All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
OAuth::CLI
has been extracted to a new gem,oauth-tty
, hosted on Gitlab- The public API of
oauth-tty
is backwards compatible (meaningOAuth::CLI
) - The change within the
oauth
gem is backwards compatible asoauth-tty
has been added as a dependency - Minor version bump is cautionary, as many lines of code have changed.
- The public API of
OAuth::Comsumer#options
hash is now handled bysnaky_hash
, which was extracted fromoauth2
- symbolized keys, dot-access and snake-case are now normalized
OAuth::Comsumer#options
hash is now handled bysnaky_hash
, which was extracted fromoauth2
- symbolized keys, dot-access and snake-case are now normalized
- Dropped support for Ruby < 2.7
- Dropped support for Rails < 6
- New EOL Policy
- Non-commercial support for the oldest version of Ruby (which itself is going EOL) will be dropped each year in April
OAuth::Comsumer#options
hash is now handled bysnaky_hash
, which was extracted fromoauth2
- symbolized keys, dot-access and snake-case are now normalized
- Fixed documentation in SECURITY.md
- Change references to master => main
- Post install note about v0.6.x EOL approaching in April, 2024
- New option
body_hash_enabled
which defaults to true to maintain backward compatibility with prior releases. Setting tofalse
disables generation of aoauth_body_hash
component as part of the signature computation. - Improved documentation of support policy via Tidelift
- Stop testing against active_support v2
- Utilize version_gem extracted from oauth2 gem for VERSION
- Added new
OAuth::Version
namespace - VERSION constant now at
OAuth::Version::VERSION
- Added new
- Ruby 2.0, 2.1, 2.2, and 2.3 are no longer valid install targets
The "hopeful last 0.5.x" Release
- More typos fixed
The "I think I caught 'em all!" Release
- Typo oauth2 => oauth as gem name in one more place.
The "Typoes are just the worst!" Release
- Typo oauth2 => oauth as gem name in a couple places.
The "Is this the last release with a silly name?" Release
- Post install note about v0.5.x EOL approaching in April, 2023
- Improved documentation
- Switched branch references from master to main
- CI builds are now all green!
[0.5.10] 2022-05-04 (tag)
The "Can it be the end of the line for 0.5.x?" Release
- Major updates to Documentation
- More CI Hardening
- Align CI builds with official Ruby Compatibility Matrix
- Project tooling in preparation for final release of 0.5.x series
- diffend
- Documentation related to Ruby compatibility
- Updated CHANGELOG.md formatting
- Corrected CHANGELOG.md typos
- Hardened the CI build for the next few years(?!)
- Require MFA to push new version to Rubygems
- Replace Hash Rocket syntax with JSON-style symbols where possible
- Project tooling in preparation for final release of 0.5.x series
- rubocop-ruby2_0
- overcommit
- Added more documentation files to packaged gem, e.g. SECURITY.md, CODE_OF_CONDUCT.md
- Removed reference to RUBY_VERSION from gemspec, as it depends on rake release, which is problematic on some ruby engines. (by @pboling)
- Setup Rubocop (#205, #208 by @pboling)
- Added CODE_OF_CONDUCT.md (#217, #218 by @pboling)
- Added FUNDING.yml (#217, #218 by @pboling)
- Added Client Certificate Options: :ssl_client_cert and :ssl_client_key (#136, #220 by @pboling)
- Handle a nested array of hashes in OAuth::Helper.normalize (#80, #221 by @pboling)
- Switch from TravisCI to Github Actions (#202, #207, #176 by @pboling)
- Upgrade webmock to v3.14.0 (#196 by @pboling)
- Upgrade em-http-request to v1.1.7 (#173 by @pboling)
- Upgrade mocha to v1.13.0 (#193 by @pboling)
- HISTORY renamed to CHANGELOG.md, and follows Keep a Changelog (#214, #215 by @pboling)
- CHANGELOG, LICENSE, and README now ship with packaged gem (#214, #215 by @pboling)
- README.rdoc renamed to README.md (#217, #218 by @pboling)
- Require plaintext signature method by default (#135 by @confiks & @pboling)
- Fixed Infinite Redirect in v0.5.5, v0.5.6 (#186, #210 by @pboling)
- Fixed NoMethodError on missing leading slash in path (#194, #211 by @pboling)
- Fixed NoMethodError on nil request object (#165, #212 by @pboling)
- Fixed Unsafe String Comparison (#156, #209 by @pboling and @drosseau)
- Fixed typos in Gemspec (#204, #203, #208 by @pboling)
- Copyright Notice in LICENSE - added correct years (#217, #218 by @pboling)
- Fixed request proxy Class constant reference scopes - was missing
::
in many places (#225, #226 by @pboling)
- Remove direct development dependency on nokogiri (#299 by @pboling)
- Add metadata to Gemspec file
- Add support for PUT requests with Action Controller (#181)
- Change default timeout to be the same as Net::HTTP default, 60 seconds instead of 30 seconds.
- Add :allow_empty_params option (#155)
- Allow redirect to different host but same path
- Various cleanups
- Fixes ssl-noverify
- Fixed README example (#158, #159, by @pboling)
- Various cleanups (charliesome)
- Fixes UnknownRequestType on Rails 5.1 for ActionDispatch::Request (xprazak2)
- Fix #145 - broken CLI required loading active_support (James Pinto)
- Removing legacy scripts (James Pinto)
- Adding a development dependency that had not been mentioned (James Pinto)
- Adding CodeClimate (James Pinto)
- Adding support to Ruby 2.4 and head (James Pinto)
- Use assert_nil so as to silence a Minitest 6 deprecation warning (James Pinto)
- Stop bundling tests files in the gem (Michal Papis)
- Minor cleanup on tests (James Pinto)
- TravisCI no longer needs libcurl-dev (James Pinto)
- Nokogiri 1.7 does not accept Ruby 2.0 (James Pinto)
- Upgrading to CodeClimate 1.0 (James Pinto)
- Locking gemspec to Rails 4 so as to allow our next version for Rails 5 (James Pinto)
- moving development dependency to gemspec (James Pinto)
- Silencing 'Net::HTTPResponse#header is obsolete' (James Pinto)
- Silencing some test warnings (James Pinto)
- Silencing 'loading in progress, circular require considered harmful' (James Pinto)
- Silence 'URI.escape obsolete' (James Pinto)
- Refactored CLI (James Pinto)
- Moving test files into test/units/ (James Pinto)
- Reimplementing #82 - Debug Output Option (James Pinto)
- Fix #113 adding paths when a full URL has been specified (James Pinto)
- Bug Fix, webmock 2.0 has introduced a new bug (James Pinto)
- Making a test/support dir (James Pinto)
- Fix #177 - Adjusting to webmock latest recommended implementation for minitest (James Pinto)
- Add license info to the gemspec (Robert Reiz)
- Proper handling for empty query string in RequestToken#build_authorize_url (midchildan, Harald Sitter)
- Replace calls to String#blank? with its implementation (Sergio Gil Pérez de la Manga)
- Loosen some development dependencies. Add libcurl-dev to travis
- Fixes to travis config. Switch to rubygems for installation and loading
- Remove obsolete comment (Arthur Nogueira Neves)
- Remove jeweler from gemspec
- Add support for HTTP PATCH method (Richard Huang)
- Allow reading private key from a string (Khaja Minhajuddin)
- Add rest-client proxy (Khem Veasna)
- Add byebug. (Kevin Hughes)
- Allow reading certificate file path from environment variable. Add CentOS cert file path (Danil Vlasov)
- Replace jeweler with real spec and bundler tasks
- Extract version to separate file
- Use OpenSSL for all digest and hashing. Remove signature methods not defined by OAuth spec. (Kevin Hughes)
- Change token requests to exclude
oauth_body_hash
. Update doc links in comments. (John Remmen)
- Fix ability to pass in an authorize url with a query string (Roger Smith)
- Fix bug in signature verification (r-stu31)
- Use standard key name (
oauth_token_secret
) in Token#to_query (Craig Walker) - Fix error in CLI when using
query
without supplying a method (grafikchaos) - Compatibility fix for Typhoeus >= 0.5.0 (Chad Feller)
- Rails 3+ / ActiveSupport::SafeBuffer patch (Clif Reeder)
- Handle
nil
token gracefully for RequestToken#authorize_url (Brian John) - Fix typhoeus compatibility (Vladimir Mikhailov)
- Fix oauth cli option parser on Ruby 2.2 (Felix Bünemann)
- Update gemspec for security fixes. Convert to Minitest. Add .travis.yml. (Kevin Hughes)
- Fix some warnings (amatsuda)
- Various fixes/updates to README (Evan Arnold, Jonathan Camenisch, Brian John, Ankur Sethi)
- Set a configurable timeout for all requests (Rick Olson)
- Fix merging paths if the path is not empty
- Fix nested hash params in Consumer#request (Ernie Miller)
- Make use the path component of the :site parameter (Jonathon M. Abbott)
- Fixed nested attributes in #normalize (Shaliko Usubov)
- Fixed post body's being dropped in 1.9 (Steven Hammond)
- Fixed PUT request handling (Anton Panasenko)
- Add explicit require for rsa/sha1 (Juris Galang)
- Add gemtest support (Adrian Feldman)
- Use webmock to mock all http-requests in tests (Adrian Feldman)
- Mention Typhoeus require in the README (Kim Ahlström)
- Use Net::HTTPGenericRequest (Jakub Kuźma)
- Fix POST Requests with Typhoeus proxy (niedhui)
- Fix incorrect hardcoded port (Ian Taylor)
- Added support for Rails 3 in client/action_controller_request (Pelle)
- Fix LoadError rescue in tests: return can't be used in this context (Hans de Graaff)
- HTTP headers should be strings. (seancribbs)
- ensure consumer uri gets set back to original config even if an error occurs (Brian Finney)
- Yahoo uses & to split records in OAuth headers (Brian Finney)
- Fix for em-http proxy (ichverstehe)
- Added Bundler (rc) Gemfile for easier dev/testing
- Fixed compatibility with Ruby 1.9.2 (ecavazos)
- Fixed the em-http request proxy (Joshua Hull)
- Fix for oauth proxy string manipulation (Jakub Suder)
- Added support for using OAuth with proxies (Marsh Gardiner)
- Rails 3 Compatibility fixes (Pelle Braendgaard)
- Fixed load errors on tests for missing (non-required) libraries
- Added computation of oauth_body_hash as per OAuth Request Body Hash 1.0 Draft 4 (Michael Reinsch)
- Added the optional
oauth_session_handle
parameter for the Yahoo implementation (Will Bailey) - Added optional block to OAuth::Consumer.get_*_token (Neill Pearman)
- Exclude
oauth_callback
with :exclude_callback (Neill Pearman) - Support for Ruby 1.9 (Aaron Quint, Corey Donahoe, et al)
- Support for Typhoeus (Bill Kocik)
- Support for em-http (EventMachine) (Darcy Laycock)
- Support for curb (André Luis Leal Cardoso Junior)
- New website (Aaron Quint)
- Better marshalling implementation (Yoan Blanc)
- Replaced hoe with Jeweler (Aaron Quint)
- Strip extraneous spaces and line breaks from access_token responses (observed in the wild with Yahoo!'s OAuth+OpenID hybrid) (Eric Hartmann)
- Stop double-escaping PLAINTEXT signatures (Jimmy Zimmerman)
- OAuth::Client::Helper won't override the specified
oauth_version
(Philip Kromer) - Fixed an encoding / multibyte issue (成田 一生)
- Added -B CLI option to use the :body authentication scheme (Seth)
- Support POST and PUT with raw bodies (Yu-Shan Fung et al)
- Added :ca_file consumer option to allow consumer specific certificate override. (Pelle)
- Test clean-up (Xavier Shay, Hannes Tydén)
- Respect
--method
inauthorize
CLI command (Seth)
query
CLI command to access protected resources (Seth)- Added -H, -Q CLI options for specifying the authentication scheme (Seth)
- Added -O CLI option for specifying a file containing options (Seth)
- Support streamable body contents for large request bodies (Seth Cousins)
- Support for OAuth 1.0a (Seth)
- Added proxy support to OAuth::Consumer (Marshall Huss)
- Added --scope CLI option for Google's 'scope' parameter (Seth)
- OAuth::Client::Helper uses OAuth::Version::VERSION (chadisfaction)
- Fix OAuth::RequestProxy::ActionControllerRequest's handling of params (Tristan Groléat)
- Support for arguments in OAuth::Consumer#get_access_token (Matt Sanford)
- Add gem version to user-agent header (Matt Sanford)
- Improved error handling for invalid Authorization headers (Matt Sanford)
- Handle input from aggressive form encoding libraries (Matt Wood)
- Corrected OAuth XMPP namespace (Seth)
- Fixed signatures for non-ASCII under $KCODE other than 'u' (Matt Sanford)
- Fixed edge cases in ActionControllerRequestProxy where params were being incorrectly signed (Marcos Wright Kuhns)
- Support applications using the MethodOverride Rack middleware (László Bácsi)
authorize
command foroauth
CLI (Seth)- Initial support for Problem Reporting extension (Seth)
- Verify SSL certificates if CA certificates are available (Seth)
- Added help to the 'oauth' CLI (Seth)
- 2xx statuses should be treated as success (Anders Conbere)
- Fixed ActionController parameter escaping behavior (Thiago Arrais, László Bácsi, Brett Gibson, et al)
- Fixed signature calculation when both options and a block were provided to OAuth::Signature::Base#initialize (Seth)
- Fixed a problem when attempting to normalize MockRequest URIs (Seth)
- Fixed a problem with relative and absolute token request paths. (Michael Wood)
0.3.0 2009-01-25
- Support ActionController::Request from Edge Rails (László Bácsi)
- Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
- Command-line app for generating signatures. (Seth)
- OAuth::Signature.sign and friends now yield the RequestProxy instead of the token when the passed block's arity is 1. (Seth)
- Improved test-cases and compatibility for encoding issues. (Pelle)
- Correctly handle multi-valued parameters (Seth)
- Token requests are made to the configured URL rather than generating a potentially incorrect one. (Kellan Elliott-McCrea)
The lets fix the last release release
- Fixed plain text signatures (Andrew Arrow)
- Fixed RSA requests using OAuthTokens. (Philip Lipu Tsai)
The lets RSA release
- Improved support for Ruby 1.8.7 (Bill Kocik)
- Added support for 'private_key_file' option for RSA signatures (Chris Mear)
- Improved RSA testing
- Omit token when signing with RSA
- Fixed RSA verification to support RSA providers now using Ruby and RSA
- Fixed several edge cases where params were being incorrectly signed (Scott Hill)
- Fixed RSA signing (choonkeat)
Lets actually support SSL release
- Use HTTPS when required.
All together now release
- This is a big release, where we have merged the efforts of various parties into one common library. This means there are definitely some API changes you should be aware of. They should be minimal but please have a look at the unit tests.
- Fixed checks for missing OAuth params to improve performance
- Includes Pat's fix for getting the realm out.
- First release as a GEM
- Moved all non-Rails functionality from the Rails plugin: http://code.google.com/p/oauth-plugin/