v2.0.12

What's Changed

• feat: Add Key ID (kid) support to JWT assertions by @mridang in #652
• More Documentation by @pboling
  • Documented Serialization Extensions
  • Added Gatzo.com FLOSS logo by @Aboling0, CC BY-SA 4.0
  • Documentation site @ https://oauth2.galtzo.com now complete

New Contributors

• @mridang made their first contribution in #652

Full Changelog: v2.0.11...v2.0.12

v2.0.11

2.0.11 - 2025-05-23

• TAG: v2.0.11
• COVERAGE: 100.00% -- 518/518 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 172/172 branches in 14 files
• 80.00% documented

Added

• gh651 - :snaky_hash_klass option (@pboling)
• More documentation
• Codeberg as ethical mirror (@pboling)
  • https://codeberg.org/oauth-xx/oauth2
• Don't check for cert if SKIP_GEM_SIGNING is set (@pboling)
• All runtime deps, including oauth-xx sibling gems, are now tested against HEAD (@pboling)
• YARD config, GFM compatible with relative file links (@pboling)
• Documentation site on GitHub Pages (@pboling)
  • oauth2.galtzo.com
• !649 - Test compatibility with all key minor versions of Hashie v0, v1, v2, v3, v4, v5, HEAD (@pboling)
• gh651 - Mock OAuth2 server for testing (@pboling)
  • https://github.com/navikt/mock-oauth2-server

Changed

• gh651 - Upgraded to snaky_hash v2.0.3 (@pboling)
  • Provides solution for serialization issues
• Updated spec.homepage_uri in gemspec to GitHub Pages YARD documentation site (@pboling)

Fixed

• gh650 - Regression in return type of OAuth2::Response#parsed (@pboling)
• Incorrect documentation related to silencing warnings (@pboling)

What's Changed

• 👷 Ensure compatibility with all versions of Hashie by @pboling in #649
• Bug/parsed return type by @pboling in #650
• Release/v2.0.11 by @pboling in #651

Full Changelog: v2.0.10...v2.0.11

v2.0.10

2.0.10 - 2025-05-16

• TAG: v2.0.10
• COVERAGE: 100.00% -- 518/518 lines in 14 files
• BRANCH COVERAGE: 100.00% -- 170/170 branches in 14 files
• 79.05% documented

Added

• gh!632 - Added funding.yml (@Aboling0)
• !635 - Added .gitlab-ci.yml (@jessieay)
• #638 - Documentation of support for ILO Fundamental Principles of Rights at Work (@pboling)
• !642 - 20-year certificate for signing gem releases, expires 2045-04-29 (@pboling)
  • Gemspec metadata
    • funding_uri
    • news_uri
    • mailing_list_uri
  • SHA256 and SHA512 Checksums for release
• !643 - Add token_name option (@pboling)
  • Specify the parameter name that identifies the access token
• !645 - Add OAuth2::OAUTH_DEBUG constant, based on `ENV["OAUTH_DEBUG"] (@pboling)
• !646 - Add OAuth2.config.silence_extra_tokens_warning, default: false (@pboling)
• !647 - Add IETF RFC 7009 Token Revocation compliant (@pboling)
  • OAuth2::Client#revoke_token
  • OAuth2::AccessToken#revoke
  • See: https://datatracker.ietf.org/doc/html/rfc7009
• gh!644, gh!645 - Added CITATION.cff (@Aboling0)
• !648 - Improved documentation (@pboling)

Changed

• Default value of OAuth2.config.silence_extra_tokens_warning was false, now true (@pboling)
• Gem releases are now cryptographically signed, with a 20-year cert (@pboling)
  • Allow linux distros to build release without signing, as their package managers sign independently
• !647 - OAuth2::AccessToken#refresh now supports block param pass through (@pboling)
• !647 - OAuth2.config is no longer writable (@pboling)
• !647 - Errors raised by OAuth2::AccessToken are now always OAuth2::Error and have better metadata (@pboling)

Fixed

• #95 - restoring an access token via AccessToken#from_hash (@pboling)
  • This was a 13 year old bug report. 😘
• #619 - Internal options (like snaky, raise_errors, and parse) are no longer included in request (@pboling)
• !633 - Spaces will now be encoded as %20 instead of + (@nov.matake)
• !634 - CHANGELOG.md documentation fix (@skuwa229)
• !638 - fix expired? when expires_in is 0 (@disep)
• !639 - Only instantiate OAuth2::Error if raise_errors option is true (@glytch2)
• #639 - AccessToken#to_hash is now serializable, just a regular Hash (@pboling)
• !640 - README.md documentation fix (@martinezcoder)
• !641 - Do not include sensitive information in the inspect (@manuelvanrijn)
• #641 - Made default JSON response parser more resilient (@pboling)
• #645 - Response no longer becomes a snaky hash (@pboling)
• gh!646 - Change require to require_relative (improve performance) (@Aboling0)

Autogen notes...

• 💸 Update funding by @Aboling0 in #632
• Feat/20 year cert by @pboling in #633
• Feat/token name by @pboling in #639
• Feat/docs 640 by @pboling in #640
• Feat/oauth debug by @pboling in #641
• ✨ silence_no_tokens_warning by @pboling in #642
• Add IETF RFC 7009 Token Revocation by @pboling in #643
• Bump MeilCli/danger-action from 5 to 6 by @dependabot in #634
• Bump github/codeql-action from 1 to 3 by @dependabot in #638
• 📝 Made CITATION.cff by @Aboling0 in #644
• 🚚 Moved CITATION.cff by @Aboling0 in #645
• ⚡️ Change require to require_relative by @Aboling0 in #646
• Release/v2.0.10 by @pboling in #647

New Contributors

• @Aboling0 made their first contribution in #632
• @dependabot made their first contribution in #634

Full Changelog: v2.0.9...v2.0.10