+178
+179
+180
+181
+182
+ 		+ 
# File 'lib/oauth2/client.rb', line 146
+
+def request(verb, url, req_opts = {}, &block)
+  response = execute_request(verb, url, req_opts, &block)
+  status = response.status
+
+  case status
+  when 301, 302, 303, 307
+    req_opts[:redirect_count] ||= 0
+    req_opts[:redirect_count] += 1
+    return response if req_opts[:redirect_count] > options[:max_redirects]
+
+    if status == 303
+      verb = :get
+      req_opts.delete(:body)
+    end
+    location = response.headers["location"]
+    if location
+      full_location = response.response.env.url.merge(location)
+      request(verb, full_location, req_opts)
+    else
+      error = Error.new(response)
+      raise(error, "Got #{status} status code, but no Location header was present")
+    end
+  when 200..299, 300..399
+    # on non-redirecting 3xx statuses, return the response
+    response
+  when 400..599
+    if req_opts.fetch(:raise_errors, options[:raise_errors])
+      error = Error.new(response)
+      raise(error)
+    end
+
+    response
+  else
+    error = Error.new(response)
+    raise(error, "Unhandled status code value of #{status}")
+  end
+end
+
+
+ +
+

+ + #revoke_token(token, token_type_hint = nil, params = {}) {|req| ... } ⇒ OAuth2::Response + + + + + +

+
+ +
+ Note: +

If the token passed to the request
+is an access token, the server MAY revoke the respective refresh
+token as well.

+
+
+ +
+ Note: +

If the token passed to the request
+is a refresh token and the authorization server supports the
+revocation of access tokens, then the authorization server SHOULD
+also invalidate all access tokens based on the same authorization
+grant

+
+
+ +
+ Note: +

If the server responds with HTTP status code 503, your code must
+assume the token still exists and may retry after a reasonable delay.
+The server may include a “Retry-After” header in the response to
+indicate how long the service is expected to be unavailable to the
+requesting client.

+
+
+ +

Makes a request to revoke a token at the authorization server

+ + +
+
+
+

Parameters:

+
    + +
  • + + token + + + (String) + + + + — +

    The token to be revoked

    +
    + +
    • + +
  • + + token_type_hint + + + (String, nil) + + + (defaults to: nil) + + + — +

    A hint about the type of the token being revoked (e.g., ‘access_token’ or ‘refresh_token’)

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional parameters for the token revocation

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (params):

+
    + +
  • + :parse + (Symbol) + + + — default: + :automatic + + + + —

    parsing strategy for the response

    +
    + +
    • + +
  • + :snaky + (Boolean) + + + — default: + true + + + + —

    whether to convert response keys to snake_case

    +
    + +
    • + +
  • + :token_method + (Symbol) + + + — default: + :post_with_query_string + + + + —

    overrides OAuth2::Client#options[:token_method]

    +
    + +
    • + +
  • + :headers + (Hash) + + + + + —

    Additional request headers

    +
    + +
    • + +
+ + +

Yields:

+
    + +
  • + + + (req) + + + + — +

    The block is passed the request being made, allowing customization

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + req + + + (Faraday::Request) + + + + — +

    The request object that can be modified

    +
    + +
    • + +
+

Returns:

+ + +

See Also:

+ + +
+ + + + +
+ 
+
+
+257
+258
+259
+260
+261
+262
+263
+264
+265
+ 		+ 
# File 'lib/oauth2/client.rb', line 257
+
+def revoke_token(token, token_type_hint = nil, params = {}, &block)
+  params[:token_method] ||= :post_with_query_string
+  params[:token] = token
+  params[:token_type_hint] = token_type_hint if token_type_hint
+
+  req_opts = params_to_req_opts(params)
+
+  request(http_method, revoke_url, req_opts, &block)
+end
+
+
+ +
+

+ + #revoke_url(params = nil) ⇒ String + + + + + +

+
+

The revoke endpoint URL of the OAuth2 provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash, nil) + + + (defaults to: nil) + + + — +

    additional query parameters

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    the constructed revoke URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+119
+120
+121
+ 		+ 
# File 'lib/oauth2/client.rb', line 119
+
+def revoke_url(params = nil)
+  connection.build_url(options[:revoke_url], params).to_s
+end
+
+
+ +
+

+ + #token_url(params = nil) ⇒ String + + + + + +

+
+

The token endpoint URL of the OAuth2 provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash, nil) + + + (defaults to: nil) + + + — +

    additional query parameters

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    the constructed token URL

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+111
+112
+113
+ 		+ 
# File 'lib/oauth2/client.rb', line 111
+
+def token_url(params = nil)
+  connection.build_url(options[:token_url], params).to_s
+end
+
+
+ + + + + + + + + + \ No newline at end of file diff --git a/docs/OAuth2/Error.html b/docs/OAuth2/Error.html index e69de29b..cc318133 100644 --- a/docs/OAuth2/Error.html +++ b/docs/OAuth2/Error.html @@ -0,0 +1,782 @@ + + + + + + + Exception: OAuth2::Error + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Exception: OAuth2::Error + + + +

+
+ +
+
Inherits:
+
+ StandardError + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/error.rb
+
+ +
+ +

Overview

+
+

Represents an OAuth2 error condition.

+ +

Wraps details from an OAuth2::Response or Hash payload returned by an
+authorization server, exposing error code and description per RFC 6749.

+ + +
+
+
+ + +
+ + + +

Instance Attribute Summary collapse

+ + + + + + +

+ Instance Method Summary + collapse +

+ + + + + +
+

Constructor Details

+ +
+

+ + #initialize(response) ⇒ Error + + + + + +

+
+

Create a new OAuth2::Error

+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (OAuth2::Response, Hash, Object) + + + + — +

    A Response or error payload

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+ 		+ 
# File 'lib/oauth2/error.rb', line 18
+
+def initialize(response)
+  @response = response
+  if response.respond_to?(:parsed)
+    if response.parsed.is_a?(Hash)
+      @code = response.parsed["error"]
+      @description = response.parsed["error_description"]
+    end
+  elsif response.is_a?(Hash)
+    @code = response["error"]
+    @description = response["error_description"]
+  end
+  @body = if response.respond_to?(:body)
+    response.body
+  else
+    @response
+  end
+  message_opts = parse_error_description(@code, @description)
+  super(error_message(@body, message_opts))
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #bodyOAuth2::Response, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (OAuth2::Response, Hash, Object) + + + + — +

    Original response or payload used to build the error

    +
    + +
    • + +
  • + + + (String) + + + + — +

    Raw body content (if available)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Error code (e.g., ‘invalid_grant’)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Human-readable description for the error

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/oauth2/error.rb', line 13
+
+def body
+  @body
+end
+
+
+ + + +
+

+ + #codeOAuth2::Response, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (OAuth2::Response, Hash, Object) + + + + — +

    Original response or payload used to build the error

    +
    + +
    • + +
  • + + + (String) + + + + — +

    Raw body content (if available)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Error code (e.g., ‘invalid_grant’)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Human-readable description for the error

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/oauth2/error.rb', line 13
+
+def code
+  @code
+end
+
+
+ + + +
+

+ + #descriptionOAuth2::Response, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (OAuth2::Response, Hash, Object) + + + + — +

    Original response or payload used to build the error

    +
    + +
    • + +
  • + + + (String) + + + + — +

    Raw body content (if available)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Error code (e.g., ‘invalid_grant’)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Human-readable description for the error

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/oauth2/error.rb', line 13
+
+def description
+  @description
+end
+
+
+ + + +
+

+ + #responseOAuth2::Response, ... (readonly) + + + + + +

+
+ + + +
+
+
+ +

Returns:

+
    + +
  • + + + (OAuth2::Response, Hash, Object) + + + + — +

    Original response or payload used to build the error

    +
    + +
    • + +
  • + + + (String) + + + + — +

    Raw body content (if available)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Error code (e.g., ‘invalid_grant’)

    +
    + +
    • + +
  • + + + (String, nil) + + + + — +

    Human-readable description for the error

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/oauth2/error.rb', line 13
+
+def response
+  @response
+end
+
+
+ +
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/FilteredAttributes.html b/docs/OAuth2/FilteredAttributes.html index e69de29b..a69e2abd 100644 --- a/docs/OAuth2/FilteredAttributes.html +++ b/docs/OAuth2/FilteredAttributes.html @@ -0,0 +1,345 @@ + + + + + + + Module: OAuth2::FilteredAttributes + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::FilteredAttributes + + + +

+
+ + + + + + + + + +
+
Included in:
+
AccessToken, Authenticator, Client
+
+ + + +
+
Defined in:
+
lib/oauth2/filtered_attributes.rb
+
+ +
+ +

Overview

+
+

Mixin that redacts sensitive instance variables in #inspect output.

+ +

Classes include this module and declare which attributes should be filtered
+using filtered_attributes. Any instance variable name that includes one of
+those attribute names will be shown as [FILTERED] in the object’s inspect.

+ + +
+
+
+ + +

Defined Under Namespace

+

+ + + Modules: ClassMethods + + + + +

+ + + + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ +
    + +
  • + + + #inspect ⇒ String + + + + + + + + + + + + + +

    Custom inspect that redacts configured attributes.

    +
     + +
    • + + +
+ + + + +
+

Class Method Details

+ + +
+

+ + .included(base) ⇒ void + + + + + +

+
+

This method returns an undefined value.

Hook invoked when the module is included. Extends the including class with
+class-level helpers.

+ + +
+
+
+

Parameters:

+
    + +
  • + + base + + + (Class) + + + + — +

    The including class

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+13
+14
+15
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 13
+
+def self.included(base)
+  base.extend(ClassMethods)
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #inspectString + + + + + +

+
+

Custom inspect that redacts configured attributes.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+56
+57
+58
+59
+60
+61
+62
+63
+64
+65
+66
+67
+68
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 56
+
+def inspect
+  filtered_attribute_names = ClassMethods.filtered_attribute_names(self.class)
+  return super if filtered_attribute_names.empty?
+
+  inspected_vars = instance_variables.map do |var|
+    if filtered_attribute_names.any? { |filtered_var| var.to_s.include?(filtered_var.to_s) }
+      "#{var}=[FILTERED]"
+    else
+      "#{var}=#{instance_variable_get(var).inspect}"
+    end
+  end
+  "#<#{self.class}:#{object_id} #{inspected_vars.join(", ")}>"
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/FilteredAttributes/ClassMethods.html b/docs/OAuth2/FilteredAttributes/ClassMethods.html index e69de29b..7081ce0b 100644 --- a/docs/OAuth2/FilteredAttributes/ClassMethods.html +++ b/docs/OAuth2/FilteredAttributes/ClassMethods.html @@ -0,0 +1,482 @@ + + + + + + + Module: OAuth2::FilteredAttributes::ClassMethods + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::FilteredAttributes::ClassMethods + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/filtered_attributes.rb
+
+ +
+ +

Overview

+
+

Class-level helpers for configuring filtered attributes.

+ + +
+
+
+ + +
+ + + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + + + +
+

Class Method Details

+ + +
+

+ + .filtered_attribute_names(base) ⇒ Array<Symbol> + + + + + +

+
+

The configured attribute names to filter.

+ + +
+
+
+

Parameters:

+
    + +
  • + + base + + + (Class) + + + + — +

    The class to get filtered attributes for

    +
    + +
    • + +
+ +

Returns:

+
    + +
  • + + + (Array<Symbol>) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+32
+33
+34
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 32
+
+def filtered_attribute_names(base)
+  base.instance_variable_get(:@filtered_attribute_names) || []
+end
+
+
+ +
+

+ + .filtered_attributes(base, *attributes) ⇒ void + + + + + +

+
+

This method returns an undefined value.

Declare attributes that should be redacted in inspect output.

+ + +
+
+
+

Parameters:

+
    + +
  • + + attributes + + + (Array<Symbol, String>) + + + + — +

    One or more attribute names

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+24
+25
+26
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 24
+
+def filtered_attributes(base, *attributes)
+  base.instance_variable_set(:@filtered_attribute_names, attributes.map(&:to_sym))
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #filtered_attribute_namesArray<Symbol> + + + + + +

+
+

The configured attribute names to filter.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Array<Symbol>) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+48
+49
+50
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 48
+
+def filtered_attribute_names
+  ClassMethods.filtered_attribute_names(self)
+end
+
+
+ +
+

+ + #filtered_attributes(*attributes) ⇒ void + + + + + +

+
+

This method returns an undefined value.

Declare attributes that should be redacted in inspect output.

+ + +
+
+
+

Parameters:

+
    + +
  • + + attributes + + + (Array<Symbol, String>) + + + + — +

    One or more attribute names

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+41
+42
+43
+ 		+ 
# File 'lib/oauth2/filtered_attributes.rb', line 41
+
+def filtered_attributes(*attributes)
+  ClassMethods.filtered_attributes(self, *attributes)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Response.html b/docs/OAuth2/Response.html index e69de29b..e1d6f748 100644 --- a/docs/OAuth2/Response.html +++ b/docs/OAuth2/Response.html @@ -0,0 +1,1629 @@ + + + + + + + Class: OAuth2::Response + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Response + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/response.rb
+
+ +
+ +

Overview

+
+

The Response class handles HTTP responses in the OAuth2 gem, providing methods
+to access and parse response data in various formats.

+ + +
+
+
+ +

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ +

+ Constant Summary + collapse +

+ +
+ +
DEFAULT_OPTIONS = +
+
+

Default configuration options for Response instances

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    The default options hash

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+
+ 
{
+  parse: :automatic,
+  snaky: true,
+  snaky_hash_klass: SnakyHash::StringKeyed,
+}.freeze
+ +
@@parsers = +
+
+

Storage for response body parser procedures

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash<Symbol, Proc>) + + + + — +

    Hash of parser procs keyed by format symbol

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+
+ 
{
+  query: ->(body) { Rack::Utils.parse_query(body) },
+  text: ->(body) { body },
+}
+ +
@@content_types = +
+
+

Maps content types to parser symbols

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash<String, Symbol>) + + + + — +

    Hash of content types mapped to parser symbols

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+
+ 
{
+  "application/x-www-form-urlencoded" => :query,
+  "text/plain" => :text,
+}
+ +
+ + + + + +

Instance Attribute Summary collapse

+ + + + + + +

+ Class Method Summary + collapse +

+ + + +

+ Instance Method Summary + collapse +

+ + + + +
+

Constructor Details

+ +
+

+ + #initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options) ⇒ OAuth2::Response + + + + + +

+
+

Initializes a Response instance

+ + +
+
+
+

Parameters:

+
    + +
  • + + response + + + (Faraday::Response) + + + + — +

    The Faraday response instance

    +
    + +
    • + +
  • + + parse + + + (Symbol) + + + (defaults to: :automatic) + + + — +

    (:automatic) How to parse the response body

    +
    + +
    • + +
  • + + snaky + + + (Boolean) + + + (defaults to: true) + + + — +

    (true) Whether to convert parsed response to snake_case using SnakyHash

    +
    + +
    • + +
  • + + snaky_hash_klass + + + (Class, nil) + + + (defaults to: nil) + + + — +

    (nil) Custom class for snake_case hash conversion

    +
    + +
    • + +
  • + + options + + + (Hash) + + + + — +

    Additional options for the response

    +
    + +
    • + +
+ + + + + + + + + + + + +

Options Hash (**options):

+
    + +
  • + :parse + (Symbol) + + + — default: + :automatic + + + + —

    Parse strategy (:query, :json, or :automatic)

    +
    + +
    • + +
  • + :snaky + (Boolean) + + + — default: + true + + + + —

    Enable/disable snake_case conversion

    +
    + +
    • + +
  • + :snaky_hash_klass + (Class) + + + — default: + SnakyHash::StringKeyed + + + + —

    Class to use for hash conversion

    +
    + +
    • + +
+ + +

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+74
+75
+76
+77
+78
+79
+80
+81
+ 		+ 
# File 'lib/oauth2/response.rb', line 74
+
+def initialize(response, parse: :automatic, snaky: true, snaky_hash_klass: nil, **options)
+  @response = response
+  @options = {
+    parse: parse,
+    snaky: snaky,
+    snaky_hash_klass: snaky_hash_klass,
+  }.merge(options)
+end
+
+
+ +
+ +
+

Instance Attribute Details

+ + + +
+

+ + #optionsHash + + + + + +

+
+

Returns The options hash for this instance.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    The options hash for this instance

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+26
+27
+28
+ 		+ 
# File 'lib/oauth2/response.rb', line 26
+
+def options
+  @options
+end
+
+
+ + + +
+

+ + #responseFaraday::Response (readonly) + + + + + +

+
+

Returns The raw Faraday response object.

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Faraday::Response) + + + + — +

    The raw Faraday response object

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+23
+24
+25
+ 		+ 
# File 'lib/oauth2/response.rb', line 23
+
+def response
+  @response
+end
+
+
+ +
+ + +
+

Class Method Details

+ + +
+

+ + .register_parser(key, mime_types) {|String| ... } ⇒ void + + + + + +

+
+

This method returns an undefined value.

Adds a new content type parser.

+ + +
+
+
+

Parameters:

+
    + +
  • + + key + + + (Symbol) + + + + — +

    A descriptive symbol key such as :json or :query

    +
    + +
    • + +
  • + + mime_types + + + (Array<String>, String) + + + + — +

    One or more mime types to which this parser applies

    +
    + +
    • + +
+ +

Yields:

+
    + +
  • + + + (String) + + + + — +

    Block that will be called to parse the response body

    +
    + +
    • + +
+

Yield Parameters:

+
    + +
  • + + body + + + (String) + + + + — +

    The response body to parse

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+54
+55
+56
+57
+58
+59
+60
+ 		+ 
# File 'lib/oauth2/response.rb', line 54
+
+def register_parser(key, mime_types, &block)
+  key = key.to_sym
+  @@parsers[key] = block
+  Array(mime_types).each do |mime_type|
+    @@content_types[mime_type] = key
+  end
+end
+
+
+ +
+ +
+

Instance Method Details

+ + +
+

+ + #bodyString + + + + + +

+
+

The HTTP response body

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String) + + + + — +

    The response body or empty string if nil

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+100
+101
+102
+ 		+ 
# File 'lib/oauth2/response.rb', line 100
+
+def body
+  response.body || ""
+end
+
+
+ +
+

+ + #content_typeString? + + + + + +

+
+

Determines the content type of the response

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (String, nil) + + + + — +

    The content type or nil if headers are not present

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+134
+135
+136
+137
+138
+ 		+ 
# File 'lib/oauth2/response.rb', line 134
+
+def content_type
+  return unless response.headers
+
+  ((response.headers.values_at("content-type", "Content-Type").compact.first || "").split(";").first || "").strip.downcase
+end
+
+
+ +
+

+ + #headersHash + + + + + +

+
+

The HTTP response headers

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Hash) + + + + — +

    The response headers

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+86
+87
+88
+ 		+ 
# File 'lib/oauth2/response.rb', line 86
+
+def headers
+  response.headers
+end
+
+
+ +
+

+ + #parsedObject, ... + + + + + +

+
+

The parsed response body

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Object, SnakyHash::StringKeyed) + + + + — +

    The parsed response body

    +
    + +
    • + +
  • + + + (nil) + + + + — +

    If no parser is available

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+108
+109
+110
+111
+112
+113
+114
+115
+116
+117
+118
+119
+120
+121
+122
+123
+124
+125
+126
+127
+128
+129
+ 		+ 
# File 'lib/oauth2/response.rb', line 108
+
+def parsed
+  return @parsed if defined?(@parsed)
+
+  @parsed =
+    if parser.respond_to?(:call)
+      case parser.arity
+      when 0
+        parser.call
+      when 1
+        parser.call(body)
+      else
+        parser.call(body, response)
+      end
+    end
+
+  if options[:snaky] && @parsed.is_a?(Hash)
+    hash_klass = options[:snaky_hash_klass] || DEFAULT_OPTIONS[:snaky_hash_klass]
+    @parsed = hash_klass[@parsed]
+  end
+
+  @parsed
+end
+
+
+ +
+

+ + #parserProc, ... + + + + + +

+
+ +
+ Note: +

The parser can be supplied as the +:parse+ option in the form of a Proc
+(or other Object responding to #call) or a Symbol. In the latter case,
+the actual parser will be looked up in @@parsers by the supplied Symbol.

+
+
+ +
+ Note: +

If no +:parse+ option is supplied, the lookup Symbol will be determined
+by looking up #content_type in @@content_types.

+
+
+ +
+ Note: +

If #parser is a Proc, it will be called with no arguments, just
+#body, or #body and #response, depending on the Proc’s arity.

+
+
+ +

Determines the parser to be used for the response body

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Proc, #call) + + + + — +

    The parser proc or callable object

    +
    + +
    • + +
  • + + + (nil) + + + + — +

    If no suitable parser is found

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+ 		+ 
# File 'lib/oauth2/response.rb', line 154
+
+def parser
+  return @parser if defined?(@parser)
+
+  @parser =
+    if options[:parse].respond_to?(:call)
+      options[:parse]
+    elsif options[:parse]
+      @@parsers[options[:parse].to_sym]
+    end
+
+  @parser ||= @@parsers[@@content_types[content_type]]
+end
+
+
+ +
+

+ + #statusInteger + + + + + +

+
+

The HTTP response status code

+ + +
+
+
+ +

Returns:

+
    + +
  • + + + (Integer) + + + + — +

    The response status code

    +
    + +
    • + +
+

Since:

+
    + +
  • + + + + + +

    1.0.0

    +
    + +
    • + +
+ +
+ + + + +
+ 
+
+
+93
+94
+95
+ 		+ 
# File 'lib/oauth2/response.rb', line 93
+
+def status
+  response.status
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy.html b/docs/OAuth2/Strategy.html index e69de29b..2786646c 100644 --- a/docs/OAuth2/Strategy.html +++ b/docs/OAuth2/Strategy.html @@ -0,0 +1,117 @@ + + + + + + + Module: OAuth2::Strategy + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::Strategy + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/base.rb,
+ lib/oauth2/strategy/implicit.rb,
lib/oauth2/strategy/password.rb,
lib/oauth2/strategy/assertion.rb,
lib/oauth2/strategy/auth_code.rb,
lib/oauth2/strategy/client_credentials.rb +
+
+ +
+ +

Defined Under Namespace

+

+ + + + + Classes: Assertion, AuthCode, Base, ClientCredentials, Implicit, Password + + +

+ + + + + + + + + +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/Assertion.html b/docs/OAuth2/Strategy/Assertion.html index e69de29b..4035af9e 100644 --- a/docs/OAuth2/Strategy/Assertion.html +++ b/docs/OAuth2/Strategy/Assertion.html @@ -0,0 +1,491 @@ + + + + + + + Class: OAuth2::Strategy::Assertion + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Assertion + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/assertion.rb
+
+ +
+ +

Overview

+
+

The Client Assertion Strategy

+ +

Sample usage:
+ client = OAuth2::Client.new(client_id, client_secret,
+ :site => ‘http://localhost:8080’,
+ :auth_scheme => :request_body)

+ +

claim_set = {
+ :iss => “http://localhost:3001”,
+ :aud => “http://localhost:8080/oauth2/token”,
+ :sub => “me@example.com”,
+ :exp => Time.now.utc.to_i + 3600,
+ }

+ +

encoding = {
+ :algorithm => ‘HS256’,
+ :key => ‘secret_key’,
+ }

+ +

access = client.assertion.get_token(claim_set, encoding)
+ access.token # actual access_token string
+ access.get(“/api/stuff”) # making api calls with access token in header

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+36
+37
+38
+ 		+ 
# File 'lib/oauth2/strategy/assertion.rb', line 36
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(claims, encoding_opts, request_opts = {}, response_opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified client.

+ +

For reading on JWT and claim keys:
+ @see https://github.com/jwt/ruby-jwt
+ @see https://datatracker.ietf.org/doc/html/rfc7519#section-4.1
+ @see https://datatracker.ietf.org/doc/html/rfc7523#section-3
+ @see https://www.iana.org/assignments/jwt/jwt.xhtml

+ +

There are many possible claim keys, and applications may ask for their own custom keys.
+Some typically required ones:
+ :iss (issuer)
+ :aud (audience)
+ :sub (subject) – formerly :prn https://datatracker.ietf.org/doc/html/draft-ietf-oauth-json-web-token-06#appendix-F
+ :exp, (expiration time) – in seconds, e.g. Time.now.utc.to_i + 3600

+ +

Note that this method does not validate presence of those four claim keys indicated as required by RFC 7523.
+There are endpoints that may not conform with this RFC, and this gem should still work for those use cases.

+ +

These two options are passed directly to JWT.encode. For supported encoding arguments:
+ @see https://github.com/jwt/ruby-jwt#algorithms-and-usage
+ @see https://datatracker.ietf.org/doc/html/rfc7518#section-3.1

+ +

The object type of :key may depend on the value of :algorithm. Sample arguments:
+ get_token(claim_set, {:algorithm => 'HS256', :key => 'secret_key'})
+ get_token(claim_set, {:algorithm => 'RS256', :key => OpenSSL::PKCS12.new(File.read('my_key.p12'), 'not_secret')})

+ + +
+
+
+

Parameters:

+
    + +
  • + + claims + + + (Hash) + + + + — +

    the hash representation of the claims that should be encoded as a JWT (JSON Web Token)

    +
    + +
    • + +
  • + + encoding_opts + + + (Hash) + + + + — +

    a hash containing instructions on how the JWT should be encoded

    +
    + +
    • + +
  • + + request_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options that will be used to assemble the request

    +
    + +
    • + +
  • + + response_opts + + + (Hash) + + + (defaults to: {}) + + + — +

    this will be merged with the token response to create the AccessToken object
    +@see the access_token_opts argument to Client#get_token

    +
    + +
    • + +
  • + + algorithm + + + (Hash) + + + + — +

    a customizable set of options

    +
    + +
    • + +
  • + + key + + + (Hash) + + + + — +

    a customizable set of options

    +
    + +
    • + +
+ + + + + + + + +

Options Hash (request_opts):

+
    + +
  • + :scope + (String) + + + + + —

    the url parameter scope that may be required by some endpoints
    +@see https://datatracker.ietf.org/doc/html/rfc7521#section-4.1

    +
    + +
    • + +
+ + + + + +
+ + + + +
+ 
+
+
+79
+80
+81
+82
+83
+84
+ 		+ 
# File 'lib/oauth2/strategy/assertion.rb', line 79
+
+def get_token(claims, encoding_opts, request_opts = {}, response_opts = {})
+  assertion = build_assertion(claims, encoding_opts)
+  params = build_request(assertion, request_opts)
+
+  @client.get_token(params, response_opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/AuthCode.html b/docs/OAuth2/Strategy/AuthCode.html index e69de29b..c85d7e27 100644 --- a/docs/OAuth2/Strategy/AuthCode.html +++ b/docs/OAuth2/Strategy/AuthCode.html @@ -0,0 +1,493 @@ + + + + + + + Class: OAuth2::Strategy::AuthCode + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::AuthCode + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/auth_code.rb
+
+ +
+ +

Overview

+
+

The Authorization Code Strategy

+ +

OAuth 2.1 notes:

+
    +
  • PKCE is required for all OAuth clients using the authorization code flow (especially public clients).
    +This library does not enforce PKCE generation/verification; implement PKCE in your application when required.
    • +
  • Redirect URIs must be compared using exact string matching by the Authorization Server.
    +This client forwards redirect_uri but does not perform server-side validation.
    • +
+ +

References:

+
    +
  • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
    • +
  • OAuth for native apps (RFC 8252) and PKCE (RFC 7636)
    • +
+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_params(params = {}) ⇒ Object + + + + + +

+
+

The required query parameters for the authorize URL

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+22
+23
+24
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 22
+
+def authorize_params(params = {})
+  params.merge("response_type" => "code", "client_id" => @client.id)
+end
+
+
+ +
+

+ + #authorize_url(params = {}) ⇒ Object + + + + + +

+
+

The authorization URL endpoint of the provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters for the URL

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+29
+30
+31
+32
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 29
+
+def authorize_url(params = {})
+  assert_valid_params(params)
+  @client.authorize_url(authorize_params.merge(params))
+end
+
+
+ +
+

+ + #get_token(code, params = {}, opts = {}) ⇒ Object + + + + + +

+
+ +
+ Note: +

that you must also provide a :redirect_uri with most OAuth 2.0 providers

+
+
+ +

Retrieve an access token given the specified validation code.

+ + +
+
+
+

Parameters:

+
    + +
  • + + code + + + (String) + + + + — +

    The Authorization Code value

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    access_token_opts, @see Client#get_token

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+40
+41
+42
+43
+44
+45
+46
+47
+48
+ 		+ 
# File 'lib/oauth2/strategy/auth_code.rb', line 40
+
+def get_token(code, params = {}, opts = {})
+  params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params)
+  params_dup = params.dup
+  params.each_key do |key|
+    params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol)
+  end
+
+  @client.get_token(params_dup, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/Base.html b/docs/OAuth2/Strategy/Base.html index e69de29b..c2a522b6 100644 --- a/docs/OAuth2/Strategy/Base.html +++ b/docs/OAuth2/Strategy/Base.html @@ -0,0 +1,205 @@ + + + + + + + Class: OAuth2::Strategy::Base + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Base + + + +

+
+ +
+
Inherits:
+
+ Object + +
    +
  • Object
    • + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/base.rb
+
+ +
+ +
+

Direct Known Subclasses

+

Assertion, AuthCode, ClientCredentials, Implicit, Password

+
+ + + + + + + + +

+ Instance Method Summary + collapse +

+ + + + +
+

Constructor Details

+ +
+

+ + #initialize(client) ⇒ Base + + + + + +

+
+

Returns a new instance of Base.

+ + +
+
+
+ + +
+ + + + +
+ 
+
+
+6
+7
+8
+ 		+ 
# File 'lib/oauth2/strategy/base.rb', line 6
+
+def initialize(client)
+  @client = client
+end
+
+
+ +
+ + +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/ClientCredentials.html b/docs/OAuth2/Strategy/ClientCredentials.html index e69de29b..9544b93c 100644 --- a/docs/OAuth2/Strategy/ClientCredentials.html +++ b/docs/OAuth2/Strategy/ClientCredentials.html @@ -0,0 +1,353 @@ + + + + + + + Class: OAuth2::Strategy::ClientCredentials + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::ClientCredentials + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/client_credentials.rb
+
+ +
+ +

Overview

+
+

The Client Credentials Strategy

+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+12
+13
+14
+ 		+ 
# File 'lib/oauth2/strategy/client_credentials.rb', line 12
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(params = {}, opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified client.

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
  • + + opts + + + (Hash) + + + (defaults to: {}) + + + — +

    options

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+23
+ 		+ 
# File 'lib/oauth2/strategy/client_credentials.rb', line 20
+
+def get_token(params = {}, opts = {})
+  params = params.merge("grant_type" => "client_credentials")
+  @client.get_token(params, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/Implicit.html b/docs/OAuth2/Strategy/Implicit.html index e69de29b..363abf37 100644 --- a/docs/OAuth2/Strategy/Implicit.html +++ b/docs/OAuth2/Strategy/Implicit.html @@ -0,0 +1,430 @@ + + + + + + + Class: OAuth2::Strategy::Implicit + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Implicit + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/implicit.rb
+
+ +
+ +

Overview

+
+

The Implicit Strategy

+ +

IMPORTANT (OAuth 2.1): The Implicit grant (response_type=token) is omitted from the OAuth 2.1 draft specification.
+It remains here for backward compatibility with OAuth 2.0 providers. Prefer the Authorization Code flow with PKCE.

+ +

References:

+
    +
  • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
    • +
  • Why drop implicit: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-dot-1
    • +
  • Background: https://fusionauth.io/learn/expert-advice/oauth/differences-between-oauth-2-oauth-2-1/
    • +
+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_params(params = {}) ⇒ Object + + + + + +

+
+

The required query parameters for the authorize URL

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 20
+
+def authorize_params(params = {})
+  params.merge("response_type" => "token", "client_id" => @client.id)
+end
+
+
+ +
+

+ + #authorize_url(params = {}) ⇒ Object + + + + + +

+
+

The authorization URL endpoint of the provider

+ + +
+
+
+

Parameters:

+
    + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional query parameters for the URL

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+27
+28
+29
+30
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 27
+
+def authorize_url(params = {})
+  assert_valid_params(params)
+  @client.authorize_url(authorize_params.merge(params))
+end
+
+
+ +
+

+ + #get_tokenObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+35
+36
+37
+ 		+ 
# File 'lib/oauth2/strategy/implicit.rb', line 35
+
+def get_token(*)
+  raise(NotImplementedError, "The token is accessed differently in this strategy")
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Strategy/Password.html b/docs/OAuth2/Strategy/Password.html index e69de29b..b47a8b63 100644 --- a/docs/OAuth2/Strategy/Password.html +++ b/docs/OAuth2/Strategy/Password.html @@ -0,0 +1,384 @@ + + + + + + + Class: OAuth2::Strategy::Password + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Class: OAuth2::Strategy::Password + + + +

+
+ +
+
Inherits:
+
+ Base + +
    +
  • Object
    • + + + + + +
+ show all + +
+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/strategy/password.rb
+
+ +
+ +

Overview

+
+

The Resource Owner Password Credentials Authorization Strategy

+ +

IMPORTANT (OAuth 2.1): The Resource Owner Password Credentials grant is omitted in OAuth 2.1.
+It remains here for backward compatibility with OAuth 2.0 providers. Prefer Authorization Code + PKCE.

+ +

References:

+
    +
  • OAuth 2.1 draft: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13
    • +
  • Okta explainer: https://developer.okta.com/blog/2019/12/13/oauth-2-1-how-many-rfcs
    • +
  • FusionAuth blog: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1
    • +
+ + +
+
+
+ + +

See Also:

+ + +
+ + + + + + + +

+ Instance Method Summary + collapse +

+ + + + + + + + + + + + + +

Methods inherited from Base

+

#initialize

+
+

Constructor Details

+ +

This class inherits a constructor from OAuth2::Strategy::Base

+ +
+ + +
+

Instance Method Details

+ + +
+

+ + #authorize_urlObject + + + + + +

+
+

Not used for this strategy

+ + +
+
+
+ +

Raises:

+
    + +
  • + + + (NotImplementedError) + + + +
    • + +
+ +
+ + + + +
+ 
+
+
+20
+21
+22
+ 		+ 
# File 'lib/oauth2/strategy/password.rb', line 20
+
+def authorize_url
+  raise(NotImplementedError, "The authorization endpoint is not used in this strategy")
+end
+
+
+ +
+

+ + #get_token(username, password, params = {}, opts = {}) ⇒ Object + + + + + +

+
+

Retrieve an access token given the specified End User username and password.

+ + +
+
+
+

Parameters:

+
    + +
  • + + username + + + (String) + + + + — +

    the End User username

    +
    + +
    • + +
  • + + password + + + (String) + + + + — +

    the End User password

    +
    + +
    • + +
  • + + params + + + (Hash) + + + (defaults to: {}) + + + — +

    additional params

    +
    + +
    • + +
+ + +
+ + + + +
+ 
+
+
+29
+30
+31
+32
+33
+34
+35
+36
+ 		+ 
# File 'lib/oauth2/strategy/password.rb', line 29
+
+def get_token(username, password, params = {}, opts = {})
+  params = {
+    "grant_type" => "password",
+    "username" => username,
+    "password" => password,
+  }.merge(params)
+  @client.get_token(params, opts)
+end
+
+
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/OAuth2/Version.html b/docs/OAuth2/Version.html index e69de29b..32285053 100644 --- a/docs/OAuth2/Version.html +++ b/docs/OAuth2/Version.html @@ -0,0 +1,121 @@ + + + + + + + Module: OAuth2::Version + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Module: OAuth2::Version + + + +

+
+ + + + + + + + + + + +
+
Defined in:
+
lib/oauth2/version.rb
+
+ +
+ + + +

+ Constant Summary + collapse +

+ +
+ +
VERSION = + +
+ 
"2.0.18"
+ +
+ + + + + + + + + + +
+ + + +
+ + \ No newline at end of file diff --git a/docs/_index.html b/docs/_index.html index e69de29b..59851e9b 100644 --- a/docs/_index.html +++ b/docs/_index.html @@ -0,0 +1,358 @@ + + + + + + + Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Documentation by YARD 0.9.38

+
+

Alphabetic Index

+ +

File Listing

+ + +
+

Namespace Listing A-Z

+ + + + + + + + +
+ + + + + +
    +
  • B
    • +
      + +
    • + Base + + (OAuth2::Strategy) + +
      • + +
    +
+ + + + + +
    +
  • E
    • +
      + +
    • + Error + + (OAuth2) + +
      • + +
    +
+ + + + + +
    +
  • I
    • +
      + +
    • + Implicit + + (OAuth2::Strategy) + +
      • + +
    +
+ + +
    +
  • O
    • + +
+ + + 		+ + +
    +
  • P
    • +
      + +
    • + Password + + (OAuth2::Strategy) + +
      • + +
    +
+ + +
    +
  • R
    • + +
+ + +
    +
  • S
    • + +
+ + +
    +
  • V
    • +
      + +
    • + Version + + (OAuth2) + +
      • + +
    +
+ +
+ +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/class_list.html b/docs/class_list.html index e69de29b..df1ca243 100644 --- a/docs/class_list.html +++ b/docs/class_list.html @@ -0,0 +1,54 @@ + + + + + + + + + + + + + + + + + + Class List + + + +
+
+

Class List

+ + + +
+ + +
+ + diff --git a/docs/css/style.css b/docs/css/style.css index f169a651..2e909a2c 100644 --- a/docs/css/style.css +++ b/docs/css/style.css @@ -9,8 +9,6 @@ body { margin: 0; padding: 0; display: flex; - display: -webkit-flex; - display: -ms-flexbox; } #nav { @@ -28,11 +26,7 @@ body { height: 100%; position: relative; display: flex; - display: -webkit-flex; - display: -ms-flexbox; flex-shrink: 0; - -webkit-flex-shrink: 0; - -ms-flex: 1 0; } #resizer { position: absolute; @@ -45,8 +39,6 @@ body { } #main { flex: 5 1; - -webkit-flex: 5 1; - -ms-flex: 5 1; outline: none; position: relative; background: #fff; @@ -56,7 +48,8 @@ body { } @media (max-width: 920px) { - .nav_wrap { width: 100%; top: 0; right: 0; overflow: visible; position: absolute; } + body { display: block; } + .nav_wrap { width: 80vw !important; top: 0; right: 0; overflow: visible; position: absolute; } #resizer { display: none; } #nav { z-index: 9999; @@ -205,13 +198,9 @@ p.inherited { width: 100%; font-size: 1em; display: flex; - display: -webkit-flex; - display: -ms-flexbox; } .box_info dl dt { flex-shrink: 0; - -webkit-flex-shrink: 1; - -ms-flex-shrink: 1; width: 100px; text-align: right; font-weight: bold; @@ -222,8 +211,6 @@ p.inherited { } .box_info dl dd { flex-grow: 1; - -webkit-flex-grow: 1; - -ms-flex: 1; max-width: 420px; padding: 6px 0; padding-right: 20px; diff --git a/docs/file.CHANGELOG.html b/docs/file.CHANGELOG.html index e69de29b..0885fdec 100644 --- a/docs/file.CHANGELOG.html +++ b/docs/file.CHANGELOG.html @@ -0,0 +1,1332 @@ + + + + + + + File: CHANGELOG + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Changelog

+ +

SemVer 2.0.0 Keep-A-Changelog 1.0.0

+ +

All notable changes to this project will be documented in this file.

+ +

The format is based on Keep a Changelog,
+and this project adheres to Semantic Versioning,
+and yes, platform and engine support are part of the public API.
+Please file a bug if you notice a violation of semantic versioning.

+ +

Unreleased

+ +

Added

+ +

Changed

+ +

Deprecated

+ +

Removed

+ +

Fixed

+ +

Security

+ +

+2.0.18 - 2025-11-08

+ +
    +
  • TAG: v2.0.18 +
    • +
  • COVERAGE: 100.00% – 526/526 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 178/178 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • +gh!683, gh!684 - Improve documentation by @pboling
    • +
  • +gh!686- Add Incident Response Plan by @pboling
    • +
  • +gh!687- Add Threat Model by @pboling
    • +
+ +

Changed

+ +
    +
  • +gh!685 - upgrade kettle-dev v1.1.24 by @pboling
    • +
  • upgrade kettle-dev v1.1.52 by @pboling +
      +
    • Add open collective donors to README
      • +
    +
    • +
+ +

Fixed

+ +
    +
  • +gh!690, gh!691, gh!692 - Add yard-fence +
      +
    • handle braces within code fences in markdown properly by @pboling
      • +
    +
    • +
+ +

Security

+ +

+2.0.17 - 2025-09-15

+ +
    +
  • TAG: v2.0.17 +
    • +
  • COVERAGE: 100.00% – 526/526 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 178/178 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • +gh!682 - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})
    • +
+ +

+2.0.16 - 2025-09-14

+ +
    +
  • TAG: v2.0.16 +
    • +
  • COVERAGE: 100.00% – 520/520 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 176/176 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • +gh!680 - E2E example using mock test server added in v2.0.11 by @pboling +
      +
    • mock-oauth2-server upgraded to v2.3.0 +
        +
      • https://github.com/navikt/mock-oauth2-server
        • +
      +
      • +
    • docker compose -f docker-compose-ssl.yml up -d --wait
      • +
    • ruby examples/e2e.rb
      • +
    • docker compose -f docker-compose-ssl.yml down
      • +
    • mock server readiness wait is 90s
      • +
    • override via E2E_WAIT_TIMEOUT
      • +
    +
    • +
  • +gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling
    • +
+ +

Changed

+ +
    +
  • +gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
    • +
  • +gh!681 - Upgrade to kettle-dev v1.1.19
    • +
+ +

+2.0.15 - 2025-09-08

+ +
    +
  • TAG: v2.0.15 +
    • +
  • COVERAGE: 100.00% – 519/519 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • +gh!671 - Complete documentation example for Instagram by @pboling
    • +
  • .env.local.example for contributor happiness
    • +
  • note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0 + +
    • +
  • +gh!670 - AccessToken: verb-dependent token transmission mode by @mrj +
      +
    • e.g., Instagram GET=:query, POST/DELETE=:header
      • +
    +
    • +
+ +

Changed

+ +
    +
  • +gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling
    • +
+ +

Fixed

+ +
    +
  • Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
    • +
  • point badge to the correct workflow for Ruby 2.3 (caboose.yml)
    • +
+ +

+2.0.14 - 2025-08-31

+ +
    +
  • TAG: v2.0.14 +
    • +
  • COVERAGE: 100.00% – 519/519 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • improved documentation by @pboling
    • +
  • +gh!665 - Document Mutual TLS (mTLS) usage with example in README (connection_opts.ssl client_cert/client_key and auth_scheme: :tls_client_auth) by @pboling
    • +
  • +gh!666 - Document usage of flat query params using Faraday::FlatParamsEncoder, with example URI, in README by @pboling +
      +
    • Spec: verify flat params are preserved with Faraday::FlatParamsEncoder (skips on Faraday without FlatParamsEncoder)
      • +
    +
    • +
  • +gh!662 - documentation notes in code comments and README highlighting OAuth 2.1 differences, with references, by @pboling +
      +
    • PKCE required for auth code,
      • +
    • exact redirect URI match,
      • +
    • implicit/password grants omitted,
      • +
    • avoid bearer tokens in query,
      • +
    • refresh token guidance for public clients,
      • +
    • simplified client definitions
      • +
    +
    • +
  • +gh!663 - document how to implement an OIDC client with this gem in OIDC.md by @pboling +
      +
    • also, list libraries built on top of the oauth2 gem that implement OIDC
      • +
    +
    • +
  • +gh!664 - README: Add example for JHipster UAA (Spring Cloud) password grant, converted from Postman/Net::HTTP by @pboling
    • +
+ +

+2.0.13 - 2025-08-30

+ +
    +
  • TAG: v2.0.13 +
    • +
  • COVERAGE: 100.00% – 519/519 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 174/174 branches in 14 files
    • +
  • 90.48% documented
    • +
+ +

Added

+ +
    +
  • +gh!656 - Support revocation with URL-encoded parameters
    • +
  • +gh!660 - Inline yard documentation by @pboling
    • +
  • +gh!660 - Complete RBS types documentation by @pboling
    • +
  • +gh!660- (more) Comprehensive documentation / examples by @pboling
    • +
  • +gh!657 - Updated documentation for org-rename by @pboling
    • +
  • More funding links by @Aboling0
    • +
  • Documentation: Added docs/OIDC.md with OIDC 1.0 overview, example, and references
    • +
+ +

Changed

+ +
    +
  • Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
    • +
  • +gh!660 - Shrink post-install message by 4 lines by @pboling
    • +
+ +

Fixed

+ +
    +
  • +gh!660 - Links in README (including link to HEAD documentation) by @pboling
    • +
+ +

Security

+ +

+2.0.12 - 2025-05-31

+ +
    +
  • TAG: v2.0.12 +
    • +
  • Line Coverage: 100.0% (520 / 520)
    • +
  • Branch Coverage: 100.0% (174 / 174)
    • +
  • 80.00% documented
    • +
+ +

Added

+ +
    +
  • +gh!652 - Support IETF rfc7515 JSON Web Signature - JWS by @mridang +
      +
    • Support JWT kid for key discovery and management
      • +
    +
    • +
  • More Documentation by @pboling +
      +
    • Documented Serialization Extensions
      • +
    • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
      • +
    +
    • +
  • Documentation site @ https://oauth2.galtzo.com now complete
    • +
+ +

Changed

+ +
    +
  • Updates to gemspec (email, funding url, post install message)
    • +
+ +

Fixed

+ +
    +
  • Documentation Typos by @pboling
    • +
+ +

+2.0.11 - 2025-05-23

+ +
    +
  • TAG: v2.0.11 +
    • +
  • COVERAGE: 100.00% – 518/518 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 172/172 branches in 14 files
    • +
  • 80.00% documented
    • +
+ +

Added

+ +
    +
  • +gh!651 - :snaky_hash_klass option (@pboling)
    • +
  • More documentation
    • +
  • Codeberg as ethical mirror (@pboling) +
      +
    • https://codeberg.org/ruby-oauth/oauth2
      • +
    +
    • +
  • Don’t check for cert if SKIP_GEM_SIGNING is set (@pboling)
    • +
  • All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
    • +
  • All runtime deps, including ruby-oauth sibling gems, are now tested against HEAD (@pboling)
    • +
  • YARD config, GFM compatible with relative file links (@pboling)
    • +
  • Documentation site on GitHub Pages (@pboling) + +
    • +
  • +!649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
    • +
  • +gh!651 - Mock OAuth2 server for testing (@pboling) +
      +
    • https://github.com/navikt/mock-oauth2-server
      • +
    +
    • +
+ +

Changed

+ +
    +
  • +gh!651 - Upgraded to snaky_hash v2.0.3 (@pboling) +
      +
    • Provides solution for serialization issues
      • +
    +
    • +
  • Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)
    • +
+ +

Fixed

+ +
    +
  • +gh!650 - Regression in return type of OAuth2::Response#parsed (@pboling)
    • +
  • Incorrect documentation related to silencing warnings (@pboling)
    • +
+ +

+2.0.10 - 2025-05-17

+ +
    +
  • TAG: v2.0.10 +
    • +
  • COVERAGE: 100.00% – 518/518 lines in 14 files
    • +
  • BRANCH COVERAGE: 100.00% – 170/170 branches in 14 files
    • +
  • 79.05% documented
    • +
+ +

Added

+ +
    +
  • +gh!632 - Added funding.yml (@Aboling0)
    • +
  • +!635 - Added .gitlab-ci.yml (@jessieay)
    • +
  • +#638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
    • +
  • +!642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling) +
      +
    • Gemspec metadata +
        +
      • funding_uri
        • +
      • news_uri
        • +
      • mailing_list_uri
        • +
      +
      • +
    • SHA256 and SHA512 Checksums for release
      • +
    +
    • +
  • +!643 - Add token_name option (@pboling) +
      +
    • Specify the parameter name that identifies the access token
      • +
    +
    • +
  • +!645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV[“OAUTH_DEBUG”] (@pboling)
    • +
  • +!646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
    • +
  • +!647 - Add IETF RFC 7009 Token Revocation compliant (@pboling) +
      +
    • OAuth2::Client#revoke_token
      • +
    • OAuth2::AccessToken#revoke
      • +
    • See: https://datatracker.ietf.org/doc/html/rfc7009
      • +
    +
    • +
  • +gh!644, gh!645 - Added CITATION.cff (@Aboling0)
    • +
  • +!648 - Improved documentation (@pboling)
    • +
+ +

Changed

+ +
    +
  • Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
    • +
  • Gem releases are now cryptographically signed, with a 20-year cert (@pboling) +
      +
    • Allow linux distros to build release without signing, as their package managers sign independently
      • +
    +
    • +
  • +!647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
    • +
  • +!647 - OAuth2.config is no longer writable (@pboling)
    • +
  • +!647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)
    • +
+ +

Fixed

+ +
    +
  • +#95 - restoring an access token via AccessToken#from_hash (@pboling) +
      +
    • This was a 13 year old bug report. 😘
      • +
    +
    • +
  • +#619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
    • +
  • +!633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
    • +
  • +!634 - CHANGELOG.md documentation fix (@skuwa229)
    • +
  • +!638 - fix expired? when expires_in is 0 (@disep)
    • +
  • +!639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
    • +
  • +#639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
    • +
  • +!640 - README.md documentation fix (@martinezcoder)
    • +
  • +!641 - Do not include sensitive information in the inspect (@manuelvanrijn)
    • +
  • +#641 - Made default JSON response parser more resilient (@pboling)
    • +
  • +#645 - Response no longer becomes a snaky hash (@pboling)
    • +
  • +gh!646 - Change require to require_relative (improve performance) (@Aboling0)
    • +
+ +

+2.0.9 - 2022-09-16

+ + + +

Added

+ +
    +
  • More specs (@pboling)
    • +
+ +

Changed

+ +
    +
  • Complete migration to main branch as default (@pboling)
    • +
  • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
    • +
+ +

+2.0.8 - 2022-09-01

+ + + +

Changed

+ +
    +
  • +!630 - Extract snaky_hash to external dependency (@pboling)
    • +
+ +

Added

+ +
    +
  • +!631 - New global configuration option OAuth2.config.silence_extra_tokens_warning (default: false) fixes #628 +
    • +
+ +

+2.0.7 - 2022-08-22

+ + + +

Added

+ +
    +
  • +!629 - Allow POST of JSON to get token (@pboling, @terracatta)
    • +
+ +

Fixed

+ +
    +
  • +!626 - Fixes a regression in 2.0.6. Will now prefer the key order from the lookup, not the hash keys (@rickselby) +
      +
    • Note: This fixes compatibility with omniauth-oauth2 and AWS
      • +
    +
    • +
  • +!625 - Fixes the printed version in the post install message (@hasghari)
    • +
+ +

+2.0.6 - 2022-07-13

+ + + +

Fixed

+ +
    +
  • +!624 - Fixes a regression in v2.0.5, where an error would be raised in refresh_token flows due to (legitimate) lack of access_token (@pboling)
    • +
+ +

+2.0.5 - 2022-07-07

+ + + +

Fixed

+ +
    +
  • +!620 - Documentation improvements, to help with upgrading (@swanson)
    • +
  • +!621 - Fixed #528 and #619 (@pboling) +
      +
    • All data in responses is now returned, with the access token removed and set as token +
        +
      • +refresh_token is no longer dropped
        • +
      • +BREAKING: Microsoft’s id_token is no longer left as access_token['id_token'], but moved to the standard access_token.token that all other strategies use
        • +
      +
      • +
    • Remove parse and snaky from options so they don’t get included in response
      • +
    • There is now 100% test coverage, for lines and branches, and it will stay that way.
      • +
    +
    • +
+ +

+2.0.4 - 2022-07-01

+ + + +

Fixed

+ +
    +
  • +!618 - In some scenarios the snaky option default value was not applied (@pboling)
    • +
+ +

+2.0.3 - 2022-06-28

+ + + +

Added

+ +
    +
  • +!611 - Proper deprecation warnings for extract_access_token argument (@pboling)
    • +
  • +!612 - Add snaky: false option to skip conversion to OAuth2::SnakyHash (default: true) (@pboling)
    • +
+ +

Fixed

+ +
    +
  • +!608 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@nbibler)
    • +
  • +!615 - Fix support for requests with blocks, see Faraday::Connection#run_request (@pboling)
    • +
+ +

+2.0.2 - 2022-06-24

+ + + +

Fixed

+ +
    +
  • +!604 - Wrap Faraday::TimeoutError in OAuth2::TimeoutError (@stanhu)
    • +
  • +!606 - Ruby 2.7 deprecation warning fix: Move access_token_class parameter into Client constructor (@stanhu)
    • +
  • +!607 - CHANGELOG correction, reference to OAuth2::ConnectionError (@zavan)
    • +
+ +

+2.0.1 - 2022-06-22

+ + + +

Added

+ +
    +
  • Documentation improvements (@pboling)
    • +
  • Increased test coverage to 99% (@pboling)
    • +
+ +

+2.0.0 - 2022-06-21

+ + + +

Added

+ +
    +
  • +!158, !344 - Optionally pass raw response to parsers (@niels)
    • +
  • +!190, !332, !334, !335, !360, !426, !427, !461 - Documentation (@josephpage, @pboling, @meganemura, @joshRpowell, @elliotcm)
    • +
  • +!220 - Support IETF rfc7523 JWT Bearer Tokens Draft 04+ (@jhmoore)
    • +
  • +!298 - Set the response object on the access token on Client#get_token for debugging (@cpetschnig)
    • +
  • +!305 - Option: OAuth2::Client#get_token - :access_token_class (AccessToken); user specified class to use for all calls to get_token (@styd)
    • +
  • +!346 - Modern gem structure (@pboling)
    • +
  • +!351 - Support Jruby 9k (@pboling)
    • +
  • +!362 - Support SemVer release version scheme (@pboling)
    • +
  • +!363 - New method OAuth2::AccessToken#refresh! same as old refresh, with backwards compatibility alias (@pboling)
    • +
  • +!364 - Support application/hal+json format (@pboling)
    • +
  • +!365 - Support application/vnd.collection+json format (@pboling)
    • +
  • +!376 - Documentation: Example / Test for Google 2-legged JWT (@jhmoore)
    • +
  • +!381 - Spec for extra header params on client credentials (@nikz)
    • +
  • +!394 - Option: OAuth2::AccessToken#initialize - :expires_latency (nil); number of seconds by which AccessToken validity will be reduced to offset latency (@klippx)
    • +
  • +!412 - Support application/vdn.api+json format (from jsonapi.org) (@david-christensen)
    • +
  • +!413 - Documentation: License scan and report (@meganemura)
    • +
  • +!442 - Option: OAuth2::Client#initialize - :logger (::Logger.new($stdout)) logger to use when OAUTH_DEBUG is enabled (for parity with 1-4-stable branch) (@rthbound)
    • +
  • +!494 - Support OIDC 1.0 Private Key JWT; based on the OAuth JWT assertion specification (RFC 7523) (@SteveyblamWork)
    • +
  • +!549 - Wrap Faraday::ConnectionFailed in OAuth2::ConnectionError (@nikkypx)
    • +
  • +!550 - Raise error if location header not present when redirecting (@stanhu)
    • +
  • +!552 - Add missing version.rb require (@ahorek)
    • +
  • +!553 - Support application/problem+json format (@janz93)
    • +
  • +!560 - Support IETF rfc6749, section 2.3.1 - don’t set auth params when nil (@bouk)
    • +
  • +!571 - Support Ruby 3.1 (@pboling)
    • +
  • +!575 - Support IETF rfc7231, section 7.1.2 - relative location in redirect (@pboling)
    • +
  • +!581 - Documentation: of breaking changes (@pboling)
    • +
+ +

Changed

+ +
    +
  • +!191 - BREAKING: Token is expired if expired_at time is now (@davestevens)
    • +
  • +!312 - BREAKING: Set :basic_auth as default for :auth_scheme instead of :request_body. This was default behavior before 1.3.0. (@tetsuya, @wy193777)
    • +
  • +!317 - Dependency: Upgrade jwt to 2.x.x (@travisofthenorth)
    • +
  • +!338 - Dependency: Switch from Rack::Utils.escape to CGI.escape (@josephpage)
    • +
  • +!339, !368, !424, !479, !493, !539, !542, !553 - CI Updates, code coverage, linting, spelling, type fixes, New VERSION constant (@pboling, @josephpage, @ahorek)
    • +
  • +!410 - BREAKING: Removed the ability to call .error from an OAuth2::Response object (@jhmoore)
    • +
  • +!414 - Use Base64.strict_encode64 instead of custom internal logic (@meganemura)
    • +
  • +!469 - BREAKING: Default value for option OAuth2::Client - :authorize_url removed leading slash to work with relative paths by default ('oauth/authorize') (@ghost)
    • +
  • +!469 - BREAKING: Default value for option OAuth2::Client - :token_url removed leading slash to work with relative paths by default ('oauth/token') (@ghost)
    • +
  • +!507, !575 - BREAKING: Transform keys to snake case, always, by default (ultimately via rash_alt gem) +
      +
    • Original keys will still work as previously, in most scenarios, thanks to rash_alt gem.
      • +
    • However, this is a breaking change if you rely on response.parsed.to_h, as the keys in the result will be snake case.
      • +
    • As of version 2.0.4 you can turn key transformation off with the snaky: false option.
      • +
    +
    • +
  • +!576 - BREAKING: Stop rescuing parsing errors (@pboling)
    • +
  • +!591 - DEPRECATION: OAuth2::Client - :extract_access_token option is deprecated
    • +
+ +

Fixed

+ +
    +
  • +!158, !344 - Handling of errors when using omniauth-facebook (@niels)
    • +
  • +!294 - Fix: “Unexpected middleware set” issue with Faraday when OAUTH_DEBUG=true (@spectator, @gafrom)
    • +
  • +!300 - Documentation: Oauth2::Error - Error codes are strings, not symbols (@NobodysNightmare)
    • +
  • +!318, !326, !343, !347, !397, !464, !561, !565 - Dependency: Support all versions of faraday (see gemfiles/README.md for compatibility matrix with Ruby engines & versions) (@pboling, @raimondasv, @zacharywelch, @Fudoshiki, @ryogift, @sj26, @jdelStrother)
    • +
  • +!322, !331, !337, !361, !371, !377, !383, !392, !395, !400, !401, !403, !415, !567 - Updated Rubocop, Rubocop plugins and improved code style (@pboling, @bquorning, @lautis, @spectator)
    • +
  • +!328 - Documentation: Homepage URL is SSL (@amatsuda)
    • +
  • +!339, !479 - Update testing infrastructure for all supported Rubies (@pboling and @josephpage)
    • +
  • +!366 - Security: Fix logging to $stdout of request and response bodies via Faraday’s logger and ENV["OAUTH_DEBUG"] == 'true' (@pboling)
    • +
  • +!380 - Fix: Stop attempting to encode non-encodable objects in Oauth2::Error (@jhmoore)
    • +
  • +!399 - Fix: Stop duplicating redirect_uri in get_token (@markus)
    • +
  • +!410 - Fix: SystemStackError caused by circular reference between Error and Response classes (@jhmoore)
    • +
  • +!460 - Fix: Stop throwing errors when raise_errors is set to false; analog of !524 for 1-4-stable branch (@joaolrpaulo)
    • +
  • +!472 - Security: Add checks to enforce client_secret is never passed in authorize_url query params for implicit and auth_code grant types (@dfockler)
    • +
  • +!482 - Documentation: Update last of intridea links to ruby-oauth (@pboling)
    • +
  • +!536 - Security: Compatibility with more (and recent) Ruby OpenSSL versions, Github Actions, Rubocop updated, analogous to !535 on 1-4-stable branch (@pboling)
    • +
  • +!595 - Graceful handling of empty responses from Client#get_token, respecting :raise_errors config (@stanhu)
    • +
  • +!596 - Consistency between AccessToken#refresh and Client#get_token named arguments (@stanhu)
    • +
  • +!598 - Fix unparseable data not raised as error in Client#get_token, respecting :raise_errors config (@stanhu)
    • +
+ +

Removed

+ +
    +
  • +!341 - Remove Rdoc & Jeweler related files (@josephpage)
    • +
  • +!342 - BREAKING: Dropped support for Ruby 1.8 (@josephpage)
    • +
  • +!539 - Remove reliance on globally included OAuth2 in tests, analog of !538 for 1-4-stable (@anderscarling)
    • +
  • +!566 - Dependency: Removed wwtd (@bquorning)
    • +
  • +!589, !593 - Remove support for expired MAC token draft spec (@stanhu)
    • +
  • +!590 - Dependency: Removed multi_json (@stanhu)
    • +
+ +

+1.4.11 - 2022-09-16

+ +
    +
  • TAG: v1.4.11 +
    • +
  • Complete migration to main branch as default (@pboling)
    • +
  • Complete migration to Gitlab, updating all links, and references in VCS-managed files (@pboling)
    • +
+ +

+1.4.10 - 2022-07-01

+ +
    +
  • TAG: v1.4.10 +
    • +
  • FIPS Compatibility !587 (@akostadinov)
    • +
+ +

+1.4.9 - 2022-02-20

+ +
    +
  • TAG: v1.4.9 +
    • +
  • Fixes compatibility with Faraday v2 572 +
    • +
  • Includes supported versions of Faraday in test matrix: +
      +
    • Faraday ~> 2.2.0 with Ruby >= 2.6
      • +
    • Faraday ~> 1.10 with Ruby >= 2.4
      • +
    • Faraday ~> 0.17.3 with Ruby >= 1.9
      • +
    +
    • +
  • Add Windows and MacOS to test matrix
    • +
+ +

+1.4.8 - 2022-02-18

+ +
    +
  • TAG: v1.4.8 +
    • +
  • MFA is now required to push new gem versions (@pboling)
    • +
  • README overhaul w/ new Ruby Version and Engine compatibility policies (@pboling)
    • +
  • +!569 Backport fixes (!561 by @ryogift), and add more fixes, to allow faraday 1.x and 2.x (@jrochkind)
    • +
  • Improve Code Coverage tracking (Coveralls, CodeCov, CodeClimate), and enable branch coverage (@pboling)
    • +
  • Add CodeQL, Security Policy, Funding info (@pboling)
    • +
  • Added Ruby 3.1, jruby, jruby-head, truffleruby, truffleruby-head to build matrix (@pboling)
    • +
  • +!543 - Support for more modern Open SSL libraries (@pboling)
    • +
+ +

+1.4.7 - 2021-03-19

+ +
    +
  • TAG: v1.4.7 +
    • +
  • +!541 - Backport fix to expires_at handling !533 to 1-4-stable branch. (@dobon)
    • +
+ +

+1.4.6 - 2021-03-19

+ +
    +
  • TAG: v1.4.6 +
    • +
  • +!540 - Add VERSION constant (@pboling)
    • +
  • +!537 - Fix crash in OAuth2::Client#get_token (@anderscarling)
    • +
  • +!538 - Remove reliance on globally included OAuth2 in tests, analogous to !539 on main branch (@anderscarling)
    • +
+ +

+1.4.5 - 2021-03-18

+ +
    +
  • TAG: v1.4.5 +
    • +
  • +!535 - Compatibility with range of supported Ruby OpenSSL versions, Rubocop updates, Github Actions, analogous to !536 on main branch (@pboling)
    • +
  • +!518 - Add extract_access_token option to OAuth2::Client (@jonspalmer)
    • +
  • +!507 - Fix camel case content type, response keys (@anvox)
    • +
  • +!500 - Fix YARD documentation formatting (@olleolleolle)
    • +
+ +

+1.4.4 - 2020-02-12

+ +
    +
  • TAG: v1.4.4 +
    • +
  • +!408 - Fixed expires_at for formatted time (@Lomey)
    • +
+ +

+1.4.3 - 2020-01-29

+ +
    +
  • TAG: v1.4.3 +
    • +
  • +!483 - add project metadata to gemspec (@orien)
    • +
  • +!495 - support additional types of access token requests (@SteveyblamFreeagent, @thomcorley, @dgholz) +
      +
    • Adds support for private_key_jwt and tls_client_auth
      • +
    +
    • +
  • +!433 - allow field names with square brackets and numbers in params (@asm256)
    • +
+ +

+1.4.2 - 2019-10-01

+ +
    +
  • TAG: v1.4.2 +
    • +
  • +!478 - support latest version of faraday & fix build (@pboling) +
      +
    • Officially support Ruby 2.6 and truffleruby
      • +
    +
    • +
+ +

+1.4.1 - 2018-10-13

+ +
    +
  • TAG: v1.4.1 +
    • +
  • +!417 - update jwt dependency (@thewoolleyman)
    • +
  • +!419 - remove rubocop dependency (temporary, added back in !423) (@pboling)
    • +
  • +!418 - update faraday dependency (@pboling)
    • +
  • +!420 - update oauth2.gemspec (@pboling)
    • +
  • +!421 - fix CHANGELOG.md for previous releases (@pboling)
    • +
  • +!422 - update LICENSE and README.md (@pboling)
    • +
  • +!423 - update builds, Rakefile (@pboling) +
      +
    • officially document supported Rubies +
        +
      • Ruby 1.9.3
        • +
      • Ruby 2.0.0
        • +
      • Ruby 2.1
        • +
      • Ruby 2.2
        • +
      • +JRuby 1.7 (targets MRI v1.9)
        • +
      • +JRuby 9.0 (targets MRI v2.0)
        • +
      • Ruby 2.3
        • +
      • Ruby 2.4
        • +
      • Ruby 2.5
        • +
      • +JRuby 9.1 (targets MRI v2.3)
        • +
      • +JRuby 9.2 (targets MRI v2.5)
        • +
      +
      • +
    +
    • +
+ +

+1.4.0 - 2017-06-09

+ +
    +
  • TAG: v1.4.0 +
    • +
  • Drop Ruby 1.8.7 support (@sferik)
    • +
  • Fix some RuboCop offenses (@sferik)
    • +
  • +Dependency: Remove Yardstick (@sferik)
    • +
  • +Dependency: Upgrade Faraday to 0.12 (@sferik)
    • +
+ +

+1.3.1 - 2017-03-03

+ +
    +
  • TAG: v1.3.1 +
    • +
  • Add support for Ruby 2.4.0 (@pschambacher)
    • +
  • +Dependency: Upgrade Faraday to Faraday 0.11 (@mcfiredrill, @rhymes, @pschambacher)
    • +
+ +

+1.3.0 - 2016-12-28

+ +
    +
  • TAG: v1.3.0 +
    • +
  • Add support for header-based authentication to the Client so it can be used across the library (@bjeanes)
    • +
  • Default to header-based authentication when getting a token from an authorisation code (@maletor)
    • +
  • +Breaking: Allow an auth_scheme (:basic_auth or :request_body) to be set on the client, defaulting to :request_body to maintain backwards compatibility (@maletor, @bjeanes)
    • +
  • Handle redirect_uri according to the OAuth 2 spec, so it is passed on redirect and at the point of token exchange (@bjeanes)
    • +
  • Refactor handling of encoding of error responses (@urkle)
    • +
  • Avoid instantiating an Error if there is no error to raise (@urkle)
    • +
  • Add support for Faraday 0.10 (@rhymes)
    • +
+ +

+1.2.0 - 2016-07-01

+ +
    +
  • TAG: v1.2.0 +
    • +
  • Properly handle encoding of error responses (so we don’t blow up, for example, when Google’s response includes a ∞) (@Motoshi-Nishihira)
    • +
  • Make a copy of the options hash in AccessToken#from_hash to avoid accidental mutations (@Linuus)
    • +
  • Use raise rather than fail to throw exceptions (@sferik)
    • +
+ +

+1.1.0 - 2016-01-30

+ +
    +
  • TAG: v1.1.0 +
    • +
  • Various refactors (eliminating Hash#merge! usage in AccessToken#refresh!, use yield instead of #call, freezing mutable objects in constants, replacing constants with class variables) (@sferik)
    • +
  • Add support for Rack 2, and bump various other dependencies (@sferik)
    • +
+ +

+1.0.0 - 2014-07-09

+ + + +

Added

+ +
    +
  • Add an implementation of the MAC token spec.
    • +
+ +

Fixed

+ +
    +
  • Fix Base64.strict_encode64 incompatibility with Ruby 1.8.7.
    • +
+ +

+0.5.0 - 2011-07-29

+ + + +

Changed

+ +
    +
  • +breaking oauth_token renamed to oauth_bearer.
    • +
  • +breaking authorize_path Client option renamed to authorize_url.
    • +
  • +breaking access_token_path Client option renamed to token_url.
    • +
  • +breaking access_token_method Client option renamed to token_method.
    • +
  • +breaking web_server renamed to auth_code.
    • +
+ +

+0.4.1 - 2011-04-20

+ + + +

+0.4.0 - 2011-04-20

+ + + +

+0.3.0 - 2011-04-08

+ + + +

+0.2.0 - 2011-04-01

+ + + +

+0.1.1 - 2011-01-12

+ + + +

+0.1.0 - 2010-10-13

+ + + +

+0.0.13 - 2010-08-17

+ + + +

+0.0.12 - 2010-08-17

+ + + +

+0.0.11 - 2010-08-17

+ + + +

+0.0.10 - 2010-06-19

+ + + +

+0.0.9 - 2010-06-18

+ + + +

+0.0.8 - 2010-04-27

+ + + +

+0.0.7 - 2010-04-27

+ + + +

+0.0.6 - 2010-04-25

+ + + +

+0.0.5 - 2010-04-23

+ + + +

+0.0.4 - 2010-04-22

+ + + +

+0.0.3 - 2010-04-22

+ + + +

+0.0.2 - 2010-04-22

+ + + +

+0.0.1 - 2010-04-22

+ + + +
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.CITATION.html b/docs/file.CITATION.html index e69de29b..10aaaefb 100644 --- a/docs/file.CITATION.html +++ b/docs/file.CITATION.html @@ -0,0 +1,92 @@ + + + + + + + File: CITATION + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

cff-version: 1.2.0
+title: oauth2
+message: >-
+ If you use this work and you want to cite it,
+ then you can use the metadata from this file.
+type: software
+authors:

+
    +
  • given-names: Peter Hurn
    +family-names: Boling
    +email: peter@railsbling.com
    +affiliation: railsbling.com
    +orcid: ‘https://orcid.org/0009-0008-8519-441X’
    +identifiers:
    • +
  • type: url
    +value: ‘https://github.com/ruby-oauth/oauth2’
    +description: oauth2
    +repository-code: ‘https://github.com/ruby-oauth/oauth2’
    +abstract: >-
    + oauth2
    +license: See license file
    • +
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.CODE_OF_CONDUCT.html b/docs/file.CODE_OF_CONDUCT.html index e69de29b..f8ccc4fd 100644 --- a/docs/file.CODE_OF_CONDUCT.html +++ b/docs/file.CODE_OF_CONDUCT.html @@ -0,0 +1,201 @@ + + + + + + + File: CODE_OF_CONDUCT + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Contributor Covenant Code of Conduct

+ +

Our Pledge

+ +

We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.

+ +

We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.

+ +

Our Standards

+ +

Examples of behavior that contributes to a positive environment for our
+community include:

+ +
    +
  • Demonstrating empathy and kindness toward other people
    • +
  • Being respectful of differing opinions, viewpoints, and experiences
    • +
  • Giving and gracefully accepting constructive feedback
    • +
  • Accepting responsibility and apologizing to those affected by our mistakes,
    +and learning from the experience
    • +
  • Focusing on what is best not just for us as individuals, but for the overall
    +community
    • +
+ +

Examples of unacceptable behavior include:

+ +
    +
  • The use of sexualized language or imagery, and sexual attention or advances of
    +any kind
    • +
  • Trolling, insulting or derogatory comments, and personal or political attacks
    • +
  • Public or private harassment
    • +
  • Publishing others’ private information, such as a physical or email address,
    +without their explicit permission
    • +
  • Other conduct which could reasonably be considered inappropriate in a
    +professional setting
    • +
+ +

Enforcement Responsibilities

+ +

Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.

+ +

Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.

+ +

Scope

+ +

This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official email address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.

+ +

Enforcement

+ +

Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+Contact Maintainer.
+All complaints will be reviewed and investigated promptly and fairly.

+ +

All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.

+ +

Enforcement Guidelines

+ +

Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:

+ +

1. Correction

+ +

Community Impact: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.

+ +

Consequence: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.

+ +

2. Warning

+ +

Community Impact: A violation through a single incident or series of
+actions.

+ +

Consequence: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.

+ +

3. Temporary Ban

+ +

Community Impact: A serious violation of community standards, including
+sustained inappropriate behavior.

+ +

Consequence: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.

+ +

4. Permanent Ban

+ +

Community Impact: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.

+ +

Consequence: A permanent ban from any sort of public interaction within the
+community.

+ +

Attribution

+ +

This Code of Conduct is adapted from the Contributor Covenant,
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.

+ +

Community Impact Guidelines were inspired by
+Mozilla’s code of conduct enforcement ladder.

+ +

For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.

+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.CONTRIBUTING.html b/docs/file.CONTRIBUTING.html index e69de29b..9d3c64a9 100644 --- a/docs/file.CONTRIBUTING.html +++ b/docs/file.CONTRIBUTING.html @@ -0,0 +1,314 @@ + + + + + + + File: CONTRIBUTING + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Contributing

+ +

Bug reports and pull requests are welcome on CodeBerg, GitLab, or GitHub.
+This project should be a safe, welcoming space for collaboration, so contributors agree to adhere to
+the code of conduct.

+ +

To submit a patch, please fork the project, create a patch with tests, and send a pull request.

+ +

Remember to Keep A Changelog if you make changes.

+ +

Help out!

+ +

Take a look at the reek list which is the file called REEK and find something to improve.

+ +

Follow these instructions:

+ +
    +
  1. Fork the repository
    2. +
  2. Create a feature branch (git checkout -b my-new-feature)
    3. +
  3. Make some fixes.
    4. +
  4. Commit changes (git commit -am 'Added some feature')
    5. +
  5. Push to the branch (git push origin my-new-feature)
    6. +
  6. Make sure to add tests for it. This is important, so it doesn’t break in a future release.
    7. +
  7. Create new Pull Request.
    8. +
+ +

Executables vs Rake tasks

+ +

Executables shipped by dependencies, such as kettle-dev, and stone_checksums, are available
+after running bin/setup. These include:

+ +
    +
  • gem_checksums
    • +
  • kettle-changelog
    • +
  • kettle-commit-msg
    • +
  • kettle-dev-setup
    • +
  • kettle-dvcs
    • +
  • kettle-pre-release
    • +
  • kettle-readme-backers
    • +
  • kettle-release
    • +
+ +

There are many Rake tasks available as well. You can see them by running:

+ +
bin/rake -T
+
+ +

Environment Variables for Local Development

+ +

Below are the primary environment variables recognized by stone_checksums (and its integrated tools). Unless otherwise noted, set boolean values to the string “true” to enable.

+ +

General/runtime

+
    +
  • DEBUG: Enable extra internal logging for this library (default: false)
    • +
  • REQUIRE_BENCH: Enable require_bench to profile requires (default: false)
    • +
  • CI: When set to true, adjusts default rake tasks toward CI behavior
    • +
+ +

Coverage (kettle-soup-cover / SimpleCov)

+
    +
  • K_SOUP_COV_DO: Enable coverage collection (default: true in .envrc)
    • +
  • K_SOUP_COV_FORMATTERS: Comma-separated list of formatters (html, xml, rcov, lcov, json, tty)
    • +
  • K_SOUP_COV_MIN_LINE: Minimum line coverage threshold (integer, e.g., 100)
    • +
  • K_SOUP_COV_MIN_BRANCH: Minimum branch coverage threshold (integer, e.g., 100)
    • +
  • K_SOUP_COV_MIN_HARD: Fail the run if thresholds are not met (true/false)
    • +
  • K_SOUP_COV_MULTI_FORMATTERS: Enable multiple formatters at once (true/false)
    • +
  • K_SOUP_COV_OPEN_BIN: Path to browser opener for HTML (empty disables auto-open)
    • +
  • MAX_ROWS: Limit console output rows for simplecov-console (e.g., 1)
    +Tip: When running a single spec file locally, you may want K_SOUP_COV_MIN_HARD=false to avoid failing thresholds for a partial run.
    • +
+ +

GitHub API and CI helpers

+
    +
  • GITHUB_TOKEN or GH_TOKEN: Token used by ci:act and release workflow checks to query GitHub Actions status at higher rate limits
    • +
+ +

Releasing and signing

+
    +
  • SKIP_GEM_SIGNING: If set, skip gem signing during build/release
    • +
  • GEM_CERT_USER: Username for selecting your public cert in certs/<USER>.pem (defaults to $USER)
    • +
  • SOURCE_DATE_EPOCH: Reproducible build timestamp. +
      +
    • +kettle-release will set this automatically for the session.
      • +
    • Not needed on bundler >= 2.7.0, as reproducible builds have become the default.
      • +
    +
    • +
+ +

Git hooks and commit message helpers (exe/kettle-commit-msg)

+
    +
  • GIT_HOOK_BRANCH_VALIDATE: Branch name validation mode (e.g., jira) or false to disable
    • +
  • GIT_HOOK_FOOTER_APPEND: Append a footer to commit messages when goalie allows (true/false)
    • +
  • GIT_HOOK_FOOTER_SENTINEL: Required when footer append is enabled — a unique first-line sentinel to prevent duplicates
    • +
  • GIT_HOOK_FOOTER_APPEND_DEBUG: Extra debug output in the footer template (true/false)
    • +
+ +

For a quick starting point, this repository’s .envrc shows sane defaults, and .env.local can override them locally.

+ +

Appraisals

+ +

From time to time the appraisal2 gemfiles in gemfiles/ will need to be updated.
+They are created and updated with the commands:

+ +
bin/rake appraisal:update
+
+ +

When adding an appraisal to CI, check the runner tool cache to see which runner to use.

+ +

The Reek List

+ +

Take a look at the reek list which is the file called REEK and find something to improve.

+ +

To refresh the reek list:

+ +
bundle exec reek > REEK
+
+ +

Run Tests

+ +

To run all tests

+ +
bundle exec rake test
+
+ +

Spec organization (required)

+ +
    +
  • One spec file per class/module. For each class or module under lib/, keep all of its unit tests in a single spec file under spec/ that mirrors the path and file name exactly: lib/oauth2/my_class.rb -> spec/oauth2/my_class_spec.rb.
    • +
  • Exception: Integration specs that intentionally span multiple classes. Place these under spec/integration/ (or a clearly named integration folder), and do not directly mirror a single class. Name them after the scenario, not a class.
    • +
+ +

Lint It

+ +

Run all the default tasks, which includes running the gradually autocorrecting linter, rubocop-gradual.

+ +
bundle exec rake
+
+ +

Or just run the linter.

+ +
bundle exec rake rubocop_gradual:autocorrect
+
+ +

For more detailed information about using RuboCop in this project, please see the RUBOCOP.md guide. This project uses rubocop_gradual instead of vanilla RuboCop, which requires specific commands for checking violations.

+ +

Important: Do not add inline RuboCop disables

+ +

Never add # rubocop:disable ... / # rubocop:enable ... comments to code or specs (except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). Instead:

+ +
    +
  • Prefer configuration-based exclusions when a rule should not apply to certain paths or files (e.g., via .rubocop.yml).
    • +
  • When a violation is temporary, and you plan to fix it later, record it in .rubocop_gradual.lock using the gradual workflow: +
      +
    • +bundle exec rake rubocop_gradual:autocorrect (preferred)
      • +
    • +bundle exec rake rubocop_gradual:force_update (only when you cannot fix the violations immediately)
      • +
    +
    • +
+ +

As a general rule, fix style issues rather than ignoring them. For example, our specs should follow RSpec conventions like using described_class for the class under test.

+ +

Contributors

+ +

Your picture could be here!

+ +

Contributors

+ +

Made with contributors-img.

+ +

Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth2/-/graphs/main

+ +

For Maintainers

+ +

One-time, Per-maintainer, Setup

+ +

IMPORTANT: To sign a build,
+a public key for signing gems will need to be picked up by the line in the
+gemspec defining the spec.cert_chain (check the relevant ENV variables there).
+All releases are signed releases.
+See: RubyGems Security Guide

+ +

NOTE: To build without signing the gem set SKIP_GEM_SIGNING to any value in the environment.

+ +

To release a new version:

+ +

Automated process

+ +
    +
  1. Update version.rb to contain the correct version-to-be-released.
    2. +
  2. Run bundle exec kettle-changelog.
    3. +
  3. Run bundle exec kettle-release.
    4. +
  4. Stay awake and monitor the release process for any errors, and answer any prompts.
    5. +
+ +

Manual process

+ +
    +
  1. Run bin/setup && bin/rake as a “test, coverage, & linting” sanity check
    2. +
  2. Update the version number in version.rb, and ensure CHANGELOG.md reflects changes
    3. +
  3. Run bin/setup && bin/rake again as a secondary check, and to update Gemfile.lock +
    4. +
  4. Run git commit -am "🔖 Prepare release v<VERSION>" to commit the changes
    5. +
  5. Run git push to trigger the final CI pipeline before release, and merge PRs + +
    6. +
  6. Run export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME +
    7. +
  7. Run git checkout $GIT_TRUNK_BRANCH_NAME +
    8. +
  8. Run git pull origin $GIT_TRUNK_BRANCH_NAME to ensure latest trunk code
    9. +
  9. Optional for older Bundler (< 2.7.0): Set SOURCE_DATE_EPOCH so rake build and rake release use the same timestamp and generate the same checksums +
      +
    • If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
      • +
    • Run export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH +
      • +
    • If the echo above has no output, then it didn’t work.
      • +
    • Note: zsh/datetime module is needed, if running zsh.
      • +
    • In older versions of bash you can use date +%s instead, i.e. export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH +
      • +
    +
    10. +
  10. Run bundle exec rake build +
    11. +
  11. Run bin/gem_checksums (more context 1, 2)
    +to create SHA-256 and SHA-512 checksums. This functionality is provided by the stone_checksums
    +gem. +
      +
    • The script automatically commits but does not push the checksums
      • +
    +
    12. +
  12. Sanity check the SHA256, comparing with the output from the bin/gem_checksums command: +
      +
    • sha256sum pkg/<gem name>-<version>.gem
      • +
    +
    13. +
  13. Run bundle exec rake release which will create a git tag for the version,
    +push git commits and tags, and push the .gem file to the gem host configured in the gemspec.
    14. +
+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.FUNDING.html b/docs/file.FUNDING.html index e69de29b..2685c321 100644 --- a/docs/file.FUNDING.html +++ b/docs/file.FUNDING.html @@ -0,0 +1,109 @@ + + + + + + + File: FUNDING + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +
+ +

Official Discord 👉️ Live Chat on Discord

+ +

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

+ +

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal

+ +

Buy me a coffee Donate on Polar Donate to my FLOSS efforts at ko-fi.com Donate to my FLOSS efforts using Patreon

+ + + +

🤑 A request for help

+ +

Maintainers have teeth and need to pay their dentists.
+After getting laid off in an RIF in March, and encountering difficulty finding a new one,
+I began spending most of my time building open source tools.
+I’m hoping to be able to pay for my kids’ health insurance this month,
+so if you value the work I am doing, I need your support.
+Please consider sponsoring me or the project.

+ +

To join the community or get help 👇️ Join the Discord.

+ +

Live Chat on Discord

+ +

To say “thanks!” ☝️ Join the Discord or 👇️ send money.

+ +

Sponsor ruby-oauth/oauth2 on Open Source Collective 💌 Sponsor me on GitHub Sponsors 💌 Sponsor me on Liberapay 💌 Donate on PayPal

+ +

Another Way to Support Open Source Software

+ +

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

+ +

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

+ +

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

+ +

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.IRP.html b/docs/file.IRP.html index e69de29b..3527511c 100644 --- a/docs/file.IRP.html +++ b/docs/file.IRP.html @@ -0,0 +1,221 @@ + + + + + + + File: IRP + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Incident Response Plan (IRP)

+ +

Status: Draft

+ +

Purpose

+ +

This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the oauth2 gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.

+ +

Scope

+ +

Applies to security incidents that affect the oauth2 codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.

+ +

Key assumptions

+
    +
  • This project is maintained primarily by a single maintainer.
    • +
  • Public vulnerability disclosure is handled via Tidelift (see SECURITY.md).
    • +
  • The maintainer will act as incident commander unless otherwise delegated.
    • +
+ +

Contact & Roles

+ +
    +
  • Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
    • +
  • Secondary Contact: (optional) A trusted collaborator or organization contact if available.
    • +
+ +

If you are an external reporter

+
    +
  • Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
    • +
  • See SECURITY.md for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in SECURITY.md (if available) or email the maintainer contact listed in the repository.
    • +
+ +

Incident Handling Workflow (high level)

+
    +
  1. Identification & Reporting +
      +
    • Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
      • +
    • Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
      • +
    +
    2. +
  2. Triage & Initial Assessment (first 72 hours) +
      +
    • Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
      • +
    • Verify the issue against the codebase and reproduce locally if possible.
      • +
    • Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
      • +
    +
    3. +
  3. Containment & Mitigation +
      +
    • If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
      • +
    • If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
      • +
    +
    4. +
  4. Remediation & Patch +
      +
    • Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
      • +
    • Include tests that reproduce the faulty behavior and demonstrate the fix.
      • +
    • Hardening: add fuzz tests, input validation, or additional checks as appropriate.
      • +
    +
    5. +
  5. Release & Disclosure +
      +
    • Coordinate disclosure through Tidelift per SECURITY.md timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
      • +
    • Publish a patch release (increment gem version) and an advisory via Tidelift.
      • +
    • Update CHANGELOG.md and repository release notes with non-sensitive details.
      • +
    +
    6. +
  6. Post-Incident +
      +
    • Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
      • +
    • Add/adjust tests and CI checks to prevent regressions.
      • +
    • If credentials or infrastructure were compromised, rotate secrets and audit access.
      • +
    +
    7. +
+ +

Severity classification (guidance)

+
    +
  • High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
    • +
  • Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
    • +
  • Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
    • +
+ +

Preservation of evidence

+
    +
  • Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
    • +
  • Do not publish evidence that would enable exploitation before coordinated disclosure.
    • +
+ +

Communication templates

+

Acknowledgement (to reporter)

+ +

“Thank you for reporting this issue. I’ve received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project’s security policy.”

+ +

Public advisory (after patch is ready)

+ +

“A security advisory for oauth2 (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations.”

+ +

Runbook: Quick steps for a maintainer to patch and release

+
    +
  1. Create a branch: git checkout -b fix/security-brief-description +
    2. +
  2. Reproduce the issue locally and add a regression spec in spec/.
    3. +
  3. Implement the fix and run the test suite: bundle exec rspec (or the project’s preferred test command).
    4. +
  4. Bump version in lib/oauth2/version.rb following semantic versioning.
    5. +
  5. Update CHANGELOG.md with an entry describing the fix (avoid exploit details).
    6. +
  6. Commit and push the branch, open a PR, and merge after approvals.
    7. +
  7. Build and push the gem: gem build oauth2.gemspec && gem push pkg/... (coordinate with Tidelift before public push if disclosure is coordinated).
    8. +
  8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
    9. +
+ +

Operational notes

+
    +
  • Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
    • +
  • Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
    • +
+ +

Legal & regulatory

+
    +
  • If the incident involves user data or has legal implications, consult legal counsel or the maintainers’ employer as appropriate. The maintainer should document the timeline and all communications.
    • +
+ +

Retrospective & continuous improvement

+

After an incident, perform a brief post-incident review covering:

+
    +
  • What happened and why
    • +
  • What was done to contain and remediate
    • +
  • What tests or process changes will prevent recurrence
    • +
  • Assign owners and deadlines for follow-up tasks
    • +
+ +

References

+
    +
  • See SECURITY.md for the project’s official disclosure channel (Tidelift).
    • +
+ +

Appendix: Example checklist for an incident

+
    +
  • +Acknowledge report to reporter (24-72 hours)
    • +
  • +Reproduce and classify severity
    • +
  • +Prepare and test a fix in a branch
    • +
  • +Coordinate disclosure via Tidelift
    • +
  • +Publish patch release and advisory
    • +
  • +Postmortem and follow-up actions
    • +
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.LICENSE.html b/docs/file.LICENSE.html index e69de29b..f4c1f573 100644 --- a/docs/file.LICENSE.html +++ b/docs/file.LICENSE.html @@ -0,0 +1,70 @@ + + + + + + + File: LICENSE + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +
MIT License

Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.OIDC.html b/docs/file.OIDC.html index e69de29b..757bca5a 100644 --- a/docs/file.OIDC.html +++ b/docs/file.OIDC.html @@ -0,0 +1,266 @@ + + + + + + + File: OIDC + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

OpenID Connect (OIDC) with ruby-oauth/oauth2

+ +

OIDC Libraries

+ +

Libraries built on top of the oauth2 gem that implement OIDC.

+ + + +

If any other libraries would like to be added to this list, please open an issue or pull request.

+ +

Raw OIDC with ruby-oauth/oauth2

+ +

This document complements the inline documentation by focusing on OpenID Connect (OIDC) 1.0 usage patterns when using this gem as an OAuth 2.0 client library.

+ +

Scope of this document

+ +
    +
  • Audience: Developers building an OAuth 2.0/OIDC Relying Party (RP, aka client) in Ruby.
    • +
  • Non-goals: This gem does not implement an OIDC Provider (OP, aka Authorization Server); for OP/server see other projects (e.g., doorkeeper + oidc extensions).
    • +
  • Status: Informational documentation with links to normative specs. The gem intentionally remains protocol-agnostic beyond OAuth 2.0; OIDC specifics (like ID Token validation) must be handled by your application.
    • +
+ +

Key concepts refresher

+ +
    +
  • OAuth 2.0 delegates authorization; it does not define authentication of the end-user.
    • +
  • OIDC layers an identity layer on top of OAuth 2.0, introducing: +
      +
    • ID Token: a JWT carrying claims about the authenticated end-user and the authentication event.
      • +
    • Standardized scopes: openid (mandatory), profile, email, address, phone, offline_access, and others.
      • +
    • UserInfo endpoint: a protected resource for retrieving user profile claims.
      • +
    • Discovery and Dynamic Client Registration (optional for providers/clients that support them).
      • +
    +
    • +
+ +

What this gem provides for OIDC

+ +
    +
  • All OAuth 2.0 client capabilities required for OIDC flows: building authorization requests, exchanging authorization codes, refreshing tokens, and making authenticated resource requests.
    • +
  • Transport and parsing conveniences (snaky hash, Faraday integration, error handling, etc.).
    • +
  • Optional client authentication schemes useful with OIDC deployments: +
      +
    • basic_auth (default)
      • +
    • request_body (legacy)
      • +
    • tls_client_auth (MTLS)
      • +
    • private_key_jwt (OIDC-compliant when configured per OP requirements)
      • +
    +
    • +
+ +

What you must add in your app for OIDC

+ +
    +
  • ID Token validation: This gem surfaces id_token values but does not verify them. Your app should:
    +1) Parse the JWT (header, payload, signature)
    +2) Fetch the OP JSON Web Key Set (JWKS) from discovery (or configure statically)
    +3) Select the correct key by kid (when present) and verify the signature and algorithm
    +4) Validate standard claims (iss, aud, exp, iat, nbf, azp, nonce when used, at_hash/c_hash when applicable)
    +5) Enforce expected client_id, issuer, and clock skew policies
    • +
  • Nonce handling for Authorization Code flow with OIDC: generate a cryptographically-random nonce, bind it to the user session before redirect, include it in authorize request, and verify it in the ID Token on return.
    • +
  • PKCE is best practice and often required by OPs: generate/verifier, send challenge in authorize, send verifier in token request.
    • +
  • Session/state management: continue to validate state to mitigate CSRF; use exact redirect_uri matching.
    • +
+ +

Minimal OIDC Authorization Code example

+ +
require "oauth2"
+require "jwt"         # jwt/ruby-jwt
+require "net/http"
+require "json"
+
+client = OAuth2::Client.new(
+  ENV.fetch("OIDC_CLIENT_ID"),
+  ENV.fetch("OIDC_CLIENT_SECRET"),
+  site: ENV.fetch("OIDC_ISSUER"),              # e.g. https://accounts.example.com
+  authorize_url: "/authorize",                 # or discovered
+  token_url: "/token",                         # or discovered
+)
+
+# Step 1: Redirect to OP for consent/auth
+state = SecureRandom.hex(16)
+nonce = SecureRandom.hex(16)
+pkce_verifier = SecureRandom.urlsafe_base64(64)
+pkce_challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(pkce_verifier)).delete("=")
+
+authz_url = client.auth_code.authorize_url(
+  scope: "openid profile email",
+  state: state,
+  nonce: nonce,
+  code_challenge: pkce_challenge,
+  code_challenge_method: "S256",
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+)
+# redirect_to authz_url
+
+# Step 2: Handle callback
+# params[:code], params[:state]
+raise "state mismatch" unless params[:state] == state
+
+token = client.auth_code.get_token(
+  params[:code],
+  redirect_uri: ENV.fetch("OIDC_REDIRECT_URI"),
+  code_verifier: pkce_verifier,
+)
+
+# The token may include: access_token, id_token, refresh_token, etc.
+id_token = token.params["id_token"] || token.params[:id_token]
+
+# Step 3: Validate the ID Token (simplified – add your own checks!)
+# Discover keys (example using .well-known)
+issuer = ENV.fetch("OIDC_ISSUER")
+jwks_uri = JSON.parse(Net::HTTP.get(URI.join(issuer, "/.well-known/openid-configuration"))).
+  fetch("jwks_uri")
+jwks = JSON.parse(Net::HTTP.get(URI(jwks_uri)))
+keys = jwks.fetch("keys")
+
+# Use ruby-jwt JWK loader
+jwk_set = JWT::JWK::Set.new(keys.map { |k| JWT::JWK.import(k) })
+
+decoded, headers = JWT.decode(
+  id_token,
+  nil,
+  true,
+  algorithms: ["RS256", "ES256", "PS256"],
+  jwks: jwk_set,
+  verify_iss: true,
+  iss: issuer,
+  verify_aud: true,
+  aud: ENV.fetch("OIDC_CLIENT_ID"),
+)
+
+# Verify nonce
+raise "nonce mismatch" unless decoded["nonce"] == nonce
+
+# Optionally: call UserInfo
+userinfo = token.get("/userinfo").parsed
+
+ +

Notes on discovery and registration

+ +
    +
  • Discovery: Most OPs publish configuration at {issuer}/.well-known/openid-configuration (OIDC Discovery 1.0). From there, resolve authorization_endpoint, token_endpoint, jwks_uri, userinfo_endpoint, etc.
    • +
  • Dynamic Client Registration: Some OPs allow registering clients programmatically (OIDC Dynamic Client Registration 1.0). This gem does not implement registration; use a plain HTTP client or Faraday and store credentials securely.
    • +
+ +

Common pitfalls and tips

+ +
    +
  • Always request the openid scope when you expect an ID Token. Without it, the OP may behave as vanilla OAuth 2.0.
    • +
  • Validate ID Token signature and claims before trusting any identity data. Do not rely solely on the presence of an id_token field.
    • +
  • Prefer Authorization Code + PKCE. Avoid Implicit; it is discouraged in modern guidance and may be disabled by providers.
    • +
  • Use exact redirect_uri matching, and keep your allow-list short.
    • +
  • For public clients that use refresh tokens, prefer sender-constrained tokens (DPoP/MTLS) or rotation with one-time-use refresh tokens, per modern best practices.
    • +
  • When using private_key_jwt, ensure the “aud” (or token_url) and “iss/sub” claims are set per the OP’s rules, and include kid in the JWT header when required so the OP can select the right key.
    • +
+ +

Relevant specifications and references

+ +
    +
  • OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html
    • +
  • OIDC Core (final): https://openid.net/specs/openid-connect-core-1_0-final.html
    • +
  • How OIDC works: https://openid.net/developers/how-connect-works/
    • +
  • OpenID Connect home: https://openid.net/connect/
    • +
  • OIDC Discovery 1.0: https://openid.net/specs/openid-connect-discovery-1_0.html
    • +
  • OIDC Dynamic Client Registration 1.0: https://openid.net/specs/openid-connect-registration-1_0.html
    • +
  • OIDC Session Management 1.0: https://openid.net/specs/openid-connect-session-1_0.html
    • +
  • OIDC RP-Initiated Logout 1.0: https://openid.net/specs/openid-connect-rpinitiated-1_0.html
    • +
  • OIDC Back-Channel Logout 1.0: https://openid.net/specs/openid-connect-backchannel-1_0.html
    • +
  • OIDC Front-Channel Logout 1.0: https://openid.net/specs/openid-connect-frontchannel-1_0.html
    • +
  • Auth0 OIDC overview: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
    • +
  • Spring Authorization Server’s list of OAuth2/OIDC specs: https://github.com/spring-projects/spring-authorization-server/wiki/OAuth2-and-OIDC-Specifications
    • +
+ +

See also

+ +
    +
  • README sections on OAuth 2.1 notes and OIDC notes
    • +
  • Strategy classes under lib/oauth2/strategy for flow helpers
    • +
  • Specs under spec/oauth2 for concrete usage patterns
    • +
+ +

Contributions welcome

+ +
    +
  • If you discover provider-specific nuances, consider contributing examples or clarifications (without embedding provider-specific hacks into the library).
    • +
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.README.html b/docs/file.README.html index b8856d16..71ad698b 100644 --- a/docs/file.README.html +++ b/docs/file.README.html @@ -6,7 +6,7 @@ File: README - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.38 @@ -57,47 +57,7 @@
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
📍 NOTE
RubyGems (the GitHub org, not the website) suffered a hostile takeover in September 2025.
Ultimately 4 maintainers were hard removed and a reason has been given for only 1 of those, while 2 others resigned in protest.
It is a complicated story which is difficult to parse quickly.
I’m adding notes like this to gems because I don’t condone theft of repositories or gems from their rightful owners.
If a similar theft happened with my repos/gems, I’d hope some would stand up for me.
Disenfranchised former-maintainers have started gem.coop.
Once available I will publish there exclusively; unless RubyCentral makes amends with the community.
The “Technology for Humans: Joel Draper” podcast episode by reinteractive is the most cogent summary I’m aware of.
See here, here and here for more info on what comes next.
What I’m doing: A (WIP) proposal for bundler/gem scopes, and a (WIP) proposal for a federated gem server.
- -

Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0

+

Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0

🔐 OAuth 2.0 Authorization Framework

@@ -113,6 +73,13 @@

🔐 OAuth 2.0 Authorization Framewor

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com

+
+ 👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️ + +I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo). + +
+

🌻 Synopsis

OAuth 2.0 is the industry-standard protocol for authorization.
@@ -1470,7 +1437,11 @@

Open Collective for Organizations

NOTE: kettle-readme-backers updates this list every day, automatically.

-

No sponsors yet. Be the first!
+

No sponsors yet. Be the first!

+ +

Open Collective for Donors

+ +

Bill Woika

Another way to support open-source

@@ -1636,9 +1607,9 @@

Please give the project a star ⭐ ♥

diff --git a/docs/file.REEK.html b/docs/file.REEK.html index e69de29b..af069f1c 100644 --- a/docs/file.REEK.html +++ b/docs/file.REEK.html @@ -0,0 +1,71 @@ + + + + + + + File: REEK + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.RUBOCOP.html b/docs/file.RUBOCOP.html index e69de29b..07742971 100644 --- a/docs/file.RUBOCOP.html +++ b/docs/file.RUBOCOP.html @@ -0,0 +1,171 @@ + + + + + + + File: RUBOCOP + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

RuboCop Usage Guide

+ +

Overview

+ +

A tale of two RuboCop plugin gems.

+ +

RuboCop Gradual

+ +

This project uses rubocop_gradual instead of vanilla RuboCop for code style checking. The rubocop_gradual tool allows for gradual adoption of RuboCop rules by tracking violations in a lock file.

+ +

RuboCop LTS

+ +

This project uses rubocop-lts to ensure, on a best-effort basis, compatibility with Ruby >= 1.9.2.
+RuboCop rules are meticulously configured by the rubocop-lts family of gems to ensure that a project is compatible with a specific version of Ruby. See: https://rubocop-lts.gitlab.io for more.

+ +

Checking RuboCop Violations

+ +

To check for RuboCop violations in this project, always use:

+ +
bundle exec rake rubocop_gradual:check
+
+ +

Do not use the standard RuboCop commands like:

+
    +
  • bundle exec rubocop
    • +
  • rubocop
    • +
+ +

Understanding the Lock File

+ +

The .rubocop_gradual.lock file tracks all current RuboCop violations in the project. This allows the team to:

+ +
    +
  1. Prevent new violations while gradually fixing existing ones
    2. +
  2. Track progress on code style improvements
    3. +
  3. Ensure CI builds don’t fail due to pre-existing violations
    4. +
+ +

Common Commands

+ +
    +
  • +Check violations +
      +
    • bundle exec rake rubocop_gradual
      • +
    • bundle exec rake rubocop_gradual:check
      • +
    +
    • +
  • +(Safe) Autocorrect violations, and update lockfile if no new violations +
      +
    • bundle exec rake rubocop_gradual:autocorrect
      • +
    +
    • +
  • +Force update the lock file (w/o autocorrect) to match violations present in code +
      +
    • bundle exec rake rubocop_gradual:force_update
      • +
    +
    • +
+ +

Workflow

+ +
    +
  1. Before submitting a PR, run bundle exec rake rubocop_gradual:autocorrect
    +a. or just the default bundle exec rake, as autocorrection is a pre-requisite of the default task.
    2. +
  2. If there are new violations, either: +
      +
    • Fix them in your code
      • +
    • Run bundle exec rake rubocop_gradual:force_update to update the lock file (only for violations you can’t fix immediately)
      • +
    +
    3. +
  3. Commit the updated .rubocop_gradual.lock file along with your changes
    4. +
+ +

Never add inline RuboCop disables

+ +

Do not add inline rubocop:disable / rubocop:enable comments anywhere in the codebase (including specs, except when following the few existing rubocop:disable patterns for a rule already being disabled elsewhere in the code). We handle exceptions in two supported ways:

+ +
    +
  • Permanent/structural exceptions: prefer adjusting the RuboCop configuration (e.g., in .rubocop.yml) to exclude a rule for a path or file pattern when it makes sense project-wide.
    • +
  • Temporary exceptions while improving code: record the current violations in .rubocop_gradual.lock via the gradual workflow: +
      +
    • +bundle exec rake rubocop_gradual:autocorrect (preferred; will autocorrect what it can and update the lock only if no new violations were introduced)
      • +
    • If needed, bundle exec rake rubocop_gradual:force_update (as a last resort when you cannot fix the newly reported violations immediately)
      • +
    +
    • +
+ +

In general, treat the rules as guidance to follow; fix violations rather than ignore them. For example, RSpec conventions in this project expect described_class to be used in specs that target a specific class under test.

+ +

Benefits of rubocop_gradual

+ +
    +
  • Allows incremental adoption of code style rules
    • +
  • Prevents CI failures due to pre-existing violations
    • +
  • Provides a clear record of code style debt
    • +
  • Enables focused efforts on improving code quality over time
    • +
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.SECURITY.html b/docs/file.SECURITY.html index e69de29b..55a279be 100644 --- a/docs/file.SECURITY.html +++ b/docs/file.SECURITY.html @@ -0,0 +1,103 @@ + + + + + + + File: SECURITY + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Security Policy

+ +

Supported Versions

+ + + + + + + + + + + + + + +
VersionSupported
1.latest
+ +

Security contact information

+ +

To report a security vulnerability, please use the
+Tidelift security contact.
+Tidelift will coordinate the fix and disclosure.

+ +

More detailed explanation of the process is in IRP.md

+ +

Additional Support

+ +

If you are interested in support for versions older than the latest release,
+please consider sponsoring the project / maintainer @ https://liberapay.com/pboling/donate,
+or find other sponsorship links in the README.

+ +
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.THREAT_MODEL.html b/docs/file.THREAT_MODEL.html index e69de29b..12ff60e7 100644 --- a/docs/file.THREAT_MODEL.html +++ b/docs/file.THREAT_MODEL.html @@ -0,0 +1,216 @@ + + + + + + + File: THREAT_MODEL + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Threat Model Outline for oauth2 Ruby Gem

+ +

1. Overview

+

This document outlines the threat model for the oauth2 Ruby gem, which implements OAuth 2.0, 2.1, and OIDC Core protocols. The gem is used to facilitate secure authorization and authentication in Ruby applications.

+ +

2. Assets to Protect

+
    +
  • OAuth access tokens, refresh tokens, and ID tokens
    • +
  • User credentials (if handled)
    • +
  • Client secrets and application credentials
    • +
  • Sensitive user data accessed via OAuth
    • +
  • Private keys and certificates (for signing/verifying tokens)
    • +
+ +

3. Potential Threat Actors

+
    +
  • External attackers (internet-based)
    • +
  • Malicious OAuth clients or resource servers
    • +
  • Insiders (developers, maintainers)
    • +
  • Compromised dependencies
    • +
+ +

4. Attack Surfaces

+
    +
  • OAuth endpoints (authorization, token, revocation, introspection)
    • +
  • HTTP request/response handling
    • +
  • Token storage and management
    • +
  • Configuration files and environment variables
    • +
  • Dependency supply chain
    • +
+ +

5. Threats and Mitigations

+ +

5.1 Token Leakage

+
    +
  • +Threat: Tokens exposed via logs, URLs, or insecure storage
    • +
  • +Mitigations: +
      +
    • Avoid logging sensitive tokens
      • +
    • Use secure storage mechanisms
      • +
    • Never expose tokens in URLs
      • +
    +
    • +
+ +

5.2 Token Replay and Forgery

+
    +
  • +Threat: Attackers reuse or forge tokens
    • +
  • +Mitigations: +
      +
    • Validate token signatures and claims
      • +
    • Use short-lived tokens and refresh tokens
      • +
    • Implement token revocation
      • +
    +
    • +
+ +

5.3 Insecure Communication

+
    +
  • +Threat: Data intercepted via MITM attacks
    • +
  • +Mitigations: +
      +
    • Enforce HTTPS for all communications
      • +
    • Validate SSL/TLS certificates
      • +
    +
    • +
+ +

5.4 Client Secret Exposure

+
    +
  • +Threat: Client secrets leaked in code or version control
    • +
  • +Mitigations: +
      +
    • Store secrets in environment variables or secure vaults
      • +
    • Never commit secrets to source control
      • +
    +
    • +
+ +

5.5 Dependency Vulnerabilities

+
    +
  • +Threat: Vulnerabilities in third-party libraries
    • +
  • +Mitigations: +
      +
    • Regularly update dependencies
      • +
    • Use tools like bundler-audit for vulnerability scanning
      • +
    +
    • +
+ +

5.6 Improper Input Validation

+
    +
  • +Threat: Injection attacks via untrusted input
    • +
  • +Mitigations: +
      +
    • Validate and sanitize all inputs
      • +
    • Use parameterized queries and safe APIs
      • +
    +
    • +
+ +

5.7 Insufficient Logging and Monitoring

+
    +
  • +Threat: Attacks go undetected
    • +
  • +Mitigations: +
      +
    • Log security-relevant events (without sensitive data)
      • +
    • Monitor for suspicious activity
      • +
    +
    • +
+ +

6. Assumptions

+
    +
  • The gem is used in a secure environment with up-to-date Ruby and dependencies
    • +
  • End-users are responsible for secure configuration and deployment
    • +
+ +

7. Out of Scope

+
    +
  • Security of external OAuth providers
    • +
  • Application-level business logic
    • +
+ +

8. References

+ + +
+

This outline should be reviewed and updated regularly as the project evolves.

+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.access_token.html b/docs/file.access_token.html index e69de29b..c4b83ebc 100644 --- a/docs/file.access_token.html +++ b/docs/file.access_token.html @@ -0,0 +1,94 @@ + + + + + + + File: access_token + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ class AccessToken
+ def self.from_hash: (OAuth2::Client, Hash[untyped, untyped]) -> OAuth2::AccessToken
+ def self.from_kvform: (OAuth2::Client, String) -> OAuth2::AccessToken

+ +
def initialize: (OAuth2::Client, String, ?Hash[Symbol, untyped]) -> void
+def []: (String | Symbol) -> untyped
+def expires?: () -> bool
+def expired?: () -> bool
+def refresh: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::AccessToken
+def revoke: (?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def to_hash: () -> Hash[Symbol, untyped]
+def request: (Symbol, String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def get: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def post: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def put: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def patch: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def delete: (String, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+def headers: () -> Hash[String, String]
+def configure_authentication!: (Hash[Symbol, untyped], Symbol) -> void
+def convert_expires_at: (untyped) -> (Time | Integer | nil)
+
+attr_accessor response: OAuth2::Response   end end
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.authenticator.html b/docs/file.authenticator.html index e69de29b..493979c7 100644 --- a/docs/file.authenticator.html +++ b/docs/file.authenticator.html @@ -0,0 +1,91 @@ + + + + + + + File: authenticator + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ class Authenticator
+ include OAuth2::FilteredAttributes

+ +
attr_reader mode: (Symbol | String)
+attr_reader id: String?
+attr_reader secret: String?
+
+def initialize: (String? id, String? secret, (Symbol | String) mode) -> void
+
+def apply: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+
+def self.encode_basic_auth: (String, String) -> String
+
+private
+
+def apply_params_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_client_id: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def apply_basic_auth: (Hash[untyped, untyped]) -> Hash[untyped, untyped]
+def basic_auth_header: () -> Hash[String, String]   end end
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.client.html b/docs/file.client.html index e69de29b..55199f91 100644 --- a/docs/file.client.html +++ b/docs/file.client.html @@ -0,0 +1,121 @@ + + + + + + + File: client + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ class Client
+ RESERVED_REQ_KEYS: Array[String]
+ RESERVED_PARAM_KEYS: Array[String]

+ +
include OAuth2::FilteredAttributes
+
+attr_reader id: String
+attr_reader secret: String
+attr_reader site: String?
+attr_accessor options: Hash[Symbol, untyped]
+attr_writer connection: untyped
+
+def initialize: (String client_id, String client_secret, ?Hash[Symbol, untyped]) { (untyped) -> void } -> void
+
+def site=: (String) -> String
+
+def connection: () -> untyped
+
+def authorize_url: (?Hash[untyped, untyped]) -> String
+def token_url: (?Hash[untyped, untyped]) -> String
+def revoke_url: (?Hash[untyped, untyped]) -> String
+
+def request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def get_token: (Hash[untyped, untyped] params, ?Hash[Symbol, untyped] access_token_opts, ?Proc) { (Hash[Symbol, untyped]) -> void } -> (OAuth2::AccessToken | nil)
+
+def revoke_token: (String token, ?String token_type_hint, ?Hash[Symbol, untyped]) { (untyped) -> void } -> OAuth2::Response
+
+def http_method: () -> Symbol
+
+def auth_code: () -> OAuth2::Strategy::AuthCode
+def implicit: () -> OAuth2::Strategy::Implicit
+def password: () -> OAuth2::Strategy::Password
+def client_credentials: () -> OAuth2::Strategy::ClientCredentials
+def assertion: () -> OAuth2::Strategy::Assertion
+
+def redirection_params: () -> Hash[String, String]
+
+private
+
+def params_to_req_opts: (Hash[untyped, untyped]) -> Hash[Symbol, untyped]
+def parse_snaky_params_headers: (Hash[untyped, untyped]) -> [Symbol, bool, untyped, (Symbol | nil), Hash[untyped, untyped], Hash[String, String]]
+def execute_request: (Symbol verb, String url, ?Hash[Symbol, untyped]) { (Faraday::Request) -> void } -> OAuth2::Response
+def authenticator: () -> OAuth2::Authenticator
+def parse_response_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def parse_response: (OAuth2::Response, Hash[Symbol, untyped]) -> (OAuth2::AccessToken | nil)
+def build_access_token: (OAuth2::Response, Hash[Symbol, untyped], untyped) -> OAuth2::AccessToken
+def build_access_token_legacy: (OAuth2::Response, Hash[Symbol, untyped], Proc) -> (OAuth2::AccessToken | nil)
+def oauth_debug_logging: (untyped) -> void   end end
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.error.html b/docs/file.error.html index e69de29b..9a3d11b9 100644 --- a/docs/file.error.html +++ b/docs/file.error.html @@ -0,0 +1,78 @@ + + + + + + + File: error + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ class Error < StandardError
+ def initialize: (OAuth2::Response) -> void
+ def code: () -> (String | Integer | nil)
+ def description: () -> (String | nil)
+ def response: () -> OAuth2::Response
+ end
+end

+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.filtered_attributes.html b/docs/file.filtered_attributes.html index e69de29b..d601ebb5 100644 --- a/docs/file.filtered_attributes.html +++ b/docs/file.filtered_attributes.html @@ -0,0 +1,76 @@ + + + + + + + File: filtered_attributes + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ module FilteredAttributes
+ def self.included: (untyped) -> untyped
+ def filtered_attributes: (*String) -> void
+ end
+end

+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.oauth2.html b/docs/file.oauth2.html index e69de29b..fc822bf5 100644 --- a/docs/file.oauth2.html +++ b/docs/file.oauth2.html @@ -0,0 +1,79 @@ + + + + + + + File: oauth2 + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ OAUTH_DEBUG: bool

+ +

DEFAULT_CONFIG: untyped
+ @config: untyped

+ +

def self.config: () -> untyped
+ def self.configure: () { (untyped) -> void } -> void
+end

+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.response.html b/docs/file.response.html index e69de29b..2e56e14f 100644 --- a/docs/file.response.html +++ b/docs/file.response.html @@ -0,0 +1,87 @@ + + + + + + + File: response + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ class Response
+ DEFAULT_OPTIONS: Hash[Symbol, untyped]

+ +
def self.register_parser: (Symbol key, (Array[String] | String) mime_types) { (String) -> untyped } -> void
+
+def initialize: (untyped response, parse: Symbol?, snaky: bool?, snaky_hash_klass: untyped?, options: Hash[Symbol, untyped]?) -> void
+def headers: () -> Hash[untyped, untyped]
+def status: () -> Integer
+def body: () -> String
+def parsed: () -> untyped
+def content_type: () -> (String | nil)
+def parser: () -> (untyped | nil)
+
+attr_reader response: untyped
+attr_accessor options: Hash[Symbol, untyped]   end end
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.strategy.html b/docs/file.strategy.html index e69de29b..d1809de2 100644 --- a/docs/file.strategy.html +++ b/docs/file.strategy.html @@ -0,0 +1,103 @@ + + + + + + + File: strategy + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ module Strategy
+ class Base
+ def initialize: (OAuth2::Client) -> void
+ end

+ +
class AuthCode < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Implicit < Base
+  def authorize_params: (?Hash[untyped, untyped]) -> Hash[untyped, untyped]
+  def authorize_url: (?Hash[untyped, untyped]) -> String
+  def get_token: (*untyped) -> void
+end
+
+class Password < Base
+  def authorize_url: () -> void
+  def get_token: (String, String, ?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class ClientCredentials < Base
+  def authorize_url: () -> void
+  def get_token: (?Hash[untyped, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end
+
+class Assertion < Base
+  def authorize_url: () -> void
+  def get_token: (Hash[untyped, untyped], Hash[Symbol, untyped], ?Hash[Symbol, untyped], ?Hash[Symbol, untyped]) -> OAuth2::AccessToken
+end   end end
+
+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file.version.html b/docs/file.version.html index e69de29b..d0a0bb19 100644 --- a/docs/file.version.html +++ b/docs/file.version.html @@ -0,0 +1,75 @@ + + + + + + + File: version + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

module OAuth2
+ module Version
+ VERSION: String
+ end
+end

+
+ + + +
+ + \ No newline at end of file diff --git a/docs/file_list.html b/docs/file_list.html index e69de29b..4cc99e2f 100644 --- a/docs/file_list.html +++ b/docs/file_list.html @@ -0,0 +1,164 @@ + + + + + + + + + + + + + + + + + + File List + + + +
+
+

File List

+ + + +
+ + +
+ + diff --git a/docs/frames.html b/docs/frames.html index e69de29b..2febcdb5 100644 --- a/docs/frames.html +++ b/docs/frames.html @@ -0,0 +1,22 @@ + + + + + Documentation by YARD 0.9.38 + + + + diff --git a/docs/index.html b/docs/index.html index d41b748e..2de80d1d 100644 --- a/docs/index.html +++ b/docs/index.html @@ -6,7 +6,7 @@ File: README - — Documentation by YARD 0.9.37 + — Documentation by YARD 0.9.38 @@ -57,47 +57,7 @@
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
📍 NOTE
RubyGems (the GitHub org, not the website) suffered a hostile takeover in September 2025.
Ultimately 4 maintainers were hard removed and a reason has been given for only 1 of those, while 2 others resigned in protest.
It is a complicated story which is difficult to parse quickly.
I’m adding notes like this to gems because I don’t condone theft of repositories or gems from their rightful owners.
If a similar theft happened with my repos/gems, I’d hope some would stand up for me.
Disenfranchised former-maintainers have started gem.coop.
Once available I will publish there exclusively; unless RubyCentral makes amends with the community.
The “Technology for Humans: Joel Draper” podcast episode by reinteractive is the most cogent summary I’m aware of.
See here, here and here for more info on what comes next.
What I’m doing: A (WIP) proposal for bundler/gem scopes, and a (WIP) proposal for a federated gem server.
- -

Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0

+

Galtzo FLOSS Logo by Aboling0, CC BY-SA 4.0 ruby-lang Logo, Yukihiro Matsumoto, Ruby Visual Identity Team, CC BY-SA 2.5 oauth2 Logo by Chris Messina, CC BY-SA 3.0

🔐 OAuth 2.0 Authorization Framework

@@ -113,6 +73,13 @@

🔐 OAuth 2.0 Authorization Framewor

OpenCollective Backers OpenCollective Sponsors Sponsor Me on Github Liberapay Goal Progress Donate on PayPal Buy me a coffee Donate on Polar Donate at ko-fi.com

+
+ 👣 How will this project approach the September 2025 hostile takeover of RubyGems? 🚑️ + +I've summarized my thoughts in [this blog post](https://dev.to/galtzo/hostile-takeover-of-rubygems-my-thoughts-5hlo). + +
+

🌻 Synopsis

OAuth 2.0 is the industry-standard protocol for authorization.
@@ -1470,7 +1437,11 @@

Open Collective for Organizations

NOTE: kettle-readme-backers updates this list every day, automatically.

-

No sponsors yet. Be the first!
+

No sponsors yet. Be the first!

+ +

Open Collective for Donors

+ +

Bill Woika

Another way to support open-source

@@ -1636,9 +1607,9 @@

Please give the project a star ⭐ ♥

diff --git a/docs/js/app.js b/docs/js/app.js index b5610eff..fba27481 100644 --- a/docs/js/app.js +++ b/docs/js/app.js @@ -1,4 +1,4 @@ -(function () { +window.__app = function () { var localStorage = {}, sessionStorage = {}; try { @@ -153,7 +153,6 @@ }); // Add the value of the constant as "Tooltip" to the summary object list.find("pre.code").each(function () { - console.log($(this).parent()); var dt_element = $(this).parent().prev(); var tooltip = $(this).text(); if (dt_element.hasClass("deprecated")) { @@ -250,37 +249,46 @@ ); } - function navResizeFn(e) { - if (e.which !== 1) { - navResizeFnStop(); - return; - } - - sessionStorage.navWidth = e.pageX.toString(); - $(".nav_wrap").css("width", e.pageX); - $(".nav_wrap").css("-ms-flex", "inherit"); - } - - function navResizeFnStop() { - $(window).unbind("mousemove", navResizeFn); - window.removeEventListener("message", navMessageFn, false); - } - - function navMessageFn(e) { - if (e.data.action === "mousemove") navResizeFn(e.data.event); - if (e.data.action === "mouseup") navResizeFnStop(); - } - function navResizer() { - $("#resizer").mousedown(function (e) { - e.preventDefault(); - $(window).mousemove(navResizeFn); - window.addEventListener("message", navMessageFn, false); - }); - $(window).mouseup(navResizeFnStop); + const resizer = document.getElementById("resizer"); + resizer.addEventListener( + "pointerdown", + function (e) { + resizer.setPointerCapture(e.pointerId); + e.preventDefault(); + e.stopPropagation(); + }, + false + ); + resizer.addEventListener( + "pointerup", + function (e) { + resizer.releasePointerCapture(e.pointerId); + e.preventDefault(); + e.stopPropagation(); + }, + false + ); + resizer.addEventListener( + "pointermove", + function (e) { + if ((e.buttons & 1) === 0) { + return; + } + + sessionStorage.navWidth = e.pageX.toString(); + $(".nav_wrap").css("width", Math.max(200, e.pageX)); + e.preventDefault(); + e.stopPropagation(); + }, + false + ); if (sessionStorage.navWidth) { - navResizeFn({ which: 1, pageX: parseInt(sessionStorage.navWidth, 10) }); + $(".nav_wrap").css( + "width", + Math.max(200, parseInt(sessionStorage.navWidth, 10)) + ); } } @@ -295,15 +303,6 @@ document.getElementById("nav").contentWindow.postMessage(opts, "*"); done = true; } - - window.addEventListener( - "message", - function (event) { - if (event.data === "navReady") postMessage(); - return false; - }, - false - ); } function mainFocus() { @@ -341,4 +340,56 @@ mainFocus(); navigationChange(); }); -})(); +}; +window.__app(); + +window.addEventListener( + "message", + async (e) => { + if (e.data.action === "navigate") { + const response = await fetch(e.data.url); + const text = await response.text(); + const parser = new DOMParser(); + const doc = parser.parseFromString(text, "text/html"); + + const classListLink = + document.getElementById("class_list_link").classList; + + const content = doc.querySelector("#main").innerHTML; + document.querySelector("#main").innerHTML = content; + document.title = doc.head.querySelector("title").innerText; + document.head.querySelectorAll("script").forEach((script) => { + if ( + !script.type || + (script.type.includes("text/javascript") && !script.src) + ) { + script.remove(); + } + }); + + doc.head.querySelectorAll("script").forEach((script) => { + if ( + !script.type || + (script.type.includes("text/javascript") && !script.src) + ) { + const newScript = document.createElement("script"); + newScript.type = "text/javascript"; + newScript.textContent = script.textContent; + document.head.appendChild(newScript); + } + }); + + window.__app(); + + document.getElementById("class_list_link").classList = classListLink; + + const url = new URL(e.data.url, "https://localhost"); + const hash = decodeURIComponent(url.hash ?? ""); + if (hash) { + document.getElementById(hash.substring(1)).scrollIntoView(); + } + history.pushState({}, document.title, e.data.url); + } + }, + false +); diff --git a/docs/js/full_list.js b/docs/js/full_list.js index 12bba48d..ee685663 100644 --- a/docs/js/full_list.js +++ b/docs/js/full_list.js @@ -20,17 +20,6 @@ function escapeShortcut() { }); } -function navResizer() { - $(window).mousemove(function(e) { - window.parent.postMessage({ - action: 'mousemove', event: {pageX: e.pageX, which: e.which} - }, '*'); - }).mouseup(function(e) { - window.parent.postMessage({action: 'mouseup'}, '*'); - }); - window.parent.postMessage("navReady", "*"); -} - function clearSearchTimeout() { clearTimeout(searchTimeout); searchTimeout = null; @@ -44,14 +33,21 @@ function enableLinks() { $clicked.addClass('clicked'); evt.stopPropagation(); - if (evt.target.tagName === 'A') return true; + if (window.origin === "null") { + if (evt.target.tagName === 'A') return true; - var elem = $clicked.find('> .item .object_link a')[0]; - var e = evt.originalEvent; - var newEvent = new MouseEvent(evt.originalEvent.type); - newEvent.initMouseEvent(e.type, e.canBubble, e.cancelable, e.view, e.detail, e.screenX, e.screenY, e.clientX, e.clientY, e.ctrlKey, e.altKey, e.shiftKey, e.metaKey, e.button, e.relatedTarget); - elem.dispatchEvent(newEvent); - evt.preventDefault(); + var elem = $clicked.find('> .item .object_link a')[0]; + var e = evt.originalEvent; + var newEvent = new MouseEvent(evt.originalEvent.type); + newEvent.initMouseEvent(e.type, e.canBubble, e.cancelable, e.view, e.detail, e.screenX, e.screenY, e.clientX, e.clientY, e.ctrlKey, e.altKey, e.shiftKey, e.metaKey, e.button, e.relatedTarget); + elem.dispatchEvent(newEvent); + evt.preventDefault(); + } else { + window.top.postMessage({ + action: "navigate", + url: $clicked.find('.object_link a').attr('href'), + }, "*"); + } return false; }); } @@ -199,6 +195,13 @@ function highlight() { }); } +function isInView(element) { + const rect = element.getBoundingClientRect(); + const windowHeight = + window.innerHeight || document.documentElement.clientHeight; + return rect.left >= 0 && rect.bottom <= windowHeight; +} + /** * Expands the tree to the target element and its immediate * children. @@ -214,7 +217,7 @@ function expandTo(path) { $(el).find('> div > a.toggle').attr('aria-expanded', 'true'); }); - if($target[0]) { + if($target[0] && !isInView($target[0])) { window.scrollTo(window.scrollX, $target.offset().top - 250); highlight(); } @@ -232,7 +235,6 @@ window.addEventListener("message", windowEvents, false); $(document).ready(function() { escapeShortcut(); - navResizer(); enableLinks(); enableToggles(); populateSearchCache(); diff --git a/docs/method_list.html b/docs/method_list.html index e69de29b..dd8fb87a 100644 --- a/docs/method_list.html +++ b/docs/method_list.html @@ -0,0 +1,742 @@ + + + + + + + + + + + + + + + + + + Method List + + + +
+
+

Method List

+ + + +
+ + +
+ + diff --git a/docs/top-level-namespace.html b/docs/top-level-namespace.html index e69de29b..3801380c 100644 --- a/docs/top-level-namespace.html +++ b/docs/top-level-namespace.html @@ -0,0 +1,110 @@ + + + + + + + Top Level Namespace + + — Documentation by YARD 0.9.38 + + + + + + + + + + + + + + + + + +
+ +
+
+ +
+ + +

Top Level Namespace + + + +

+
+ + + + + + + + + + + +
+ +

Defined Under Namespace

+

+ + + Modules: OAuth2 + + + + +

+ + + + + + + + + +
+ + + +
+ + \ No newline at end of file