https://github.com/omniauth/omniauth-oauth2 - v1.9.0

What's Changed

• Refactor GitHub Actions config by @ybiquitous in https://github.com/omniauth/omniauth-oauth2/pull/168
• rescue oauth2 timeout by @nov in https://github.com/omniauth/omniauth-oauth2/pull/169
• Add Ruby 3.2 to CI by @ybiquitous in https://github.com/omniauth/omniauth-oauth2/pull/167
• fix coverage artifact handling by @nov in https://github.com/omniauth/omniauth-oauth2/pull/172
• Prevent timing attack on CSRF, completing wonderful pr by @eutopian by @jhartzler in https://github.com/omniauth/omniauth-oauth2/pull/174

https://rubygems.org/gems/omniauth-oauth2/versions/1.9.0

Full Changelog: https://github.com/omniauth/omniauth-oauth2/compare/v1.8.0...v1.9.0

- Ruby
Published by BobbyMcWho 3 months ago

https://github.com/omniauth/omniauth-oauth2 - v1.7.3

This release contains the relaxation of the oauth2 gem requirement, without the stricter omniauth requirement that 1.8.0 introduces.

- Ruby
Published by BobbyMcWho over 3 years ago

https://github.com/omniauth/omniauth-oauth2 - v1.8.0

v1.8.0

• Relaxes allowed versions of the oauth2 gem. #146
• Requires omniauth ~> 2.0 #152

- Ruby
Published by BobbyMcWho over 3 years ago

https://github.com/omniauth/omniauth-oauth2 - v1.7.2

This release patches a vulnerability reported to GitLab, where a malicious actor could craft a callback URL that displayed an arbitrary message to users without checking that the callback state matched omniauth's session state.

Thank you to the folks at GitLab for upstreaming this fix.

- Ruby
Published by BobbyMcWho over 4 years ago

https://github.com/omniauth/omniauth-oauth2 - Relax OmniAuth Requirement

With the release of OmniAuth v2.0.0, this relaxes the OmniAuth requirement this library has.

- Ruby
Published by BobbyMcWho about 5 years ago

https://github.com/omniauth/omniauth-oauth2 - Add strategy option for PKCE

v1.7.0 adds the option to specify that your strategy should utilize PKCE.

Simply add the pkce option to your strategy and set it to true:

option :pkce, true

By default, this uses the recommended code_challenge_method of "S256", but in the event that you want to use basic, or some other future code challenge method, you can specify them in your strategy as well:

option :pkce_options, {
  :code_challenge => proc { |verifier| verifier },
  :code_challenge_method => "basic",
}

Note that the code_challenge must be supplied in the form of something that responds to call.

- Ruby
Published by BobbyMcWho over 5 years ago

https://github.com/omniauth/omniauth-oauth2 - v1.6.0

• Fixes CVE-2015-1820 from rest-client
• Updates minimum Omniauth dependency to 1.9.0 for additional security updates
• Fixes Rubocop offenses
• Updates supported Ruby versions
• Updates CI versions
• Updates RubyGems source from http to https

- Ruby
Published by tmilewski about 7 years ago

https://github.com/omniauth/omniauth-oauth2 - v1.5.0

- Ruby
Published by tmilewski about 8 years ago