https://github.com/ruby-oauth/oauth2 - v2.0.18

2.0.18 - 2025-11-08

• TAG: v2.0.18
• COVERAGE: 100.00% -- 526/526 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 178/178 branches in 14 files
• 90.48% documented

Added

• gh!683, gh!684 - Improve documentation by @pboling
• gh!686- Add Incident Response Plan by @pboling
• gh!687- Add Threat Model by @pboling

Changed

• gh!685 - upgrade kettle-dev v1.1.24 by @pboling
• upgrade kettle-dev v1.1.52 by @pboling
  • Add open collective donors to README

Fixed

• gh!690, gh!691, gh!692 - Add yard-fence
  • handle braces within code fences in markdown properly by @pboling

Security

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 4 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.17

2.0.17 - 2025-09-15

• TAG: v2.0.17
• COVERAGE: 100.00% -- 526/526 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 178/178 branches in 14 files
• 90.48% documented

Added

• [gh!682][gh!682] - AccessToken: support Hash-based verb-dependent token transmission mode (e.g., {get: :query, post: :header})

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 6 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.16

2.0.16 - 2025-09-14

• TAG: v2.0.16
• COVERAGE: 100.00% -- 520/520 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 176/176 branches in 14 files
• 90.48% documented

Added

• gh!680—E2E example using mock test server added in v2.0.11 by @pboling
  • mock-oauth2-server upgraded to v2.3.0
    • https://github.com/navikt/mock-oauth2-server
  • docker compose -f docker-compose-ssl.yml up -d --wait
  • ruby examples/e2e.rb
  • docker compose -f docker-compose-ssl.yml down
  • mock server readiness wait is 90s
  • override via E2E_WAIT_TIMEOUT
• gh!676, gh!679 - Apache SkyWalking Eyes dependency license check by @pboling

Changed

• gh!678 - Many improvements to make CI more resilient (past/future proof) by @pboling
• gh!681 - Upgrade to kettle-dev v1.1.19

Security

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 6 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.15

2.0.15 - 2025-09-08

• TAG: v2.0.15
• COVERAGE: 100.00% -- 519/519 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
• 90.48% documented

Added

• gh!671 - Complete documentation example for Instagram by @pboling
• .env.local.example for contributor happiness
• note lack of builds for JRuby 9.2, 9.3 & Truffleruby 22.3, 23.0
  • actions/runner - issues/2347
  • community/discussions/15452
• gh!670 - AccessToken: verb-dependent token transmission mode by @mrj
  • e.g., Instagram GET=:query, POST/DELETE=:header

Changed

• gh!669 - Upgrade to kettle-dev v1.1.9 by @pboling

Fixed

• Remove accidentally duplicated lines, and fix typos in CHANGELOG.md
• point badge to the correct workflow for Ruby 2.3 (caboose.yml)

Security

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 6 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.14

What's Changed

• 📝 Added OAuth 2.1 draft specification by @pboling in https://github.com/ruby-oauth/oauth2/pull/662
• 📝 Added OIDC documentation, example, and spec references in OIDC.md by @pboling in https://github.com/ruby-oauth/oauth2/pull/663
• 📝 Add Example for JHipster UAA Server Integration by @pboling in https://github.com/ruby-oauth/oauth2/pull/664
• 📝 Document Mutual TLS (mTLS) usage with example in README by @pboling in https://github.com/ruby-oauth/oauth2/pull/665
• ✅ Documentation with Example for Flat Params Usage, with specs by @pboling in https://github.com/ruby-oauth/oauth2/pull/666
• ⬆️ kettle-dev v1.0.24 by @pboling in https://github.com/ruby-oauth/oauth2/pull/667

Full Changelog: https://github.com/ruby-oauth/oauth2/compare/v2.0.13...v2.0.14

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 6 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.13

2.0.13 - 2025-08-30

• TAG: v2.0.13
• COVERAGE: 100.00% -- 519/519 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 174/174 branches in 14 files
• 90.48% documented

Added

• gh656 - Support revocation with URL-encoded parameters
• gh660 - Inline yard documentation by @pboling
• gh660 - Complete RBS types documentation by @pboling
• gh660- (more) Comprehensive documentation / examples by @pboling
• gh657 - Updated documentation for org-rename by @pboling
• More funding links by @Aboling0

Changed

• Upgrade Code of Conduct to Contributor Covenant 2.1 by @pboling
• gh660 - Shrink post-install message by 4 lines by @pboling

Fixed

• gh660 - Links in README (including link to HEAD documentation) by @pboling

Security

Auto-generated notes

What's Changed

• 📝 Update README by @Aboling0 in https://github.com/ruby-oauth/oauth2/pull/653
• 🎨 Use 'console' instead of 'bash' for code block highlighting by @Aboling0 in https://github.com/ruby-oauth/oauth2/pull/654
• Support revocation with URL-encoded parameters by @srook in https://github.com/ruby-oauth/oauth2/pull/656
• 🚚 Update for org rename by @pboling in https://github.com/ruby-oauth/oauth2/pull/657
• Bump qltysh/qlty-action from 1 to 2 by @dependabot[bot] in https://github.com/ruby-oauth/oauth2/pull/658
• Bump actions/checkout from 4 to 5 by @dependabot[bot] in https://github.com/ruby-oauth/oauth2/pull/659
• Release v2.0.13 by @pboling in https://github.com/ruby-oauth/oauth2/pull/660

New Contributors

• @srook made their first contribution in https://github.com/ruby-oauth/oauth2/pull/656

Full Changelog: https://github.com/ruby-oauth/oauth2/compare/v2.0.12...v2.0.13

Official Discord 👉️

Many paths lead to being a sponsor or a backer of this project. Are you on such a path?

- Ruby
Published by pboling 6 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.12

What's Changed

• feat: Add Key ID (kid) support to JWT assertions by @mridang in https://github.com/oauth-xx/oauth2/pull/652
• More Documentation by @pboling
  • Documented Serialization Extensions
  • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
  • Documentation site @ https://oauth2.galtzo.com now complete

New Contributors

• @mridang made their first contribution in https://github.com/oauth-xx/oauth2/pull/652

Full Changelog: https://github.com/oauth-xx/oauth2/compare/v2.0.11...v2.0.12

- Ruby
Published by pboling 9 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.11

2.0.11 - 2025-05-23

• TAG: v2.0.11
• COVERAGE: 100.00% -- 518/518 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
• 80.00% documented

Added

• gh651 - :snaky_hash_klass option (@pboling)
• More documentation
• Codeberg as ethical mirror (@pboling)
  • https://codeberg.org/oauth-xx/oauth2
• Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
• All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
• YARD config, GFM compatible with relative file links (@pboling)
• Documentation site on GitHub Pages (@pboling)
  • oauth2.galtzo.com
• !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
• gh651 - Mock OAuth2 server for testing (@pboling)
  • https://github.com/navikt/mock-oauth2-server

Changed

• gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
  • Provides solution for serialization issues
• Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)

Fixed

• gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
• Incorrect documentation related to silencing warnings (@pboling)

What's Changed

• 👷 Ensure compatibility with all versions of Hashie by @pboling in https://github.com/oauth-xx/oauth2/pull/649
• Bug/parsed return type by @pboling in https://github.com/oauth-xx/oauth2/pull/650
• Release/v2.0.11 by @pboling in https://github.com/oauth-xx/oauth2/pull/651

Full Changelog: https://github.com/oauth-xx/oauth2/compare/v2.0.10...v2.0.11

- Ruby
Published by pboling 9 months ago

https://github.com/ruby-oauth/oauth2 - v2.0.10

2.0.10 - 2025-05-16

• TAG: v2.0.10
• COVERAGE: 100.00% -- 518/518 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
• 79.05% documented

Added

• gh!632 - Added funding.yml (@Aboling0)
• !635 - Added .gitlab-ci.yml (@jessieay)
• #638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
• !642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
  • Gemspec metadata
    • funding_uri
    • news_uri
    • mailing_list_uri
  • SHA256 and SHA512 Checksums for release
• !643 - Add token_name option (@pboling)
  • Specify the parameter name that identifies the access token
• !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
• !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
• !647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
  • OAuth2::Client#revoke_token
  • OAuth2::AccessToken#revoke
  • See: https://datatracker.ietf.org/doc/html/rfc7009
• gh!644, gh!645 - Added CITATION.cff (@Aboling0)
• !648 - Improved documentation (@pboling)

Changed

• Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
• Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
  • Allow linux distros to build release without signing, as their package managers sign independently
• !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
• !647 - OAuth2.config is no longer writable (@pboling)
• !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)

Fixed

• #95 - restoring an access token via AccessToken#from_hash (@pboling)
  • This was a 13 year old bug report. 😘
• #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
• !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
• !634 - CHANGELOG.md documentation fix (@skuwa229)
• !638 - fix expired? when expires_in is 0 (@disep)
• !639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
• #639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
• !640 - README.md documentation fix (@martinezcoder)
• !641 - Do not include sensitive information in the inspect (@manuelvanrijn)
• #641 - Made default JSON response parser more resilient (@pboling)
• #645 - Response no longer becomes a snaky hash (@pboling)
• gh!646 - Change require to require_relative (improve performance) (@Aboling0)

Autogen notes...

• 💸 Update funding by @Aboling0 in https://github.com/oauth-xx/oauth2/pull/632
• Feat/20 year cert by @pboling in https://github.com/oauth-xx/oauth2/pull/633
• Feat/token name by @pboling in https://github.com/oauth-xx/oauth2/pull/639
• Feat/docs 640 by @pboling in https://github.com/oauth-xx/oauth2/pull/640
• Feat/oauth debug by @pboling in https://github.com/oauth-xx/oauth2/pull/641
• ✨ silence_no_tokens_warning by @pboling in https://github.com/oauth-xx/oauth2/pull/642
• Add IETF RFC 7009 Token Revocation by @pboling in https://github.com/oauth-xx/oauth2/pull/643
• Bump MeilCli/danger-action from 5 to 6 by @dependabot in https://github.com/oauth-xx/oauth2/pull/634
• Bump github/codeql-action from 1 to 3 by @dependabot in https://github.com/oauth-xx/oauth2/pull/638
• 📝 Made CITATION.cff by @Aboling0 in https://github.com/oauth-xx/oauth2/pull/644
• 🚚 Moved CITATION.cff by @Aboling0 in https://github.com/oauth-xx/oauth2/pull/645
• ⚡️ Change require to require_relative by @Aboling0 in https://github.com/oauth-xx/oauth2/pull/646
• Release/v2.0.10 by @pboling in https://github.com/oauth-xx/oauth2/pull/647

New Contributors

• @Aboling0 made their first contribution in https://github.com/oauth-xx/oauth2/pull/632
• @dependabot made their first contribution in https://github.com/oauth-xx/oauth2/pull/634

Full Changelog: https://github.com/oauth-xx/oauth2/compare/v2.0.9...v2.0.10

- Ruby
Published by pboling 10 months ago